1. SECURE E-SYSTEMS AS A
COMPETITIVE
ADVANTAGE IN A
GLOBAL MARKETS
By
Cade Zvavanjanja
Cybersecurity Strategist
Presentation for e-Tech 2016
organized by
Ministry of ICT Zimbabwe
(Government)
2. AGENDA
5 Common Mistakes
Is Zimbabwe under threat
What is cybersecurity
Case for competitive advantage
Way forward
6. HACKERS INFORMATION WARRIORS?
Personal motives
Retaliate or ”get even”
Political or terrorism
Make a joke
Show off/Just Because
Elite Hackers
Black Hat
Grey Hat
White Hat
No hat
Malicious Code Writers
Criminal Enterprises
Trusted Insiders
Economic gain
Steal information
Blackmail
Financial fraud
Inflicting damage
Alter, damage or delete
information
Deny services
Damage public image
The bullets are just examples of the three main motives. Be sure to exemplify most of them. Invite participants to come up with other motives and see if they fit into the three top categories.
There’s no direct relationship between threats and motives, basically any mix is possible. However, the teen hackers are mostly hacking for personal motives. Criminals almost exclusively do it for economic gain.
Detection – Incidents are detected from many sources such as People, Customer Service Desks, Audits, Alerts and Technology Trouble Tickets System.
Assessment –. Determine scope & assemble Response Team members.
Analysis – Classify an incident; determine actions and possible escalation requirements; and work with Response Team to determine actions.
Containment – Activities designed to keep the incident from escalating in severity and limiting the number of affected clients.
Forensics – When required identify, preserve, and analyze potential evidence.
Resolution/Recover - Determine the extent of damage, the type of response needed, prepare necessary resolution statements (e.g. notification letter, inbound and outbound scripts). Evaluate if notification is necessary and then document lessons learned. It is at this stage where other major stakeholders maybe involved like Human Resources, OGC, Public Relations, Physical Security and Law Enforcement.