SlideShare a Scribd company logo
1 of 35
Download to read offline
Internet Society © 1992–2016
and Internet Governance
Cybersecurity
Date 12 Feb 2018
Presentation title – Client name
Abdulrahman M. Abotaleb
Vice President
ISOC-Yemen
www.isoc.ye
a.abotaleb@isoc.ye
2
3
Cybersecurity is the collection of:
[Tools + policies + concepts + actions + best
practices + strategies]
required to protect the cyber environment, and is important to:
[individual users + organizations + communities
+ companies + states]
4
Forms of Cyber Threats.
Malware.
- Viruses
- Worms
- Trojan horses
- Keyloggers and spyware
- Backdoor rootkitsages
- Adware and cookies
- Etc.
5
DoS attacks.
DNS security.
- DNS spoofing
- DNS poisoning (chaining)
Copyrighted content
Child pornography
Surveillance.
Censorship.
Bugs. OpenSSL Heartbleed bug 2014
6
[Cybercrime]
is a criminal activity that requires the use of
computers or networks.
Cybercrime.
• The annual cost of cybercrime to the global economy could
have reached a maximum of USD 575 billion.
• Lack of global standards of cybercrime forms = those
threats may or may not be considered cybercrime
depending on the laws that are applied.
7
Cybercrime [Case Studies].
8
• In 2014, Suicide cases that were reportedly caused by cyber bullying in the
USA=17, Canada=18 and Sweden=19. Harassment, cyber-bullying increase
the risk of suicide amongst children by up to nine times.
• In 2014, Almost 200 private pictures of celebrities were leaked and
disseminated on social media after they were allegedly obtained via a security
breach of Apple's cloud services suite iCloud.
Cybercrime [Case Studies, MENA].
• In 2013, Carbanak is cybercrime process developed by a multinational gang
of cybercriminals with the objective of stealing money rather than data. [2~4
months, 30 countries including Morocco, US$1 billion loss in total].
• In 2012, United Arab Emirates’ Rakbank, and Oman’s Bank of Muscat lost
US$ 45 million through another global cybercrime attack employing fraudulent
ATM withdrawals during a 10-hour attack.
• In 2013, Lebanese banking computer network systems were also found to be
infected by a Gauss virus designed to capture data.
9
10
[Cyberterrorism]
Unlawful attacks and threats of attack against
computers, networks, and the information stored
therein when done to intimidate or coerce a
government or its people in furtherance of political
or social objectives.
Cyberterrorism [Case Studies].
11
France 2013
Passing an anti-terror law allows authorities in France to punish
inciters of terrorism on the Internet with a five-year prison
sentence and a fine up to €45 000 EUR.
Egypt 2015
ISIS has utilized the Internet by publishing videos of beheading
hostages on social media to gain publicity and outreach.
12
[Cyberwarfare]
The use of computer technology to disrupt the
activities of a state or organization, especially the
deliberate attacking of information systems for
strategic or military purposes.
.
Cyberwarfare.
13
• Traditional wars have expanded to include acts of cyber warfare
using cyber arms.
• It relies heavily on software programmers, hackers, and network
experts.
• Major difference between a traditional and cyber war is the scale
and outreach.
• It can easily turn global rather than remaining between two states.
Cyberwarfare[Case Studies].
14
• USA and the Israeli army targeting the Iranian nuclear centers by
STUXNET warm.
• Russia was the source of DoS attacks against Estonia in April 2007.
• Syrian Electronic Army (SEA) has engaged in attacks against anti-
government websites.
• KSA warns on cyber defense as Shamoon resurfaces in 2017.
• A hacker group (GOP) from North Korea leaked a release of
confidential data from the film studio Sony Pictures in 2014.
Computer Emergency Response Teams
CERTs
A team consists of trained and certified experts that are able to
conduct cyber forensics, quickly identify the source of an attack,
and mitigate as much risk as possible, particularly to data and other
valuable resources.
15
Functions of CERTs.
16
- Responding to cyber incidents by gathering, analyzing, and
disseminating relevant information, as well as taking any
emergency measures.
- Assessing risk levels and forecasting possible cyber security
threats. This proactive approach is usually the main task of a
computer security incident prevention team (CSIP) team.
- Capacity building and networking. This task involves
developing guidelines, best practice manuals and curricula to
be used for training and awareness purposes.
CERT/CIRT Constituency could be:
17
q An army
q National Security
q A Police
q Universities
q Banks
q Heath System
q ISP
q Telcos
q Grids Power
q Ministry of Finance
q Software Companies
q Etc.
CERTs around the world.
18
• First CERT was established at Carnegie Mellon University in 1988
in response to the Morris worm incident.
• Over 250 CERTs have been established around the world.
• All the MENA national CERTs are run by organizations that are
affiliated to governments or are directly run by governments.
Egypt, Oman, UAE, Sudan, Qatar, Tunis, Algeria, Morocco, KSA.
Legislations and policies on cybersecurity
19
Legislations & Policies.
20
• 2001, European Convention on Cybercrime (CoC).
• 2011, Commonwealth Cybercrime Initiative was launched.
• 2007, ITU established a Global Cybersecurity Agenda as a
framework for international cooperation to enhance security on the
Internet.
Laws & Legislations [in MENA].
21
• 2006, Yemen established Electronic Transaction Protection Law.
• 2006, UAE established Law on Prevention of Information Technology
Crimes and the Law on Electronic Commerce and Transaction.
• 2007, KSA enforced the Anti Cyber-Crime Law as well as the
Electronic Transaction Protection Law.
• 2007, Sudan issued E-crime Law along with the Informatics Offense.
• Algeria had issued Law 09-04 for preventing and fighting cyber
crimes.
Policies & Strategies [in MENA].
22
• CERTs: Providing support in response to computer, network, and
related cybersecurity incidents.
• CSIRTs: Establishment specializing in the financial and other
sectors became a priority.
• ITU: Arab Regional Development Forum is taking the lead in
organizing different programs.
• ESCWA: leading activities to provide a basis for the harmonization
of legal and regulatory frameworks for cyberlaw model directives
for the region.
CYBERWELLNESS Profile of Yemen.
23
24
25
26
27
28
U.S. Dominance in the INTERNET.
29
30
Root Servers (DNS Zone) Submarine International Network
Big Companies, not users, own the data.
31
Edward Snowden Leaks
32
The Hunter Leaks: Network-Shaping-101
33
34
Visit us at
www.internetsociety.org
Follow us
@internetsociety
Galerie Jean-Malbuisson 15,
CH-1204 Geneva,
Switzerland.
+41 22 807 1444
1775 Wiehle Avenue,
Suite 201, Reston, VA
20190-5108 USA.
+1 703 439 2120
Thank you.
35
Abdulrahman M. Abotaleb
Vice President
ISOC-Yemen
www.isoc.ye
a.abotaleb@isoc.ye

More Related Content

What's hot

CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptxMalu704065
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Edureka!
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to CybersecurityKrutarth Vasavada
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on reviewMiltonBiswas8
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]David Sweigert
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber securitySlamet Ar Rokhim
 
Network security
Network securityNetwork security
Network securityAli Kamil
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Edureka!
 
Network security
Network securityNetwork security
Network securityfatimasaham
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityHome
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...Edureka!
 
Cyber security
Cyber securityCyber security
Cyber securitymanoj duli
 

What's hot (20)

CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Cyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptxCyber Security PPT - 2023.pptx
Cyber Security PPT - 2023.pptx
 
Cybersecurity - Overview
Cybersecurity  - OverviewCybersecurity  - Overview
Cybersecurity - Overview
 
CyberSecurity
CyberSecurityCyberSecurity
CyberSecurity
 
CYBER SECURITY.pptx
CYBER SECURITY.pptxCYBER SECURITY.pptx
CYBER SECURITY.pptx
 
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
Cybersecurity Fundamentals | Understanding Cybersecurity Basics | Cybersecuri...
 
Introduction to Cybersecurity
Introduction to CybersecurityIntroduction to Cybersecurity
Introduction to Cybersecurity
 
Cyber Security: A Hands on review
Cyber Security: A Hands on reviewCyber Security: A Hands on review
Cyber Security: A Hands on review
 
Cyber security
Cyber securityCyber security
Cyber security
 
Cyber security
Cyber security Cyber security
Cyber security
 
Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]Overview of the Cyber Kill Chain [TM]
Overview of the Cyber Kill Chain [TM]
 
Cybersecurity
CybersecurityCybersecurity
Cybersecurity
 
introduction to cyber security
introduction to cyber securityintroduction to cyber security
introduction to cyber security
 
Network security
Network securityNetwork security
Network security
 
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
Cybersecurity Frameworks | NIST Cybersecurity Framework | Cybersecurity Certi...
 
Network security
Network securityNetwork security
Network security
 
Cyber security
Cyber securityCyber security
Cyber security
 
CyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurityCyberSecurity and Importance of cybersecurity
CyberSecurity and Importance of cybersecurity
 
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
What is Cyber Security? | Introduction to Cyber Security | Cyber Security Tra...
 
Cyber security
Cyber securityCyber security
Cyber security
 

Similar to cybersecurity- A.Abutaleb

Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Cyber Security Strategies in UAE.pdf
Cyber Security Strategies in UAE.pdfCyber Security Strategies in UAE.pdf
Cyber Security Strategies in UAE.pdfFiyona Nourin
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaZsolt Nemeth
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
 
002-MAVIS - International agreements to combat electronic crimes
002-MAVIS - International agreements to combat electronic crimes002-MAVIS - International agreements to combat electronic crimes
002-MAVIS - International agreements to combat electronic crimesMichalis Mavis, MSc, MSc
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Business Finland
 
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachITU
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Complianceijtsrd
 
Data Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and securityData Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and securityEthical Sector
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiKnowledge Group
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!amit_shanu
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationJacqueline Fick
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copysmita mitra
 
Securing Indian Cyberspace Shojan
Securing Indian Cyberspace ShojanSecuring Indian Cyberspace Shojan
Securing Indian Cyberspace ShojanShojan Jacob
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillaydotZADNA
 

Similar to cybersecurity- A.Abutaleb (20)

CTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste YankeyCTO Cybersecurity Forum 2013 Auguste Yankey
CTO Cybersecurity Forum 2013 Auguste Yankey
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Cyber Security Strategies in UAE.pdf
Cyber Security Strategies in UAE.pdfCyber Security Strategies in UAE.pdf
Cyber Security Strategies in UAE.pdf
 
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in AfricaThe Realities and Challenges of Cyber Crime and Cyber Security in Africa
The Realities and Challenges of Cyber Crime and Cyber Security in Africa
 
CTO Cybersecurity Forum 2013 Mario Maniewicz
CTO Cybersecurity Forum 2013 Mario ManiewiczCTO Cybersecurity Forum 2013 Mario Maniewicz
CTO Cybersecurity Forum 2013 Mario Maniewicz
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
 
002-MAVIS - International agreements to combat electronic crimes
002-MAVIS - International agreements to combat electronic crimes002-MAVIS - International agreements to combat electronic crimes
002-MAVIS - International agreements to combat electronic crimes
 
Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...Cyber security and critical information infrastructure protection from a sout...
Cyber security and critical information infrastructure protection from a sout...
 
Protecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approachProtecting Critical Infrastructure: a multi-layered approach
Protecting Critical Infrastructure: a multi-layered approach
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Global Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and ComplianceGlobal Perspective Cyberlaw, Regulations and Compliance
Global Perspective Cyberlaw, Regulations and Compliance
 
Data Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and securityData Protection: balancing convenience, privacy and security
Data Protection: balancing convenience, privacy and security
 
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin SukardiAddressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
Addressing Cyber Threats in The Banking Sector - Lt Col (R) Sazali Bin Sukardi
 
"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!"Cyber crime", or computer-oriented crime..!!
"Cyber crime", or computer-oriented crime..!!
 
Understanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisationUnderstanding and preventing cyber crime and its impact on your organisation
Understanding and preventing cyber crime and its impact on your organisation
 
Final presentation cyber security submit copy
Final presentation cyber security submit copyFinal presentation cyber security submit copy
Final presentation cyber security submit copy
 
Securing Indian Cyberspace Shojan
Securing Indian Cyberspace ShojanSecuring Indian Cyberspace Shojan
Securing Indian Cyberspace Shojan
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
 
Cybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru PillayCybersecurity Hub & Operations - Dr. Kiru Pillay
Cybersecurity Hub & Operations - Dr. Kiru Pillay
 

More from Fahmi Albaheth

تحديات أمن تكنولوجيا المعلومات - خالد القائفي
تحديات أمن تكنولوجيا المعلومات - خالد القائفيتحديات أمن تكنولوجيا المعلومات - خالد القائفي
تحديات أمن تكنولوجيا المعلومات - خالد القائفيFahmi Albaheth
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
توصيات ورشة أمن تكنولوجيا المعلومات 12 فبراير 2018
توصيات ورشة أمن تكنولوجيا المعلومات 12 فبراير 2018توصيات ورشة أمن تكنولوجيا المعلومات 12 فبراير 2018
توصيات ورشة أمن تكنولوجيا المعلومات 12 فبراير 2018Fahmi Albaheth
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'aFahmi Albaheth
 
Social engineering - Fadi Al-aswadi
Social engineering - Fadi Al-aswadiSocial engineering - Fadi Al-aswadi
Social engineering - Fadi Al-aswadiFahmi Albaheth
 
Steganography - Muheeb Ghallab
Steganography - Muheeb GhallabSteganography - Muheeb Ghallab
Steganography - Muheeb GhallabFahmi Albaheth
 
حوكمة الإنترنت - عمر الحياني
حوكمة الإنترنت - عمر الحيانيحوكمة الإنترنت - عمر الحياني
حوكمة الإنترنت - عمر الحيانيFahmi Albaheth
 
مقدمة حول جمعية الإنترنت اليمن - عبدالرحمن أبوطالب
مقدمة حول جمعية الإنترنت اليمن - عبدالرحمن أبوطالبمقدمة حول جمعية الإنترنت اليمن - عبدالرحمن أبوطالب
مقدمة حول جمعية الإنترنت اليمن - عبدالرحمن أبوطالبFahmi Albaheth
 
نحو تدشين المنتدى اليمني لحوكمة الإنترنت
نحو تدشين المنتدى اليمني لحوكمة الإنترنتنحو تدشين المنتدى اليمني لحوكمة الإنترنت
نحو تدشين المنتدى اليمني لحوكمة الإنترنتFahmi Albaheth
 
اعرف حقوقك على الإنترنت
اعرف حقوقك على الإنترنتاعرف حقوقك على الإنترنت
اعرف حقوقك على الإنترنتFahmi Albaheth
 
الإنترنت كوسيلة للإستثمار وريادة الأعمال- مؤتمر فرص شبابية - اليمن
الإنترنت كوسيلة للإستثمار وريادة الأعمال- مؤتمر فرص شبابية - اليمنالإنترنت كوسيلة للإستثمار وريادة الأعمال- مؤتمر فرص شبابية - اليمن
الإنترنت كوسيلة للإستثمار وريادة الأعمال- مؤتمر فرص شبابية - اليمنFahmi Albaheth
 
التدوين وأثره في إثراء المحتوى العربي - أيام الإنترنت العربي
التدوين وأثره في إثراء المحتوى العربي - أيام الإنترنت العربيالتدوين وأثره في إثراء المحتوى العربي - أيام الإنترنت العربي
التدوين وأثره في إثراء المحتوى العربي - أيام الإنترنت العربيFahmi Albaheth
 

More from Fahmi Albaheth (12)

تحديات أمن تكنولوجيا المعلومات - خالد القائفي
تحديات أمن تكنولوجيا المعلومات - خالد القائفيتحديات أمن تكنولوجيا المعلومات - خالد القائفي
تحديات أمن تكنولوجيا المعلومات - خالد القائفي
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
توصيات ورشة أمن تكنولوجيا المعلومات 12 فبراير 2018
توصيات ورشة أمن تكنولوجيا المعلومات 12 فبراير 2018توصيات ورشة أمن تكنولوجيا المعلومات 12 فبراير 2018
توصيات ورشة أمن تكنولوجيا المعلومات 12 فبراير 2018
 
New technologies - Amer Haza'a
New technologies - Amer Haza'aNew technologies - Amer Haza'a
New technologies - Amer Haza'a
 
Social engineering - Fadi Al-aswadi
Social engineering - Fadi Al-aswadiSocial engineering - Fadi Al-aswadi
Social engineering - Fadi Al-aswadi
 
Steganography - Muheeb Ghallab
Steganography - Muheeb GhallabSteganography - Muheeb Ghallab
Steganography - Muheeb Ghallab
 
حوكمة الإنترنت - عمر الحياني
حوكمة الإنترنت - عمر الحيانيحوكمة الإنترنت - عمر الحياني
حوكمة الإنترنت - عمر الحياني
 
مقدمة حول جمعية الإنترنت اليمن - عبدالرحمن أبوطالب
مقدمة حول جمعية الإنترنت اليمن - عبدالرحمن أبوطالبمقدمة حول جمعية الإنترنت اليمن - عبدالرحمن أبوطالب
مقدمة حول جمعية الإنترنت اليمن - عبدالرحمن أبوطالب
 
نحو تدشين المنتدى اليمني لحوكمة الإنترنت
نحو تدشين المنتدى اليمني لحوكمة الإنترنتنحو تدشين المنتدى اليمني لحوكمة الإنترنت
نحو تدشين المنتدى اليمني لحوكمة الإنترنت
 
اعرف حقوقك على الإنترنت
اعرف حقوقك على الإنترنتاعرف حقوقك على الإنترنت
اعرف حقوقك على الإنترنت
 
الإنترنت كوسيلة للإستثمار وريادة الأعمال- مؤتمر فرص شبابية - اليمن
الإنترنت كوسيلة للإستثمار وريادة الأعمال- مؤتمر فرص شبابية - اليمنالإنترنت كوسيلة للإستثمار وريادة الأعمال- مؤتمر فرص شبابية - اليمن
الإنترنت كوسيلة للإستثمار وريادة الأعمال- مؤتمر فرص شبابية - اليمن
 
التدوين وأثره في إثراء المحتوى العربي - أيام الإنترنت العربي
التدوين وأثره في إثراء المحتوى العربي - أيام الإنترنت العربيالتدوين وأثره في إثراء المحتوى العربي - أيام الإنترنت العربي
التدوين وأثره في إثراء المحتوى العربي - أيام الإنترنت العربي
 

Recently uploaded

LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosErol GIRAUDY
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIVijayananda Mohire
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)IES VE
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingFrancesco Corti
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kitJamie (Taka) Wang
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptxHansamali Gamage
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationKnoldus Inc.
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2DianaGray10
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Alkin Tezuysal
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfTejal81
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FESTBillieHyde
 

Recently uploaded (20)

LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
Scenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenariosScenario Library et REX Discover industry- and role- based scenarios
Scenario Library et REX Discover industry- and role- based scenarios
 
My key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAIMy key hands-on projects in Quantum, and QAI
My key hands-on projects in Quantum, and QAI
 
The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)The Importance of Indoor Air Quality (English)
The Importance of Indoor Air Quality (English)
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
Where developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is goingWhere developers are challenged, what developers want and where DevEx is going
Where developers are challenged, what developers want and where DevEx is going
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kit
 
.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx.NET 8 ChatBot with Azure OpenAI Services.pptx
.NET 8 ChatBot with Azure OpenAI Services.pptx
 
Introduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its applicationIntroduction to RAG (Retrieval Augmented Generation) and its application
Introduction to RAG (Retrieval Augmented Generation) and its application
 
UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2UiPath Studio Web workshop series - Day 2
UiPath Studio Web workshop series - Day 2
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
Design and Modeling for MySQL SCALE 21X Pasadena, CA Mar 2024
 
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdfQ4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
Q4 2023 Quarterly Investor Presentation - FINAL - v1.pdf
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through TokenizationStobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
Stobox 4: Revolutionizing Investment in Real-World Assets Through Tokenization
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Technical SEO for Improved Accessibility WTS FEST
Technical SEO for Improved Accessibility  WTS FESTTechnical SEO for Improved Accessibility  WTS FEST
Technical SEO for Improved Accessibility WTS FEST
 

cybersecurity- A.Abutaleb

  • 1. Internet Society © 1992–2016 and Internet Governance Cybersecurity Date 12 Feb 2018 Presentation title – Client name Abdulrahman M. Abotaleb Vice President ISOC-Yemen www.isoc.ye a.abotaleb@isoc.ye
  • 2. 2
  • 3. 3 Cybersecurity is the collection of: [Tools + policies + concepts + actions + best practices + strategies] required to protect the cyber environment, and is important to: [individual users + organizations + communities + companies + states]
  • 4. 4
  • 5. Forms of Cyber Threats. Malware. - Viruses - Worms - Trojan horses - Keyloggers and spyware - Backdoor rootkitsages - Adware and cookies - Etc. 5 DoS attacks. DNS security. - DNS spoofing - DNS poisoning (chaining) Copyrighted content Child pornography Surveillance. Censorship. Bugs. OpenSSL Heartbleed bug 2014
  • 6. 6 [Cybercrime] is a criminal activity that requires the use of computers or networks.
  • 7. Cybercrime. • The annual cost of cybercrime to the global economy could have reached a maximum of USD 575 billion. • Lack of global standards of cybercrime forms = those threats may or may not be considered cybercrime depending on the laws that are applied. 7
  • 8. Cybercrime [Case Studies]. 8 • In 2014, Suicide cases that were reportedly caused by cyber bullying in the USA=17, Canada=18 and Sweden=19. Harassment, cyber-bullying increase the risk of suicide amongst children by up to nine times. • In 2014, Almost 200 private pictures of celebrities were leaked and disseminated on social media after they were allegedly obtained via a security breach of Apple's cloud services suite iCloud.
  • 9. Cybercrime [Case Studies, MENA]. • In 2013, Carbanak is cybercrime process developed by a multinational gang of cybercriminals with the objective of stealing money rather than data. [2~4 months, 30 countries including Morocco, US$1 billion loss in total]. • In 2012, United Arab Emirates’ Rakbank, and Oman’s Bank of Muscat lost US$ 45 million through another global cybercrime attack employing fraudulent ATM withdrawals during a 10-hour attack. • In 2013, Lebanese banking computer network systems were also found to be infected by a Gauss virus designed to capture data. 9
  • 10. 10 [Cyberterrorism] Unlawful attacks and threats of attack against computers, networks, and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives.
  • 11. Cyberterrorism [Case Studies]. 11 France 2013 Passing an anti-terror law allows authorities in France to punish inciters of terrorism on the Internet with a five-year prison sentence and a fine up to €45 000 EUR. Egypt 2015 ISIS has utilized the Internet by publishing videos of beheading hostages on social media to gain publicity and outreach.
  • 12. 12 [Cyberwarfare] The use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. .
  • 13. Cyberwarfare. 13 • Traditional wars have expanded to include acts of cyber warfare using cyber arms. • It relies heavily on software programmers, hackers, and network experts. • Major difference between a traditional and cyber war is the scale and outreach. • It can easily turn global rather than remaining between two states.
  • 14. Cyberwarfare[Case Studies]. 14 • USA and the Israeli army targeting the Iranian nuclear centers by STUXNET warm. • Russia was the source of DoS attacks against Estonia in April 2007. • Syrian Electronic Army (SEA) has engaged in attacks against anti- government websites. • KSA warns on cyber defense as Shamoon resurfaces in 2017. • A hacker group (GOP) from North Korea leaked a release of confidential data from the film studio Sony Pictures in 2014.
  • 15. Computer Emergency Response Teams CERTs A team consists of trained and certified experts that are able to conduct cyber forensics, quickly identify the source of an attack, and mitigate as much risk as possible, particularly to data and other valuable resources. 15
  • 16. Functions of CERTs. 16 - Responding to cyber incidents by gathering, analyzing, and disseminating relevant information, as well as taking any emergency measures. - Assessing risk levels and forecasting possible cyber security threats. This proactive approach is usually the main task of a computer security incident prevention team (CSIP) team. - Capacity building and networking. This task involves developing guidelines, best practice manuals and curricula to be used for training and awareness purposes.
  • 17. CERT/CIRT Constituency could be: 17 q An army q National Security q A Police q Universities q Banks q Heath System q ISP q Telcos q Grids Power q Ministry of Finance q Software Companies q Etc.
  • 18. CERTs around the world. 18 • First CERT was established at Carnegie Mellon University in 1988 in response to the Morris worm incident. • Over 250 CERTs have been established around the world. • All the MENA national CERTs are run by organizations that are affiliated to governments or are directly run by governments. Egypt, Oman, UAE, Sudan, Qatar, Tunis, Algeria, Morocco, KSA.
  • 19. Legislations and policies on cybersecurity 19
  • 20. Legislations & Policies. 20 • 2001, European Convention on Cybercrime (CoC). • 2011, Commonwealth Cybercrime Initiative was launched. • 2007, ITU established a Global Cybersecurity Agenda as a framework for international cooperation to enhance security on the Internet.
  • 21. Laws & Legislations [in MENA]. 21 • 2006, Yemen established Electronic Transaction Protection Law. • 2006, UAE established Law on Prevention of Information Technology Crimes and the Law on Electronic Commerce and Transaction. • 2007, KSA enforced the Anti Cyber-Crime Law as well as the Electronic Transaction Protection Law. • 2007, Sudan issued E-crime Law along with the Informatics Offense. • Algeria had issued Law 09-04 for preventing and fighting cyber crimes.
  • 22. Policies & Strategies [in MENA]. 22 • CERTs: Providing support in response to computer, network, and related cybersecurity incidents. • CSIRTs: Establishment specializing in the financial and other sectors became a priority. • ITU: Arab Regional Development Forum is taking the lead in organizing different programs. • ESCWA: leading activities to provide a basis for the harmonization of legal and regulatory frameworks for cyberlaw model directives for the region.
  • 24. 24
  • 25. 25
  • 26. 26
  • 27. 27
  • 28. 28
  • 29. U.S. Dominance in the INTERNET. 29
  • 30. 30 Root Servers (DNS Zone) Submarine International Network
  • 31. Big Companies, not users, own the data. 31
  • 33. The Hunter Leaks: Network-Shaping-101 33
  • 34. 34
  • 35. Visit us at www.internetsociety.org Follow us @internetsociety Galerie Jean-Malbuisson 15, CH-1204 Geneva, Switzerland. +41 22 807 1444 1775 Wiehle Avenue, Suite 201, Reston, VA 20190-5108 USA. +1 703 439 2120 Thank you. 35 Abdulrahman M. Abotaleb Vice President ISOC-Yemen www.isoc.ye a.abotaleb@isoc.ye