Cybersecurity Risk Management in the Telecom Sector. MUSTAPHA HUNEYD Corporate Information Security

Transcription

1 Cybersecurity Risk Management in the Telecom Sector MUSTAPHA HUNEYD Corporate Information Security

2 Cyber Security Risks World Economic Forum Global Risks Ninth Edition

3 Critical Infrastructure Critical Information Infrastructure The information and communications technology systems, services, and data assets that are critical to Qatar (Classification Criteria*) US Executive Order of February 12, 2013 Critical Sectors in Qatar Includes but are not restricted to: Energy Finance Healthcare Transportation Electricity & Water ICT Government * Qatar National Cyber Security Strategy

4 Cyber Risk in Telecom Tech/Telecom sector more likely to disclose that cyber risk was significant, serious, material or critical (59%), and much less likely to be silent on the issue (5%). Fortune 1000 vs Tech/Telecom Impact or adversely impact business material harm or seriously harm to business WILLIS.com: Special Report

5 Cyber Risk in Telecom Which sectors spend most on security? High spending due to higher risk!! Which sectors are targeted the most? PwC Information Security Breaches Survey 2014 IBM 2014 Cyber Security Intelligence Index

6 Cyber Attacks - Telecommunications Symantec Report - Regin Attacks on telecoms companies appear to be designed to gain access to calls being routed through their infrastructure.

7 Intelligence driven incident response PREVENTION IS FUTILE no longer about probability, but inevitability Cyber Risk Management Collaborative Governance Model Risk Management Steering Committee Corporate Information Security THREAT Intelligence SECURITY Monitoring INCIDENT Response Information Security Working Groups Engineering/Technology Legal & Regulatory Human Resources

8 Threat Intelligence Creating Actionable Intelligence Open Source (OSINT) Public feeds Internal intelligence gathering Free feeds provided by organizations with subject matter expertise OSINT using internal tools and research. AlienVault, DShield, Spamhaus, SpyEye Tracker - Abuse.ch, Zoneh.org, Blocklist.de etc. Web, Social Media, forums etc. Human (HUMINT) SaaS Commercial Feeds Intelligence providers Cloud-based services that identify attack sources, C&C Intelligence capabilities around Cybercrime, Espionage, Hacktivism, Vulnerabilities & exploits. Mandiant, isight Partners SenseCy, Dell SecureWorks, Symantec, BAE Systems etc. Other Sources Industry CERT s Incidents Government Mitigation mapped to CKC Threat profiling & forecasting Control selection & prioritization

9 Security Monitoring Monitor for threat indicators Identity Information Threat Intelligence VA & PT Data Event & Flow Data Assets Data & Profiles Threat Intelligence Information Incident detection & alerting Incident response & analysis Metrics & reporting data Evidence of Compliance

10 Incident Response Detect, Contain, Recover Compromise indicators Event & Flow Data Threat Intelligence IR Handbook Root Cause Analysis Contain & Remediate Controls Planning inputs Threat Intelligence Metrics & reporting data

11 National Cyber Risk Management Regional Cyber Security REGULATION COLLABORATION AWARENESS Government Business Society PLAYERS

12 National Cyber Risk Management PLAYER Government REGULATIONS National Laws Internal Regulations International Agreements Bilateral Agreements Pillar One

13 National Cyber Risk Management PLAYER Business COLLABORATION Knowledge Sharing Intelligence Sharing Sector Groups Response Teams Pillar Two

14 National Cyber Risk Management PLAYER Society AWARENESS through Social Media through Regional CERTs Pillar Three through ICT Sector

15 Thank You Mustapha Huneyd Corporate Information Security Ooredoo Qatar