SlideShare a Scribd company logo
1 of 67
Download to read offline
Is IT governing us or are we governing it?

          Managing ICT Related Risks: Who is Responsible and
                         What Went Wrong?:


                                            Dr. Jabiri Kuwe Bakari
                         (BSc. Computer Sc., Msc. (Eng.) Data Communication, Ph.D.)
                           Lecturer & Director, Institute of Educational Technology
                                      The Open University of Tanzania

                                                  E- mail: jabiri.bakari@out.ac.tz


                                   Hilton Double Tree Hotel-Osterbay,Slipway Road


                                                           8th December, 2010         1
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Agenda
• Introduction
• An overview of ICT and its Security
  Problem
• ICT related risks
• What went wrong
• Who is responsible
• Lessons from others
• What can be done?

                                                                    2
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Technology Trend
        • Stone, Iron, Industry, Information Age!
        • The world has now moved from natural
          resources to information economy.
        • Information held by public and private
          organisation’s information systems is
          among the most valuable assets in the
          organisation’s care and is considered a
          critical resource, enabling these
          organisations to achieve their objectives
                                                           3
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Because the organization's value have
        moved from tangible to intangible assets
        the risks has moved too, hence the
        overall cooperate risk management should
        take a new track


      • Today ICT is in Almost all National Critical
        Infrastructure



                                                           4
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
ICT in Critical National infrastructures
           Private and public organizations, government, and
           the national security system increasingly depend
           on an interdependent network of critical physical
           and information infrastructures. Examples
             –    energy production, transmission, and distribution
             –    telecommunications,
             –    financial services,
             –    transportation sectors: railways, highways, airports etc.
             –    systems for the provision of water and food for human
                  use and consumption
             –    continuity of government.
             –    chemical industry and hazardous materials
             –    agriculture
             –    defence industrial base
                                                                          5
             –    gas and oil storage and transportation
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
The national economy is increasingly
             reliant upon certain critical infrastructures
             and upon cyber based information
             systems
             Any compromise or attacks on our
             infrastructure and information systems
             may be capable of significantly harming
             our economy!

                                                             6
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Agenda
• Introduction
• An overview of ICT and its Security
  Problem
• ICT related risks
• What went wrong
• Who is responsible
• Lessons from others
• What can be done?

                                                                    7
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
An overview of ICT & its security Problem
Information security is about protection of ICT assets/resources in terms of
Confidentiality Integrity Availability – (information and services)
Access Control to Information Involves: Protective/Proactive, Detective,
                                                               Holistic View of ICT
Reactive and/or Recovery Measures                               security Problem


                                                      Software (Operating
                                                      systems, Application
                                                      software) set of
                                                      instructions




                                                            ICT




      Valuable asset of
  organizations-Information
                                                                                               8
                                                                                 Valuable asset of
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari                     organizations-Information
An overview of ICT security Problem
Managing ICT security is a continuous process by which an organisation
determines what needs to be protected and why; what it needs to be protected
from (i.e. Threats and Vulnerabilities); and how (i.e. mechanisms) to protect it
for as long as it exists.                                          Holistic Approach
                                             Malicious software (Virus,              required
Authorised user                              worm or denial-of-service
abusing his/her                              attack, Backdoors, salami
privileges e.g.
                                             attacks, spyware, etc.) can
Disgruntled staff
                                             be introduced here !




                                                     Physical security of
                                                     the hardware

   Valuable asset of the                                                                      9
 organizations-Information                                                    Valuable asset of the
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari                    organizations-Information
ICT related risks from the Business
                    Perspective

         Business risks result from using ICT as
          business enabler without having in place
          proper ICT Governance and related risks
          controls.




©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Refer GOLDEN TULIP HOTEL,
                     DAR ES SALAAM
                23th August, 2006 Workshop


                                              Four Years Ago

                                                               11
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
12
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
13
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
14
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
15
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
16
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Problem by then




                                                           17
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Security Management in
                                              the organisations -
                                                   Tanzania
                                                  At the strategic level (Absence
                                                  of ICT Security policy, no
                                                  defined budget for ICT
                                                  security, Perceived as technical
                                                  problem and not business risk)


                                                           At the operational (perceived
                                                           to belong to the IT
            Perception Problem                             departments and in some
                                                           cases not coordinated)


                                                    Absence of designated
                                                    ICT security
                                                    personnel/unit.




                                                                                           18
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
An overview of ICT Security Management in
               the organisations -




          Perception Problem




                                                           Ad-hoc


                                                                    19
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
By Mid – 2007 - A Final Holistic Approach for Managing ICT
                      Security in Organisations was produced
                                                                              Presented in a book: ISBN Nr 91-7155-383-8
                                                                     The Environment

                                                                         The Organisation



                                                                                  General
                                                                                Management’s                                          Mitigation
                                                                                 attention &                                          Planning
                                                                                  Backing                                              (GL-09)
                                                                                  (GL-05)
                  Strategic (Top)      Technical          Form                                 Awareness            Risk
                                                                     Quick                     & Backing of     Assessment/                        Operationalisation
                  Management’s       Management's        Project
                                                                     Scan                      General staff      Analysis                           (ICT Security
                     Backing            Backing       Team & Plan
                                                                    (GL-04)                      (GL-07)          (GL-08)                          Policy, Services &
                      (GL-01)           (GL-02)         (GL-03)
                                                                                                                                                     Mechanisms)
                                                                                                                                                        (GL-11)


                                                                                Review/Audit
                                                                                ICT Security
                                                                                  (GL-06)                                             Develop
                                                                                                                                      Counter
                                                                                                                                      Measures
                                                                                                                                       (GL-10)




                                                                                                                              Maintenance
                                                                                                                              (Monitor the
                                                                                                                               Progress)
                             INTRODUCTION OF ICT
                                                                                                                                (GL-12)
                            SECURITY MANAGEMENT
                           PROCESS (INITIALISATION)

                                                                                                       INTERNALISED & CONTINUOUS PROCESS



                                                            The Organisation’s goal & services
                                                                                                                                                                        20
                                                                          Stakeholders
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Each process maps the Holistic View of
                   the security Problem




                                                                       Users




                                                           Valuable asset-
                                                            Information
                                                                             21
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Management team discussing ICT
                security Problem
          This is a technical
          problem




                                                      This is a business
                                                          Problem



                                                                                       Users




                                                                           Valuable asset-
                                                                                    22
                                                                            Information
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Four Years Later - More
                  developments and more
                        problems….


                                                           23
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Agenda
•    Introduction
•    An overview of ICT and its Security Problem
•    What went wrong
•    Who is responsible
•    Lessons from others
•    What can be done?


                                                                    24
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
ICT Service delivery problems

blem




                                                                          25
   ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
ICT Service delivery problems

Problems related to failure
of accessing computerized
services in a number of
connected offices or outlets.




                           customer at
                              ATM


                                                              26
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
ICT Service delivery problems




                                                           27
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Customers waiting to pay their taxes!




                                                             28
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
ICT operational incidents




                                                             Transactions delays




                                           Deposit ,Withdraw &Send
                                           money using mobile phone
                                                                                   29
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
ICT disposal management

                                                   ICT hardware disposal




                                             Sensitive information found
                                                from the hard disks
                                                                           30
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Is IT governing us or are we governing
                                it?




©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Despite of many technical solutions
       available-The problem of management
       of ICT-related risks in organisations are
       increasingly becoming major concerns
       to many ICT-dependent organisations




©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
What went Wrong?
                  And why in
                  Tanzania?
                                                           33
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
ICT Risk Management Drivers – a
                 Comparative Study of Sweden,
                              USA,
                      India, and Tanzania

                                                IEEE CRiSIS 2007



©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• The interesting questions here was,
            – what is it that makes the difference?
            – Is it because of the consequences of
              globalisation?
            – Is it because of the different regulations and
              requirements that need to be complied with in a
              given country?
            – Is it because of market pressure or customer
              demand?
            – Is it because of different cultures, in that,
              according to Robbins, national culture continues
              to be a powerful force in explaining a large
              proportion of organisations’ behaviour?
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Objectives
         • The objective of this study was to investigate the
           effects of some possible ICT risk management
           drivers on the process of getting senior
           management involved in ICT risk management,
           and hence accountable.
         • The investigation was carried out by taking case
           study of four countries namely Sweden, USA,
           India, and Tanzania.
         • The drivers investigated were mainly
            – Globalisation,
            – Market Pressure,
            – Customer Demand and
            – Regulatory Requirements.
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Examples of ICT Risk Management
                         Drivers
     • One condition for global collaboration between
       different organisations, cultures and time zones is
       a “common language”, i.e. internationally accepted
       standards and frameworks.
                                                  Sarbanes-Oxley Act in
     • By using these standards and frameworks,- controlled and
                                                  2002 (SOX) security
                         Committee of Sponsoring  enforced by the US Securities
       and quality can be defined, agreed and Exchangefollowed
                         Organization’s (COSO)
                                                  on and Commission
       up.               framework

     • One further advantage is the fact that offshore
                     Control Objectives for
       suppliers are normally an related
                     Information and
                     Technology -
                                    certified, using these
                                      IT
       standards andgovernance framework
                       frameworks.
     • Their prospective customers can more easily
       assess security and quality requirements.
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Research approach, Methodology

     • Based on the four studies, status and
       experiences of how ICT risk management is
       being practised in organisations in Sweden,
       USA, India and Tanzania was investigated

     • Findings from the four studies were used as
       input to investigate senior management’s
       involvement in the ICT risk management
       process.
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Studies in the four Countries (Swedish)
     • Study on Swedish government agencies concerning the use
       of IT security - Indicated.
        – lack of support from senior management.
        – ICT security is not carried out in a systematic way which
           makes it difficult for the management to prioritise between
           different risks and countermeasures, causing difficulties in
           following up the state of security.
     • The use of models for return on security investment also
       shows the lack of support from senior managementprobably that
                                              The reason for this is
     Another study was carried out by interviewinganalysis has not gained the
                                              using risk information
       security managers and risk managers at 7of the management
                                              approval large Swedish
       trade and industry organisations making extensive use of
       ICT, most of them also with large international operations.
        – The overall summary of the result from the study is that
           risk analysis is not used as a method to allocate resources
           for increasing the security level for the ICT systems.

©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Studies in the four Countries (USA)
     •     The USA study was based on the “2006 CSI/FBI Computer Crime and
           Security survey” which is based on the responses of 616 computer
           security practitioners in US corporations, government agencies,
           financial institutions, medical institutions and universities .
             – The survey indicated a substantial decrease in the total dollar
               amount of financial losses resulting from security breaches.
     •     Probably this due to the Introduction of SOX
             – “The Sarbanes-Oxley Act has changed the focus of information
               security in my organisation from technology to one of corporate
               governance”.
     •     For example, the Act requires that:
             – CEO and CFO to personally certify the correctness in the financial
               reports (section 302);
             – Demands the certification of the underlying (IT) processes (section
               404);
             – Financial events of importance must be reported within four days
               (section 409);
             – The person who deliberately destroys documents, physical or
               electronic, including e-mail, may be sentenced to up to twenty
               years’ imprisonment (section 802)
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
41
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Studies in the four Countries (India)
     • The study in India was based on the medium-sized
       company as a representative of an outsourcing
       company in India, on the assumption of getting an
       average indication (2006).
     • An example was iGATE corporation which was ISO2000
       certified, ISO27001 certified, COBIT maturity level 5 and
       SOX compliant.
     • The reason they have done this is that they see it is
       absolutely essential to have these standards and
       frameworks implemented for them to remain in
       business.
     • In India, customer demand and market pressure makes
       security a top priority for senior management.
        – several Indian offshore suppliers are listed on the
          USA stock market and so have to fulfil SOX
          requirements and have the same level of security in
          place
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Studies in the four Countries (Tanzania)
      • The study in Tanzania took place between 2003 and 2006 -
           the respondents were mainly senior management, Chief
           Financial Officers, Operational managers, IT Managers and
           general and technical staff.
      • The study indicated that the focus of the organisations is on
           what is commonly known as “Computerisation”.
            – Very little or no attention at all is paid to managing ICT-
                 related risks.
      • This was partly found to be due to the following reasons:
            – not knowing that they are vulnerable to ICT-related risks
                 as a result of computerisation
            – ICT risk is not seen as a risk to the organisation’s business;
            – the relaxed culture and lack of formal ICT and ICT security
                 policies and procedures;
            – believing that ICT security is a technical problem and
                 therefore both ICT in general and ICT security in particular
                 being set aside for more important things.
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Today in Tanzania …




©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Poor Planning and Management of ICT
     – Lack of alignment between ICT strategy and
       business strategy
     – High Cost of ICT with low or unproven return on
       investment (ROI)

   • ICT Staff with inadequate skills
           – Non ICT -ICT staff, coupled with Non ICT –ICT
             vendors and Sometimes Non ICT - ICT
             Consultants
           – Where Relevant skills exist, they are
             underutilised
                                                           45
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Problems in Acquisition of ICT related
          Solutions
          – Ad hock and Uncoordinated ICT
            initiatives Mostly Vendor OR donor
            driven solutions
          – with too much dependence on vendor &
            Donor
          – not local tailored
                                                           46
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Problem in Acquisition of ICT related Solutions
                          Vendor                                                   Tender
                      communicate direct                                                                    Lack of ICT
                                                                                  Evaluation                  expert
                          to user                          Tender board             team

                                                                                                               Lack of
                                                                                                            appropriate
                                                                                                             ICT expert



                  User Dept                                               PMU            Vendor




                                                      ICT Dept/
 They are the expert                                 Division/Dir
   – Recall Set of
                                                                                                Tech. are consulted for
    Instructions!
                                                                                                inspection against the
                                                                                               specification/ If software
                                                                                                    then run in test
                                                                                                     environment
                                                                                Store
                       Good practice                                                              - A lot of security
                       Bad practice                                                                  implications47
                        ICT Disposal
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• No proper ICT related Risk Management
                – Security policy and procedures not in place
                – Inadequate business continuity measures
                – Serious ICT operational incidents
                – ICT not meeting nor supporting compliance
                  requirements




                                                                48
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Obsolete Organization Structure
                – ICT function seen as only operations not
                  across-cutting
                – Structure should consider current ICT
                  development and its social-economic impacts




                                                            49
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Obsolete Org structures
     Management                                                                                   Strategic
       function
                                                             CEO                                  function




              Directors                                    Directors                  Directors


     Line                           Line                       Line          Line               Line
   Managers                       Managers                   Managers      Managers           Managers




                                                 ICT
                                                 Dept


                            Under staffed
                            Not well utilized
                            especially in public org
                                                           Operational function
                            No clear job description
                                                                                                      50
                            Not motivated
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Lack of awareness about ICT
                                                           related Risks to customers – while
                                                            talking about Internet Banking
                                                            How many people have read the
                                                               Bank customer service
                                                                 contract/agreement




                                                                                                51
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Introduction
      • An overview of ICT and its Security
        Problem
      • What went wrong
      • Who is responsible
      • Lessons from others
      • What can be done?



                                                           52
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Referring to the studies, one can see
       that Market Pressure and Customer
       Demand, which lead to regulatory
       requirements such as SOX, are
       significant risk management drivers.
                                                             Globalisation effect

                                              SOX
                                       Requirements
                                           (Including                                                Strong demand
                                          frameworks)                         Strong                 (Only in some
                                             Strong                           demand                     cases)
          Weak                               demand
         demand
                                                        Strong                Strong
                                         USA           demand                demand          INDIA
                                                           Market Pressure &
                                                           Customers Demand
                                      Weak                                           Weak
        TANZANIA                     demand                                         demand
                                                                                                     SWEDEN

©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• The key point was to get senior management’s backing
      and involvement in the ICT risk management process

    • This study shows that even though there are
      international standards and frameworks for feedback
      on how the ICT risks are handled in an organisation,
      Compliance with Regulations seems to be the
      strongest driver actually effecting involvement of
      senior managers in the ICT risk management process.
    • However, in noting this, we also include – but view it as
      happening in earlier feed-back cycles – that
      Globalisation, Customer Demand and Market Pressure
      are drivers that initiate regulations (such as SOX) and
      thus interact as indicated earlier.

©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Through Regulation (such as SOX), senior
     managers were in varying degrees held
     personally accountable;
      – We have seen for example some sections, as
        mentioned, are very tough.

   • However, there is still a need to identify more
     drivers of ICT risk management in the
     international and national scenes- it seems
     important to investigate how national,
     organisational and security cultures can blend
     and adapt in order to handle ICT security risks
     as part of the ordinary business processes.


©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Currently empirical data concerning
             the influence of cultural factors on
            ICT risk management are weak. We
                are now researching on how
               cultural factors might affect or
               drive the ICT risk management
                           process.



                                                           56
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Introduction
       • An overview of ICT and its Security
         Problem
       • What went wrong
       • Who is responsible
       • Lessons from others
       • What can be done?

                                                           57
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
ICT is critical and strategic to organization’s
                           business operations



            ICT involves huge investments and great risks




                                                                58
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
•Top management and oversight bodies that are vested with
      day to day planning, organizing, controlling, directing and
      staffing responsibilities have a broad stake in ensuring
      everything, including ICT matters, are properly manned and
      managed.

      •Boards of Directors are vested with such responsibilities
      •ICT related risks management requires strategic direction and
      driving force and that Board is responsible through the CEO.




                                                                   59
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Introduction
      • An overview of ICT and its Security
        Problem
      • What went wrong
      • Who is responsible
      • Lessons from others
      • What can be done?



                                                           60
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
• Cooperate boards compositions to include ICT
          experts, just like the way we include board members
          with legal and finance competences

        • organization’s goal and its strategic
          objectives well aligned with ICT strategies.

        • Tender Boards and Tender Evaluation Committees
          should also include personnel with ICT expertise

        • Organization structures should be reviewed to place
          ICT at the strategic level not only
          technical/operational level

        • Industry and Academic should facilitate research in
          ICT risk-related issues, to perfectly foresee the
          future and potential incoming threats.             61
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Conclusion and Outlook
      • The principle goal of an organization risk
        management process should be to protect
        the organization and its ability to achieve
        their mission
      • and therefore ICT related risks management
        be part of the overall cooperate risk
        management because the value have moved
        from tangible to intangible assets




                                                           62
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Approaching IT governance
                                 • Aligning IT & Business
                                 • Managing service delivery
                                   for promised service level
                                 • Managing Resource for
                                   max benefit
                                 • Managing Risk to foresee
                                   problem and mitigate
                                 • Measuring Performance to
                                   monitor and report on
                                   delivery performance


©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
How could the management of ICT
                 related Risks be improved, in order to
                reduce the potential financial damage as
                      a result of computerisation?



        Answer: A Holistic Approach for Managing ICT Security in Non-
        Commercial Organisations. A Case Study in a Developing Country

                                                           Presented in a book: ISBN Nr 91-7155-383-8

©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
How to Plan and design a suitable ICT Security Management Process




©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
It's now the intangible economy !
   Information is the most valuable asset and is the only
      commodity that can be stolen without being taken!



   If organizations do not address these problems then they
      should expect severe financial damage resulting from
      Services interruption, reputations damage, Loss of
      strategic information, liability claims, loss of property,

           The dependence on ICT to business Core operations
                 makes the ICT an important strategic tool
                                                              66
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
Thank you!




                                                                   67
©2010 Open University of Tanzania – Dr. Jabiri K. Bakari

More Related Content

What's hot

Cto ciip-gaborone workshop-presentation-final-18-mar-2015.compressed
Cto ciip-gaborone workshop-presentation-final-18-mar-2015.compressedCto ciip-gaborone workshop-presentation-final-18-mar-2015.compressed
Cto ciip-gaborone workshop-presentation-final-18-mar-2015.compressedCandice Tang
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
CTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina BuettiCTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina Buettisegughana
 
Pal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protectionPal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protectionMustafa Jarrar
 
ASEAN Critical Information Infrastructure Protection Framework
ASEAN Critical Information Infrastructure Protection FrameworkASEAN Critical Information Infrastructure Protection Framework
ASEAN Critical Information Infrastructure Protection FrameworkETDAofficialRegist
 
Equity In Technology
Equity In TechnologyEquity In Technology
Equity In Technologynicolalritter
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowskisegughana
 
Virtual reality of modern education: The experience of distance learning in T...
Virtual reality of modern education: The experience of distance learning in T...Virtual reality of modern education: The experience of distance learning in T...
Virtual reality of modern education: The experience of distance learning in T...Vorasuang (Michael) Duangchinda (Ph.D.)
 
Responsible use of ict brief project report - feb 2011
Responsible use of ict   brief project report - feb 2011Responsible use of ict   brief project report - feb 2011
Responsible use of ict brief project report - feb 2011Mel Tan
 
Indonesia ICT NewLetter October Edition - English Version
Indonesia ICT NewLetter October Edition - English VersionIndonesia ICT NewLetter October Edition - English Version
Indonesia ICT NewLetter October Edition - English VersionHeru Sutadi
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
 
Creative Play with Technology
Creative Play with TechnologyCreative Play with Technology
Creative Play with TechnologyMiles Berry
 
Information communication technology and the government
Information communication technology and the governmentInformation communication technology and the government
Information communication technology and the governmentMardel B. Del Castillo
 

What's hot (14)

Cto ciip-gaborone workshop-presentation-final-18-mar-2015.compressed
Cto ciip-gaborone workshop-presentation-final-18-mar-2015.compressedCto ciip-gaborone workshop-presentation-final-18-mar-2015.compressed
Cto ciip-gaborone workshop-presentation-final-18-mar-2015.compressed
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
Session 69 Jana Sochor
Session 69 Jana SochorSession 69 Jana Sochor
Session 69 Jana Sochor
 
CTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina BuettiCTO-Cybersecurity-Forum-2010-Cristina Buetti
CTO-Cybersecurity-Forum-2010-Cristina Buetti
 
Pal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protectionPal gov.tutorial6.session5.privacy and data protection
Pal gov.tutorial6.session5.privacy and data protection
 
ASEAN Critical Information Infrastructure Protection Framework
ASEAN Critical Information Infrastructure Protection FrameworkASEAN Critical Information Infrastructure Protection Framework
ASEAN Critical Information Infrastructure Protection Framework
 
Equity In Technology
Equity In TechnologyEquity In Technology
Equity In Technology
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowski
 
Virtual reality of modern education: The experience of distance learning in T...
Virtual reality of modern education: The experience of distance learning in T...Virtual reality of modern education: The experience of distance learning in T...
Virtual reality of modern education: The experience of distance learning in T...
 
Responsible use of ict brief project report - feb 2011
Responsible use of ict   brief project report - feb 2011Responsible use of ict   brief project report - feb 2011
Responsible use of ict brief project report - feb 2011
 
Indonesia ICT NewLetter October Edition - English Version
Indonesia ICT NewLetter October Edition - English VersionIndonesia ICT NewLetter October Edition - English Version
Indonesia ICT NewLetter October Edition - English Version
 
National Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip VictorNational Strategies against Cyber Attacks - Philip Victor
National Strategies against Cyber Attacks - Philip Victor
 
Creative Play with Technology
Creative Play with TechnologyCreative Play with Technology
Creative Play with Technology
 
Information communication technology and the government
Information communication technology and the governmentInformation communication technology and the government
Information communication technology and the government
 

Similar to Dr bakari presentation

A Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelA Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelCSCJournals
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceGareth Niblett
 
ICTs use and Academic Development in the Moshi Co-operative University (MoCU)
ICTs use and Academic Development in the Moshi Co-operative University (MoCU)ICTs use and Academic Development in the Moshi Co-operative University (MoCU)
ICTs use and Academic Development in the Moshi Co-operative University (MoCU)George Matto
 
ICT Association Suriname at Virtual Educa Caribbean 2012
ICT Association Suriname at Virtual Educa Caribbean 2012ICT Association Suriname at Virtual Educa Caribbean 2012
ICT Association Suriname at Virtual Educa Caribbean 2012Cyril Soeri
 
Information security threats encountered by Malaysian public sector data cen...
Information security threats encountered by Malaysian public  sector data cen...Information security threats encountered by Malaysian public  sector data cen...
Information security threats encountered by Malaysian public sector data cen...nooriasukmaningtyas
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in IndiaDinesh O Bareja
 
Current Issues In Education Technology WPG Consulting .pdf
Current Issues In Education Technology  WPG Consulting .pdfCurrent Issues In Education Technology  WPG Consulting .pdf
Current Issues In Education Technology WPG Consulting .pdfmeetsolanki44
 
ICT & SDGs – How Information and Communications Technology Can Achieve The Su...
ICT & SDGs – How Information and Communications Technology Can Achieve The Su...ICT & SDGs – How Information and Communications Technology Can Achieve The Su...
ICT & SDGs – How Information and Communications Technology Can Achieve The Su...Ericsson
 
09 Extending It For External Engagement Full Version
09 Extending It For External Engagement Full Version09 Extending It For External Engagement Full Version
09 Extending It For External Engagement Full VersionBCE A&E
 
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...IRJET Journal
 
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...Community Protection Forum
 
The Competency Of Quantum Technologies Information...
The Competency Of Quantum Technologies Information...The Competency Of Quantum Technologies Information...
The Competency Of Quantum Technologies Information...Maggie Turner
 
Indonesia 2014 National ID-IGF Dialogue Resume
Indonesia 2014 National ID-IGF Dialogue ResumeIndonesia 2014 National ID-IGF Dialogue Resume
Indonesia 2014 National ID-IGF Dialogue ResumeID-IGF
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastruc...
Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastruc...Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastruc...
Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastruc...Sven Wohlgemuth
 
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...MajedahAlkharji
 
IET India Advisory: Safeguarding children from cyber threats in times of a pa...
IET India Advisory: Safeguarding children from cyber threats in times of a pa...IET India Advisory: Safeguarding children from cyber threats in times of a pa...
IET India Advisory: Safeguarding children from cyber threats in times of a pa...IET India
 

Similar to Dr bakari presentation (20)

A Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment ModelA Bring Your Own Device Risk Assessment Model
A Bring Your Own Device Risk Assessment Model
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber Defence
 
ICTs use and Academic Development in the Moshi Co-operative University (MoCU)
ICTs use and Academic Development in the Moshi Co-operative University (MoCU)ICTs use and Academic Development in the Moshi Co-operative University (MoCU)
ICTs use and Academic Development in the Moshi Co-operative University (MoCU)
 
ICT Association Suriname at Virtual Educa Caribbean 2012
ICT Association Suriname at Virtual Educa Caribbean 2012ICT Association Suriname at Virtual Educa Caribbean 2012
ICT Association Suriname at Virtual Educa Caribbean 2012
 
Information security threats encountered by Malaysian public sector data cen...
Information security threats encountered by Malaysian public  sector data cen...Information security threats encountered by Malaysian public  sector data cen...
Information security threats encountered by Malaysian public sector data cen...
 
Session 5.2 Martin Koyabe
Session 5.2 Martin KoyabeSession 5.2 Martin Koyabe
Session 5.2 Martin Koyabe
 
OSA - Internet Security in India
OSA - Internet Security in IndiaOSA - Internet Security in India
OSA - Internet Security in India
 
Ict security essay
Ict security essay Ict security essay
Ict security essay
 
OCR cybersecurity
OCR cybersecurityOCR cybersecurity
OCR cybersecurity
 
Current Issues In Education Technology WPG Consulting .pdf
Current Issues In Education Technology  WPG Consulting .pdfCurrent Issues In Education Technology  WPG Consulting .pdf
Current Issues In Education Technology WPG Consulting .pdf
 
ICT & SDGs – How Information and Communications Technology Can Achieve The Su...
ICT & SDGs – How Information and Communications Technology Can Achieve The Su...ICT & SDGs – How Information and Communications Technology Can Achieve The Su...
ICT & SDGs – How Information and Communications Technology Can Achieve The Su...
 
09 Extending It For External Engagement Full Version
09 Extending It For External Engagement Full Version09 Extending It For External Engagement Full Version
09 Extending It For External Engagement Full Version
 
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
FEDERAL LEARNING BASED SOLUTIONS FOR PRIVACY AND ANONYMITY IN INTERNET OF MED...
 
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
Critical Infrastucture Protection: a strategic opportunity for countries’ mod...
 
The Competency Of Quantum Technologies Information...
The Competency Of Quantum Technologies Information...The Competency Of Quantum Technologies Information...
The Competency Of Quantum Technologies Information...
 
Indonesia 2014 National ID-IGF Dialogue Resume
Indonesia 2014 National ID-IGF Dialogue ResumeIndonesia 2014 National ID-IGF Dialogue Resume
Indonesia 2014 National ID-IGF Dialogue Resume
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastruc...
Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastruc...Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastruc...
Towards a Safe, Secure Society - Resilience and IT Risks in Social Infrastruc...
 
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
Enhanced Cryptographic Solution for Security Issues Faced by Saudi Arabian un...
 
IET India Advisory: Safeguarding children from cyber threats in times of a pa...
IET India Advisory: Safeguarding children from cyber threats in times of a pa...IET India Advisory: Safeguarding children from cyber threats in times of a pa...
IET India Advisory: Safeguarding children from cyber threats in times of a pa...
 

Recently uploaded

Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...IMARC Group
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyHanna Klim
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Lviv Startup Club
 
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...ISONIKELtd
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfHajeJanKamps
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examplesamberjiles31
 
Amazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyAmazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyfashionfound007
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGlokeshwarmaha
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentationbaron83
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Onlinelng ths
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfAnhNguyen97152
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfCharles Cotter, PhD
 
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptxChapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptxesiyasmengesha
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsIntellect Design Arena Ltd
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003believeminhh
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato pptElizangelaSoaresdaCo
 

Recently uploaded (20)

Investment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV IndustriesInvestment Opportunity for Thailand's Automotive & EV Industries
Investment Opportunity for Thailand's Automotive & EV Industries
 
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
Boat Trailers Market PPT: Growth, Outlook, Demand, Keyplayer Analysis and Opp...
 
Anyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agencyAnyhr.io | Presentation HR&Recruiting agency
Anyhr.io | Presentation HR&Recruiting agency
 
Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)Michael Vidyakin: Introduction to PMO (UA)
Michael Vidyakin: Introduction to PMO (UA)
 
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
ISONIKE Ltd Accreditation for the Conformity Assessment and Certification of ...
 
PDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdfPDT 88 - 4 million seed - Seed - Protecto.pdf
PDT 88 - 4 million seed - Seed - Protecto.pdf
 
Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024Borderless Access - Global Panel book-unlock 2024
Borderless Access - Global Panel book-unlock 2024
 
Intellectual Property Licensing Examples
Intellectual Property Licensing ExamplesIntellectual Property Licensing Examples
Intellectual Property Licensing Examples
 
Amazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the companyAmazon ppt.pptx Amazon about the company
Amazon ppt.pptx Amazon about the company
 
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISINGUNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
UNLEASHING THE POWER OF PROGRAMMATIC ADVERTISING
 
MoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor PresentationMoneyBridge Pitch Deck - Investor Presentation
MoneyBridge Pitch Deck - Investor Presentation
 
To Create Your Own Wig Online To Create Your Own Wig Online
To Create Your Own Wig Online  To Create Your Own Wig OnlineTo Create Your Own Wig Online  To Create Your Own Wig Online
To Create Your Own Wig Online To Create Your Own Wig Online
 
Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024Borderless Access - Global B2B Panel book-unlock 2024
Borderless Access - Global B2B Panel book-unlock 2024
 
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdfGraham and Doddsville - Issue 1 - Winter 2006 (1).pdf
Graham and Doddsville - Issue 1 - Winter 2006 (1).pdf
 
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdfTalent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
Talent Management research intelligence_13 paradigm shifts_20 March 2024.pdf
 
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptxChapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
Chapter_Five_The_Rural_Development_Policies_and_Strategy_of_Ethiopia.pptx
 
Upgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking ApplicationsUpgrade Your Banking Experience with Advanced Core Banking Applications
Upgrade Your Banking Experience with Advanced Core Banking Applications
 
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
The Vietnam Believer Newsletter_MARCH 25, 2024_EN_Vol. 003
 
Plano de marketing- inglês em formato ppt
Plano de marketing- inglês  em formato pptPlano de marketing- inglês  em formato ppt
Plano de marketing- inglês em formato ppt
 
WAM Corporate Presentation Mar 25 2024.pdf
WAM Corporate Presentation Mar 25 2024.pdfWAM Corporate Presentation Mar 25 2024.pdf
WAM Corporate Presentation Mar 25 2024.pdf
 

Dr bakari presentation

  • 1. Is IT governing us or are we governing it? Managing ICT Related Risks: Who is Responsible and What Went Wrong?: Dr. Jabiri Kuwe Bakari (BSc. Computer Sc., Msc. (Eng.) Data Communication, Ph.D.) Lecturer & Director, Institute of Educational Technology The Open University of Tanzania E- mail: jabiri.bakari@out.ac.tz Hilton Double Tree Hotel-Osterbay,Slipway Road 8th December, 2010 1 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 2. Agenda • Introduction • An overview of ICT and its Security Problem • ICT related risks • What went wrong • Who is responsible • Lessons from others • What can be done? 2 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 3. Technology Trend • Stone, Iron, Industry, Information Age! • The world has now moved from natural resources to information economy. • Information held by public and private organisation’s information systems is among the most valuable assets in the organisation’s care and is considered a critical resource, enabling these organisations to achieve their objectives 3 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 4. • Because the organization's value have moved from tangible to intangible assets the risks has moved too, hence the overall cooperate risk management should take a new track • Today ICT is in Almost all National Critical Infrastructure 4 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 5. ICT in Critical National infrastructures Private and public organizations, government, and the national security system increasingly depend on an interdependent network of critical physical and information infrastructures. Examples – energy production, transmission, and distribution – telecommunications, – financial services, – transportation sectors: railways, highways, airports etc. – systems for the provision of water and food for human use and consumption – continuity of government. – chemical industry and hazardous materials – agriculture – defence industrial base 5 – gas and oil storage and transportation ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 6. The national economy is increasingly reliant upon certain critical infrastructures and upon cyber based information systems Any compromise or attacks on our infrastructure and information systems may be capable of significantly harming our economy! 6 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 7. Agenda • Introduction • An overview of ICT and its Security Problem • ICT related risks • What went wrong • Who is responsible • Lessons from others • What can be done? 7 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 8. An overview of ICT & its security Problem Information security is about protection of ICT assets/resources in terms of Confidentiality Integrity Availability – (information and services) Access Control to Information Involves: Protective/Proactive, Detective, Holistic View of ICT Reactive and/or Recovery Measures security Problem Software (Operating systems, Application software) set of instructions ICT Valuable asset of organizations-Information 8 Valuable asset of ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari organizations-Information
  • 9. An overview of ICT security Problem Managing ICT security is a continuous process by which an organisation determines what needs to be protected and why; what it needs to be protected from (i.e. Threats and Vulnerabilities); and how (i.e. mechanisms) to protect it for as long as it exists. Holistic Approach Malicious software (Virus, required Authorised user worm or denial-of-service abusing his/her attack, Backdoors, salami privileges e.g. attacks, spyware, etc.) can Disgruntled staff be introduced here ! Physical security of the hardware Valuable asset of the 9 organizations-Information Valuable asset of the ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari organizations-Information
  • 10. ICT related risks from the Business Perspective Business risks result from using ICT as business enabler without having in place proper ICT Governance and related risks controls. ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 11. Refer GOLDEN TULIP HOTEL, DAR ES SALAAM 23th August, 2006 Workshop Four Years Ago 11 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 12. 12 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 13. 13 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 14. 14 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 15. 15 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 16. 16 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 17. • Problem by then 17 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 18. Security Management in the organisations - Tanzania At the strategic level (Absence of ICT Security policy, no defined budget for ICT security, Perceived as technical problem and not business risk) At the operational (perceived to belong to the IT Perception Problem departments and in some cases not coordinated) Absence of designated ICT security personnel/unit. 18 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 19. An overview of ICT Security Management in the organisations - Perception Problem Ad-hoc 19 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 20. By Mid – 2007 - A Final Holistic Approach for Managing ICT Security in Organisations was produced Presented in a book: ISBN Nr 91-7155-383-8 The Environment The Organisation General Management’s Mitigation attention & Planning Backing (GL-09) (GL-05) Strategic (Top) Technical Form Awareness Risk Quick & Backing of Assessment/ Operationalisation Management’s Management's Project Scan General staff Analysis (ICT Security Backing Backing Team & Plan (GL-04) (GL-07) (GL-08) Policy, Services & (GL-01) (GL-02) (GL-03) Mechanisms) (GL-11) Review/Audit ICT Security (GL-06) Develop Counter Measures (GL-10) Maintenance (Monitor the Progress) INTRODUCTION OF ICT (GL-12) SECURITY MANAGEMENT PROCESS (INITIALISATION) INTERNALISED & CONTINUOUS PROCESS The Organisation’s goal & services 20 Stakeholders ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 21. Each process maps the Holistic View of the security Problem Users Valuable asset- Information 21 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 22. Management team discussing ICT security Problem This is a technical problem This is a business Problem Users Valuable asset- 22 Information ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 23. Four Years Later - More developments and more problems…. 23 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 24. Agenda • Introduction • An overview of ICT and its Security Problem • What went wrong • Who is responsible • Lessons from others • What can be done? 24 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 25. ICT Service delivery problems blem 25 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 26. ICT Service delivery problems Problems related to failure of accessing computerized services in a number of connected offices or outlets. customer at ATM 26 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 27. ICT Service delivery problems 27 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 28. Customers waiting to pay their taxes! 28 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 29. ICT operational incidents Transactions delays Deposit ,Withdraw &Send money using mobile phone 29 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 30. ICT disposal management ICT hardware disposal Sensitive information found from the hard disks 30 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 31. Is IT governing us or are we governing it? ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 32. • Despite of many technical solutions available-The problem of management of ICT-related risks in organisations are increasingly becoming major concerns to many ICT-dependent organisations ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 33. What went Wrong? And why in Tanzania? 33 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 34. ICT Risk Management Drivers – a Comparative Study of Sweden, USA, India, and Tanzania IEEE CRiSIS 2007 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 35. • The interesting questions here was, – what is it that makes the difference? – Is it because of the consequences of globalisation? – Is it because of the different regulations and requirements that need to be complied with in a given country? – Is it because of market pressure or customer demand? – Is it because of different cultures, in that, according to Robbins, national culture continues to be a powerful force in explaining a large proportion of organisations’ behaviour? ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 36. Objectives • The objective of this study was to investigate the effects of some possible ICT risk management drivers on the process of getting senior management involved in ICT risk management, and hence accountable. • The investigation was carried out by taking case study of four countries namely Sweden, USA, India, and Tanzania. • The drivers investigated were mainly – Globalisation, – Market Pressure, – Customer Demand and – Regulatory Requirements. ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 37. Examples of ICT Risk Management Drivers • One condition for global collaboration between different organisations, cultures and time zones is a “common language”, i.e. internationally accepted standards and frameworks. Sarbanes-Oxley Act in • By using these standards and frameworks,- controlled and 2002 (SOX) security Committee of Sponsoring enforced by the US Securities and quality can be defined, agreed and Exchangefollowed Organization’s (COSO) on and Commission up. framework • One further advantage is the fact that offshore Control Objectives for suppliers are normally an related Information and Technology - certified, using these IT standards andgovernance framework frameworks. • Their prospective customers can more easily assess security and quality requirements. ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 38. Research approach, Methodology • Based on the four studies, status and experiences of how ICT risk management is being practised in organisations in Sweden, USA, India and Tanzania was investigated • Findings from the four studies were used as input to investigate senior management’s involvement in the ICT risk management process. ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 39. Studies in the four Countries (Swedish) • Study on Swedish government agencies concerning the use of IT security - Indicated. – lack of support from senior management. – ICT security is not carried out in a systematic way which makes it difficult for the management to prioritise between different risks and countermeasures, causing difficulties in following up the state of security. • The use of models for return on security investment also shows the lack of support from senior managementprobably that The reason for this is Another study was carried out by interviewinganalysis has not gained the using risk information security managers and risk managers at 7of the management approval large Swedish trade and industry organisations making extensive use of ICT, most of them also with large international operations. – The overall summary of the result from the study is that risk analysis is not used as a method to allocate resources for increasing the security level for the ICT systems. ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 40. Studies in the four Countries (USA) • The USA study was based on the “2006 CSI/FBI Computer Crime and Security survey” which is based on the responses of 616 computer security practitioners in US corporations, government agencies, financial institutions, medical institutions and universities . – The survey indicated a substantial decrease in the total dollar amount of financial losses resulting from security breaches. • Probably this due to the Introduction of SOX – “The Sarbanes-Oxley Act has changed the focus of information security in my organisation from technology to one of corporate governance”. • For example, the Act requires that: – CEO and CFO to personally certify the correctness in the financial reports (section 302); – Demands the certification of the underlying (IT) processes (section 404); – Financial events of importance must be reported within four days (section 409); – The person who deliberately destroys documents, physical or electronic, including e-mail, may be sentenced to up to twenty years’ imprisonment (section 802) ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 41. 41 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 42. Studies in the four Countries (India) • The study in India was based on the medium-sized company as a representative of an outsourcing company in India, on the assumption of getting an average indication (2006). • An example was iGATE corporation which was ISO2000 certified, ISO27001 certified, COBIT maturity level 5 and SOX compliant. • The reason they have done this is that they see it is absolutely essential to have these standards and frameworks implemented for them to remain in business. • In India, customer demand and market pressure makes security a top priority for senior management. – several Indian offshore suppliers are listed on the USA stock market and so have to fulfil SOX requirements and have the same level of security in place ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 43. Studies in the four Countries (Tanzania) • The study in Tanzania took place between 2003 and 2006 - the respondents were mainly senior management, Chief Financial Officers, Operational managers, IT Managers and general and technical staff. • The study indicated that the focus of the organisations is on what is commonly known as “Computerisation”. – Very little or no attention at all is paid to managing ICT- related risks. • This was partly found to be due to the following reasons: – not knowing that they are vulnerable to ICT-related risks as a result of computerisation – ICT risk is not seen as a risk to the organisation’s business; – the relaxed culture and lack of formal ICT and ICT security policies and procedures; – believing that ICT security is a technical problem and therefore both ICT in general and ICT security in particular being set aside for more important things. ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 44. Today in Tanzania … ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 45. • Poor Planning and Management of ICT – Lack of alignment between ICT strategy and business strategy – High Cost of ICT with low or unproven return on investment (ROI) • ICT Staff with inadequate skills – Non ICT -ICT staff, coupled with Non ICT –ICT vendors and Sometimes Non ICT - ICT Consultants – Where Relevant skills exist, they are underutilised 45 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 46. • Problems in Acquisition of ICT related Solutions – Ad hock and Uncoordinated ICT initiatives Mostly Vendor OR donor driven solutions – with too much dependence on vendor & Donor – not local tailored 46 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 47. Problem in Acquisition of ICT related Solutions Vendor Tender communicate direct Lack of ICT Evaluation expert to user Tender board team Lack of appropriate ICT expert User Dept PMU Vendor ICT Dept/ They are the expert Division/Dir – Recall Set of Tech. are consulted for Instructions! inspection against the specification/ If software then run in test environment Store Good practice - A lot of security Bad practice implications47 ICT Disposal ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 48. • No proper ICT related Risk Management – Security policy and procedures not in place – Inadequate business continuity measures – Serious ICT operational incidents – ICT not meeting nor supporting compliance requirements 48 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 49. • Obsolete Organization Structure – ICT function seen as only operations not across-cutting – Structure should consider current ICT development and its social-economic impacts 49 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 50. Obsolete Org structures Management Strategic function CEO function Directors Directors Directors Line Line Line Line Line Managers Managers Managers Managers Managers ICT Dept Under staffed Not well utilized especially in public org Operational function No clear job description 50 Not motivated ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 51. Lack of awareness about ICT related Risks to customers – while talking about Internet Banking How many people have read the Bank customer service contract/agreement 51 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 52. • Introduction • An overview of ICT and its Security Problem • What went wrong • Who is responsible • Lessons from others • What can be done? 52 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 53. • Referring to the studies, one can see that Market Pressure and Customer Demand, which lead to regulatory requirements such as SOX, are significant risk management drivers. Globalisation effect SOX Requirements (Including Strong demand frameworks) Strong (Only in some Strong demand cases) Weak demand demand Strong Strong USA demand demand INDIA Market Pressure & Customers Demand Weak Weak TANZANIA demand demand SWEDEN ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 54. • The key point was to get senior management’s backing and involvement in the ICT risk management process • This study shows that even though there are international standards and frameworks for feedback on how the ICT risks are handled in an organisation, Compliance with Regulations seems to be the strongest driver actually effecting involvement of senior managers in the ICT risk management process. • However, in noting this, we also include – but view it as happening in earlier feed-back cycles – that Globalisation, Customer Demand and Market Pressure are drivers that initiate regulations (such as SOX) and thus interact as indicated earlier. ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 55. • Through Regulation (such as SOX), senior managers were in varying degrees held personally accountable; – We have seen for example some sections, as mentioned, are very tough. • However, there is still a need to identify more drivers of ICT risk management in the international and national scenes- it seems important to investigate how national, organisational and security cultures can blend and adapt in order to handle ICT security risks as part of the ordinary business processes. ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 56. Currently empirical data concerning the influence of cultural factors on ICT risk management are weak. We are now researching on how cultural factors might affect or drive the ICT risk management process. 56 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 57. • Introduction • An overview of ICT and its Security Problem • What went wrong • Who is responsible • Lessons from others • What can be done? 57 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 58. ICT is critical and strategic to organization’s business operations ICT involves huge investments and great risks 58 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 59. •Top management and oversight bodies that are vested with day to day planning, organizing, controlling, directing and staffing responsibilities have a broad stake in ensuring everything, including ICT matters, are properly manned and managed. •Boards of Directors are vested with such responsibilities •ICT related risks management requires strategic direction and driving force and that Board is responsible through the CEO. 59 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 60. • Introduction • An overview of ICT and its Security Problem • What went wrong • Who is responsible • Lessons from others • What can be done? 60 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 61. • Cooperate boards compositions to include ICT experts, just like the way we include board members with legal and finance competences • organization’s goal and its strategic objectives well aligned with ICT strategies. • Tender Boards and Tender Evaluation Committees should also include personnel with ICT expertise • Organization structures should be reviewed to place ICT at the strategic level not only technical/operational level • Industry and Academic should facilitate research in ICT risk-related issues, to perfectly foresee the future and potential incoming threats. 61 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 62. Conclusion and Outlook • The principle goal of an organization risk management process should be to protect the organization and its ability to achieve their mission • and therefore ICT related risks management be part of the overall cooperate risk management because the value have moved from tangible to intangible assets 62 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 63. Approaching IT governance • Aligning IT & Business • Managing service delivery for promised service level • Managing Resource for max benefit • Managing Risk to foresee problem and mitigate • Measuring Performance to monitor and report on delivery performance ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 64. How could the management of ICT related Risks be improved, in order to reduce the potential financial damage as a result of computerisation? Answer: A Holistic Approach for Managing ICT Security in Non- Commercial Organisations. A Case Study in a Developing Country Presented in a book: ISBN Nr 91-7155-383-8 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 65. How to Plan and design a suitable ICT Security Management Process ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 66. It's now the intangible economy ! Information is the most valuable asset and is the only commodity that can be stolen without being taken! If organizations do not address these problems then they should expect severe financial damage resulting from Services interruption, reputations damage, Loss of strategic information, liability claims, loss of property, The dependence on ICT to business Core operations makes the ICT an important strategic tool 66 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari
  • 67. Thank you! 67 ©2010 Open University of Tanzania – Dr. Jabiri K. Bakari