2. • 17 years ICT experience, 5 of which in Senior Professional
roles delivering major Telecommunications and
Information Security projects.
• 2008: Founding member of Information Security focused
Organizational Unit. Established digital forensics lab, had
oversight of vulnerability analysis and penetration testing,
assisted policy development process.
• M.Sc. Information Security comes from University College
London
• Information Security Advisory & ICT Programme
Management
In Brief
3. The Caribbean Is Immune…Is it?
• Feb 2014: NGC issues Invitation to prequalify document for
Audit Services citing: “Information and Communication
Technology, Systems and Controls review” and
“CYBERCrime” (Trinidad)
• Nov 2013: TSTT issues Network & Session Initiation Protocol
(SIP) Security Audit RFP. Prior news reports speak to several
mobile and bypass fraud activities (Trinidad)
• Nov 2013: Flow identifies cybersecurity as a major threat
(Jamaica)
• Mar 2012: LIME Internet infrastructure attacked (Barbados)
5. Cybercrime Bill 2014, Section 23
"Offence by body corporate"
Where a body corporate commits an offence under
this Act and the Court is satisfied that a director,
manager, secretary or other similar officer of the body
corporate, or any person who purports to act in such capacity–
(a) connived in or consented to the commission
of the offence; or
(b) failed to exercise due diligence to prevent the
commission of the offence,
the director, manager, secretary or other similar officer or
person purporting to act in that capacity also commits the
offence.
6. Information Security
Governance Required
• This now places responsibility and
accountability on an individual within the
organization to ensure that said
organizations’ ICT infrastructure, processes
and people do not pose a threat to the public
network and its constituents which also
includes “critical infrastructure” elements.
8. Securing People and Processes
• Information Security must become part of Risk Management
strategy.
• Senior/Executive management must have oversight and be
responsible for the Information Security Governance.
• Information Security must be properly aligned with
organizational structure and organizational behaviour.
• Information Security specific roles
• Change user behaviours to foster culture of Information
Security.
9. Securing People and Processes
• Information Security at design stage of project’s System
Development Life Cycle
• Continuous awareness of the evolution of external (and
internal) threats.
• When incidents do occur proper escalation procedures and
remediation efforts need to be put in place.
• Controls and response in accordance with International
Information Security standards such as ISO 27001 (2013).