SlideShare a Scribd company logo

Cyber Security Regulatory Landscape

Samir Pawaskar
Samir Pawaskar

A presentation discussing the current cyber security landscape and also the pros and cons of a regulatory culture.

Technology
1 of 12
Download to read offline
Cyber Security Regulatory Landscape Samir Pawaskar
Disclaimer • All views / opinions presented by me during this presentation are solely mine’s and do not represent the views / opinions of my organization in any way. • Information used in this presentation is “Public” in nature.
Agenda • Brief History • Landscape in Qatar and GCC • Regulations: Win Some / Lose Some • Success factors? • Objectives / Success achieved? • Way Forward
Brief History of Regulations Regulations for businesses have existed since time immemorial. Primarily enacted to help the people (citizens / residents) Some of the key reasons being to: Protect human lives and environment. Create opportunities for human by regulating the market. Promote fair and ethical business practices and professional conduct. Create social equalities.
Need for Cyber Security Regulations • Today, the right command sent over a network to a power generating station’s control computer could be just as devastating as a backpack full of explosives, and the perpetrator would be more difficult to identify and apprehend. – USA President’s Commission on Critical Infrastructure Protection, 1997
Landscape in Qatar
Landscape in GCC • ADSIC – AbuDhabi, UAE • DSR – Dubai, UAE • National Electronic Security Authority (NESA) - UAE • National Crisis And Emergency Management Authority (NCEMA) – UAE • Cyber Crimes Law have been issued across most of the countries in GCC • eCommerce Law has been issued in Saudi Arabia • Saudi Arabia also has provisions on Data protection in certain sector specific laws.
Regulations: Win Some / Lose Some • Standards help prioritize focus on critical systems • Standards help identify the right stakeholders and drive communication within them. • Standards help define and establish processes within organizations. • Regulation helps drive compliance. • However, more often then not it leads to a checklist approach missing the security focus • Standards are found lacking catching up with changing threats.
Is this what we aimed for?
Conclusions • The good: • Regulations provide a ‘push’ for cybersecurity • Standards drives process improvements, communications, and an increased cyber security maturity. • Standards have been improving over time trying to keep up with threats. • The bad: • Regulations risk evolving into a checklist mindset with a false sense of security. • Standards change slowly and are largely reactive in nature. • Too many standards risk duplication of efforts, dilution of authority and confusing amongst stakeholders • The ugly: • Regulations seem to be a prime force in the region driving cyber security. • Lead times between regulations (standards) adapting to threats can be substantial. • Jurisdictional issues and contingencies will always be present
Thoughts to ponder 1. Are regulations an effective means to build cyber-resilience within OT environment? Are they necessary for OT security, or are there alternatives? 2. How we can support capacity / capability building and information sharing within and between industrial control system intensive industries? 3. What tools, guidelines, or processes might be developed to help improve compliance effectiveness? How do we move from a checklist approach to security focused?
Thank You Thank You for being a lovely audience. I can be reached at pawaskars@gmail.com *Project website: http://cisac.fsi.stanford.edu/docs/regulation-and-power-grid-resilience *CIRI website: http://ciri.illinois.edu/

Recommended

Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrimeOnline
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail InvestigationDr Raghu Khimani
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMukul Kumar
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 

Recommended

Cyber forensics ppt
Cyber forensics pptCyber forensics ppt
Cyber forensics pptRoshiniVijayakumar1
 
History and future cybercrime
History and future cybercrimeHistory and future cybercrime
History and future cybercrimeOnline
 
E mail Investigation
E mail InvestigationE mail Investigation
E mail InvestigationDr Raghu Khimani
 
Domain 2 - Asset Security
Domain 2 - Asset SecurityDomain 2 - Asset Security
Domain 2 - Asset SecurityMaganathin Veeraragaloo
 
Cyber crime
Cyber crimeCyber crime
Cyber crimeMukul Kumar
 
Social Engineering
Social EngineeringSocial Engineering
Social EngineeringWilliam Gregorian
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
Domain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingDomain 6 - Security Assessment and Testing
Domain 6 - Security Assessment and TestingMaganathin Veeraragaloo
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAKSHAY KHATRI
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
Doc portail-captif-pfsense
Doc portail-captif-pfsenseDoc portail-captif-pfsense
Doc portail-captif-pfsenseservinfo
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensicsn|u - The Open Security Community
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Installation et configuration d'un système de Détection d'intrusion (IDS)
Installation et configuration d'un système de Détection d'intrusion (IDS)Installation et configuration d'un système de Détection d'intrusion (IDS)
Installation et configuration d'un système de Détection d'intrusion (IDS)Charif Khrichfa
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pagesleoimpact
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacksTexas Medical Liability Trust
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditingSweta Kumari Barnwal
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing RansomwareNapier University
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Phishing définition, statistiques, solutions
Phishing définition, statistiques, solutionsPhishing définition, statistiques, solutions
Phishing définition, statistiques, solutionsStephane Manhes
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crimemukeshkaran
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-CommerceAleksandr Yampolskiy
 
CISO's first 100 days
CISO's first 100 daysCISO's first 100 days
CISO's first 100 daysMichaelSadeghiPhDABD
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewEdinburgh Napier University
 

More Related Content

What's hot

Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)GAURAV. H .TANDON
 
Doc portail-captif-pfsense
Doc portail-captif-pfsenseDoc portail-captif-pfsense
Doc portail-captif-pfsenseservinfo
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppWeSecureApp
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProRonald Soh
 
Installation et configuration d'un système de Détection d'intrusion (IDS)
Installation et configuration d'un système de Détection d'intrusion (IDS)Installation et configuration d'un système de Détection d'intrusion (IDS)
Installation et configuration d'un système de Détection d'intrusion (IDS)Charif Khrichfa
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pagesleoimpact
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationTriCorps Technologies
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
 
Phishing définition, statistiques, solutions
Phishing définition, statistiques, solutionsPhishing définition, statistiques, solutions
Phishing définition, statistiques, solutionsStephane Manhes
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCapri Insurance
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and InvestigationNeha Raju k
 

What's hot (20)

Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)Piggy Backing & Tailgating (Security)
Piggy Backing & Tailgating (Security)
 
Doc portail-captif-pfsense
Doc portail-captif-pfsenseDoc portail-captif-pfsense
Doc portail-captif-pfsense
 
Memory Forensics
Memory ForensicsMemory Forensics
Memory Forensics
 
Cybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureAppCybersecurity Awareness E-Book - WeSecureApp
Cybersecurity Awareness E-Book - WeSecureApp
 
Cyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-ProCyber Security Awareness Training by Win-Pro
Cyber Security Awareness Training by Win-Pro
 
Installation et configuration d'un système de Détection d'intrusion (IDS)
Installation et configuration d'un système de Détection d'intrusion (IDS)Installation et configuration d'un système de Détection d'intrusion (IDS)
Installation et configuration d'un système de Détection d'intrusion (IDS)
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Email investigation
Email investigationEmail investigation
Email investigation
 
The Secret Of Hacking Trial Pages
The Secret Of Hacking Trial PagesThe Secret Of Hacking Trial Pages
The Secret Of Hacking Trial Pages
 
Ransomware attacks
Ransomware attacksRansomware attacks
Ransomware attacks
 
Cyber forensics and auditing
Cyber forensics and auditingCyber forensics and auditing
Cyber forensics and auditing
 
Analysing Ransomware
Analysing RansomwareAnalysing Ransomware
Analysing Ransomware
 
Cybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your OrganizationCybersecurity Attack Vectors: How to Protect Your Organization
Cybersecurity Attack Vectors: How to Protect Your Organization
 
Social Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case StudiesSocial Engineering - Strategy, Tactics, & Case Studies
Social Engineering - Strategy, Tactics, & Case Studies
 
Phishing définition, statistiques, solutions
Phishing définition, statistiques, solutionsPhishing définition, statistiques, solutions
Phishing définition, statistiques, solutions
 
Cyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutionsCyber Risk: Exposures, prevention, and solutions
Cyber Risk: Exposures, prevention, and solutions
 
Cyber Crime
Cyber CrimeCyber Crime
Cyber Crime
 
Computer forensics and Investigation
Computer forensics and InvestigationComputer forensics and Investigation
Computer forensics and Investigation
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-Commerce
 

Similar to Cyber Security Regulatory Landscape

Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickJacqueline Fick
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach riskLivingstone Advisory
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchMcKonly & Asbury, LLP
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk GovernanceDan Michaluk
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsNCC Group
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directorscentralohioissa
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Greataccenture
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarEmpired
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology 20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology Kathirvel Ayyaswamy
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsAndrew S. Baker (ASB)
 
The Missing Link Between Governance and Agile Culture
The Missing Link Between Governance and Agile CultureThe Missing Link Between Governance and Agile Culture
The Missing Link Between Governance and Agile CultureJeremy Pullen
 

Similar to Cyber Security Regulatory Landscape (20)

CISO's first 100 days
CISO's first 100 daysCISO's first 100 days
CISO's first 100 days
 
Security, Audit and Compliance: course overview
Security, Audit and Compliance: course overviewSecurity, Audit and Compliance: course overview
Security, Audit and Compliance: course overview
 
Cyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fickCyber forensic readiness cybercon2012 adv j fick
Cyber forensic readiness cybercon2012 adv j fick
 
Best practices to mitigate data breach risk
Best practices to mitigate data breach riskBest practices to mitigate data breach risk
Best practices to mitigate data breach risk
 
Cybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect MatchCybersecurity Frameworks and You: The Perfect Match
Cybersecurity Frameworks and You: The Perfect Match
 
2 Day MOSTI Workshop
2 Day MOSTI Workshop2 Day MOSTI Workshop
2 Day MOSTI Workshop
 
Cybersecurity Risk Governance
Cybersecurity Risk GovernanceCybersecurity Risk Governance
Cybersecurity Risk Governance
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Current & Emerging Cyber Security Threats
Current & Emerging Cyber Security ThreatsCurrent & Emerging Cyber Security Threats
Current & Emerging Cyber Security Threats
 
Bob West - Educating the Board of Directors
Bob West - Educating the Board of DirectorsBob West - Educating the Board of Directors
Bob West - Educating the Board of Directors
 
Jason r mc kinney halfday
Jason r mc kinney halfdayJason r mc kinney halfday
Jason r mc kinney halfday
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
End-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to GreatEnd-to-End OT SecOps Transforming from Good to Great
End-to-End OT SecOps Transforming from Good to Great
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology 20CS024 Ethics in Information Technology
20CS024 Ethics in Information Technology
 
IT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and ToolsIT Security Management -- People, Procedures and Tools
IT Security Management -- People, Procedures and Tools
 
The Missing Link Between Governance and Agile Culture
The Missing Link Between Governance and Agile CultureThe Missing Link Between Governance and Agile Culture
The Missing Link Between Governance and Agile Culture
 
Sem 001 sem-001
Sem 001 sem-001Sem 001 sem-001
Sem 001 sem-001
 

Recently uploaded

Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Cyber Security Regulatory Landscape

  • 2. Disclaimer • All views / opinions presented by me during this presentation are solely mine’s and do not represent the views / opinions of my organization in any way. • Information used in this presentation is “Public” in nature.
  • 3. Agenda • Brief History • Landscape in Qatar and GCC • Regulations: Win Some / Lose Some • Success factors? • Objectives / Success achieved? • Way Forward
  • 4. Brief History of Regulations Regulations for businesses have existed since time immemorial. Primarily enacted to help the people (citizens / residents) Some of the key reasons being to: Protect human lives and environment. Create opportunities for human by regulating the market. Promote fair and ethical business practices and professional conduct. Create social equalities.
  • 5. Need for Cyber Security Regulations • Today, the right command sent over a network to a power generating station’s control computer could be just as devastating as a backpack full of explosives, and the perpetrator would be more difficult to identify and apprehend. – USA President’s Commission on Critical Infrastructure Protection, 1997
  • 7. Landscape in GCC • ADSIC – AbuDhabi, UAE • DSR – Dubai, UAE • National Electronic Security Authority (NESA) - UAE • National Crisis And Emergency Management Authority (NCEMA) – UAE • Cyber Crimes Law have been issued across most of the countries in GCC • eCommerce Law has been issued in Saudi Arabia • Saudi Arabia also has provisions on Data protection in certain sector specific laws.
  • 8. Regulations: Win Some / Lose Some • Standards help prioritize focus on critical systems • Standards help identify the right stakeholders and drive communication within them. • Standards help define and establish processes within organizations. • Regulation helps drive compliance. • However, more often then not it leads to a checklist approach missing the security focus • Standards are found lacking catching up with changing threats.
  • 9. Is this what we aimed for?
  • 10. Conclusions • The good: • Regulations provide a ‘push’ for cybersecurity • Standards drives process improvements, communications, and an increased cyber security maturity. • Standards have been improving over time trying to keep up with threats. • The bad: • Regulations risk evolving into a checklist mindset with a false sense of security. • Standards change slowly and are largely reactive in nature. • Too many standards risk duplication of efforts, dilution of authority and confusing amongst stakeholders • The ugly: • Regulations seem to be a prime force in the region driving cyber security. • Lead times between regulations (standards) adapting to threats can be substantial. • Jurisdictional issues and contingencies will always be present
  • 11. Thoughts to ponder 1. Are regulations an effective means to build cyber-resilience within OT environment? Are they necessary for OT security, or are there alternatives? 2. How we can support capacity / capability building and information sharing within and between industrial control system intensive industries? 3. What tools, guidelines, or processes might be developed to help improve compliance effectiveness? How do we move from a checklist approach to security focused?
  • 12. Thank You Thank You for being a lovely audience. I can be reached at pawaskars@gmail.com *Project website: http://cisac.fsi.stanford.edu/docs/regulation-and-power-grid-resilience *CIRI website: http://ciri.illinois.edu/