Cybersecurity Risk Management in the Telecom Sector. MUSTAPHA HUNEYD Corporate Information Security

Similar documents
Data Driven Assessment of Cyber Risk:

Accenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges

WHITE PAPER: THREAT INTELLIGENCE RANKING

CONSULTING IMAGE PLACEHOLDER

The Value of Vulnerability Management*

WHITE PAPER. Attack the Attacker HOW A MANAGED SECURITY SERVICE IMPROVES EFFICIENCY AND SAVES COST

MarketsandMarkets. Publisher Sample

A Primer on Cyber Threat Intelligence

IBM Security re-defines enterprise endpoint protection against advanced malware

Middle Class Economics: Cybersecurity Updated August 7, 2015

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

ENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency

Logging In: Auditing Cybersecurity in an Unsecure World

Sytorus Information Security Assessment Overview

A COMPLETE APPROACH TO SECURITY

Cybersecurity. Are you prepared?

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Breakout Session B: Cyber Security and Cybercrime Trends in Africa

CYBERSECURITY INDEX OF INDICES

Collateral Effects of Cyberwar

Developing Cyber Threat Intelligence or not failing in battle.

Cyber Security solutions

WAN security threat landscape and best mitigation practices. Rex Stover Vice President, Americas, Enterprise & ICP Sales

Security Intelligence

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

Romanian National Computer Security Incident Response Team CERT-RO.

CHAPTER 3 : INCIDENT RESPONSE THREAT INTELLIGENCE GLOBAL THREAT INTELLIGENCE REPORT 2015 :: COPYRIGHT 2015 NTT INNOVATION INSTITUTE 1 LLC

Network Security Platform MSSP Vendor Rankings

Department of Management Services. Request for Information

Cyber Security for your Connected Health Device

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

What legal aspects are needed to address specific ICT related issues?

NYS LOCAL GOVERNMENT VULNERABILITY SCANNING PROJECT September 22, 2011

Internet Safety and Security: Strategies for Building an Internet Safety Wall

Cybersecurity Awareness. Part 1

Cybersecurity: What CFO s Need to Know

Cyber Stability 2015 Geneva, 09 July African Union Perspectives on Cybersecurity and Cybercrime Issues.

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

Can We Become Resilient to Cyber Attacks?

ESKISP Manage security testing

Protecting against cyber threats and security breaches

WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW TECHNOLOGY AND TELECOM COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES

The Danish Cyber and Information Security Strategy

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Vulnerability Risk Management 2.0. Best Practices for Managing Risk in the New Digital War

Redefining Incident Response

Threat Intelligence: What is it, and How Can it Protect You from Today s Advanced Cyber-Attacks A Webroot publication featuring analyst research

Practical Steps To Securing Process Control Networks

EU policy on Network and Information Security and Critical Information Infrastructure Protection

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

Cyber security trends & strategy for business (digital?)

Symantec Enterprise Security: Strategy and Roadmap Galin Grozev

Why You Need to Test All Your Cloud, Mobile and Web Applications

PRIORITIZING CYBERSECURITY

Global Cyber Security Market Forecast and Opportunities, 2020

Threat Management: Incident Handling. Incident Response Plan

State of Security Monitoring of Public Cloud

PREPARE YOUR INCIDENT RESPONSE TEAM

Cyber Security Strategy

Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape

Threat Intelligence & Analytics Cyber Threat Intelligence and how to best understand the adversary s operations

Cybersecurity Awareness

The Importance of Cyber Threat Intelligence to a Strong Security Posture

Nine Steps to Smart Security for Small Businesses

CORE INSIGHT ENTERPRISE: CSO USE CASES FOR ENTERPRISE SECURITY TESTING AND MEASUREMENT

Auditing After a Cyber Attack JAX IIA Chapter Meeting Cybersecurity and Law Enforcement

NIST Cybersecurity Framework Impacting Your Company? April 24, 2014 Presented By Sheila FitzPatrick, NetApp Jeff Greene, Symantec Andy Serwin, MoFo

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

Cybersecurity Awareness for Executives

Technical Testing. Application, Network and Red Team Testing DATA SHEET. Test your security defenses. Expert Testing, Analysis and Assessments

DHS, National Cyber Security Division Overview

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

IoT & INFOSEC: A REPORT FROM THE TRENCHES - AGC IT Conference- July 2015 MIKE.ZUSMAN@CARVESYSTEMS.COM

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

Enterprise Organizations Need Contextual- security Analytics Date: October 2014 Author: Jon Oltsik, Senior Principal Analyst

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Security Intelligence Services.

Managing cyber risks with insurance

Unified Security Management and Open Threat Exchange

A Crisis Response, Information Sharing View of FFIEC Appendix J?

OCIE Technology Controls Program

CYBER SECURITY INFORMATION SHARING & COLLABORATION

Separating Signal from Noise: Taking Threat Intelligence to the Next Level

ORGANIZADOR: APOIANTE PRINCIPAL:

Cyber ROI. A practical approach to quantifying the financial benefits of cybersecurity

Transcription:

Cybersecurity Risk Management in the Telecom Sector MUSTAPHA HUNEYD Corporate Information Security

Cyber Security Risks World Economic Forum Global Risks 2014 - Ninth Edition

Critical Infrastructure Critical Information Infrastructure The information and communications technology systems, services, and data assets that are critical to Qatar (Classification Criteria*) US Executive Order 13636 of February 12, 2013 Critical Sectors in Qatar Includes but are not restricted to: Energy Finance Healthcare Transportation Electricity & Water ICT Government * Qatar National Cyber Security Strategy

Cyber Risk in Telecom Tech/Telecom sector more likely to disclose that cyber risk was significant, serious, material or critical (59%), and much less likely to be silent on the issue (5%). Fortune 1000 vs Tech/Telecom Impact or adversely impact business material harm or seriously harm to business WILLIS.com: Special Report

Cyber Risk in Telecom Which sectors spend most on security? High spending due to higher risk!! Which sectors are targeted the most? PwC Information Security Breaches Survey 2014 IBM 2014 Cyber Security Intelligence Index

Cyber Attacks - Telecommunications Symantec Report - Regin Attacks on telecoms companies appear to be designed to gain access to calls being routed through their infrastructure.

Intelligence driven incident response PREVENTION IS FUTILE no longer about probability, but inevitability Cyber Risk Management Collaborative Governance Model Risk Management Steering Committee Corporate Information Security THREAT Intelligence SECURITY Monitoring INCIDENT Response Information Security Working Groups Engineering/Technology Legal & Regulatory Human Resources

Threat Intelligence Creating Actionable Intelligence Open Source (OSINT) Public feeds Internal intelligence gathering Free feeds provided by organizations with subject matter expertise OSINT using internal tools and research. AlienVault, DShield, Spamhaus, SpyEye Tracker - Abuse.ch, Zoneh.org, Blocklist.de etc. Web, Social Media, forums etc. Human (HUMINT) SaaS Commercial Feeds Intelligence providers Cloud-based services that identify attack sources, C&C Intelligence capabilities around Cybercrime, Espionage, Hacktivism, Vulnerabilities & exploits. Mandiant, isight Partners SenseCy, Dell SecureWorks, Symantec, BAE Systems etc. Other Sources Industry CERT s Incidents Government Mitigation mapped to CKC Threat profiling & forecasting Control selection & prioritization

Security Monitoring Monitor for threat indicators Identity Information Threat Intelligence VA & PT Data Event & Flow Data Assets Data & Profiles Threat Intelligence Information Incident detection & alerting Incident response & analysis Metrics & reporting data Evidence of Compliance

Incident Response Detect, Contain, Recover Compromise indicators Event & Flow Data Threat Intelligence IR Handbook Root Cause Analysis Contain & Remediate Controls Planning inputs Threat Intelligence Metrics & reporting data

National Cyber Risk Management Regional Cyber Security REGULATION COLLABORATION AWARENESS Government Business Society PLAYERS

National Cyber Risk Management PLAYER Government REGULATIONS National Laws Internal Regulations International Agreements Bilateral Agreements Pillar One

National Cyber Risk Management PLAYER Business COLLABORATION Knowledge Sharing Intelligence Sharing Sector Groups Response Teams Pillar Two

National Cyber Risk Management PLAYER Society AWARENESS through Social Media through Regional CERTs Pillar Three through ICT Sector

Thank You Mustapha Huneyd Corporate Information Security Ooredoo Qatar

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information