Now and Tomorrow IEEE/AICCSA Conference November 2014 Malike Bouaoud Cyber Security Advisor
Hacktivism Regulatory/Compliance (local and international) Sophisticated Malware Data leakage Cybercriminal syndicates Theft of Information, IP* Insiders Sabotage, Cyber warfare/collateral Competition *IP: Intellectual Property
Reconnaissance Announce the campaign, schedule Identify targets and vulnerabilities Weaponize Select the tools and create malicious packages Launch of the attack Advertise on social media, online forums Deliver Disrupt the services by DDoS Deliver malicious email, infected USBstick, picture, video, pdf file, link Exploit/Install Provide tools Hire attackers Intrusion via vulnerable services Exploit backdoors, the environment Command and control Remote control vulnerable systems Spread infections to other systems, network, hide malware, erase tracks, download modules, upload files
Cyber resilience: The organization's capability to withstand: negative impacts due to known, predictable, unknown, unpredictable, uncertain and unexpected threats from activities in cyberspace (Information Security Forum) cyber events, measured by the combination of mean time to failure and mean time to recovery (World Economic Forum)
Governance Risk Management Smart grid and critical infrastructure security Intelligent transportation security Protecting e-healthcare Maintaining public safety and security Securing communications infra. and hotspots Centralized Cyber protection of the smart city
Information Security is serious, organizations need visibility on protection mechanisms and RISKS Organizations are subject to cyber risks, and threat actors are after sensitive information Organizations need to: understand the risk posture wherever information is, including when located at third parties evidence based trust relationship care about the status of information even when outsourced to a third party
Early knowledge of threats and impacts Mapping of risks to controls is a preliminary task prior to assessments Thr1 Thr2 Thr3 etc Ri(1 n) Ri(1 n) Ri(1 n) Ctrl(1 n)(exp Ri(1 n) ) Ctrl(1 n)(exp Ri(1 n) ) Ctrl(1 n)(exp Ri(1 n) )
Threat Intelligence Risk Management Aggregated Risks Categories Risks Indicators Adverse Events Indicators Threat Attempt Events Event Log/Journals Records Sources Organizations Threat Activity Sources
Outsourcing services Outsourcing sensitive information processing Binding contractual agreement Security and Data Protection clauses enough? How to protect against non-materialistic damages? Minimize damage control costs? How to protect reputation? Criteria Localization of data Size of the outsourcing vendor Maturity level of the vendor Any engagement with another sub-processor Extend Specific Risk Indicators in Contractual Security Schedule
If Medium or High Risks Go to RA+BIA Then select Security Schedule If Low Risks Go to Standard Security Schedule Low Medium High Start Preassessment Integrate the Sourcing Process
Technology and security trends
Human/Data Use/Analytics Sensors Embedded Security/ Privacy Protection Big Data Cloud Infrastructure Security
Adoption levels Data Exposure Risks Many to One One to One One to Many (ecomm ) Many to Many: P2P P2O O2O M2M (ucomm..) Neuro Machines? Cyborgs? Body embedded ICT Data Privacy Before Now Tomorrow
Key elements for security inclusion Interoperability framework Security by design Upgradeable security Interfaces for Wearable security: electronic interfacing designs Updateable Risk Information Using hyperconnectvity for R/T risk indicators updates
Now Telecom E-Commerce Cybercrime Coming CIIP IPP
«Even Achilles was only as strong as his heel» Malike Bouaoud Cyber Security Advisor Office of H.E. The Minister of ICT Ministry of Information Communication Technology, ictqatar E-mail: mbouaoud@ict.gov.qa