Now and Tomorrow. IEEE/AICCSA Conference November 2014 Malike Bouaoud Cyber Security Advisor

Transcription

1 Now and Tomorrow IEEE/AICCSA Conference November 2014 Malike Bouaoud Cyber Security Advisor

2 Hacktivism Regulatory/Compliance (local and international) Sophisticated Malware Data leakage Cybercriminal syndicates Theft of Information, IP* Insiders Sabotage, Cyber warfare/collateral Competition *IP: Intellectual Property

3 Reconnaissance Announce the campaign, schedule Identify targets and vulnerabilities Weaponize Select the tools and create malicious packages Launch of the attack Advertise on social media, online forums Deliver Disrupt the services by DDoS Deliver malicious , infected USBstick, picture, video, pdf file, link Exploit/Install Provide tools Hire attackers Intrusion via vulnerable services Exploit backdoors, the environment Command and control Remote control vulnerable systems Spread infections to other systems, network, hide malware, erase tracks, download modules, upload files

4 Cyber resilience: The organization's capability to withstand: negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace (Information Security Forum) cyber events, measured by the combination of mean time to failure and mean time to recovery (World Economic Forum)

5

6 Governance Risk Management Smart grid and critical infrastructure security Intelligent transportation security Protecting e-healthcare Maintaining public safety and security Securing communications infra. and hotspots Centralized Cyber protection of the smart city

7 Information Security is serious, organizations need visibility on protection mechanisms and RISKS Organizations are subject to cyber risks, and threat actors are after sensitive information Organizations need to: understand the risk posture wherever information is, including when located at third parties evidence based trust relationship care about the status of information even when outsourced to a third party

8 Early knowledge of threats and impacts Mapping of risks to controls is a preliminary task prior to assessments Thr1 Thr2 Thr3 etc Ri(1 n) Ri(1 n) Ri(1 n) Ctrl(1 n)(exp Ri(1 n) ) Ctrl(1 n)(exp Ri(1 n) ) Ctrl(1 n)(exp Ri(1 n) )

9 Threat Intelligence Risk Management Aggregated Risks Categories Risks Indicators Adverse Events Indicators Threat Attempt Events Event Log/Journals Records Sources Organizations Threat Activity Sources

10 Outsourcing services Outsourcing sensitive information processing Binding contractual agreement Security and Data Protection clauses enough? How to protect against non-materialistic damages? Minimize damage control costs? How to protect reputation? Criteria Localization of data Size of the outsourcing vendor Maturity level of the vendor Any engagement with another sub-processor Extend Specific Risk Indicators in Contractual Security Schedule

11 If Medium or High Risks Go to RA+BIA Then select Security Schedule If Low Risks Go to Standard Security Schedule Low Medium High Start Preassessment Integrate the Sourcing Process

12 Technology and security trends

13 Human/Data Use/Analytics Sensors Embedded Security/ Privacy Protection Big Data Cloud Infrastructure Security

14 Adoption levels Data Exposure Risks Many to One One to One One to Many (ecomm ) Many to Many: P2P P2O O2O M2M (ucomm..) Neuro Machines? Cyborgs? Body embedded ICT Data Privacy Before Now Tomorrow

15 Key elements for security inclusion Interoperability framework Security by design Upgradeable security Interfaces for Wearable security: electronic interfacing designs Updateable Risk Information Using hyperconnectvity for R/T risk indicators updates

16 Now Telecom E-Commerce Cybercrime Coming CIIP IPP

17 «Even Achilles was only as strong as his heel» Malike Bouaoud Cyber Security Advisor Office of H.E. The Minister of ICT Ministry of Information Communication Technology, ictqatar

18