Sushobhan Mukherjee


Leave a comment

“Infosec Global 2017”, International Infosec Summit in Kolkata

Preface

Winter in Kolkata has different charming flairs and “InfoSec Global” added a new feather in her cap through a mega InfoSec Summit since last year.

This year “InfoSec Global 2017”, the international InfoSec summit took place at The Park, Kolkata on 3rd November, 2017

Even though there is a lot of buzz around Cyber Security, there are many gaps as well. The areas of concerns touch everyone, our ignorance, over confidence and complacency. We keep on complaining that things are not happening the way we think it should be. However, there are many things happening as well. We need to open our minds and have a convergent thinking. It’s time to complement instead of complaining.

Govt is devising many strategies for the benefit of citizens on cyber. Law enforcement authorities are doing their work at the ground level. Enterprises taking lot of initiatives to implement tools, technologies, processes.

The challenge is how to bind these all-together, how to aggregate efforts, consolidate and converge in order to make it meaningful for the society and civilization? InfoSec Foundation is trying to drive this across the globe.

InfoSec Foundation intends to work as voice of citizen where we bring in all stakeholders together to create a more aware and responsive ecosystem. Connect and extend initiatives that have not reached the targeted audiences, find gaps and demand raise the silent voice so that it reaches the ears of policy makers and functionaries.

Summits, CIO Roundtables, Print Journals, Cyber Security Help lines, Cyber Security Curriculum for next generation – these are few envisaged areas we have already started working in India, Bangladesh, UK and Africa.

InfoSec Global 2017 is the outcome of same vision driven by Infosec Foundation.

Infosec Global 2017, Kolkata

Ignite cyber security!! That’s the mantra. And to enkindle it, Infosec Foundation had taken the important responsibility through the Iinternational InfoSec Summit. The first summit took place last year 18th November, 2016 and the same is followed by this year on 3rd November, 2017 in Kolkata. The event was important for the eastern eco system to leverage the opportunity to meet the best CYBER SECURITY EXPERTS from all across the subcontinent and gather some of the most tenacious knowledge regarding cyber security.

Theme of the Event

‘International Security in Digital India-Threat, Challenges and Opportunities’ was the theme for the 2nd International Infosec Summit in Kolkata this year. The program was designed for the leaders from the field of IT Infrastructure, Data Security, and Information Security.

Major topics were discussed in the event are cyber security issues in Bangladesh, Digital Forensics, creating new generation cyber militants, Cyber Economics, and much more.

The event was conceptualized exclusively for creating a mutual platform for all the stakeholders who are engaged in Information Security.

Speakers and Topics

The event had witnesses array of speakers across industry. Dr.Sanjay Bahl, Director General, Indian Computer Emergency Response Team (ICERT) was the Chief Guest of the program. Mr.Shyamal Datta (IPS – Retd., Former Director – IB, Former Governor of Nagaland) , Mr. Debasish Sen (Additional Chief Secretary-IT, Govt of Bengal), Mr. Vineet Goel, IPS (Addl CP I, CISO-Govt. of Bengal) and  Mr. Hari Kusumakar, IPS (Addl CP IV) joined him alongwish the Infosec Foundation Chairman in the gracious inaugural ceremony.

   

Other eminent personalities like Mr. Bratya Basu (Honourable MIC-IT, West Bengal), Ms.Rama Vedashree (DSCI-NASSCOM); Dr. B. M. Mehtre (IDRBT); Col Inderjeet Singh (Smartcity Expert, Ex-Director – Military Intelligence at Ministry of Defense); Mr. Vivek Srivastava (ReBIT – Reserve Bank); Mr. Deepak Kumar (Digital Forensic Expert), Mr. B.M.Zahid-Ul Haque (CISO-Brac Bank Bangladesh), Mr. Harish Agarwal (Partner, Ernst & Young), Mr.Somak Shome (Director, PWC) had enriched the audience with their deep insight in the domain.

   

Cyber Security Domain experts like Mr.Shrikant Shitole (FireEye), Mr.Nitin Varma (Palo Alto Networks), Mr. Sudeep Das (IBM), Mr. Manuj Kumar (Symantec), Mr.Kapil Awasthi (Checkpoint), Mr. Rishikesh Kamat (Netmgic), Mr. Subramanian Udaiyappan (Cisco Systems) Mr. Akshay Verma (Global Insurance), Mr.ParthaSarathi Das (Tata tele Services) had also added substantial valued to the content of the conference.

     

There was interesting topics like “Cyber Security Readiness for Digital India”, “Cyber Economics”, “Creating Next Generation Cyber Warriors”, “ The Cyber Security Architecture of the Future”, “Building a robust Cyber Security Architecture with Integrated Cyber Defense Platform”, “Machine Learning for Cyber Security”, “Cyber Security Challenges in West Bengal”, “Digital Forensics”, “Opportunities in Cyber Security space”, “Next Generation Cyber Security Trends”, “Cyber Thereats on Internet of Things”, “Threat intelligence strategy to strengthen cybersecurity posture for the financial sector”, “Cloud security”etc.

Audience

There were 250+ people attended the event with delegations from all leading corporates, enterprises, academia, government, law enforcement agencies, manufacturers, providers etc.

Anandabazar Patrika (ABP), Accenture, Allahabad Bank, Bandhan Bank, UCO Bank, United Bank of India(UBI), BRAC Bank-Bangladesh, Balmer Lawrie, Bridge & Roof, BSI, Capgemini, CESC, West Bengal State Electricity Transmission Company (WBSETCL), Criminal Investigation Department (CID) – West Bengal, Bidhannagar Cyber PS, Kolkata Police,  Exide, Genius, ICRA, ISACA, Jadavpur University, Jayashree Textiles, Linde Global, M.N. Dastur, MCKV Institute, Meghbela  Broadband, Meghnad Saha Institute of Technology, NASSCOM, National insurance, Neotia Group, NIA, CBI, NIC, NSHM, Onprocess Technology, Protiviti, PWC, Ernst & Young, Sahaj E-Village, Sillycon, Simplex Infra, Spencers, SREI Infrastructure Finance, Srijan Bhumi, TCG Digital, Techno India, TATA Pigments, Tractors India, TUV, Vedant Fashions, Vikram Solar, VISA Steel, Webel, ITC were few names of the key attendee organizations.

 

The audience were mainly from senior management, decision makers in the stature of MD, CEO, CIO, CFO, COO, GM etc.

There were 30+ Media Houses from print, television, radio and web platforms who were keen to spread the buzz to the mass audience.

Takeaways

The event had great deliberations in exchanging thoughts, knowledge, ideas, and case studies on cyber security among the speakers, audience, attendees, participating stakeholders. The same had not only generated great enthusiasm over networking, but also generated direct business opportunity.

The event has raised several voices, concerns from the community, extended government / policy makers’ roadmap, articulated steps on synchronization between stakeholders and surely created platform for enriched knowledge in order to have better wisdom. It was indeed a great platform for students, cyber aspirants to learn, engage and contribute.

4th Edition of InfoQuest (the dedicated print journal of Information security) got unveiled during the summit. The print journal is working as a great tool as the mouthpiece of the industry in cyber security domain.

The event strengthened the thoughts driven by Infosec Foundation with the overwhelming support from all corners and laid the foundation for more positive vibes towards upcoming Infovision(CIO Roundtable), InfoQuest (Print Journal), Infoconnect (Cyber Security helpline) and well as next years International Infosec Summit.

It was amazing to see people had joined in the breakfast (before the day event for mixing sessions with the speakers) and continued to stay with the initive till late evening (cocktail dinner with the speakers and partners).

Infosec foundation had recognized several individuals for their significant contribution in the domain and the same was was followed by instrumental music.

   

Stay tuned for many interesting things ahead. Do join the movement, contribute, engage, explore and be the part of historic movement generated from Kolkata, the city of joy.

Detailed Analysis can be fetched from the link below:

Infosec Global 2017 Report

Advertisements


Leave a comment

INFOCON 2016 – Mega Infosec Summit in Kolkata

Winter in Kolkata has different flairs like charming weather, sweets prepared from “Nolen Gur”, Circus, Picnic, Hopping between Zoo-Museum-Science City-Nicco Park, Different Fairs-Exhibitions-Summits. With the emerging problems of Global Warming, Kolkata is not far behind to experience diminishing winter along with other fading glories.

The charms of life, spirits of soulmates, passion of humanities are still stands ahead with any of the advanced city across the globe.

This November 18, 2016, Kolkata proved it once again. The winter in Kolkata adds a new feather in her cap through a mega Infosec Summit called “Infocon Kolkata 2016” at CII-Suresh Neotia Centre of Excellence, Saltlake.

15037351_1276608482360564_4208566999011637013_n 

Infocon Global is essentially an idea which has manifested itself through deliberations, practice, my running day to day business operation as CEO of Prime Infoserv LLP and interactions with clients, competition, colleagues and peers.

The more we converge towards an increasingly connected world, information keeps on flooding between anything to everything and then of course information security becomes a point of concern. People start panicking and common sense takes back-seat. But there is a solution to every problem and counter measures to defend, protect and launch offensive attack do exist as well. But the mechanism, process and knowledge are in silos and in effect are not meaningfully available as a whole. Different and piece-meal, adhoc and fragmented measures are being projected as solutions resulting in people becoming more anxious, confused and decision making culminates into dilemma.

“Infocon Global” is being envisioned as a platform to address the burning concerns in the community. The idea is to engage different stake holders including partners, customers, manufacturers, policy makers, academicians, regulators, end-users to cross pollinate and create unbiased and true wisdom through awareness and sharing of best practices. Infocon2016 today is a continuation of this search for collaborative wisdom. Prior to that, two similar events were organized on this theme by us – one in Bangladesh and the other in the United Kingdom, again in a collaborative model.

13094176_1119602198061194_3615704183204259374_n 13043398_1119607848060629_6421677602274232411_n 13015215_1119633218058092_9009829898258885427_n

“Infocon Kolkata 2016” is more like a milestone in a relay race because the issue is truly global and will affect not only us but our next generation. In an information intensive society, all the components of the society will be impacted by any cyber-attack or security breach. In order to have as much harmony and totality, we have brought experts and organizations related to Technology, Process and People Consulting, Law Enforcement, Financial institution, Policy Making, Data Handling, Cyber Law, Policing and so on. What is interesting to observe is that all these diverse fields of society find mutual overlap just like Internet is going to overlap all the areas of our lives and we call this Internet of things.

The event was inaugurated by the Chief Guest, Shri H K Kusumakar Additional CP IV, Kolkata Police alongwith Swami Vedatitananda, Ramakrishna Mission Shilpamandira, Belur Math; Mr.Nirupam Chaudhari, Regional Head – Nasscom , Mr. Manjit Nayek, Additional Director – STPI Kolkata Centre., Mr Hemant Chhabria, Member of COMPASS, Founder of justvideos.

_dsc0065 _dsc0068 _dsc0075

The first session after inauguration was by Mr Sukhminder Singh Sidana, National Manager- Government & Public Sector Business, Sonicwall on “How to Protect Your Organization from Ransomware”, a burning topic in today’s world.

_dsc0155

The number of successful cyber-attacks continues to increase, threatening financial and personal security worldwide and cyber forensics is undergoing a paradigm shift. Mr. Jayanta Parial, Principal Engineer, CDAC. Conducted the next session on “Cyber Forensic needs and current Scenarios”.

_dsc0164

Next session was covered by Mr. Joydeep Bhattacharya, Chief Operating Officer at TCG Digital Solutions Private Limited. The audience was stunned with the relevance and depth of the topic “Creating Real World Simulation for Training and Network Resiliency”.

_dsc0190

Further deliberation was for Data Centre Securities through a panel discussion. The panel was led by Mr. Shyamal Bhattacharya, CEO of Technoplace Consultants.  The eminent panellists were   Mr. Siddhartha Chakraborty, Officer-in-Charge, Cyber Police Station, Kolkata Police;  Mr. Suketu Vichhivora, Vice President – Sales and Solution, Nxtra Data, Mr.Saibal Sarkar, NIC and  Mr. Vivek Gupta, DGM and CISO in Allahabad Bank.

_dsc0219

The last session before the lunch was from Mr Kanchan Mallick, Regional Manager at Trend Micro for Eastern India, Bangladesh, Bhutan & Nepal. His insights on targeted attacks were major takeaways for the audience.

_dsc0269

The lunch was designed with authentic Bengali touch of winter season. The peas kochuri, chana dal,  diamond fish fry, cauliflower roast, dhoka curry, Dahi Fish, Mutton, Chatni, Gulab Jamun, Ras malai , Ice-cream all were bundled with personal touch and traditional bengal’s aroma and taste.

Post lunch, the summit had witnessed the launch of our journal and mouthpiece on Information security named Infoquest. Infoquest is a journal with broad-spectrum treatment of the theme of Information security with interdisciplinary stakeholders. Infoquest captures in the lens of words the kaleidoscopic perspective on the theme with contributions from a wide group of authors in India and abroad. Infoquest was formally launched by Sri Syed Waquar Raza, IPS, SS(Spl), CID, West Bengal alongwith  Editor-in-Chief, Mr Pritam Bhattacharya, Mr. Kamal Agarwal, Chairman, Eastern  Regional Product Council-Nasscom and me as chairman of Infocon Global. We were overwhelmed by the contributions we received when we launched our Call for Papers. Infoquest is planned to be a quarterly journal and we hope it shall continue to receive your patronage and co-operation.

_dsc0289

Our next session was a workshop on “Real Time Information Security Issues Handling as per Best Practices Worldwide”. It was conducted by Mr.Pritam Bhattacharyya, Founder and Chief Wordsmith, Wordsmith Communication and Mr.Kaushik Bhattacharyya, Business Strategy Consultant. The workshop was designed to derive solutions of real life problems with the audience inputs and expert panel validation. This was clear cut distinctive differentiation of other conferences in order to have audience engagement in a better way.

_dsc0364 _dsc0361

Mr. Koushik Nath, VP Systems Engineering India- & SAARC, Cisco Systems, had conducted the next session on “Advanced Security Threat Analysis”. Mr.Nath was instrumental with his audio-visual presentations and unmatched style to hypnotize the audience.

_dsc0366 _dsc0368

Next session was meant for the Ground Reality in Cyber Crime by the people who handles those in their professional life every day, This was presented by CID – Cyber Crime Technical Expert Team.

_dsc0375

The session further was orchestrated by Mr. Ravindra NR, Sr. General Manager, IT & ITES, BSI. The topic “Cloud Security” was relevantly new for the audience, but was truly an eye opener in present emerging trends.

_dsc0390

Next was a panel discussion on the topic – Latest Cyber Security Threats and Mitigation Strategies. The panel was moderated by Mr. Arun Agarwal, Chairman and Managing Director, Ebizindia Consulting with eminent panellists Mr. Sandeep Sengupta, MD – ISOAH; Mr. Rajarshi Banerjee,Technical Lead, Cyber Crime, CID; Mr. Angsuman Pal, STF, Kolkata Police and Mr.Biraj Karmakar, Mozilla Reps and Mentor . The session revealed key take aways on today’s always connected generation.

_dsc0401

The final session of the day was on Large Enterprise Strategy of Information Security Handling, presented by Mr.Abhijit Chatterjee, CIO, Karam Chand Thapar Group. It was like hearing from horse’s mouth to understand the real strategies taken in real life situation.

_dsc0432

Further we had moved from Information Security to some soul-warming music through the musical performance by a Bengali folk band – Surma Dohar, led by Joyshankar.

_dsc0439 _dsc0441

In between the music, we had recognized significant contribution in different spheres like best three articles in our journal, ICT Promotion, Cyber Law, Cyber Crime, IT strategy and consulting, Data Science and Analytics, video as new media, cloud communication, Business Intelligent Architecture and Bengali folk music. We further acknowledged the contribution of our core team and volunteers. Without them such a mega summit could not be seamlessly organized.

_dsc0451 _dsc0452 _dsc0453  _dsc0489

_dsc0505 _dsc0463 _dsc0506 _dsc0511

Information security industry really has no frontiers. The current and emerging problems not only need global collaboration but it will need a huge workforce with a certain identifiable skill set. In its objective to build awareness, disseminating ideas and training younger generation, Infoconglobal has already become a pioneer in a global theme from Bengal.

Infocon Kolkata 2016 is just a beginning. We hope to see all of you once again on 24th November 2017 at Kolkata where we shall walk again with Kolkata and you.

Photo albums are visible in two sources : Source 1 and Source 2


1 Comment

Cyber Attack Prevention Strategy

Entire India is into turbulence with the latest banking fraud. All print media, news channels, internet are discussing on the same topic and some kind of panic situations are spreading across. Security breaches are very common; but this time something ‘Worst’ has happened. Yes, this biggest financial data breach has affected 32 lakh debit cards. As a result of this, banks have blocked their ATM cards, without any advance notice. But these kind of attacks are not new or unusual.  With the increasing trend of Internet connectivity, online shopping (e-commerce), mobile wallet usage, IoT (Internet of Things), these kind of threats are bound to increase due to casual approach to the situations. We tend to be highly technical, keep on spending money on high end appliances, softwares and intent to forget basics without applying common sense.

The approach to the situations are always reactive. The moment some attack place, the entire echo system works towards protection of the same forgetting in the near future the hacker will come back with a new strategy instead of repeating the same method. The success of the story lies in continuation, blending between people-process-tools (technology), synchronized approach of different hardware/softwares instead of running in silos. The core problems lies in outsourcing in multiple layers and several layers who always declines to own responsibility. In the whole chain the accountability, ownership completely missing. Think of Indian banking threats, Bangladesh cyber-attacks where the incidents were suppressed by the authorities for months so that the ripples in the community floats lesser. Imagine if the compromise of data, the impact of the loss could be known to the common man beforehand, they could have more cautious and more impacts could be avoided.

First and foremost important factor is framing policy, law and enforcement of the same by government so that Banks (their downstream providers), BFSI organizations,  3rd party payment gateways,  money wallets are to be bound strictly by compliance, governance and penalty clauses in case of defaulters. The debit card or credit card protections strategies are already internationally benchmarked by PCI-DSS framework with below subsets:

  • Security Information and Event Management (SIEM)
  • Vulnerability Assessment
  • Data Leakage Protection (DLP)
  • File Integrity Monitoring (FIP)
  • Host Intrusion Prevention (HIPS)
  • Web Content Filtering
  • End point Encryption
  • Web Application Firewall (WAF)
  • Endpoint Security
  • Penetration Testing (PT)
  • Privilege Account Management (PAM)
  • Identity Management (IDM)

Information Security is covered under ISO 27001:2013, IT Service is covered under ISO 20000, Business Continuity under ISO 22301:2012, Risk management by ISO 31000, Software industries are covered by CMMI compliances. Hence following the standards and enforcements by the authorities will enhance the situations.

Moreover periodic monitoring of infrastructure, security infra, co-relation and reporting, vulnerability assessment, penetration testing, proactive measures before a threat occurrence will minimize the chances of failures.

Now what can be simple strategies by poor common man? Here are few very simple, but powerful strategies driven by common senses:

  • Change ATM/Debit/Credit card pins in regular intervals.
  • Link cards with mobile number, email address if not already done.
  • Immediately go for chip based card, grid card and enable with two factor authentication (OTP sms/mail etc.).
  • That’s not all. Avoid creating pin/password with names, surnames, date of births, anniversaries (yours/parents/spouse/children) combinations as these can be predicted very easily through your social spread. Try implementing alfa numeric passwords stitched with special character.
  • Using benchmarked standard antivirus (better Total Protection) in both desktop/laptop/mobile/tablet are essential. Free or cracked software is to be avoided. Saving INR 2000 yearly may lead to some major problem.
  • Any banking/ecommerce site should be used through secure site (ssl) i.e instead of “http://”, it should reflect “https://” .
  • Saving online banking, ecommerce site, mail password etc to be avoided for convenience.
  • Password is not be kept anywhere is writing in any form (not word, excel, cloud, printed paper, handwritten paper)
  • Any non-standard games / application are to be avoided as lot of applications are being framed to sniff data.
  • Latest smartphone/tablets are having application control mechanism. Please block unwanted access of all application (like contacts, sms, camera etc whichever is not relevant for that application).
  • Any information related to password, pin are not to be floated through mail, WhatsApp etc. so that there are chances to have repository.
  • International transactions which does to imply two factor authentication (i.e only CVV applies), we should avoid transacting there except renowned players (here government should also force Master/VISA to relook at policies and enforce two factors as well).

These are not all. There are lot more in these arena. I was discussing on this subject in few television channels last few days and thought of writing few basic tips for common man as lot of people requested me.

high-tv2 img_20161023_192136

We will be discussing and brainstorming in depth in our upcoming Conference Infocon and we will be coming a Printed Magazine on same context as one of it’s first kind.

We will be discussing for technology oriented knowledge sharing on targeted attacks like ransomware, APT (advance persistent attack), cyber forensics etc.

Stay tuned for more excitement on 18th November, 2016 at CII Suresh Neotia Centre of Excellence, Saltlake.