BarnOwl. SA#Cyber# Opportunity &# Threat Landscape. Craig#Rosewarne# (Wolfpack#Information#Risk)

Transcription

1 BarnOwl SA#Cyber# Opportunity &# Threat Landscape Craig#Rosewarne# (Wolfpack#Information#Risk)

2

3 393#(Q1#2015) 1215#(2014) 1004 (2013)

4

5 The#Internet#of#Things Cloud#Technology 3D#Printing Advanced#Robotics Autonomous#Vehicles

6 Humans(will(become(hybrids(in(the(2030s.( That(means(our(brains(will(be(able(to( connect(directly(to(the(cloud(via(nanobots,( and(those(computers(will(augment(our( existing(intelligence. (Ray%Kurzweil%. Director%of%engineering%at%Google)

7 THREAT#CLASSES Insiders Administrators Hackers 7

8

9 Office'of'Personnel'

10 Where#to#start?

11 1.#UNDERSTAND#W BUILDING#A#RISK#AWARE#ORGANISATION 1.'ANALYSE THE'THREAT#/#OPPORTUNITY# 2.'ASSESS'YOUR' WEAKNESS#/#STRENGTH GLOBAL COUNTRY INDUSTRIES ORGANISATION PEOPLE PROCESS TECHNOLOGY 3. IMPROVE YOUR CAPABILITY

12 2.#ESTABLISH#ORDER#W INFORMATION#RISK#FRAMEWORK# GOVERNANCE BUSINESS#(Strategic# What) Executive' Board Committee Organisational' Objectives Governance,' Risk'&' Compliance Business' &' Threat' Intelligence Enterprise' Architecture Programmes'/' Projects' Assurance'Functions'' HR'/'Audit'/'Security'/' BCM'/'Fraud Enterprise' Risk'Committee Compliance'Committee INFORMATION#RISK#MANAGEMENT#(Tactical##W How) IR'Steering' Committee Governance'&' Risk' Legal'&' Compliance Security' Architecture'&' Design Asset' Human' Resource' &' Supplier'Mngt Physical'Risk Programme'/'Project' Office'Committee Access'Control Telecoms' &' Networking' Software' Development' &'Acquisition Cryptography Operations' Security Incident'Mngt,' BCM'&' DR Performance'Metrics'&' Incentives IT' Governance'Council IT#&#OPERATIONS#MANAGEMENT#(Monitor#interdependencies) HR'/'Communications'/' Training' Procurement'/'Supplier' Change'' Committee' IT'Operations Infrastructure' Security Change' Capacity' Application' Security IT'Service' Continuity' IT'Incident' Release' Configuration' Problem' IT' Vulnerability' Service'Desk Facilities' Performance' Event' HR'Processes Third'Party' Information' &' Asset' Physical' Security Service'Level' Systems' 12

13 3.#REMEDIATE#W ENSURE#RISK#APPROACH#IS#INTEGRATED RISK MANAGEMENT (ISO 31000) GOVERNANCE (KING3 / ISO / COBIT) INFORMATION & CYBER SECURITY (ISO 27001/2/5 / ISO / SANS 20CC) CRISIS MANAGEMENT BCM /DR (ISO 22301) INCIDENT MANAGEMENT (ISO 27035) IT OPERATIONS ITIL / ISO 20000

14 4.#CONTINUOUS#IMPROVEMENT# TEST,#AUTOMATE#&#CERTIFY Cyber.Threat.Assessment.Dashboard Cyber.Threat.Overall.Rating Assessment.Uncertainty.Percentage 3,00 Bank.Name Demo 7 Assessment.Level 1 Maturity of Cyber Domains Cyber Resilience Maturity Level Software&Development&and Application&Security Cyber&Security&Governance&and Risk& 5,00 4,00 Legal,&Regulations&and Compliance 5 4 Cryptography 3,00 2,00 Business&Continuity&and Disaster&Recovery&Planning 3 1,00 Operations&Security 0,00 Asset& 2 Access&Control Human&Resource&and&Supplier Security 1 Telecommunications&and Network&Security Security&Architecture&and Design Physical&(Environmental) Security 0 Evolve Anticipate Withstand Recover Cyber.Domain Maturity. Uncertainty.(%) Category Maturity Cyber.Security.Governance.and.Risk. 2,09 15 Evolve 1 Legal,.Regulations.and.Compliance 3,00 0 Anticipate 3 Business.Continuity.and.Disaster.Recovery.Planning 4,00 0 Withstand 3 Asset. 3,00 0 Recover 4 Human.Resource.and.Supplier.Security. 2,00 0 Physical.(Environmental).Security. 1,33 0 Security.Architecture.and.Design 3,16 60 Telecommunications.and.Network.Security 3,02 2 Access.Control. 5,00 0 Operations.Security 2,72 4 Cryptography 3,00 0 Software.Development.and.Application.Security 3,

15 5.#SKILL#UP# BUILD#CAPABILITY AWARENESS5 PROGRAMME Personnel'Sourcing Graduate' Development Industry%&%Organisational%Skills%Requirements% Research'&' Threat' Intelligence' Reports Governance,' Risk' '&' Compliance' Curriculum Awareness' Programme' Maturity' Improvement Information' Security' Curriculum Awareness' Content' Development' Forensics' Curriculum Simulation,' Animated' Video'&' Cartoon' Solutions Audit' Curriculum Phishing' &'Social' Engineering' Assessments CONTINUOUS#SKILLS#ASSESSMENT#/##BLENDED#LEARNING#MODEL# Software' Security' Curriculum STRUCTURED5TRAINING5PROGRAMMES 1 FOUNDATION 2 MANAGEMENT 3 TEHNICAL 4 CONTINUOUS 15

16 SUGGESTED#APPROACH 1. INDEPENDENT ASSESSMENT Roadmap 2. SHARED REMEDIATION 3. REALISTIC THREAT TESTING Workshop Assessment IR FRAMEWORK ISMS

17 COMMUNITY#INITIATIVES 9500+#CYBER# SECURITY#COMMUNITY

18 GLOBAL#THREAT#&#OPPORTUNITY# ECOSYSTEM

19 SA#NATIONAL#CYBERSECURITY#STAKEHOLDERS#&# STRUCTURES International*Bodies* *Justice,* Crime*Prevention*and*Security* Cluster*(JCPS)*; Cybersecurity Response*Committee*(SSA*lead) Corporate*reputation*is*at*stake Embarrassing*headlines STRATEGIC Remediation*costs Industry*Bodies*; SABRIC* * SAFPS* *ISPA* *SACCI* * Regulators State*Security*Agency* *SA*Police* Service*(SITA) *SA*National* Defence*Force*(CSIR*DPSS*/*SITA)* * Justice*&*Corrections*(SIU*/*NPA)* * Dept Telecomms &*Postal*Service* (DOC*/*NCAC)* *Dept Science*&* Tech* *Home*Affairs* *SAPO* * AGSA* *DPSA* SAFPB National*Key*Points* *National,* Provincial*&*Local*Government* * Citizens* *Children Compliance*violation Fines/Fees TACTICAL ATO*revoked OPERATIONAL Financial *Retailers* *ISPs* * TMT *Manufacturing* Academia* *Healthcare* *Professional* Services* *Vendors Local*&*International*Partners * B2B* *B2C* *Informal*Traders* * Customers 19

20 NATIONAL#FOCUS#AREAS 1. AWARENESS 2. SKILLS 3. CIIP 4. CYBER CRIME 5. LEGAL

21 NATIONAL#AWARENESS#PORTAL

22 CYBER#SECURITY#AWARENESS#MONTH##

23 GOVERNMENT#CYBER#ACADEMY#PROGRAMME Technical'and'Soft'skills' assessment'to'determine' Current' State Skills'&' Competency Assessment Each'Area'Receives' Feedback'+'Group'' Analysis'Report'Generated Baseline'Foundation' Training'Programme'for' Existing'sectors'or'' Graduate'Intakes Establish' Training' Baseline Determine'Technical'and' 'Training' Requirements Technical' Training' Curricula Beginner'/'Intermediate'/'Advanced ' Training' Curricula Key'Matrix'of'Security' Specialists' Elite Core' Incident'Response' Team Determine#Programme# Requirements Foundation#skills Domain#Specialist# skills Expert#skills# 23

24 SKILLS#TRANSFER Over'35'Information'Security'&'Cyber' Security'Courses 100 s'of'distance Learning'Courses Foundation' 'Intermediate' Advanced Graduate'Development' Programme Tailored Curricula 24

25 CRITICAL#INFORMATION#INFRASTRUCTURE#PROTECTION#W PARTICIPATING#INDUSTRIES Water#Systems Information#Technology Energy Transport Government#Facilities Financial#Services Health Ports Electricity Critical#Manufacturing# Telecommunication Other#Industry#Stakeholders 25

26 2015#CIIP#SA#PROJECT#KEY#DELIVERABLES! Establish#a#task#force#to'help'drive'national'efforts'to'enhance'cybersecurity'and'improve' Critical'Information'Infrastructure'Protection'in'South'Africa! Help'empower'and'raise'the'importance'of'proper'information'and'cyber#security# practices#within'government'and'private'sector! Develop'a'public#national#cybersecurity#research#report#to'coordinate'the'actions'of'the' task'force.'! Develop'a'CIIP#framework#covering'differing'CIIP'maturity'levels! Establish'a'secure#collaboration#platform#to'allow'for'interaction'by'CIIP'stakeholders! Provide'advanced'security#&#incident#response#training#and'a targeted#awareness# programme#for'key'ciip'stakeholders'! Present'findings'of'report'at'Cybercon Africa#

27 CYBERCRIME New#Improved#Cybercrime#Unit#in#SAPS Cybercrime#Task#Force 27

28 The$Goal$ A$Safer$Country$for$all PROACTIVE Creating'stakeholder'value REACTIVE Preserving'stakeholder' value Assured'Economic'Growth Secured'National'Services Improved'Collaboration Fighting'Crime Data'Breaches Compliance V A L U E 28

29 Wolfpack#Information#Risk#(Pty)#Ltd Craig#Rosewarne Threat'Intelligence 'Advisory' 'Training' Awareness