Roadmap for Achieving Cyber Security - Arab Countries
|
|
- Nora Woods
- 8 years ago
- Views:
Transcription
1 Roadmap for Achieving Cyber Security - Arab Countries المرصد العربي االقليمي لالمن السيبيري Regional Arabic Observatory for Cyber Security Inaugural Meeting of 8 th Febuary 2010 Beriut Lebanon Alaa Al-Din (Aladdin ) Jawad Kadhem Al-Radhi alradhi2000@yahoo.ca alaalradhi@hotmail.com Amman, Jordan,
2 My Slides Vision Profile Final Words Page 2
3 Profile Bachelor Electrical Engineering, College Of Engineering / Baghdad University - Iraq Masters CINS: Computer Information Network Security, DePaul University, Chicago, Illinois, USA Passionate / Advocate of New Horizons: Science, Technology, ICT & Internet for The Best Interests of Humanity, Environment, Education, e-services & Living Conditions Committed to ICT Success Factors & 21 st Century Information / Economic Society Demands, Researches & Promotions Advisory Council Member: PIR: Public Interest Registry Board of Trustees: AKMS: Arab Knowledge & Management Society IGF Ambassador & Global Member: ISOC: Internet Society President: IPv6 Forum Jordan & Iraq Chapters Alumni, ASK & International Contact: DePaul University Chicago, USA / School of CDM: Computing & Digital Media, Fellow: ITU, MENOG, RIPE, ICANN & DIPLO Foundation Member: IEEE, COMSOC, ISCRAM, ICIE, ACS, UN-GAID, JORLA, Internet 2 SIG & EU MED CONNECT 2. Arab Computer Society, Awarded Information Share Winner : ASIS&T: American Society for Information Science & Technology Page 3 3
4 Profile The ONLY real security a person can have in this world = A reserve of knowledge, Intent, experience, ability & action We must NOT only learn but adapt! There is NO answer, but ONLY solutions My Beliefs & Mottos Think Global, Act Local You can NOT gain ground if you are standing still! Page 4
5 Profile My Multi-Disciplinary Works & Themes: What? Main Issue / Topic Security Information Society Emerging Technologies Others Sub-Categories Human, Cyber, Network, Information, Metrics, What Works, Best Practices, Solutions Integrations, Infrastructures, In-Depth, Penetration Testing, GSM, Wireless, Risk Analysis, CERT: Computer Emergency Response Team, IDS/IPS, DNSSEC ( The Foreseen level of DNS Security), Biometrics, Assurance, ISO 27001, Policies, Standards, Architecture, Forensics, ICT4D, Socio-economic, e-gov., e-learning, Digital Divide, Digital Societies, IPv6, DNSSEC, Network Convergence, Sensor Networks, Cloud Computing, Grid Computing, Fiber, Broadband, Internet 2, Web 2.0 / Web 3.0, Cognitive Spectrum, Green IT, Data Centers, Virtualizations, NGN: Next Generations Network, 4G, RFID ( Radio Frequency ID ), Ubiquitous Computing Mind Maps, Thinking Hats, Knowledge Managements Page 5
6 Page 6 Profile My Multi-Disciplinary Works & Themes: (1) With Whom: Multi Global Regional Major: Who ITU ISOC RIPE Internet 2 EU MED 2 PIR IPv6 Forum IEEE ISCRAM ASIS&T Diplo ETSI WSIS EU FP7 MENOG ACS AKMS ASTF Universities Govt.s ISP s IPv6 TF s (2) My Capacity: Researcher Capacity Builder Visionary & Think Tank Advisor & Counselor Outreach & Networking's Instructor & ToT Roadmap Builder Start Actions (1) + (2) = (3) Why: Raise Awareness Technology Transfer Highlight Needs Assessments Evaluations Match-Making Enthusiasm (1) + (2) + (3) = Win-Win : Regional Promotions Stay Abreast Collaborations to global standards Effective Programs that works Technology Transfer to our region
7 The Problem: Internet = a hostile network like the wild-west WITHOUT a sheriff! Page 7
8 Cyber Security Risks comes from: Page 8
9 Cyber Security Risks Types: Page 9
10 Some Today s Alerting Facts (1/2) : Statistics as of 21 Jan DNS, a concrete long belief of Internet Security backbone, have sever flaws. In April 2009, The Internet was about to shut down due to that. Thanks to Dan Kaminsky. Despite DNS being deployed for a decade so far, 80% of global Government Web Sites miss-configure DNS Security! For Private.COM, the related skills are badly needed. DNSSEC (The ONLY viable Solution to DNS threats), is rarely deployed on Country- Level Domains and postponed for Top-Level Domains to end 2010 / Early 2011, as hoped! ( Please see my accompanied DNSSEC Slides). Companies fight ENDLESS war against computer Attacks, as Hackers are getting stronger with sophisticated composite means. They started to use a technique which leave NO trace to follow. Also, whenever an adaptive standardized protection scheme is used by many, the Attacks become more probable! A continuous changes in the Threat schemes. For e.g. DDoS (Distributed Denial of Services) Attacks are back stronger & diverse With Facbook ( & other Social Networking's Sites), the problem get worse where personal data are susceptible to fraud. Page 10
11 Some Today s Alerting Facts (2/2) : Statistics as of 21 Jan Conficker Worm ( which constituted 78% of Internet attacks in 2009) hasn't gone away. It is a foreseen Ghost for Security professionals! Infections of BotNet (Hackers Networks) is increasing with new generations of Zombies with an estimate of a globally distributed Million. They create underground channels. 80% of 1.5 Trillion daily s (worldwide) = Spam + Worms + Viruses + Malware + Spyware, etc! The International Security Defenders keep learning & sharing from a lower ground, while the Attackers keep Coordinated Aggregated Attacks while standing on a higher ground easily! With Cloud Computing adopted gradually & emerging, your data need be concretely protected. With more Wireless Communications deployments, Attacks are getting much easier to its protocols. Page 11
12 What to do when you know the following facts : Every 20 Minutes of any Attack, needs a 36 Hours of analysis ONLY by the best internationally-recognized security experts! When Attack analysis is done, and prepare the counter-measures launching, the Attack method most probably will be changed by Attackers! The current Internet is facing 2 Major flaw issues (Security-Wise): 1. A close depletion (ONLY 9% left on a global level) of current version (IPv4) Internet Operational Protocol. The complete depletion will be somewhere in time between as expected. IPv6 is the ONLY coming solution for IPv4 Scarcity & Security, especially with gradually converged worlds of Telecommunications + Internet. 2. Hijacking of DNS. DNSSEC is the ONLY way ahead. While other countries (USA, EU, China, South East Asia, Latin America) started rushing to overcome (1) & (2), by deploying IPv6 & DNSSEC gradually, our region is still in the baby steps ONLY of related awareness! ONLY Africa is behind us! Page 12
13 ONLY 9% of useable IPv4 address spaces are available Page 13
14 Know your enemy: Attacks Strategy Step1: Disorganizer disrupt transportation networks. Railway, air control, road light traffic, communication networks Step 2: Attacks against the financial systems and against the communications networks. Stock market exchange, telephone networks Step 3: Attacks against resources and services distribution. Water supply, gas distribution, nuclear plants, electricity Hint 1: Did you know that the Internet Revolution have NOT started yet! With Internet 2, IPv6, NGN & Mobile-Internet Convergence SOON AHEAD, are you ready & prepared for what the new Attacks could be? Hint 2 : The power of a country lies in its ability to impose Security Standards + Promptly Receptive to Counter-Measures Reactions. Page 14
15 Cyber Security Challenges ( 1 / 3) Better security strategies & policies Better legal framework & regulations Better systems & processes Better technologies & tools Better skills Better cooperation & networks Better awareness Better Working Together Page 15
16 Cyber Security Challenges ( 2 / 3) The main challenge for national criminal legal systems is the delay between the recognition of potential abuses of new technologies & necessary amendments to the national criminal law. Law-Makers must continuously respond promptly to Internet developments & monitor the effectiveness of existing provisions Specific departments are needed within national law enforcement agencies, which are qualified to investigate potential Cyber Crimes: Computer Emergency Response Teams (CERTs) Computer Incident Response Teams, (CIRTs) Computer Security Incident Response Teams (CSIRTs) The identification of gaps in the penal code. What is considered as an ICT crime in any country, may NOT in another. WITHOUT the international harmonization of national criminal legal provisions, the fight against Trans-National Cyber Crimes run into incompatible national legislations. Developing the right procedures for collecting, analyzing & law-effecting the Digital Evidence Page 16
17 Cyber Security Challenges ( 3 / 3) Enhancing & Regulating the E-Signature Law Page 17
18 Cyber Security Challenges : Legal System ( 1 / 2) There is NO out-of-the-box solution Page 18
19 Cyber Security Challenges : Legal System ( 2 / 2) Page 19
20 Our Cyber Security Objectives: Strategy (1 / 2) The main challenge for our region is finding the Response Strategies & Solutions to the Cyber Crimes threats. It s time for A comprehensive Anti-Cyber Crime Strategy Define & implement the related Technical Measures & Safeguards Any Cyber Security Roadmap must address: A developmental issue because ICT services need secure and reliable networks An economic issue relating to maintaining business continuity & Disaster Recovery A law and enforcement issue to deal with Cyber Crime & criminalizing the misuse of ICTs, A national security issue relating to Critical Information Infrastructure Protection (CIIP). Page 20
21 Our Cyber Security Objectives: Strategy (2 / 2) Identify Government + National participants in Cyber Security CIIP: 1. Identify the ministry/agency. 2. Describe its role(s) in the development of policy & in operations of Cyber Security CIIP related to the economy, national security, & social interaction. 3. Identify a point of contact for each entity & for each significant role. Include private sector perspectives in all stages of the development & implementation of Cyber Security CIIP policy. Establish cooperative arrangements between government & private sector for information sharing & incident management. Identify agency to provide the incident management capability function for watch, warning, response and recovery. Develop procedures & tools for incident management information. Assess and periodically reassess Page 21
22 Our Cyber Security Objectives: Cyber Culture Promotion (1/4) Awareness, Education & Training: Invest + Invest + Invest Collaborative Responsibility: Posters, Tool Kits, etc Response: Ready Security + Forensics Teams Ethics: Conduct of Use, User Acceptable Policy UAP, etc Risk Assessment: Penetration Testing's, Ethical Hacking, Vulnerabilities, etc Security Design, Management & Implementation: Policies, Technical Standards, Operational Roadmaps, Who is doing What, Access Control, IT Audit, etc Scheduled Monitor & Verifications Page 22
23 Our Cyber Security Objectives: Cyber Culture Promotion (2/4) The Risks Management Cycle Page 23
24 Our Cyber Security Objectives: Cyber Culture Promotion (3/4) The Defense In-Depth Approach: Protect All Net Layers Page 24
25 Our Cyber Security Objectives: Cyber Culture Promotion (4/4) The Patch Management Scenario : Protect All Systems Page 25
26 So: What Are Our Priorities? (1) An Eye on the World: Beware closely of What s Happening internationally on Technical, Policies, Implementations & Deployments Tracks: IPv6, DNSSEC, Cyber Agendas, Security Advances, See how related International Expertise is reacting towards needs Domestic problems are linked to other parts of the world With the rapid development of globalization, predicting international instability & achieving, then international security are becoming increasingly difficult. NO country can act alone Transfer International expertise to our region as appropriate. Page 26
27 So: What Are Our Priorities? (2) A 2 nd Eye locally: Attract attention and commitment from Government (politics) & Administration on Information Security Support Administration actions when building capability Create a structured market for professionals & industry The Up-Bottom change scheme, in our region, have the fastest track. Local Governments Policy Makers & Decision Makers are the 1 st target to be approached. Start small locally and then grow regionally. When Governments Potentials take the lead, things will go smother & faster. Lobby a campaign of multi-stakeholders for awareness, study groups, etc See what local Cyber Security Models do exists, What Works? Coordinate Regional Collaborations. Integration is better than Differentiation. Defragmentation is the current scenery! Page 27
28 Our Cyber Security Tasks Sets : (1) General Develop guidelines, planning tools & manuals on Cyber Security technology / policy aspects Develop Local Cyber Security toolkits for policy-makers and other relevant sectors. Develop training materials on technology strategies & technology evolution for the implementation of Cyber Security. Organize workshops, meetings and seminars to address technical, policy, legal and strategy issues for Cyber Security Provide assistance in developing laws & model legislation for Cyber Security prevention Identify Cyber Security requirements and propose solutions for the development of secure ICT applications. Assist in raising awareness and identify key issues to support a culture of Cyber Security, and recommend models of good practice to support ICT applications and minimize Cyber Threats Develop tools to facilitate information sharing on technology and policy issues, and on best practices relating to Cyber Security Page 28
29 Our Security Tasks Sets : (2) Establish Work Groups WG Goal Standards Legal Education & Research CERT Awareness Agency Page 29 Description Define a list of Information Security Standards to be adopted by the Administration Support creating a Information Security System scheme Support the experts representing the all international standardization bodies Identify the weaknesses in legal context Propose necessary evolution to appropriate actors Education = Propose a common official program for universities & High Schools (+ secondary schools) Research = coordinate the activities Establish A country Computer Emergency Response Team Identify audience and messages Prepare and launch campaigns Help creating a country Information Security Agency to provide strategy and coordination
30 Information Security Fields to be addressed Page 30
31 Know your enemy: The Risk Cycle Page 31
32 Know your : Risk Analysis Page 32
33 Know your : IT Risk Assessment (1 / 3) Unknown How to Assess Threat Page 33
34 Know your : IT Risk Assessment (2 / 3) Unknown How to Assess Vulnerability Page 34
35 Know your : IT Risk Assessment (3 / 3) Unknown How to Assess Asset Value Page 35
36 Know your : Asses & Manage Risks Page 36
37 Know Why Needed : Security Policy ( 1/ 2) Page 37
38 Know Why Needed : Security Policy ( 2 / 2) Page 38
39 Operational Security Roadmap Page 39
40 What others are doing for Cyber Security? (1) ITU (1/2) GLOBAL CYBERSECURITY AGENDA (GCA): FOSTERING SYNERGIES & BUILDING PARTNERSHIPS & COLLABORATION BETWEEN ALL RELEVANT PARTIES IN THE FIGHT AGAINST CYBER-THREATS WITHIN FIVE MAIN AREAS: 1. Legal Measures; 2. Technical & Procedural Measures; 3. Organizational Structures; 4. Capacity Building; 5. International Cooperation CHILD ONLINE PROTECTION (COP) CURBING CYBER-THREATS CYBERSECURITY GATEWAY OTHERS: Guidelines, Standards, Conferences, & Study Groups. Page 40
41 What others are doing for Cyber Security? (1) ITU (2/2) Cyber Security Guide for Developing Countries Edition 2007 ITU Publications National Cyber Security / CIIP (Critical Information Infrastructure Protection) Self-Assessment Tool, 2009 TOOLKIT FOR CYBERCRIME LEGISLATION, 2009 UNDERSTANDING CYBERCRIME: A GUIDE FOR DEVELOPING COUNTRIES 2009 Page 41
42 Near -Term Action Plan: 1 / 2 Issued Nov ( White House ) What others are doing for Cyber Security? (2) USA (1 / 6 ) Page 42
43 Near -Term Action Plan: 2 / 2 Issued Nov ( White House ) What others are doing for Cyber Security? (2) USA ( 2 / 6 ) Page 43
44 Mid -Term Action Plan: 1 / 2 Issued Nov ( White House ) What others are doing for Cyber Security? (2) USA ( 3 / 6 ) Page 44
45 Mid -Term Action Plan: 2 / 2 Issued Nov ( White House ) What others are doing for Cyber Security? (2) USA ( 4 / 6 ) Page 45
46 History Informs Our Future - Technology Issued Nov ( White House ) What others are doing for Cyber Security? (2) USA ( 5 / 6 ) Page 46
47 History Informs Our Future - Law Issued Nov ( White House ) What others are doing for Cyber Security? (2) USA ( 6 / 6 ) Page 47
48 What others are doing for Cyber Security? (3) EU (1 / 2) Strategy for a Secure Information Society, Issued Jan Creating a special Agency to share Cyber Security best practices & knowledge, European Network and Information Security Agency (ENISA) The establishment of a High Level ICT standardization policy platform A policy initiative on Critical Information Infrastructure Protection (CIIP) Page 48
49 What others are doing for Cyber Security? (3) EU (2 / 2) Project of Cyber Security Core Elements (Issued 2007 & Updated March 2009) Page 49
50 What others are doing for Cyber Security? (4) Canada Cyber Security Infrastructure Multi-Stakeholders Model Page 50
51 What others are doing for Cyber Security? (5) Malaysia (1/2) Page 51
52 What others are doing for Cyber Security? (5) Malaysia (2/2) Page 52
53 What others are doing for Cyber Security? (6) Tunisia (1 / 3) Page 53
54 What others are doing for Cyber Security? (6) Tunisia (2 / 3) Page 54
55 What others are doing for Cyber Security? (6) Tunisia (3 / 3) Page 55
56 What others are doing for Cyber Security? (7) KSA Page 56
57 Final Words: 5 Mind for the Future of Security Discipline Page 57
58 Knowledge is Like a Garden; if it is NOT Cultivated, it can NOT be Harvested. Page 58
NGN Migration Strategies and Access Modernization. 26 May 2011 Dhaka
Overview of ITU Cybersecurity Activities NGN Migration Strategies and Access Modernization 26 May 2011 Dhaka Sameer Sharma Senior Advisor ITU Regional Office for Asia and the Pacific 1 Agenda Why Cybersecurity?
More informationCybersecurity for ALL
Cybersecurity for ALL An Overview of ITU s Cybersecurity Activities UNECE International Conference on Technological Readiness for Innovationbased Competitiveness 30 in Geneva, Switzerland Christine Sund
More informationCybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU
Cybersecurity Global status update Dr. Hamadoun I. Touré Secretary-General, ITU Cybercrime takes a toll on the global economy - Online fraud, identity theft, and lost intellectual property; - On governments,
More informationOverview of ITU Cybersecurity Activities
Overview of ITU Cybersecurity Activities Workshop on NGN Regulation & Migration Strategies 13 & 15 October 2010 New Delhi, India Sameer Sharma Senior Advisor ITU Regional Office for Asia and the Pacific
More informationCyber security Country Experience: Establishment of Information Security Projects.
Cyber security Country Experience: Establishment of Information Security Projects. Mr. Vincent Museminali vincent.museminali@rura.rw Internet and New media regulations Rwanda Utilities Regulatory Authority
More informationITU National Cybersecurity/CIIP Self-Assessment Tool
ITU National Cybersecurity/CIIP Self-Assessment Tool ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector April 2009 Revised Draft For
More informationITU Global Cybersecurity Agenda (GCA)
International Telecommunication Union ITU Global Cybersecurity Agenda (GCA) Framework for International Cooperation in Cybersecurity ITU 2007 All rights reserved. No part of this publication may be reproduced,
More informationCyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in
Cyber Security & Role of CERT-In Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in Web Evolution Web Sites (WWW) 1993 Web Invented and implemented 130 Nos. web sites 1994 2738 Nos.
More informationCountry Case Study on Incident Management Capabilities CERT-TCC, Tunisia
Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework
More informationaecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA
aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA Agenda Introduction aecert Vision & Mission The need to establish a UAE National CERT Constituent Framework & Service Catalog National
More informationITU GLOBAL CYBERSECURITY AGENDA AND CHILD ONLINE PROTECTION. International Telecommunication Union
ASIA-PACIFIC TELECOMMUNITY The Thirteenth South Asian Telecommunications Regulators Council (SATRC-13) Document SATRC-13/INF-03 18 20 April 2012, Kathmandu, Nepal 18 April 2012 ITU GLOBAL CYBERSECURITY
More informationInternet Security and Resiliency: A Collaborative Effort
Internet Security and Resiliency: A Collaborative Effort Baher Esmat Manager, Regional Relations Middle East MENOG 4 Manama, 9 April 2009 1 WHAT IS THIS PRESENTATION ABOUT? ICANN s effort in enhancing
More informationReinvigorating National Telecommunication Training and Research Institutes for Innovation Topic: Models and Funding
Reinvigorating National Telecommunication Training and Research Institutes for Innovation Topic: Models and Funding By Ms. Sudaporn Vimolseth Vice President, TOT Academy TOT Public Company Limited 1 Agenda
More informationWhat legal aspects are needed to address specific ICT related issues?
What legal aspects are needed to address specific ICT related issues? Belhassen ZOUARI CEO, National Agency for Computer Security, Tunisia Head of the Tunisian Cert (tuncert), E-mail : b.zouari@ansi.tn
More informationCybersecurity Initiatives
Port Vila, 20 November 2014 The Government of The Republic of Vanuatu Cybersecurity Initiatives Telecommunications & Radiocommunications Regulator By Louise Nasak, Technical and Internet Governance Manager,
More informationRegional Seminar on Cyber Preparedness ITU s work in Cybersecurity and Global Cybersecurity Index (GCI)
Regional Seminar on Cyber Preparedness Organised by World Bank Group, Financial Sector Advisory Center (FINSec) ITU s work in Cybersecurity and Global Cybersecurity Index (GCI) Vijay Mauree Programme Coordinator,
More informationDeclaration of Principles of the World Summit. Tunis in 2005 adopted by Heads of States and Governments stated that:
3 rd EAIGF (2010 EAIGF) rd EAIGF 11 TH 13 TH AUGUST 2010, KAMPALA, UGANDA SECURITY MANAGEMENT IN EAST AFRICA: The East Africa Communications Organizations (EACO) Region Experience Michael K. Katundu Assistant
More informationITU Cybersecurity Work Programme to Assist Developing Countries 2007-2009
ITU Cybersecurity Work Programme to Assist Developing Countries 2007-2009 ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Sector December
More informationINTERNATIONAL TELECOMMUNICATION UNION
INTERNATIONAL TELECOMMUNICATION UNION TELECOMMUNICATION STANDARDIZATION SECTOR STUDY PERIOD 2009-2012 English only Original: English Question(s): 4/17 Geneva, 11-20 February 2009 Ref. : TD 0244 Rev.2 Source:
More informationPolicies and Practices on Network Security of MIIT
2011/TEL43/SPSG/WKSP/004 Policies and Practices on Network Security of MIIT Submitted by: China Workshop on Cybersecurity Policy Development in the APEC Region Hangzhou, China 27 March 2011 Policies and
More informationResearch Topics in the National Cyber Security Research Agenda
Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber
More informationCyber Security @ ITU. By Tomas Lamanauskas, ITU
Cyber Security @ ITU By Tomas Lamanauskas, ITU ITU Overview Founded in 1865 UN Specialized Agency for ICTs HQs in Switzerland 4 Regional Offices & 7 Area Offices 193 Member States; 750 Sector Members and
More informationEC-Council. Certified Ethical Hacker. Program Brochure
EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional
More informationCERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency
CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency I. Alarming call for cooperation with ISPs Slammer Worm Spread most of vulnerable SQL servers
More informationNetwork Security. MENOG 4/RIPE NCC Regional Meeting, Manama, Bahrain 9 April 2009
Network Security MENOG 4/RIPE NCC Regional Meeting, Manama, Bahrain 9 April 2009 Alaa Al-Din (Aladdin ) Jawad Kadhem Al-Radhi : Consultant Engineer and Researcher Masters CINS Computer Information Network
More informationCybersecurity @ ITU. Carla Licciardello Policy Analyst Carla.licciardello@itu.int. www.itu150.org
Cybersecurity @ ITU Carla Licciardello Policy Analyst Carla.licciardello@itu.int www.itu150.org Where are we coming from Specialized agency of the UN for telecommunications and ICTs Some more info about
More informationIncident Management ITU Pillars & Qatar Case Study Michael Lewis, Deputy Director
Incident Management ITU Pillars & Qatar Case Study Michael Lewis, Deputy Director 2 Thanks To the ITU for sponsoring the initiative ictqatar has worked closely with the ITU-D since the project s inception,
More informationSymantec Cyber Threat Analysis Program Program Overview. Symantec Cyber Threat Analysis Program Team
Symantec Cyber Threat Analysis Program Symantec Cyber Threat Analysis Program Team White Paper: Symantec Security Intelligence Services Symantec Cyber Threat Analysis Program Contents Overview...............................................................................................
More informationNational Cybersecurity Management System: Framework, Maturity Model and Implementation Guide
National Cybersecurity Management System: Framework, Maturity Model and Implementation Guide Taieb DEBBAGH, PhD, CISA Secretary General Ministry of Industry, Trade and New Technologies, Morocco ITU Regional
More informationDNS Security Survey for National Computer Security Incident Response Teams December 2010
DNS Security Survey for National Computer Security Incident Response Teams December 2010 Summary As referenced during the ICANN meeting in Brussels, Belgium in June 2010, ICANN developed a survey on DNS
More informationThe Importance of a Multistakeholder Approach to Cybersecurity Effectiveness
The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness Abstract Area: ROADMAP FOR THE FURTHER EVOLUTION OF THE INTERNET GOVERNANCE ECOSYSTEM Entitled by: Cristine Hoepers, Klaus Steding-Jessen,
More informationLith Networking and Network Marketing Safety
DIRECTION TO SUCCESS. PUBLIC AND PRIVATE SECTORS PARTNERSHIP WSIS Action Line Facilitation Meeting: Building confidence and security in the use of ICTs (C5) Partnerships for Global Cybersecurity ITU Geneva,
More informationCAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia
CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY by Sazali Sukardi Vice President Research CyberSecurity Malaysia SCOPE INTRODUCTION CYBER SECURITY INCIDENTS IN MALAYSIA CAPACITY BUILDING The Council For
More information(BDT) BDT/POL/CYB/Circular-002. +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int
2011 15 (BDT) BDT/POL/CYB/Circular-002 +41 22 730 6057 +41 22 730 5484 cybersecurity@itu.int 2008 2010 2010 International Telecommunication Union Place des Nations CH-1211 Geneva 20 Switzerland Tel: +41
More informationCouncil 2014 Geneva, 6-15 May 2014
Council 2014 Geneva, 6-15 May 2014 Agenda item: PL 1.1 Document 10 February 2014 Original: English Report by the Secretary- General ITU ACTIVITIES ON STRENGTHENING THE ROLE OF ITU IN BUILDING CONFIDENCE
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationThe Information Security Problem
Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify
More informationLegislative Council Panel on Information Technology and Broadcasting. Information Security
For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest
More informationNetwork security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece
Network security policy issues Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece 1 Sample Agenda Slide 1 The current threat landscape 2 IT security and policy leadership 3 The EU
More informationSome Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org
Some Perspectives On Cybersecurity Shernon Osepa Manager Regional Affairs Latin America & Caribbean www.internetsociety.org Agenda What is the Internet Society (ISOC) On the IETF Cyber Security Themes
More informationPrivacy and Security in Healthcare
5 th 5 th th National HIPAA Summit National Strategy to Secure Cyberspace Privacy and Security in Healthcare October 31, 2002 Andy Purdy Senior Advisor, IT Security and Privacy The President s Critical
More informationCyber Security and Critical Information Infrastructure
Cyber Security and Critical Information Infrastructure Dr. Gulshan Rai Director General Indian Computer Emergency Response Team (CERT- In) grai [at] cert-in.org.in The Complexity of Today s Network Changes
More informationENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency
ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The
More informationQatar Computer Emergency Team
Cyber Security Division Qatar Computer Emergency Team An initiative Introduction Qatar aims to fully exploit information and communications technology to become one of the most successful knowledge-based
More informationCommonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation
Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationCyber Security a Global Challenge; What and how Thailand is doing
Cyber Security a Global Challenge; What and how Thailand is doing Pansak SIRIRUCHATAPONG Executive Director National Electronics and Computer Technology Center February 19, 2009 1 Global IT Security Market
More informationCybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI
Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI UNICRI s Main Goals The United Nations Interregional Crime and
More informationCyber Security Recommendations October 29, 2002
Cyber Security Recommendations October 29, 2002 Leading Co-Chair (Asia/Oceania) Co-Chair (Americas) Co-Chair (Europe/Africa) Dr. Hiroki Arakawa Executive Vice President NTT Data Corporation Richard Brown
More informationNew challenges in Data privacy.
New challenges in Data privacy. Zdravko Stoychev, CISM CRISC Information Security Officer Alpha Bank Bulgaria branch South East European Regional Forum on Cybersecurity and Cybercrime, 2013 11-13 Nov 2013
More informationInternational Training Program 2011 ITU Global Cybersecurity Agenda
International Training Program 2011 ITU Global Cybersecurity Agenda Sameer Sharma Key Cybersecurity Challenges Lack of adequate and interoperable national or regional legal frameworks Lack of secure software
More information(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework
(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U//FOUO) The United States lacks a comprehensive strategic international policy framework and coordinated engagement
More informationITU-IMPACT Training and Skills Development Course Catalogue
ITU-IMPACT Training and Skills Development Course Catalogue Management Track Technical Track Course Area Management Incident Response Digital Forensics Network Application Law Enforcement Foundation Management
More informationHelmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com
Promoting a Cybersecurity Culture: Tunisian Experience ITU Regional Cybersecurity Forum for Eastern and Southern Africa Lusaka, Zambia, 25-28 August 2008 Helmi Rais CERT-TCC Team Manager National Agency
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationSRO-EA s Cyber security Initiatives in Eastern Africa
UNECA Sub Regional Office For Esatern Africa SRO-EA 2010 EAIGF 11-13 August 2010, Kampala, Uganda SRO-EA s Cyber security Initiatives in Eastern Africa Mr Mactar SECK United Nations ECA SRO- EA Key Categories
More informationCyberSecurity Solutions. Delivering
CyberSecurity Solutions Delivering Confidence Staying One Step Ahead Cyber attacks pose a real and growing threat to nations, corporations and individuals globally. As a trusted leader in cyber solutions
More informationIntroduction of the GCCD. (Global Cybersecurity Center for Development)
Introduction of the GCCD (Global Cybersecurity Center for Development) Contents Ⅰ Ⅱ Ⅲ Ⅳ Ⅴ Ⅵ Ⅶ Background Vision Roles and Responsibilities Organizational Structure and Facilities Partnership Plan GCCD
More informationDeveloping and Enhancing Cyber Security Capabilities in the Region. Khaled Gamo Technology Advisor Ministry of communication and informatics
Developing and Enhancing Cyber Security Capabilities in the Region Khaled Gamo Technology Advisor Ministry of communication and informatics 1 Content 1 2 3 Cyber Security Strategy and Key Requirement Efforts
More informationFIGHTING FRAUD ON 4G. Neutralising threats in the LTE ecosystem
FIGHTING FRAUD ON 4G Neutralising threats in the LTE ecosystem TABLE OF CONTENTS Introduction...3 New and Old Vulnerabilities...4 Identity Management...5 A Unified Response...6 Data Mining...7 An Evolving
More informationCyber security Indian perspective & Collaboration With EU
Cyber security Indian perspective & Collaboration With EU Abhishek Sharma, BIC IAG member, On behalf of Dr. A.S.A Krishnan, Sr. Director, Department of Electronics & Information Technology Government of
More informationCyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist
Cyber- Attacks: The New Frontier for Fraudsters Daniel Wanjohi, Technology Security Specialist What is it All about The Cyber Security Agenda ; Protecting computers, networks, programs and data from unintended
More informationMicrosoft s cybersecurity commitment
Microsoft s cybersecurity commitment Published January 2015 At Microsoft, we take the security and privacy of our customers data seriously. This focus has been core to our culture for more than a decade
More informationDefending Against Data Beaches: Internal Controls for Cybersecurity
Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity
More informationTop tips for improved network security
Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a
More informationCYBER SECURITY, A GROWING CIO PRIORITY
www.wipro.com CYBER SECURITY, A GROWING CIO PRIORITY Bivin John Verghese, Practitioner - Managed Security Services, Wipro Ltd. Contents 03 ------------------------------------- Abstract 03 -------------------------------------
More informationOffice of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS)
Office of Emergency Communications (OEC) Mobile Applications for Public Safety (MAPS) PSCR Public Safety Broadband Stakeholder Conference June 4 th, 2014 Alex Kreilein Technology Policy Strategist Office
More informationSubmission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review
Submission of the.au Domain Administration Ltd (auda) to the Australian Government's Cyber Security Review About auda.au Domain Administration Ltd (auda) is the industry self regulatory, not for profit
More informationCyber Security Strategy(Information Security Policy Council, June 10, 2013)
Environmental Change Vision to aim as a Goal Basic Principles Cyber Security Strategy(Information Security Policy Council, June 10, 2013) Areas of Efforts Increasing severity of the risk surrounding cyberspace
More informationFast overview about the CERT-TCC. Helmi Rais CERT-TCC Team Manager Helmi.rais@ansi.tn
Fast overview about the CERT-TCC Helmi Rais CERT-TCC Team Manager Helmi.rais@ansi.tn Les IT en Tunisie: Quelques Statistiques Les IT en Tunisie: Quelques Statistiques a fast Historical Overview end 1999
More informationNational Cyber Security Strategy of Afghanistan (NCSA)
Islamic Republic of Afghanistan Ministry of Communications and IT National Cyber Security Strategy of Afghanistan (NCSA) Prevention Protection Safety Resiliency AUTHOR VERSION CONTROL DATE ZMARIALAI WAFA
More informationSupporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security
Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security www.enisa.europa.eu European Union Agency for Network and Information
More informationICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17
ICT Security Cybersecurity CYBEX Overview of activities in ITU-T with focus on Study Group 17 TSB Briefing to the Regional Offices, 28 Feb 2011 Martin Euchner Advisor of ITU-T Study Group 17 Martin.Euchner@itu.int
More informationBreakout Session B: Cyber Security and Cybercrime Trends in Africa
Breakout Session B: Cyber Security and Cybercrime Trends in Africa Global Forum for Cyber Expertise Awareness Initiative The African Union, Symantec, and the U.S. Department of State committed to develop
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationEvolution of Cyber Security and Cyber Threats with focus on Cloud Computing
Evolution of Cyber Security and Cyber Threats with focus on Cloud Computing Igor Nai Fovino-Head of Research GCSEC The last two years will surely enter in the history of IT Security. 2010 was the year
More informationExpert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED. 25-27 March 2015
Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED 25-27 March 2015 Cyber Security Challenges & Capacity Building By Marco Obiso International
More informationthe Council of Councils initiative
Author: Andrea Renda, Senior Research Fellow, Centre for European Policy Studies May 3, 2013 Editor's note: This brief is a feature of the Council of Councils initiative, gathering opinions from global
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationAddress C-level Cybersecurity issues to enable and secure Digital transformation
Home Overview Challenges Global Resource Growth Impacting Industries Address C-level Cybersecurity issues to enable and secure Digital transformation We support cybersecurity transformations with assessments,
More information19th Annual FIRST Conference
Tunisia s experience in establishing the first public CSIRT in Africa, as a case example for developing countries, and some guidelines and schemes for International cooperation Prof Nabil SAHLI, Header
More informationCyber security trends & strategy for business (digital?)
Cyber security trends & strategy for business (digital?) Presentation by Anwer Yusoff Head, Industry & Business Development C y b e r S e c u r i t y M a l a y s i a NATIONAL CYBERSECURITY TECHNICAL SPECIALIST
More informationPacific Islands Telecommunications Association
Pacific Islands Telecommunications Association 8 th Fl, Dominion Hse PHONE : (679) 331 1638 PO BOX 2027, Govt Bldg FAX : (679) 330 8750 SUVA, FIJI Islands E-mail: pita@connect.com.fj www.pita.org.fj INVITATION
More informationProject 2020: Preparing Your Organization for Future Cyber Threats Today
Project 2020: Preparing Your Organization for Future Cyber Threats Today SESSION ID: CLE-T08 Ken Low CISSP GSLC Director of Cybersecurity Programs, Asia Pacific TREND MICRO 2 PROJECT 2020 An initiative
More informationCyber Adversary Characterization. Know thy enemy!
Cyber Adversary Characterization Know thy enemy! Brief History of Cyber Adversary Modeling Mostly Government Agencies. Some others internally. Workshops DARPA 2000 Other Adversaries, RAND 1999-2000 Insider
More informationAs global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended
As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended Global Cybercrime has an estimated cost of US$ 110 Billion per year Every second, 18 adults become a
More informationInformation Security Summit 2005
Information Security Summit 2005 Forensically Sound Information Security Management in a Risk Compliance Era Keynote Opening Address by Mr. Howard C Dickson Government Chief Information Officer Government
More informationBellevue University Cybersecurity Programs & Courses
Undergraduate Course List Core Courses: CYBR 250 Introduction to Cyber Threats, Technologies and Security CIS 311 Network Security CIS 312 Securing Access Control CIS 411 Assessments and Audits CYBR 320
More informationNational Cybersecurity & Communications Integration Center (NCCIC)
National Cybersecurity & Communications Integration Center (NCCIC) FOR OFFICIAL USE ONLY NCCIC Overview NCCIC Overview The National Cybersecurity and Communications Integration Center (NCCIC), a division
More informationProtecting critical infrastructure from Cyber-attack
Protecting critical infrastructure from Cyber-attack ACI-NA BIT Workshop, Session 6 (Cybersecurity) Long Beach, California October 4, 2015 Ben Trethowan Aviation Systems & Security Architect The scale
More informationUK Networks & Security An Overview. Dr Andrew Powell, ENISA Workshops on CERTs in Europe, 29 May 2008
UK Networks & Security An Overview Dr Andrew Powell, ENISA Workshops on CERTs in Europe, 29 May 2008 Objectives The structure of your public communication networks The threat landscape these networks face
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationGuiding principles for security in a networked society
ericsson White paper Uen 307 23-3230 February 2014 Guiding principles for security in a networked society The technological evolution that makes the Networked Society possible brings positive change in
More informationENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012
ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was
More informationPRINCIPLES AND PRACTICE OF INFORMATION SECURITY
PRINCIPLES AND PRACTICE OF INFORMATION SECURITY Protecting Computers from Hackers and Lawyers Linda Volonino, Ph.D. Canisius College Stephen R. Robinson Verity Partners, LLC with contributions by Charles
More informationRWANDA CONTRIBUTION TO CWG-INTERNATIONAL INTERNET RELATED PUBLIC POLICY ISSUES.
RWANDA CONTRIBUTION TO CWG-INTERNATIONAL INTERNET RELATED PUBLIC POLICY ISSUES. (Ref: CL-13/168 of 22 November 2013) 1.0. Introduction Since 2000, the Government of Rwanda (GoR) embarked on a 20 year journey
More informationWhat Directors need to know about Cybersecurity?
What Directors need to know about Cybersecurity? W HAT I S C YBERSECURITY? PRESENTED BY: UTAH BANKERS ASSOCIATION AND JON WALDMAN PARTNER, SENIOR IS CONSULTANT - SBS 1 Contact Information Jon Waldman Partner,
More information