Yayyy, we have come to the end of the Cyber Security Awareness Month 2017. It was an exciting and revealing time! Let the culture of Stop, Think and Connect stick. Please consult us for your Cyber Security Needs and Training
2. Cyber Security Awareness Month 2017:
WRAP-UP
• It was an exciting and pleasurable time in the October 2017 National Cyber Security
Awareness Program.
• I personally had a nice time sharing those Nuggets with you, I hope you found them useful and
refreshing.
• I would advice you skim through each of the Nuggets as individual, business or governmental
body, they would go a long way to helping you understand what you are protecting, how much
protection it requires and what to do to fight against the potential crimes around it.
• It would be better to take it in sequence , that is from the first down to the last Nugget.
• The essence of the Awareness Program is to stir you as a User, Business or Governmental
body to the Clarion Call of proactively protecting your information assets from uncertainties
and Cyber Threats.
• The truth still remains that the rate of Cyber Crimes is drastically increasing! We need to be
very conscious of this and imbibe the culture of staying safe both in managing our Information
resources and Online. ‘STOP, THINK and CONNECT’ anytime you are Online or on the
Internet.
• We urge you to watch out for subsequent Cyber Security papers and presentations as you
Follow us on the various Media.
• We would quickly take a snapshot of what was covered in this series of Cyber Security
Awareness Month Program.
• Thank you for being part of the National Cyber Security Awareness Month 2017.
3. Cyber Security Awareness Month 2017:
In the Series.....
• We kicked off the Cyber Security Awareness Program with ‘Breaking News’
revealing the speed of Cyber Crimes as new Technologies emerge, how it has
affected the Global world, Africa and Nigeria as a whole and the objectives behind
the National Cyber Security Awareness Month Program.(please refer to ‘Breaking
News’)
• Then we looked at the basic concepts of Cyber Security in Nugget 1, ‘Identify and
Classify your Information Assets’ , revealed the importance of identifying ,
evaluating and classifying your Information Assets as the first step in Cyber
Security. It is the Value you place on your Assets that would determine the Measure
of protection required on the Asset. (Please see Identify and Classify Your
Information Assets).
• Nugget 2, ‘Protecting Your Information Assets’, further revealed the various
Techniques and Controls applied in Cyber Security. The CIA(Confidentiality, Integrity,
Availability) Triad, the three Control Types(Administrative, Technical and Physical)
and the 7 Techniques and Services(Preventive, Detective, Deterrent, Corrective,
Restorative, Compensative and Directive). It is important to understand each term
and the concept around each. (Please see Nugget2).
• Nugget3, ‘Determining The Ideal Security Measures’ emphasized a level of assurance
that the Security Measure /Counter Measure/Safeguard on your Information Asset is the best
and most suitable at that point in time. Vulnerabilities and Risk Analysis Techniques would
apply here(Please see Nugget3).
4. Cyber Security Awareness Month 2017:
In the Series..... Cont’d
• Nugget 4 , ‘The Cyber Crime ACT 2015’ revealed the current version of Cyber Crime
(Prevention and Prohibition) ACT we are running in Nigeria. We need to enforce it and
inculcate it into our various industries as User, Business or Governmental body, after all Cyber
Security is everyone’s Responsibility. We would advice you check it out and per use it here
https://cert.gov.ng/images/uploads/CyberCrime_(Prohibition,Prevention,etc)_Act,_2015.pdf.
Kindly share with all concerned and let it get across to every citizen of Nigeria.
• Nugget 5, ‘Combating Cyber Crimes 1’ drove us to the landing point of the 2017 National
Cyber Security Awareness Month with Threats associated with Social Engineering which is the
most common and successful Cyber Crimes. Majority of the attacks may not be possible if the
human wing is secured enough with the right knowledge and skills ahead of the bad guys.
User Training is important, security metrics and campaigns should be used to measure the level
of Security knowledge.
• Finally, Nugget 6, ‘Combating Cyber Crimes 2’, exposed other Cyber Threats aside Social
Engineering, the truth is that the list is unending, Cyber Security cuts across Software and
Applications , Patches. Operations, Physical , Encryptions, Networks and Communications,
Access Controls, System Updates, Mobile, Logs and Monitoring, Firewalls, Social Media, in fact
virtually everything is riding on the internet and managing them up to the Internet is paramount.
(Please see Nugget 6).
• We would advice you go back to each Nugget, per use and kindly share with others, remember
Cyber Security is the responsibility of everyone.
6. Cyber Security Awareness Month 2017:
In Conclusion
• It is a good practice to understand what you are protecting, how to protect it and fight
against the threats surrounding it. This is what Cyber Security is all about.
• To achieve and enforce a good measure of Cyber Security, We advise that the User,
Business and Governmental body abide to the local and Global Standards and
Regulations.
• These Regulatory bodies have a way of enforcing entities to maintain due Care and
Due Diligence in carrying out their duties.
• Examples of such Regulatory bodies are the ISO(International Standard
Organisations) group, that of Cyber Security is tagged ISO 27001 for Information
Security Management System, NIST(National Institute of Standards and
Technology), that of E-mail Cyber Security is NIST-45 and that of Risk is NIST-30.
• We also have other bodies such as Economic and Financial Crimes Commission
(EFCC), Central Bank of Nigeria(CBN), Nigerian Financial Intelligence Unit(NFIU),
Payment Card Industry Data Security Standards (PCIDSS), Health Insurance
Portability and Accountability ACT(HIPAA )and others. HIPAA is more applied in the
USA.
• Businesses and Governments should not just aim at the Certifications but ensure
that each of the frameworks are duly applied, enforced and well maintained.
• Most of the frameworks are integrated and customised to suit the Business
processes and thus, make enforcement seamless.
7. Cyber Security Awareness Month 2017:
In Conclusion...... Cont’d
• Always remember that the human wing is the weakest link in any organisation. It is a
good practice to promote both local and abroad trainings for Users.
• Authentication loop hole is another area that grants easy and unauthorised access
to the bad guys. It is a good practice to enforce the Multi factor authentication
technique, Manage Passwords effectively, use the Single-Sign-On techniques to
reduce the administrative bottle necks.
• It is important to ensure Segregation of Duties, Principle of Least privilege(User can
only access resources required to do the job and nothing more) and Need To
Know(User can only utilise the level of knowledge required). Logs and Monitoring
tools must apply, preferably SIEM(Security Information and Events Monitoring).
• Standards such as Open Web Application Security Project (OWASP) and Open Source Security
Testing Methodology (OSSTM) should apply on Software and Applications as well as
Integrated Code testing techniques such as Fuzzy should apply.
• Layered Security, Defence-in-depth and End Point Security, the way to go!
• Always run tools to test level of Penetrations, intrusion detections and preventions.
• Run Vulnerability scans on daily basis as new vulnerabilities emerge daily.
• Always run Patches, Updates, Anti-Malwares, Monitoring, Encrypt data in motion and at rest,
embrace full disk encryption for your lap tops and others.
• Always STOP, THINK and CONNECT.
8. Subsequent Series on Cyber Security:
Watch out/Contact Us
• Kindly watch-out for more Articles, Posts and Publications on Cyber
Security especially as the Threats emerge.
• Also follow us on the various Media Linkedin, Facebook and Twitter.
• You can as well contact us for your training/prep on your Cyber Security
Certification Exams such as CISSP(Certified Information Systems Security
Professional), CISM(Certified Information Security Manager), CISA(Certified
Information Systems Audit) and CEH (Certified Ethical Hacker).
• Also contact us for your holistic and Resilient Cyber Security Solutions and
Training , Penetration Testing, Big Data Security and Systems Audit.
• We handle both Corporate and Individual Trainings.
• Thanks again for being part of the Cyber Security Awareness Month, we
appreciate you.
• We hope this helps a great deal!
9. Thank You!
See you in the subsequent Series
Chinatu Uzuegbu
CISSP, CISM, CISA, CEH,OCA, ITIL, MCSE, MCDBA, MSc.(Liverpool)
Senior Cyber Security Consultant
RoseTech CyberCrime Solutions Ltd
info@rtechcybercrimesolutions.com
chinatuuzuegbu@gmail.com
+2348037815577
Membership: ISACA, ISACA Lagos, ISC2, CSEAN,