Daily News Online
  Ad Space Available Here  

Wednesday, 26 September 2012

Home

 | SHARE MARKET  | EXCHANGE RATE  | TRADING  | OTHER PUBLICATIONS   | ARCHIVES | 

dailynews
 ONLINE


OTHER PUBLICATIONS


OTHER LINKS

Marriage Proposals
Classified
Government Gazette

Sanjee Balasuriya, founder of eCybersec

eCybersec Pvt Ltd is a newly formed Information Security Consultancy Company in Sri Lanka. The Company is focusing on Application Security which is a very hot topic in society. The Daily News Business features eCybersec Pvt Ltd.' Managing Director and Chief Executive Officer, Sanjee Balasuriya for the Tea with CEO column.

Q: What do you gather about the current standard of information security aspects in Sri Lanka?

A: Day by day we get a chance to adhere with the latest technologies and most of the payments are done via online. Most of the people use smart phones to do various kind of e-commerce transactions. Most of the recent attacks were under application layer and it needs to be protected by a proper security to mitigate those attacks. We as eCybersec helps clients to meet a certain level of information security with our key offerings such as Source Code Review, Mobile Application Security Assessments and Web Application Penetration Test.

Q:Where do you think the weaknesses are most?

A: According to the latest information we have gathered it showed most of the companies lack of protecting their Application Layer when it comes to their Online Services. Mainly Financial industry need to have extra precautions to protect the online banking applications with proper source code reviews and application penetration testing. Companies need to have a complete security review at least every 3-6 months to evaluate the security posture of the IT Infrastructure. They need to think out of the box and plan IT Audits for their critical systems with latest industry best practices so that required mitigation actions are taken to prevent such attacks.

Sanjee Balasuriya / Picture by-Nissanka Wijeratne

Profile

School Attended: Royal College, Colombo 07.

Sanjee Balasuriya, Managing Director, Chief Executive Officer and the Founder of the eCybersec concept, is one of those exceptional human beings who gives 200% for his profession as well as know to enjoy his pleasures in life.

Sanjee; since 1998 has accumulated over 13 years of experience, in the field of Information Technology, mainly focusing his energies in the area of Information Security.

He was immensely privileged to be one of the initial technical members in one of the most leading and largest Internet Service Provider, which was launched back in 2001. Before moving onto the greener pastures at Singapore in 2007, he strengthened his career in the field of Information Security by starting up with a leading bank in Sri Lanka in its IT security division.

Then his professional obligations were directed to a significant Singapore IT Security Consultation firm, for over two years mainly handling Singapore Government Data Centre IT systems Audits.

During his tenure at this said organization he was actively involved in key projects launched in Singapore by the government which was initiated by the Infocomm Development Authority of Singapore (IDA). Through this international exposure he gained an immeasurable amount of experiences working closely with Monetary Authority of Singapore for Compliance Regulatory Requirements which need to comply for all financial institutions across Singapore.

He is specialized in conducting enterprise security risk assessments, development of enterprise security architectures and strategies and defining business and system requirements for design or procurement of security capabilities. He is also specialized in Network and System Security, Application and Network Penetration Testing with IT Audits.

Sanjee was recently involved in Research and Development for Advance Persistence Threats and Malicious Code Analysis, working closely with the Global Advance Persistence Threats Groups and forums to obtain the latest updated with regard to APT threats.

He plays an active, hands-on role advising clients in compliance, technology strategies, managing complex programmes, and building effective security organizations.

This field is a passion for Sanjee, just as much as he adores his twin sons, Cricket and Rugby; he cares so much for application security which brings great value to eCybersec, who is mainly focused on Mobile Application Security and Web Application Security.

Q: What can eCybersec do to meet these threats and weaknesses?

A: We as an Information Security Consulting Company are willing to help clients to overcome application security attacks with our much more customized yearly subscriptions security service plans. Those services mainly cover the Network, Operating Systems and Application Layer security reviews, which compliance with International and Industry Standards and regulations. According to a recent study, 70% of malware threats to the network come from mobile applications, therefore, we in Sri Lanka are proud of offering Mobile Application Security Assessments which we partner with leading global vendor Veracode who mainly perform Dynamic and Static Analyze for Apple Store and Google Play worldwide. The need for close scrutiny around mobile application security in the enterprise is a must.

Q: Would the investment be overwhelming?

A: Yes, eCybersec with the mission statement “information asset protector” certainly will have profitable return on investment when they sign up for the Information Security Services, which we offer to cooperate market. Companies have spent many millions of dollars to build defenses around their IT assets during the past decade, motivated by malware attacks, data security breaches and the resulting regulatory compliance cattle prod. But the bad guys are still a few steps ahead in terms of sophistication and speed and some wonder if their investments are all for nothing, according to the newly-released reports. Security expenditure needs to include additional derived benefits that will be provided with having the appropriate levels of controls.

Q: What are the threats of not being vigilant?

A: In security language, you had your firewalls that protect against outside threats, a bunch of stuff going on inside, including policies and procedures, but they were often kind of soft. And in the centre somewhere, you had your cool data. Advance Persistence Threats and Zero Day Attacks are the most vigilant Cyber attacks that most of the Global companies face in modern day. Since these are targeted attacks and well planned for a number of years, it may be a difficult task for organizations to protect their vital information assets. Classic example was the recent Java Zero-Day Attack as when they run, they could crash your browser and give you a feeling that something is wrong, this attack really works silently, so are we prepared and aware that these latest threats, having said that if the proper IT Security Review Processes and Procedures are in correct place these kind of attacks can be minimized to a certain extent.

Q: In your experience, what examples can you give for corporate that have crashed due to poor information security management?

A: According to my experience, is that one of the most critical aspects would be due to lack of security reviews not been performed after a new system goes live in their Infrastructure. Also Separation of duties (SoD) will be a key fact when dealing with critical systems. Segregation of duties contributes to an organization's system of checks and balances. Last but not least, the software development life cycle, or SDLC, encompasses all the steps that an organization follows when it develops software tools or applications. Organizations that incorporate security in the SDLC benefit from products and applications that are secure by design.

Those that fail to involve information security in the life cycle pay the price in the form of costly and disruptive events.

 

EMAIL |   PRINTABLE VIEW | FEEDBACK

Millennium City
www.apiwenuwenapi.co.uk
LANKAPUVATH - National News Agency of Sri Lanka
www.army.lk
Telecommunications Regulatory Commission of Sri Lanka (TRCSL)
www.news.lk
www.defence.lk
Donate Now | defence.lk

| News | Editorial | Business | Features | Political | Security | Sport | World | Letters | Obituaries |

Produced by Lake House Copyright © 2012 The Associated Newspapers of Ceylon Ltd.

Comments and suggestions to : Web Editor