SlideShare a Scribd company logo
National Cybersecurity
    Management System


       Mohamed Dafir EL KETTANI
     PhD, ISO 27001 Lead Implementer

                  Professor
ENSIAS, University Mohammed V-Souissi, Morocco
Agenda
1 – Introduction
2 – National Cybersecurity Management System
       NCSec Framework
       Maturity Model
       Roles & Responsibilities
       Implementation Guide
3 – Morocco Case
       ICT Strategic Plan
       Cybersecurity Roadmap
4 – Conclusion
1 - Introduction
Introduction (1/3)

• Increasing computer security challenges in the world;
• Which entity(s) should be given the responsibility for
  National Cyber Security?
   – Case by case organisational structures
   – Partially standardized organisational structures (for
     example, CERTs)
• Self-Assessment:
   – Best practices that organizations can refer to evaluate
     their readiness status;
   – Case by case strategies
   – Gap between countries and regions
                                                               1
Introduction (2/3)


• But, there is lack of international standards (clear
  guidance) with which a State or region can measure its
  current security status.
   – Lack of framework
   – Lack of global vision in terms of:
      •   Capacity building, Certification,
      •   Self assessment
      •   Responsibilities & Roles
      •   Implementation process
      •   Measurement through indicators
      •   etc.
   – Harmonization between countries and regions is a delicate
     process                                                 2
Introduction (3/3)


• The main objective of this presentation is to propose a
  Model of National Cybersecurity Management System
  (NCSecMS), which is a global framework that best
  responds to the needs expressed by the ITU Global
  Cybersecurity Agenda (GCA 2007).
   –   More than recommendations...
   –   ... result of benchmarking
   –   Answers real needs in terms of CyberSecurity
   –   Adapted to a case by case implementation process
• Working Team :
   – Former members of the HLEG Working Area 3 (Organisational
     Structures)
                                                                 3
2 – National Cybersecurity
   Management System
NCSecMS Components


                                NCSec Management System


                                    1              NCSecFR
   ITU            ISO
Documents        27002      NCSec Framework        5 Domains
                                                  34 Processes


                                    2
                 NCSec
                                                  NCSecMM
COBIT V4.1
               Framework     Maturity Model         For each
                                                    Process

                                    3              NCSecRR
  National       NCSec
Stakeholders   Framework
                                Roles &            RACI Chart
                             Responsibilities      by Process

                                    4
    ISO           ISO                              NCSecIG
   27003         27001
                             Implementation          PDCA
                                 Guide                           4
NCSecMS Components

     ITU Q22/1
  (September 2009)              NCSec Management System
  Moroccan Proposal

                                                                  ICEGOV 2008
                                    1              NCSecFR         Conference
   ITU            ISO
Documents        27002      NCSec Framework        5 Domains
                                                  34 Processes

                                                                   ECEG 2009
                                    2                              Conference
                 NCSec
                                                  NCSecMM
COBIT V4.1
               Framework     Maturity Model         For each
                                                    Process
                                                                    ECIW 2009
                                    3              NCSecRR          Conference
  National       NCSec
Stakeholders   Framework
                                Roles &            RACI Chart
                             Responsibilities      by Process

                                                                  ITU Tunis 2009
                                    4                                National
    ISO           ISO                              NCSecIG
   27003         27001
                             Implementation          PDCA        Recommandation
                                 Guide                                     6
NCSecMS Components

   ITU Q22/1
(September 2009)                     NCSec Management System
Moroccan Proposal


                                         1              NCSecFR
–Points out vulnerabilities      NCSec Framework        5 Domains
                                                       34 Processes
 & demonstrate them to gov.
–Provides metrics to measure
                                         2
their achievement
                                                       NCSecMM
                                  Maturity Model         For each
                                                         Process


 –   Points out Roles                    3              NCSecRR
     and Responsibilities            Roles &            RACI Chart
                                  Responsibilities      by Process
 –   Find out needed profiles
     to achieve the role of
                                         4
     a stakeholder                                      NCSecIG
                                  Implementation          PDCA
                                      Guide                           4
2.1 – National Cybersecurity
        Framework
NCSec Framework : 5 Domains / 34 proc




                                  5
Domain 1: Strategy and Policies (SP)

Proc                                               Process Description


       NCSec Strategy
SP1
       Promulgate & endorse a National Cybersecurity Strategy


       Lead Institutions
SP2    Identify a lead institutions for developing a national strategy, and 1 lead institution per stakeholder
            category


       NCSec Policies
SP3
       Identify or define policies of the NCSec strategy


       Critical Information Infrastructures Protection
SP4
       Establish & integrate risk management for identifying & prioritizing protective efforts regarding CII



       Stakeholders
SP5    Identify the degree of readiness of each stakeholder regarding to the implementation of NCSec strategy &
            how stakeholders pursue the NCSec strategy & policies



                                                                                                                  6
Domain 2: Implementation and Organisation (IO)


Proc                                                  Process Description
       NCSec Council
IO1
       Define National Cybersecurity Council for coordination between all stakeholders, to approve the NCSec strategy
       NCSec Authority
IO2
       Define Specific high level Authority for coordination among cybersecurity stakeholders
       National CERT
IO3
       Identify or establish a national CERT to prepare for, detect, respond to, and recover from national cyber incidents
       Privacy and Personnal Data Protection
IO4
       Review existing privacy regime and update it to the on-line environment
       Laws
IO5
       Ensure that a lawful framework is settled and regularly levelled
       Institutions
IO6
       Identify institutions with cybersecurity responsibilities, and procure resources that enable NCSec implementation
       National Experts and Policymakers
IO7
       Identify the appropriate experts and policymakers within government, private sector and university
       Training
IO8
       Identify training requirements and how to achieve them
       Government
IO9
       Implement a cybersecurity plan for government-operated systems, that takes into account changes management
       International Expertise
IO10   Identify international expert counterparts and foster international efforts to address cybersecurity issues, including
            information sharing and assistance efforts                                                                  7
Domain 3: Awareness and Communication (AC)

Proc                                                     Process Description
AC1    Leaders in the Government
       Persuade national leaders in the government of the need for national action to address threats to and vulnerabilities of
           the NCSec through policy-level discussions
AC2    National Cybersecurity and Capacity
       Manage National Cybersecurity and capacity at the national level
AC3    Continuous Service
       Ensure continuous service within each stakeholder and among stakeholders
AC4    National Awareness
       Promote a comprehensive national awareness program so that all participants—businesses, the general workforce,
            and the general population—secure their own parts of cyberspace
AC5    Awareness Programs
       Implement security awareness programs and initiatives for users of systems and networks
AC6    Citizens and Child Protection
       Support outreach to civil society with special attention to the needs of children and individual users
AC7    Research and Development
       Enhance Research and Development (R&D) activities (through the identification of opportunities and allocation of
           funds)
AC8    CSec Culture for Business
       Encourage the development of a culture of security in business enterprises
AC9    Available Solutions
       Develop awareness of cyber risks and available solutions
AC10   NCSec Communication
                                                                                                                        8
       Ensure National Cybersecurity Communication
Domain 4 :Compliance and Coordination                                                 (CC)

PS                                                Process Description

CC1   International Compliance & Cooperation
      Ensure regulatory compliance with regional and international recommendations, standards …

CC2   National Cooperation
      Identify and establish mechanisms and arrangements for cooperation among government, private sector
           entities, university and ONGs at the national level

CC3   Private sector Cooperation
      Encourage cooperation among groups from interdependent industries (through the identification of common
           threats)
      Encourage development of private sector groups from different critical infrastructure industries to address
           common security interest collaboratively with government (through the identification of problems and
           allocation of costs)

CC4   Incidents Handling
      Manage incidents through national CERT to detect, respond to, and recover from national cyber incidents,
           through cooperative arrangement (especially between government and private sector)

CC5   Points of Contact
      Establish points of contact (or CSIRT) within government, industry and university to facilitate consultation,
          cooperation and information exchange with national CERT, in order to monitor and evaluate NCSec
          performance in each sector


                                                                                                                      9
Domain 5: Evaluation and Monitoring (EM)




Proc                                              Process Description


       NCSec Observatory
EM1
       Set up the NCSec observatory


       Mechanisms for Evaluation
EM2    Define mechanisms that can be used to coordinate the activities of the lead institution, the government, the
            private sector and civil society, in order to monitor and evaluate the global NCSec performance



       NCSec Assessment
EM3
       Assess and periodically reassess the current state of cybersecurity efforts and develop program priorities



       NCSec Governance
EM4
       Provide National Cybersecurity Governance



                                                                                                                    10
2.2 – Maturity Model
Maturity Model
• CMM's Five Maturity Levels of Software Processes:
  • 1 : At the initial level, processes are disorganized, even
    chaotic.
  • 2 : At the repeatable level, basic project management
    techniques are established, and successes could be
    repeated.
  • 3 : At the defined level, an organization has developed its
    own standard software process.
  • 4 : At the managed level, an organization monitors and
    controls its own processes through data collection and
    analysis.
  • 5 : At the optimizing level, processes are constantly being
    improved through monitoring feedback
                                                          11
Maturity Model

PS         Process              Level 1              Level 2              Level 3              Level 4             Level 5
           Description
SP1   Promulgate &          Recognition of the   NCSec is            NCSec is              NCSec is under      NCSec is under
      endorse a National    need for a           announced &         operational for all   regular review       continuous
      Cybersecurity         National strategy    planned.            key activities                            improvement
      Strategy
SP2 Identify a lead         Some institutions    Lead institutions   Lead institutions     Lead institutions   Lead institutions
    institution for          have an             are announced       are operational       are under regular   are under
    developing a national   individual cyber-    for all key         for all key           review              continuous
     strategy, and 1 lead   security strategy    activities          activities                                improvement
    institution per
      stakeholder
    category
SP3   Identify or define    Ad-hoc &             Similar &           Policies and          National best       Integrated
       policies of the      Isolated             common              procedures are        practices are        policies &
      NCSec strategy         approaches to       processes           defined,              applied              procedures
                             policies &          announced &         documented,           &repeatable         Transnational
                             practices           planned             operational                                best practice
SP4   Establish &           Recognition of the   CIIP are            Risk management       CIIP risk           CIIP risk
       integrate risk       need for risk        identified &        process is            management          management
       management           management           planned. Risk       approved &            process is          process evolves
       process for          process in CIIP      management          operational for all   complete,           to automated
       identifying &                             process is          CIIP                  repeatable, and     workflow &
      prioritizing                               announced                                 lead to CI best     integrated to
      protective efforts                                                                   practices           enable
      regarding NCSec                                                                                          improvement
      (CIIP)                                                                                                                11
Self-Assessment

                       SP1
                   5
       EM4         4               SP4
                   3
                   2

CC2                1                       IO2
                   0



                                                 SP1   Strategy
 CC1                                     IO3     SP4   CIIP
                                                 IO2   Authority
                                                 IO3   N-CERT
                                                 IO5   Laws
             AC5             IO5                 AC5   Awareness Prg
                                                 CC1   Intern Coop
                                                 CC2   Nat Coord
                                                 EM4   Governance

                                                                       12
2.3 - Roles and Responsibilities
          (RACI Chart)
RACI Chart / Stakeholders


      NCSec Strategy
      Promulgate & endorse a
SP1       National                    I   A   C   C   R   C   C   C   I   I   R   I   I        I
          Cybersecurity
          Strategy
      Lead Institutions
      Identify a lead institutions
            for developing a
SP2         national strategy,        I   I   A   C   R   C   C   I   I       R   C   C   C    C
            and 1 lead institution
            per stakeholder
            category
      NCSec Policies
      Identify or define policies
SP3                                           A   C   R   C   I   C   I       R       I        I
            of the NCSec
            strategy

      Critical Infrastructures
      Establish & integrate risk
            management for
SP4         identifying &                     A       R   R   C   I           R           C    R   I
            prioritizing protective
            efforts regarding
            NCSec (CIIP)
                                                                                              13
                   R = Responsible, A = Accountable, C = Consulted, I = Informed
2.4 – Implementation Guide
Implementation Guide
•A roadmap to assist                      High Level
                                        Decision Makers
CyberSecurity Implementation
at the National Level
                                    1
                    HL                                        HL
                  Awarness                  Approve        Commitment
                                         Implementation

                                    2
   HL              NCSec                                      NCSec
Commitment       Framework                Define Scope       Strategy
                                           & Strategy

                                    3
   NCSec           NCSec                                   Nat. Inf Sec
                                            Conduct
  Strategy      Maturity Model                             Assessment
                                        National Context
                                            Analysis
                                    4
 Nat. Inf Sec      NCSec                                    Processes
 Assessment      Framework                Conduct Risk       Selected
                                          Assessment

                                    5
                                                             NCSec
 Processes        NCSec                     Design         Managnt Syst
  Selected       RACI Chart              NCSec Managnt
                                            System
                                    6
                     ISO                                    NCSec MS
  NCSecIG                                  Implement
                    27001                                  Implemt Prg    14
                                         NCSec Managnt
                                             System
ACM Publication




                  15
3 – Morocco Case
“Maroc Numeric 2013”
   Morocco ICT Strategic Plan consists of…
                                                                            2 Accompanying                    2 Implementation
                  4 Strategic Priorities
                                                                               Measures                            Modes
                   User-Oriented
    Social                          Computerization    IT Industry         Human
Transformation
                  Development of
                                       of SMEs        Development          Capital      Cybersecurity        Governance        Budget
                  Public Services



Ensuring Access       Public             SMEs         Entrepreneurial                                       Supervision and   Financial
 to Education     Administration      Professional                                          Regulatory         Follow-up
                                                       and Areas of
                                                        Cluster TI         Governance                                         Resources
    Players         Efficiency         Solutions         Cluster TI                         Framework         Structures
                                                        Excellence
   Internet
                     Citizens’         Raising                                             Organizational
  Broadband                                           IT Offshoring
                                                      Offshoring TI       Training Plans                    IT Observatory
                     Services         Awareness        Offshoring TI                         Structures
    Access
Local Content      Enterprises’     Mobilization of                       New Training     Promotion and
Development          Services        prescriptions                          Courses          Awareness


                                                             18 Initiatives




                                                                     51
                                                                 actions

                                                                                                                                 16
                                                                                                                                        28
Cybersecurity (1/2)
                     Ambition                                   Objectives 2013
                                                                 • Compliance of IT Moroccan Laws (Protection of
                     Ensure business trust, enhance              Personal Data, Consumer Protection, Legal Electronic
 Cyber-confidence    security capabilities, and secure           Data Exchange) with common international Laws
                     critical information infrastructures        • 60 000 Electronic Certificates delivered




Initiatives         Projects                   Description
                        Protection of
                                                Set up the National Commission for Data Protection (CNDP)
                        Personal Data
    Regulatory            Consumer
    Framework                                   Elaborate the necessary legal and regulatory texts to protect online Consumers
                          Protection

                       ICT Legal Study          Upgrade/update the legal and regulatory framework in order to face the
                                                Cybersecurity challenges and harmonize it with the partners countries


                          Electronic
                    Certification Provider      Support the creation of PKI provider for ensuring electronic signature

                    Creation of Computer
  Organizational    Emergency Response          Set up the National Computer Emergency Response Team (MA-CERT)
   Structures         Team (ma-CERT)

                     Critical Information
                       Infrastructures          Encourage the development of backup sites to ensure the Business Continuity
                          Protection            of Critical Information Infrastructures in Morocco
                                                                                                                         17
                                                                                                                                 29
Cybersecurity (2/2)
Initiatives      Projects                 Description
 Awareness and      Child/Younger          Arise awareness of the children, younger and parents on the Cybersecurity
                   Online Protection
 Communication                             and cyberconfidence issues
       s          Administration and
                     Enterprise            Arise awareness of the administration and enterprises on the Cybersecurity
                     awareness             and cyberconfidence issues


                 ISS integration in the    Integrate the Information Security Systems (ISS) in the Higher Scientific
                   Higher Education        Education and training programs


                   Judge/Magistrate
     Capacity        ISS Training          Ensure training on ISS for judges/magistrates
     building


                  Continuous Training      Ensure continuous training for administration employees/officials on ISS




                                                                                                                   18
                                                                                                                        30
4 – Conclusion
Conclusion
• NCSecMS:
  – More than a best practice document related to National
    CyberSecurity.
  – Affords a complete environment with indicators at the
    national level,
  – Provides metrics to measure their achievement, and to
    identify from a cybersecurity viewpoint the associated
    responsibilities of stakeholders and control process.
• Extensions:
  – Quality of implementation measurement for each element
  – Security metrics : a meaningful gauge of NCSec perf.
  – Costs and benefits of an organized, mature and high-
    quality security program can be better understood
                                                        19
Conclusion
• National Cybersecurity Capacity Building:
  – Affords a complete environment describing needs and
    profiles at the national level,
  – Might provide metrics to measure their achievement,
  – Identifies from a cybersecurity viewpoint the associated
    responsibilities of stakeholders and the needed profiles
    (certification, etc.)
• Extensions :
  – Quality of implementation measurement for each element
  – Capacity Building metrics
  – High-quality security adequate profiles can better answer
    national needs

                                                          20
Conclusion

• Results:
  – NCSecMS: Adopted as a National Recommandation
    by the ITU during the ITU Regional Cybersecurity Forum
    for Africa and Arab States (4-5 June 2009, Tunis)
  – NCSecMS & ITU: Q22.1- september 2009

• Extension of this work:
  – Questionnaire elaboration
  – A benchmarking tool for evaluating CyberSecurity at the
    trans-national level, in collaboration with the ITU within
    its Global CyberSecurity Agenda: some national case
    studies
                                                           21
Thank you for your attention




      Email : dafir@ensias.ma

More Related Content

Viewers also liked

National Security Review
National Security ReviewNational Security Review
National Security Review
Simoun Ung
 
Roles and Challenges for Government CIOs
Roles and Challenges for Government CIOsRoles and Challenges for Government CIOs
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and  Content Search Engine , Research Do...Speech Recognition , Noise Filtering and  Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Gayan Kalanamith Mannapperuma
 
e-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticatione-Government Applications for Voice Authentication
e-Government Applications for Voice Authentication
derektop
 
ict policy scenario in Bangladesh
ict policy scenario in Bangladeshict policy scenario in Bangladesh
ict policy scenario in Bangladesh
Mushfiqur Rahman
 
ICT Challenges for the Teachers
ICT Challenges for the TeachersICT Challenges for the Teachers
ICT Challenges for the Teachers
Metamorphosis
 
The Case for Voice + Face Recognition
The Case for Voice + Face RecognitionThe Case for Voice + Face Recognition
The Case for Voice + Face Recognition
derektop
 
E-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica BoatengE-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica Boateng
Francisco J Grajales III
 
Day1 Bernard Ewah
Day1 Bernard EwahDay1 Bernard Ewah
Day1 Bernard Ewah
US-Ignite
 
ICT AND NATIONAL DEVELOPMENT
ICT AND NATIONAL DEVELOPMENTICT AND NATIONAL DEVELOPMENT
ICT AND NATIONAL DEVELOPMENT
ONECITIZEN NETWORK
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
Directorate of Information Security | Ditjen Aptika
 
Indonesia Broadband Plan
Indonesia Broadband PlanIndonesia Broadband Plan
Indonesia Broadband Plan
The World Bank
 
MySQL And Search At Craigslist
MySQL And Search At CraigslistMySQL And Search At Craigslist
MySQL And Search At Craigslist
Jeremy Zawodny
 
Agile Roles & responsibilities
Agile Roles & responsibilitiesAgile Roles & responsibilities
Agile Roles & responsibilities
Ravi Tadwalkar
 
ICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in IndiaICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in India
Attaluri Srinivasacharyulu
 
World Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - MéxicoWorld Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - México
WCIT 2014
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy Development
Alan McSweeney
 
Applications of Emotions Recognition
Applications of Emotions RecognitionApplications of Emotions Recognition
Applications of Emotions Recognition
Francesco Bonadiman
 
Hive Quick Start Tutorial
Hive Quick Start TutorialHive Quick Start Tutorial
Hive Quick Start Tutorial
Carl Steinbach
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
The Open Group SA
 

Viewers also liked (20)

National Security Review
National Security ReviewNational Security Review
National Security Review
 
Roles and Challenges for Government CIOs
Roles and Challenges for Government CIOsRoles and Challenges for Government CIOs
Roles and Challenges for Government CIOs
 
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and  Content Search Engine , Research Do...Speech Recognition , Noise Filtering and  Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
 
e-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticatione-Government Applications for Voice Authentication
e-Government Applications for Voice Authentication
 
ict policy scenario in Bangladesh
ict policy scenario in Bangladeshict policy scenario in Bangladesh
ict policy scenario in Bangladesh
 
ICT Challenges for the Teachers
ICT Challenges for the TeachersICT Challenges for the Teachers
ICT Challenges for the Teachers
 
The Case for Voice + Face Recognition
The Case for Voice + Face RecognitionThe Case for Voice + Face Recognition
The Case for Voice + Face Recognition
 
E-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica BoatengE-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica Boateng
 
Day1 Bernard Ewah
Day1 Bernard EwahDay1 Bernard Ewah
Day1 Bernard Ewah
 
ICT AND NATIONAL DEVELOPMENT
ICT AND NATIONAL DEVELOPMENTICT AND NATIONAL DEVELOPMENT
ICT AND NATIONAL DEVELOPMENT
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Indonesia Broadband Plan
Indonesia Broadband PlanIndonesia Broadband Plan
Indonesia Broadband Plan
 
MySQL And Search At Craigslist
MySQL And Search At CraigslistMySQL And Search At Craigslist
MySQL And Search At Craigslist
 
Agile Roles & responsibilities
Agile Roles & responsibilitiesAgile Roles & responsibilities
Agile Roles & responsibilities
 
ICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in IndiaICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in India
 
World Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - MéxicoWorld Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - México
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy Development
 
Applications of Emotions Recognition
Applications of Emotions RecognitionApplications of Emotions Recognition
Applications of Emotions Recognition
 
Hive Quick Start Tutorial
Hive Quick Start TutorialHive Quick Start Tutorial
Hive Quick Start Tutorial
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 

Similar to CTO-Cybersecurity-2010-Mohamed-El-Kattani

CISQ Introduction & Objectives - Dr. Bill Curtis
CISQ Introduction & Objectives - Dr. Bill CurtisCISQ Introduction & Objectives - Dr. Bill Curtis
CISQ Introduction & Objectives - Dr. Bill Curtis
CISQ - Consortium for IT Software Quality
 
ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEs
Moutasm Tamimi
 
Vectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric InteroperabilityVectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric Interoperability
GovCloud Network
 
The Latest in Cloud Computing Standards
The Latest in Cloud Computing StandardsThe Latest in Cloud Computing Standards
The Latest in Cloud Computing Standards
CA API Management
 
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smbCost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smb
Lalit Choudhary
 
Nist Cloud Computing Program Overview Nov 2010
Nist Cloud Computing Program Overview Nov 2010Nist Cloud Computing Program Overview Nov 2010
Nist Cloud Computing Program Overview Nov 2010
GovCloud Network
 
Exploring NISC Architectures for Matrix Application
Exploring NISC Architectures for Matrix ApplicationExploring NISC Architectures for Matrix Application
Exploring NISC Architectures for Matrix Application
IDES Editor
 
"Master CCNP (DCCOR) with Top-notch Training at Ns3Edu
"Master CCNP (DCCOR) with Top-notch Training at Ns3Edu"Master CCNP (DCCOR) with Top-notch Training at Ns3Edu
"Master CCNP (DCCOR) with Top-notch Training at Ns3Edu
Ns3Edu
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
DevOps PPt.pptx
DevOps PPt.pptxDevOps PPt.pptx
DevOps PPt.pptx
sandeepsingh360571
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
Javier Tallón
 
RMAA Adelaide Bringing it all back home Slide Notes
RMAA Adelaide Bringing it all back home Slide NotesRMAA Adelaide Bringing it all back home Slide Notes
RMAA Adelaide Bringing it all back home Slide Notes
Stephen Clarke
 
Mpkk 2012 ICT SPM
Mpkk 2012 ICT SPMMpkk 2012 ICT SPM
Mpkk 2012 ICT SPM
aimarashid
 
Best CCNP Collaboration Training In Gurgaon
Best CCNP Collaboration Training In GurgaonBest CCNP Collaboration Training In Gurgaon
Best CCNP Collaboration Training In Gurgaon
Ns3Edu
 
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUBest CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
Ns3Edu
 
Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
fcleary
 
Application Logging for Forensics
Application Logging for ForensicsApplication Logging for Forensics
Application Logging for Forensics
Raffael Marty
 
The Cloudification Perspectives of Search-based Software Testing
The Cloudification Perspectives of Search-based Software TestingThe Cloudification Perspectives of Search-based Software Testing
The Cloudification Perspectives of Search-based Software Testing
Sebastiano Panichella
 
IT - Enterprise Service Operation Center
IT - Enterprise Service Operation CenterIT - Enterprise Service Operation Center
IT - Enterprise Service Operation Center
Sameer Paradia
 
Internship Report
Internship ReportInternship Report
Internship Report
Ritoban Gupta
 

Similar to CTO-Cybersecurity-2010-Mohamed-El-Kattani (20)

CISQ Introduction & Objectives - Dr. Bill Curtis
CISQ Introduction & Objectives - Dr. Bill CurtisCISQ Introduction & Objectives - Dr. Bill Curtis
CISQ Introduction & Objectives - Dr. Bill Curtis
 
ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEs
 
Vectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric InteroperabilityVectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric Interoperability
 
The Latest in Cloud Computing Standards
The Latest in Cloud Computing StandardsThe Latest in Cloud Computing Standards
The Latest in Cloud Computing Standards
 
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smbCost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smb
 
Nist Cloud Computing Program Overview Nov 2010
Nist Cloud Computing Program Overview Nov 2010Nist Cloud Computing Program Overview Nov 2010
Nist Cloud Computing Program Overview Nov 2010
 
Exploring NISC Architectures for Matrix Application
Exploring NISC Architectures for Matrix ApplicationExploring NISC Architectures for Matrix Application
Exploring NISC Architectures for Matrix Application
 
"Master CCNP (DCCOR) with Top-notch Training at Ns3Edu
"Master CCNP (DCCOR) with Top-notch Training at Ns3Edu"Master CCNP (DCCOR) with Top-notch Training at Ns3Edu
"Master CCNP (DCCOR) with Top-notch Training at Ns3Edu
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
DevOps PPt.pptx
DevOps PPt.pptxDevOps PPt.pptx
DevOps PPt.pptx
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
RMAA Adelaide Bringing it all back home Slide Notes
RMAA Adelaide Bringing it all back home Slide NotesRMAA Adelaide Bringing it all back home Slide Notes
RMAA Adelaide Bringing it all back home Slide Notes
 
Mpkk 2012 ICT SPM
Mpkk 2012 ICT SPMMpkk 2012 ICT SPM
Mpkk 2012 ICT SPM
 
Best CCNP Collaboration Training In Gurgaon
Best CCNP Collaboration Training In GurgaonBest CCNP Collaboration Training In Gurgaon
Best CCNP Collaboration Training In Gurgaon
 
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDUBest CCNP (ENCOR 350 - 701) Training at NS3EDU
Best CCNP (ENCOR 350 - 701) Training at NS3EDU
 
Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Application Logging for Forensics
Application Logging for ForensicsApplication Logging for Forensics
Application Logging for Forensics
 
The Cloudification Perspectives of Search-based Software Testing
The Cloudification Perspectives of Search-based Software TestingThe Cloudification Perspectives of Search-based Software Testing
The Cloudification Perspectives of Search-based Software Testing
 
IT - Enterprise Service Operation Center
IT - Enterprise Service Operation CenterIT - Enterprise Service Operation Center
IT - Enterprise Service Operation Center
 
Internship Report
Internship ReportInternship Report
Internship Report
 

More from segughana

CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Report
segughana
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
segughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
segughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Ward
segughana
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
segughana
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victor
segughana
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Ward
segughana
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
segughana
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
segughana
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwe
segughana
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
segughana
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
segughana
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carr
segughana
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
segughana
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundu
segughana
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torres
segughana
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowski
segughana
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardner
segughana
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oram
segughana
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
segughana
 

More from segughana (20)

CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Report
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Ward
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victor
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Ward
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwe
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carr
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundu
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torres
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowski
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardner
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oram
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 

Recently uploaded

IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
SynapseIndia
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
SynapseIndia
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
alexjohnson7307
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
shyamraj55
 
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
alexjohnson7307
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
bellared2
 
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and CitiesThe Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
Arpan Buwa
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
shanihomely
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
Google Developer Group - Harare
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
Matthias Neugebauer
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
Priyanka Aash
 
Step-By-Step Process to Develop a Mobile App From Scratch
Step-By-Step Process to Develop a Mobile App From ScratchStep-By-Step Process to Develop a Mobile App From Scratch
Step-By-Step Process to Develop a Mobile App From Scratch
softsuave
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
bhumivarma35300
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
BrainSell Technologies
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
Jimmy Lai
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
maigasapphire
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Kunal Gupta
 

Recently uploaded (20)

IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Tailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer InsightsTailored CRM Software Development for Enhanced Customer Insights
Tailored CRM Software Development for Enhanced Customer Insights
 
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptxUse Cases & Benefits of RPA in Manufacturing in 2024.pptx
Use Cases & Benefits of RPA in Manufacturing in 2024.pptx
 
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
leewayhertz.com-AI agents for healthcare Applications benefits and implementa...
 
Integrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecaseIntegrating Kafka with MuleSoft 4 and usecase
Integrating Kafka with MuleSoft 4 and usecase
 
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
leewayhertz.com-Generative AI tech stack Frameworks infrastructure models and...
 
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
Russian Girls Call Navi Mumbai 🎈🔥9920725232 🔥💋🎈 Provide Best And Top Girl Ser...
 
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and CitiesThe Impact of the Internet of Things (IoT) on Smart Homes and Cities
The Impact of the Internet of Things (IoT) on Smart Homes and Cities
 
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
Premium Girls Call Mumbai 9920725232 Unlimited Short Providing Girls Service ...
 
Google I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged SlidesGoogle I/O Extended Harare Merged Slides
Google I/O Extended Harare Merged Slides
 
Opencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of MünsterOpencast Summit 2024 — Opencast @ University of Münster
Opencast Summit 2024 — Opencast @ University of Münster
 
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
(CISOPlatform Summit & SACON 2024) Gen AI & Deepfake In Overall Security.pdf
 
Step-By-Step Process to Develop a Mobile App From Scratch
Step-By-Step Process to Develop a Mobile App From ScratchStep-By-Step Process to Develop a Mobile App From Scratch
Step-By-Step Process to Develop a Mobile App From Scratch
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
High Profile Girls call Service Pune 000XX00000 Provide Best And Top Girl Ser...
 
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdfAcumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
Acumatica vs. Sage Intacct vs. NetSuite _ NOW CFO.pdf
 
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python CodebaseEuroPython 2024 - Streamlining Testing in a Large Python Codebase
EuroPython 2024 - Streamlining Testing in a Large Python Codebase
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
Girls Call Churchgate 9910780858 Provide Best And Top Girl Service And No1 in...
 
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptxDublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
Dublin_mulesoft_meetup_Mulesoft_Salesforce_Integration (1).pptx
 

CTO-Cybersecurity-2010-Mohamed-El-Kattani

  • 1. National Cybersecurity Management System Mohamed Dafir EL KETTANI PhD, ISO 27001 Lead Implementer Professor ENSIAS, University Mohammed V-Souissi, Morocco
  • 2. Agenda 1 – Introduction 2 – National Cybersecurity Management System NCSec Framework Maturity Model Roles & Responsibilities Implementation Guide 3 – Morocco Case ICT Strategic Plan Cybersecurity Roadmap 4 – Conclusion
  • 4. Introduction (1/3) • Increasing computer security challenges in the world; • Which entity(s) should be given the responsibility for National Cyber Security? – Case by case organisational structures – Partially standardized organisational structures (for example, CERTs) • Self-Assessment: – Best practices that organizations can refer to evaluate their readiness status; – Case by case strategies – Gap between countries and regions 1
  • 5. Introduction (2/3) • But, there is lack of international standards (clear guidance) with which a State or region can measure its current security status. – Lack of framework – Lack of global vision in terms of: • Capacity building, Certification, • Self assessment • Responsibilities & Roles • Implementation process • Measurement through indicators • etc. – Harmonization between countries and regions is a delicate process 2
  • 6. Introduction (3/3) • The main objective of this presentation is to propose a Model of National Cybersecurity Management System (NCSecMS), which is a global framework that best responds to the needs expressed by the ITU Global Cybersecurity Agenda (GCA 2007). – More than recommendations... – ... result of benchmarking – Answers real needs in terms of CyberSecurity – Adapted to a case by case implementation process • Working Team : – Former members of the HLEG Working Area 3 (Organisational Structures) 3
  • 7. 2 – National Cybersecurity Management System
  • 8. NCSecMS Components NCSec Management System 1 NCSecFR ITU ISO Documents 27002 NCSec Framework 5 Domains 34 Processes 2 NCSec NCSecMM COBIT V4.1 Framework Maturity Model For each Process 3 NCSecRR National NCSec Stakeholders Framework Roles & RACI Chart Responsibilities by Process 4 ISO ISO NCSecIG 27003 27001 Implementation PDCA Guide 4
  • 9. NCSecMS Components ITU Q22/1 (September 2009) NCSec Management System Moroccan Proposal ICEGOV 2008 1 NCSecFR Conference ITU ISO Documents 27002 NCSec Framework 5 Domains 34 Processes ECEG 2009 2 Conference NCSec NCSecMM COBIT V4.1 Framework Maturity Model For each Process ECIW 2009 3 NCSecRR Conference National NCSec Stakeholders Framework Roles & RACI Chart Responsibilities by Process ITU Tunis 2009 4 National ISO ISO NCSecIG 27003 27001 Implementation PDCA Recommandation Guide 6
  • 10. NCSecMS Components ITU Q22/1 (September 2009) NCSec Management System Moroccan Proposal 1 NCSecFR –Points out vulnerabilities NCSec Framework 5 Domains 34 Processes & demonstrate them to gov. –Provides metrics to measure 2 their achievement NCSecMM Maturity Model For each Process – Points out Roles 3 NCSecRR and Responsibilities Roles & RACI Chart Responsibilities by Process – Find out needed profiles to achieve the role of 4 a stakeholder NCSecIG Implementation PDCA Guide 4
  • 11. 2.1 – National Cybersecurity Framework
  • 12. NCSec Framework : 5 Domains / 34 proc 5
  • 13. Domain 1: Strategy and Policies (SP) Proc Process Description NCSec Strategy SP1 Promulgate & endorse a National Cybersecurity Strategy Lead Institutions SP2 Identify a lead institutions for developing a national strategy, and 1 lead institution per stakeholder category NCSec Policies SP3 Identify or define policies of the NCSec strategy Critical Information Infrastructures Protection SP4 Establish & integrate risk management for identifying & prioritizing protective efforts regarding CII Stakeholders SP5 Identify the degree of readiness of each stakeholder regarding to the implementation of NCSec strategy & how stakeholders pursue the NCSec strategy & policies 6
  • 14. Domain 2: Implementation and Organisation (IO) Proc Process Description NCSec Council IO1 Define National Cybersecurity Council for coordination between all stakeholders, to approve the NCSec strategy NCSec Authority IO2 Define Specific high level Authority for coordination among cybersecurity stakeholders National CERT IO3 Identify or establish a national CERT to prepare for, detect, respond to, and recover from national cyber incidents Privacy and Personnal Data Protection IO4 Review existing privacy regime and update it to the on-line environment Laws IO5 Ensure that a lawful framework is settled and regularly levelled Institutions IO6 Identify institutions with cybersecurity responsibilities, and procure resources that enable NCSec implementation National Experts and Policymakers IO7 Identify the appropriate experts and policymakers within government, private sector and university Training IO8 Identify training requirements and how to achieve them Government IO9 Implement a cybersecurity plan for government-operated systems, that takes into account changes management International Expertise IO10 Identify international expert counterparts and foster international efforts to address cybersecurity issues, including information sharing and assistance efforts 7
  • 15. Domain 3: Awareness and Communication (AC) Proc Process Description AC1 Leaders in the Government Persuade national leaders in the government of the need for national action to address threats to and vulnerabilities of the NCSec through policy-level discussions AC2 National Cybersecurity and Capacity Manage National Cybersecurity and capacity at the national level AC3 Continuous Service Ensure continuous service within each stakeholder and among stakeholders AC4 National Awareness Promote a comprehensive national awareness program so that all participants—businesses, the general workforce, and the general population—secure their own parts of cyberspace AC5 Awareness Programs Implement security awareness programs and initiatives for users of systems and networks AC6 Citizens and Child Protection Support outreach to civil society with special attention to the needs of children and individual users AC7 Research and Development Enhance Research and Development (R&D) activities (through the identification of opportunities and allocation of funds) AC8 CSec Culture for Business Encourage the development of a culture of security in business enterprises AC9 Available Solutions Develop awareness of cyber risks and available solutions AC10 NCSec Communication 8 Ensure National Cybersecurity Communication
  • 16. Domain 4 :Compliance and Coordination (CC) PS Process Description CC1 International Compliance & Cooperation Ensure regulatory compliance with regional and international recommendations, standards … CC2 National Cooperation Identify and establish mechanisms and arrangements for cooperation among government, private sector entities, university and ONGs at the national level CC3 Private sector Cooperation Encourage cooperation among groups from interdependent industries (through the identification of common threats) Encourage development of private sector groups from different critical infrastructure industries to address common security interest collaboratively with government (through the identification of problems and allocation of costs) CC4 Incidents Handling Manage incidents through national CERT to detect, respond to, and recover from national cyber incidents, through cooperative arrangement (especially between government and private sector) CC5 Points of Contact Establish points of contact (or CSIRT) within government, industry and university to facilitate consultation, cooperation and information exchange with national CERT, in order to monitor and evaluate NCSec performance in each sector 9
  • 17. Domain 5: Evaluation and Monitoring (EM) Proc Process Description NCSec Observatory EM1 Set up the NCSec observatory Mechanisms for Evaluation EM2 Define mechanisms that can be used to coordinate the activities of the lead institution, the government, the private sector and civil society, in order to monitor and evaluate the global NCSec performance NCSec Assessment EM3 Assess and periodically reassess the current state of cybersecurity efforts and develop program priorities NCSec Governance EM4 Provide National Cybersecurity Governance 10
  • 19. Maturity Model • CMM's Five Maturity Levels of Software Processes: • 1 : At the initial level, processes are disorganized, even chaotic. • 2 : At the repeatable level, basic project management techniques are established, and successes could be repeated. • 3 : At the defined level, an organization has developed its own standard software process. • 4 : At the managed level, an organization monitors and controls its own processes through data collection and analysis. • 5 : At the optimizing level, processes are constantly being improved through monitoring feedback 11
  • 20. Maturity Model PS Process Level 1 Level 2 Level 3 Level 4 Level 5 Description SP1 Promulgate & Recognition of the NCSec is NCSec is NCSec is under NCSec is under endorse a National need for a announced & operational for all regular review continuous Cybersecurity National strategy planned. key activities improvement Strategy SP2 Identify a lead Some institutions Lead institutions Lead institutions Lead institutions Lead institutions institution for have an are announced are operational are under regular are under developing a national individual cyber- for all key for all key review continuous strategy, and 1 lead security strategy activities activities improvement institution per stakeholder category SP3 Identify or define Ad-hoc & Similar & Policies and National best Integrated policies of the Isolated common procedures are practices are policies & NCSec strategy approaches to processes defined, applied procedures policies & announced & documented, &repeatable Transnational practices planned operational best practice SP4 Establish & Recognition of the CIIP are Risk management CIIP risk CIIP risk integrate risk need for risk identified & process is management management management management planned. Risk approved & process is process evolves process for process in CIIP management operational for all complete, to automated identifying & process is CIIP repeatable, and workflow & prioritizing announced lead to CI best integrated to protective efforts practices enable regarding NCSec improvement (CIIP) 11
  • 21. Self-Assessment SP1 5 EM4 4 SP4 3 2 CC2 1 IO2 0 SP1 Strategy CC1 IO3 SP4 CIIP IO2 Authority IO3 N-CERT IO5 Laws AC5 IO5 AC5 Awareness Prg CC1 Intern Coop CC2 Nat Coord EM4 Governance 12
  • 22. 2.3 - Roles and Responsibilities (RACI Chart)
  • 23. RACI Chart / Stakeholders NCSec Strategy Promulgate & endorse a SP1 National I A C C R C C C I I R I I I Cybersecurity Strategy Lead Institutions Identify a lead institutions for developing a SP2 national strategy, I I A C R C C I I R C C C C and 1 lead institution per stakeholder category NCSec Policies Identify or define policies SP3 A C R C I C I R I I of the NCSec strategy Critical Infrastructures Establish & integrate risk management for SP4 identifying & A R R C I R C R I prioritizing protective efforts regarding NCSec (CIIP) 13 R = Responsible, A = Accountable, C = Consulted, I = Informed
  • 25. Implementation Guide •A roadmap to assist High Level Decision Makers CyberSecurity Implementation at the National Level 1 HL HL Awarness Approve Commitment Implementation 2 HL NCSec NCSec Commitment Framework Define Scope Strategy & Strategy 3 NCSec NCSec Nat. Inf Sec Conduct Strategy Maturity Model Assessment National Context Analysis 4 Nat. Inf Sec NCSec Processes Assessment Framework Conduct Risk Selected Assessment 5 NCSec Processes NCSec Design Managnt Syst Selected RACI Chart NCSec Managnt System 6 ISO NCSec MS NCSecIG Implement 27001 Implemt Prg 14 NCSec Managnt System
  • 28. “Maroc Numeric 2013” Morocco ICT Strategic Plan consists of… 2 Accompanying 2 Implementation 4 Strategic Priorities Measures Modes User-Oriented Social Computerization IT Industry Human Transformation Development of of SMEs Development Capital Cybersecurity Governance Budget Public Services Ensuring Access Public SMEs Entrepreneurial Supervision and Financial to Education Administration Professional Regulatory Follow-up and Areas of Cluster TI Governance Resources Players Efficiency Solutions Cluster TI Framework Structures Excellence Internet Citizens’ Raising Organizational Broadband IT Offshoring Offshoring TI Training Plans IT Observatory Services Awareness Offshoring TI Structures Access Local Content Enterprises’ Mobilization of New Training Promotion and Development Services prescriptions Courses Awareness 18 Initiatives 51 actions 16 28
  • 29. Cybersecurity (1/2) Ambition Objectives 2013 • Compliance of IT Moroccan Laws (Protection of Ensure business trust, enhance Personal Data, Consumer Protection, Legal Electronic Cyber-confidence security capabilities, and secure Data Exchange) with common international Laws critical information infrastructures • 60 000 Electronic Certificates delivered Initiatives Projects Description Protection of Set up the National Commission for Data Protection (CNDP) Personal Data Regulatory Consumer Framework Elaborate the necessary legal and regulatory texts to protect online Consumers Protection ICT Legal Study Upgrade/update the legal and regulatory framework in order to face the Cybersecurity challenges and harmonize it with the partners countries Electronic Certification Provider Support the creation of PKI provider for ensuring electronic signature Creation of Computer Organizational Emergency Response Set up the National Computer Emergency Response Team (MA-CERT) Structures Team (ma-CERT) Critical Information Infrastructures Encourage the development of backup sites to ensure the Business Continuity Protection of Critical Information Infrastructures in Morocco 17 29
  • 30. Cybersecurity (2/2) Initiatives Projects Description Awareness and Child/Younger Arise awareness of the children, younger and parents on the Cybersecurity Online Protection Communication and cyberconfidence issues s Administration and Enterprise Arise awareness of the administration and enterprises on the Cybersecurity awareness and cyberconfidence issues ISS integration in the Integrate the Information Security Systems (ISS) in the Higher Scientific Higher Education Education and training programs Judge/Magistrate Capacity ISS Training Ensure training on ISS for judges/magistrates building Continuous Training Ensure continuous training for administration employees/officials on ISS 18 30
  • 32. Conclusion • NCSecMS: – More than a best practice document related to National CyberSecurity. – Affords a complete environment with indicators at the national level, – Provides metrics to measure their achievement, and to identify from a cybersecurity viewpoint the associated responsibilities of stakeholders and control process. • Extensions: – Quality of implementation measurement for each element – Security metrics : a meaningful gauge of NCSec perf. – Costs and benefits of an organized, mature and high- quality security program can be better understood 19
  • 33. Conclusion • National Cybersecurity Capacity Building: – Affords a complete environment describing needs and profiles at the national level, – Might provide metrics to measure their achievement, – Identifies from a cybersecurity viewpoint the associated responsibilities of stakeholders and the needed profiles (certification, etc.) • Extensions : – Quality of implementation measurement for each element – Capacity Building metrics – High-quality security adequate profiles can better answer national needs 20
  • 34. Conclusion • Results: – NCSecMS: Adopted as a National Recommandation by the ITU during the ITU Regional Cybersecurity Forum for Africa and Arab States (4-5 June 2009, Tunis) – NCSecMS & ITU: Q22.1- september 2009 • Extension of this work: – Questionnaire elaboration – A benchmarking tool for evaluating CyberSecurity at the trans-national level, in collaboration with the ITU within its Global CyberSecurity Agenda: some national case studies 21
  • 35. Thank you for your attention Email : dafir@ensias.ma