1 INFORMATION SECURITY AWARENESS & TRAINING PROGRAM By Serah Francis MSc Student, Gjøvik University, Norway ISES Member IFIP TC3 ISES Project
2 INTRODUCTION Africa has 167 million Internet Users and is estimated that by 2025, that figure will raise to 600 million Internet users and 360 million smartphones In 2013, Internet contribution $18 billion and is estimated to be $300 billion in Every second, 18 adults become a victim of cybercrime, resulting in more than 1.5 million cybercrime victims each day on a global level
3 CRIME theft of personal data fraud inside threats abuse on children Inside threats terrorism.
4 In 2012, banks in Kenya, Rwanda, Uganda, Tanzania and Zambia alone lost US$245 M to fraud Same year, a South African Bank lost $6.7 million when two of their employees account were hacked In 2013 South Africa was identified as one of the countries hosting more than average rate of phishing sites, and 70% of its citizens were victim of cybercrme compared to 50% globally Last year, 5,000 Kenyan Facebook users lost million of shillings through a hacking scam
5 CRIME FACILITATORS Fast Internet Connection Increase of mobile devices High rate of unemployment, Lack of national databases to track criminals, Growth of e-government initiatives and e-commerce, Use of unsecure or outdated hardware and software
7 IMPORTANCE OF INFORMATION SECURITY AWARENESS & TRAINING PROGRAM Makes individual aware of their responsibilities in relation to information security Allows them to recognize IT security concerns and respond accordingly Provide a focal point and a driving force for a range of awareness, training and educational activities related to information security. Security is everyone s responsibility.
8 WHY SECURITY AWARENESS IMPORTANT FOR AFRICA For developing nations, ICT is a key component in improving the quality of life and participation in global economic activities. It provides opportunities for people with basic services such as e-banking, e-health, e-commerce and e-learning etc. Important that all users understand the risks of being online and the impacts of not using best practices. Failure to recognize the above could limit their use of internet services due to lack of trust and confidence
9 KEY CHALLENGES Shortage of information security professionals and skills Lack of basic awareness among users. Lack of knowledge/knowhow of importance of ICT Security. Lack of secure software and ICT-based applications. Lack of effective legislations and regulations Lack of collaboration between public, private, experts, academia and international organisations.
10 IT SECURITY LEARNING MODEL (1) Target Group Public Citizens IT Security Awareness Private Technical Admins.
11 IT SECURITY LEARNING MODEL (2) Four Level approach: Awareness Designed to be presented to all users to focus their attention on security Intended to allow individual to recognize IT security concerns and respond accordingly It is a foundation of a good Information Security Awareness & Training program Training Strives to produce relevant and needed security skills and competencies Builds upon information gathered from awareness presentations
12 IT SECURITY LEARNING MODEL (3) Education Education and Experience level focuses on developing the ability and vision to perform complex multi-discplinary activities and skills needed to further the IT security profession and to keep pace with threat and technicies Strives to produce IT security specialists and professionals capable of vision and proactive response Professional Development Intended to ensure that users posses a required level of knowledge and competence necessary for their roles Validation of skills typically through certification
13 AWARENESS Ensure upper management support Establish a policy Assign responsibility (CIO) Needs assessment Develop Awareness and Training Materials Implementation of the program Update and monitor program
14 AWARENESS -EXAMPLES OF TOPICS COVERED Undersanding the key concepts relating to the importance of secure information Protect computer and mobile devices from malware and unauthorised access Adopt safe habits of using securely, social networks, and surfing the Web Back Up and restore data approariately and safely Secure dispose of data and device
15 AWARENESS DELIVERY MODEL & EXAMPLES Partnership with Private Organisations, Education Institutions and NGOs Delivery through Social Media, T.V, Radio, Cybercafe, Digital Centres, Mobile Cinema & Posters, government & private websites Examples Get Safe Online - https://www.getsafeonline.org/ - UK Stop Think Connect - - US Slettmeg.no (("deleteme.no) - https://norsis.no/ -Norway Cyberstreetwise - https://www.cyberstreetwise.com/ - Soho, UK ENISA Cyber Security Month https://cybersecuritymonth.eu/ Kids Online -
16 GOALS OF TRAINING To produce relevant skills & competence Important: Needs assesment to identify those individual with significant IT security responsibilities Each user may need specific training for their job Specific training programs may be tailored to specific organisations or systems e.g. Healthcare, Legal System Training can be delivered by Online or Live Instructor
17 TRAINING - TARGET GROUPS Users Citizens with varying age and technical knowledge who use ICTs for personal use anywhere outside their work environment. All organisations personnel, Mid-level managers, Executive management & System administrators Third party Partners, suppliers, consultant contracted to perform work in an organisation.
18 PROPOSAL FOR AFRICA (1) Align education system to include Information Security courses Raise Security Awareness using ways and methods fit for Africa Specialized Skills Training in Information Security could be established through local ICT Hubs or Computer Science Departments in public universities. This could lead to Train the Trainer courses and can be facilitated through Public Partnership,African CERT and NGO s based in Africa.
19 PROPOSAL FOR AFRICA (2) ECDL: Many African countries have adopted ECDL (ICDL) to promote digital literacy and ICT skills ECDL program is designed as an entry-level computer certification to demonstrate competence in computer use The program offers a range of IT modules and IT Security for basic skills Accredited Test Centres which currently numbers more than 500, and now spans 22 territories in Sub-Saharan Africa.
20 CONCLUSION Educating Internet users to be safer and more secure requires collaboration and effort from government agencies, private organisation, academia, civil society and users. No government agency can reach everyone or provide all the necessary requirements on it s own. The infrastructure of the internet is complex and requires all stakeholders to work together towards a common goal. Educating Internet users to be safer and more secure also gives them the trust and confidence in the use of ICTs and especially the more vulnerable people in our communities. There is an urgent need for a more coordinated and effective action in promoting IT Security Awareness & Training program across Africa and the rest of the world
21 REFERENCES Books Managing an Information Security and Privacy Awareness and Training Program ISBN Standards and Guidance NIST SP Building an IT Security Awareness and Training Program
The National Cyber Security Strategy Our Forward Plans December 2013 1 The UK Cyber Security Strategy Report on progress December 2013 Our Forward Plans Two years have passed since we first set out our
ICC CYBER SECURITY GUIDE FOR BUSINESS ICC CYBER SECURITY GUIDE FOR BUSINESS Acknowledgements The ICC Cyber security guide for business was inspired by the Belgian Cyber security guide, an initiative of
Qatar National Cyber Security Strategy MAY 2014 i ii TABLE OF CONTENTS FOREWORD... v EXECUTIVE SUMMARY... vi 1. INTRODUCTION...1 2. THE IMPORTANCE OF CYBER SECURITY TO QATAR...3 2.1 Threats... 3 2.2 Challenges...
November 10 2 About ENISA The European Network and Information Security Agency (ENISA) is an EU agency created to advance the functioning of the internal market. ENISA is a centre of excellence for the
E N V I R O N M E N T A L S C A N CYBERSECURITY Los Angeles and Orange Counties J U N E 2 0 1 2 E N V I R O N M E N T A L S C A N CENTER OF EXCELLENCE Los Angeles and Orange Counties Audrey Reille, Director
Information Security Outreach and Awareness Program July 8, 2011 Established by the Information Security Policy Council Table of contents 1. Preface... 3 2. People and enterprise awareness of information
Big Data Strategy Issues Paper MARCH 2013 Contents 1. Introduction 3 1.1 Where are we now? 3 1.2 Why a big data strategy? 4 2. Opportunities for Australian Government agencies 5 2.1 What the future looks
WHITE PAPER Cybersecurity in Modern Critical Infrastructure Environments SECURE-ICS Be in Control Securing Industrial Automation & Control Systems This document is part of CGI s SECURE-ICS family of cyber
2014 2017 Cyber Security Strategy Ministry of Economic Affairs and Communication 2014 TABLE OF CONTENTS Introduction... 2 1. Analysis of current situation... 2 1.1. Sectoral progress... 2 1.2. Trends...
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES AliMaqousi 1, TatianaBalikhina 1, Michael Mackay 2 1 Petra University, Faculty of Information Technology, Jordan firstname.lastname@example.org,
mhealth and the EU regulatory framework for medical devices 1 2 Introduction European healthcare systems face major challenges, including ageing populations and the growing incidence of chronic diseases,
CYBERSECURITY WORKFORCE DEVELOPMENT MATRIX RESOURCE GUIDE October 2011 CIO.GOV Workforce Development Matrix Resource Guide 1 Table of Contents Introduction & Purpose... 2 The Workforce Development Matrix
UNITED REPUBLIC OF TANZANIA MINISTRY OF EDUCATION AND VOCATIONAL TRAINING (MoEVT) INFORMATION & COMMUNICATION TECHNOLOGY (ICT) POLICY FOR BASIC EDUCATION Dar es Salaam July 2007 ICT for Improved Education
The National Cloud Computing Strategy May 2013 dbcde.gov.au/cloud nbn.gov.au Commonwealth of Australia 2013 The material in this paper is licensed under a Creative Commons Attribution 3.0 Australia license,
European Month of Network and Information Security for All A feasibility study November 2011 About ENISA The European Network and Information Security Agency (ENISA) is a European Union (EU) agency which
Reducing the Cyber Risk in 10 Critical Areas Information Risk Management Regime Establish a governance framework Enable and support risk management across the organisation. Determine your risk appetite
For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest
White paper Secure Cloud Services: An Integrated Approach Edition October 2013 Whitepaper Information Management Secure Cloud Services: An Integrated Approach Edition October 2013 Copyright 2013 EXIN All
Cyber Security: Designing and Maintaining Resilience White paper presented by: Georgia Tech Research Institute Cyber Technology and Information Security Laboratory Dr. George A. Wright Chief Engineer Terrye
110101001101101101010011000 11011010100110110101001100 11011010011011010100110000 10100110110101001100010010 Protecting Information The Role of Community Colleges in Cybersecurity Education A Report from
Consumers, the health system and health literacy: Taking action to improve safety and quality Consultation Paper June 2013 Commonwealth of Australia 2013 This work is copyright. It may be reproduced in
Getting it right for children and young people who present a risk of serious harm Meeting Need, Managing Risk and Achieving Outcomes 1 Contents Introduction Pg 3 Definitions Pg 5 Background Pg 8 Self Assessment
Cyber Security Capability Maturity Model (CMM) - Pilot Global Cyber Security Capacity Centre University of Oxford 12/15/2014 1 Table of Contents Introduction... 3 Cyber Security Capability Maturity Model...