Vijay Mauree Manager Planning, Research & Development and CERT-MU National Computer Board

Transcription

1 Vijay Mauree Manager Planning, Research & Development and CERT-MU National Computer Board

2 Presentation Outline Introduction Enforcement National Co-ordination for Cyber Security Information Security in Government Incident Response CERT-MU : Mission and Objectives CERT-MU Services Achievements Critical Information Infrastructure Protection ISO Information Security Standard at National Level National Information Security Awareness Challenges

3 Introduction National Information Security Strategy Endorsed by Government in Projects including CERT-MU, National PKI Legislations Amendments: Data Protection, Electronic Transactions New: Child Online Safety, Spam Control ISO and other information security standards Critical Information Infrastructure Protection Policy

4 Enforcement Data Protection Office Aegis of Prime Minister s Office Data Protection Act 2004 Operational since 2007 Enables us to exercise the right to know what personal data is held about us, and to ensure that these data are used in accordance with the law.

5 Enforcement Police Cybercrime Unit / Police IT Unit Aegis of Police / Prime Minister s Office Handles all Cybercrimes reported Help in enforcing laws pertaining to ICT Computer Misuse and Cyber Crime Act 2003 Information & Communication Technology Act 2001 Copyright Act 1997 Electronic Transaction Act 2000

6 National Co-ordination for Cyber Security National Cybercrime Prevention & Protection Committee Aegis of ICT Authority set up in October 2009 advice for and support the promotion of a national culture of cyber-security to minimise cybercrimes facilitate the establishment of international cooperation on cybercrimes enhance national approach for combating cybercrimes in coordination with the law enforcement communities

7 Information Security in Government IT Security Unit Aegis of Ministry of ICT since 2004 Implement Government policies in regard to IT Security Assist Ministries/Departments in the implementation of security standards Disseminate information on IT security Carry out security audits Advise Ministries and Department on IT Security aspects Chairs the IT Security Committee

8 Incident Response CERT- MU Aegis of National Computer Board MoU with Indian CERT National CERT operational since May 2008 Central coordination of information security incidents Handle security incidents and monitor security problems occurring within public / private sectors Guidance to providers of critical information infrastructure to adopt best practices in information security Warn and educate systems administrators and users about latest information security threats and suggest countermeasures by means of information dissemination

9 CERT-MU: Mission To enhance the security of Mauritius; information and communications infrastructure through effective collaboration and communication with all stakeholders

10 CERT-MU: Objectives Serve as a central point for responding to computer security incidents Create awareness on security issues through dissemination of information Increase awareness and understanding of information security and computer security issues Tracing of latest information on cyber security threats and alerting user community Publishing white papers on computer security aspects including security guidelines

11 CERT-MU: Services (Reactive) Act as a single point of contact for reporting cyber security incidents in Mauritian cyberspace Assist its constituency and general computing community in preventing and handling computer security incidents Share information and lessons learned with other CERTs Assistance for implementation of ISO 27001

12 CERT-MU: Services (Proactive) Collection, correlation and analysis of information on Information security threats Issue security guidelines Vulnerability analysis and response Risk Analysis Collaboration with vendors and ISPs Free Vulnerability Scan

13 Achievements

14 Critical Information Infrastructure Protection (CIIP) 2002 : UN Resolution 57/239 Member states to address elements to establish a culture of cybersecurity 2003: Geneva WSIS Action Line C5 Member states to have a framework to manage information security risks especially for critical sectors 2003 : UN Resolution 58/199 Member states to develop strategies for reducing risks to critical information infrastructures 14

15 Critical Information Infrastructure Protection Framework(CIIP) Objective : Minimise the nation wide impact of information security disruptions through Clear leadership for information security risk management national level Development of capabilities for responding to information security incidents impacting critical infrastructures Promoting the adoption of industry best practices and standards for the protection of information infrastructures

16 Promote adoption of Information Security Standards at National level As part of its strategy to promote the adoption of Information Security Standards in Parastatals, CERT-MU has organised trainings & workshops on Information Security Management Systems based on ISO standards. The details are follows: 1. A 5-day training on ISMS implementation leading to the STQC- Certified Information Security Professional from 25 th 29 th May A 1-day Workshop on ISMS awareness and implementation to be delivered by STQC-India representatives on 1 st June A 6-day ISO/IEC Lead Auditor Training (IRCA Certified) from 29 th May 5 th June Workshop on ISO Information Security on 3 rd of December 2009

17 National Information Security Awareness National Information Security Awareness is CERT-MU s initiative to educate and enhance the awareness of the general public on the technological issues facing internet users, particularly on thedangers of getting online as well as the issues related to information security. Information Security Awareness Events: Safer Internet Day (February 9) World Information Society Day (May 17) Computer Security Day ( November 30)

18 National Information Security Awareness IT Security workshops for IT Professionals conducted by CERT-MU in the year : Anti-Spam Techniques Botnets: Attacks & Defenses Privacy & Data Protection Vulnerability Management DNS Security ISO Information Security Standard (3 workshops + 2 ISO Lead auditor sessions). Digital Certificates Critical Information infrastructure Protection

19 Challenges Co-operation with ISPs Legal framework Setting up of Cyber Threat Monitoring Facility International Co-operation

20 Conclusion Network and information security affects everyone and CERT-MU s role is to involve all stakeholders CERT-MU shall help make Mauritians security conscious IT-users and We look forward to cooperating with the international community on security incident response.

21 Thank You