SlideShare a Scribd company logo

Cyber Security 2016 Cade Zvavanjanja1

Download as PPT, PDF
Cade Zvavanjanja
Cade Zvavanjanja
1 of 20
SECURE E-SYSTEMS AS A COMPETITIVE ADVANTAGE IN A GLOBAL MARKETS By Cade Zvavanjanja Cybersecurity Strategist Presentation for e-Tech 2016 organized by Ministry of ICT Zimbabwe (Government)
AGENDA  5 Common Mistakes  Is Zimbabwe under threat  What is cybersecurity  Case for competitive advantage  Way forward
Is Zimbabwe under threat??
Some Responses
HACKERS INFORMATION WARRIORS? Personal motives  Retaliate or ”get even”  Political or terrorism  Make a joke  Show off/Just Because Elite Hackers  Black Hat  Grey Hat  White Hat  No hat  Malicious Code Writers  Criminal Enterprises  Trusted Insiders Economic gain  Steal information  Blackmail  Financial fraud Inflicting damage  Alter, damage or delete information  Deny services  Damage public image
How is info attacked
TODAY’S TREND Terrorists White Collar Crime Open Source Disasters Theft Scripts ID Theft Insider/Espionage
Easy of attacks
Zimbabwe Landscape
Zimbabwe vs. Global Landscape
ProcessProcess OrganizationOrganization TechnologyTechnology Opt/in/outOpt/in/out Regulatory Requirement Regulatory Requirement Security/Pr ivacy Policy Security/Pr ivacy Policy Planning and Strategy Program Maturity Program Metrics Cybersecurity Architecture • Privacy Strategy • Data Classification Analysis • Privacy Teams • Policy Development • Policy Update Plans • Decision Management • Privacy Support Architecture • Awareness • Privacy Strategy • Data Classification Analysis • Privacy Teams • Policy Development • Policy Update Plans • Decision Management • Privacy Support Architecture • Awareness • Privacy Risk Assessments • Data Governance • Vendor Governance • Technology Planning • Business Process Review • Information Security • Information Privacy • Privacy Risk Assessments • Data Governance • Vendor Governance • Technology Planning • Business Process Review • Information Security • Information Privacy • External Support Infrastructure • Privacy Auditing • Incident Response • Crisis Management • Knowledge Management • Consumer Support Infrastructure • Open Source Intelligence • External Support Infrastructure • Privacy Auditing • Incident Response • Crisis Management • Knowledge Management • Consumer Support Infrastructure • Open Source Intelligence PeoplePeople ComplianceCompliance
18 Ecommerce Site Data Storage Business Interfaces IT/IS/ DevelopmentAnti-Virus Firewalls Encryption Security in SDLC Threat Modelling Build Standards Information Security Policies Legislative Compliance Configuration Reviews Patch Management Access Control Reviews Application Testing Penetration Testing Intrusion Detection Vulnerability Assessment Vetting / References Disciplinary Procedure Awareness & Training Holistic IT security
-Technology containment - Process containment - Procedure containment - Engage digital forensics process - Collect evidence - Engage 3rd party - Detect Incident - Identify source of identified -Log incident - Reduce false positive HIGH LEVEL OVERVIEW Detection Digital Forensics Resolution & Reporting Assessment AnalysisContainment - Determine scope - Assemble Response Team - Collect & sort facts - Determine scope - Assemble Response Team - Collect & sort facts - Notify client - Notify regulators - Remediate - Analyze long term effects - Analyze lessons learned Privacy Incident Response Process
Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 cadezvavanjanja@gmail.com

Recommended

comesa cybersecurity
comesa cybersecuritycomesa cybersecurity
comesa cybersecurityCade Zvavanjanja
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Enumerating your shadow it attack surface
Enumerating your shadow it attack surfaceEnumerating your shadow it attack surface
Enumerating your shadow it attack surfacePriyanka Aash
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond CyberPhil Huggins FBCS CITP
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskSurfWatch Labs
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 

Recommended

comesa cybersecurity
comesa cybersecuritycomesa cybersecurity
comesa cybersecurityCade Zvavanjanja
 
Cyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationCyber Threat Intelligence Solution Demonstration
Cyber Threat Intelligence Solution DemonstrationSurfWatch Labs
 
Enumerating your shadow it attack surface
Enumerating your shadow it attack surfaceEnumerating your shadow it attack surface
Enumerating your shadow it attack surfacePriyanka Aash
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond CyberPhil Huggins FBCS CITP
 
6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat Intelligence6 Steps for Operationalizing Threat Intelligence
6 Steps for Operationalizing Threat IntelligenceSirius
 
SurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs Threat Intelligence Solution Demo
SurfWatch Labs Threat Intelligence Solution DemoSurfWatch Labs
 
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskUsing SurfWatch Labs' Threat Intelligence to Monitor Your Digital Risk
Using SurfWatch Labs' Threat Intelligence to Monitor Your Digital RiskSurfWatch Labs
 
Threat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedThreat Intelligence 101 - Steve Lodin - Submitted
Threat Intelligence 101 - Steve Lodin - SubmittedSteve Lodin
 
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanningVladimir Jirasek
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskSurfWatch Labs
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence Teams4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence TeamsRecorded Future
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsSurfWatch Labs
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesProactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesRecorded Future
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber DataPhil Huggins FBCS CITP
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Saurabh Upadhyay
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 
Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 

More Related Content

What's hot

The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemEric Vanderburg
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanningVladimir Jirasek
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceSurfWatch Labs
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in securityOsama Ellahi
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskSurfWatch Labs
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinarIntergen
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesEric Vanderburg
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Mark Arena
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat IntelligenceZaiffiEhsan
 
4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence Teams4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence TeamsRecorded Future
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsSurfWatch Labs
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?PECB
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesProactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesRecorded Future
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNorth Texas Chapter of the ISSA
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handlingnewbie2019
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Saurabh Upadhyay
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsRecorded Future
 

What's hot (20)

The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware ProblemThe Prescription for Protection - Avoid Treatment Errors To The Malware Problem
The Prescription for Protection - Avoid Treatment Errors To The Malware Problem
 
Vulnerability management - beyond scanning
Vulnerability management - beyond scanningVulnerability management - beyond scanning
Vulnerability management - beyond scanning
 
How to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital PresenceHow to Mitigate Risk From Your Expanding Digital Presence
How to Mitigate Risk From Your Expanding Digital Presence
 
Threat intelligence in security
Threat intelligence in securityThreat intelligence in security
Threat intelligence in security
 
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party RiskUsing SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
Using SurfWatch Labs' Threat Intelligence to Understand Third-Party Risk
 
Your cyber security webinar
Your cyber security webinarYour cyber security webinar
Your cyber security webinar
 
Cloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance ChallengesCloud Storage and Security: Solving Compliance Challenges
Cloud Storage and Security: Solving Compliance Challenges
 
Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...Cyber Threat Intelligence: Building and maturing an intelligence program that...
Cyber Threat Intelligence: Building and maturing an intelligence program that...
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence Teams4 Rules for Successful Threat Intelligence Teams
4 Rules for Successful Threat Intelligence Teams
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
 
How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?How to Boost your Cyber Risk Management Program and Capabilities?
How to Boost your Cyber Risk Management Program and Capabilities?
 
Proactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor TypesProactive Defense: Understanding the 4 Main Threat Actor Types
Proactive Defense: Understanding the 4 Main Threat Actor Types
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 
Pitfalls of Cyber Data
Pitfalls of Cyber DataPitfalls of Cyber Data
Pitfalls of Cyber Data
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
Chapter 15 incident handling
Chapter 15 incident handlingChapter 15 incident handling
Chapter 15 incident handling
 
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...
 
Ethical hacking concept-Part 1
Ethical hacking concept-Part 1Ethical hacking concept-Part 1
Ethical hacking concept-Part 1
 
Top 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPsTop 6 Sources for Identifying Threat Actor TTPs
Top 6 Sources for Identifying Threat Actor TTPs
 

Similar to Cyber Security 2016 Cade Zvavanjanja1

Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideDLT Solutions
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challengeFERMA
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsCA Technologies
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Joe Bartolo
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)Shawn Tuma
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss PreventionReza Kopaee
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...XeniT Solutions nv
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxbakhtinasiriav
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)Shawn Tuma
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityJessica Santamaria
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectivesSensePost
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Shawn Tuma
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumDavid Crozier
 

Similar to Cyber Security 2016 Cade Zvavanjanja1 (20)

Threat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the OutsideThreat Ready Data: Protect Data from the Inside and the Outside
Threat Ready Data: Protect Data from the Inside and the Outside
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Complicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analyticsComplicate, detect, respond: stopping cyber attacks with identity analytics
Complicate, detect, respond: stopping cyber attacks with identity analytics
 
Cobit 2
Cobit 2Cobit 2
Cobit 2
 
Main Menu
Main MenuMain Menu
Main Menu
 
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
Aceds 2015 Cyberseucity and the Legal Profession - NYC - April 7, 2015
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...Data Security in the Insurance Industry: what you need to know about data pro...
Data Security in the Insurance Industry: what you need to know about data pro...
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Emerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and SecurityEmerging Trends in Information Privacy and Security
Emerging Trends in Information Privacy and Security
 
Cybercrime future perspectives
Cybercrime future perspectivesCybercrime future perspectives
Cybercrime future perspectives
 
ISACA ISSA Presentation
ISACA ISSA PresentationISACA ISSA Presentation
ISACA ISSA Presentation
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
 
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...
 
Cybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity ForumCybersecurity Threats - NI Business Continuity Forum
Cybersecurity Threats - NI Business Continuity Forum
 

More from Cade Zvavanjanja

Cade zvavanjanja saigf cybercrime & security online
Cade zvavanjanja saigf cybercrime & security onlineCade zvavanjanja saigf cybercrime & security online
Cade zvavanjanja saigf cybercrime & security onlineCade Zvavanjanja
 
Cade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade Zvavanjanja
 
A case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaA case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaCade Zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Cade Zvavanjanja
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresCade Zvavanjanja
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT SecurityCade Zvavanjanja
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 servicesCade Zvavanjanja
 

More from Cade Zvavanjanja (9)

Cade zvavanjanja saigf cybercrime & security online
Cade zvavanjanja saigf cybercrime & security onlineCade zvavanjanja saigf cybercrime & security online
Cade zvavanjanja saigf cybercrime & security online
 
Cade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf onlineCade zvavanjanja iot afigf online
Cade zvavanjanja iot afigf online
 
A case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanjaA case for multi-stakeholder cybersecurity by zvavanjanja
A case for multi-stakeholder cybersecurity by zvavanjanja
 
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
Saigf 15 thematic-paper 7 - A case for multi-stakeholder partnerships for cri...
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Web application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasuresWeb application attacks using Sql injection and countermasures
Web application attacks using Sql injection and countermasures
 
Introduction to IT Security
Introduction to IT SecurityIntroduction to IT Security
Introduction to IT Security
 
Gainful Information Security 2012 services
Gainful Information Security 2012 servicesGainful Information Security 2012 services
Gainful Information Security 2012 services
 
Top online frauds 2010
Top online frauds 2010Top online frauds 2010
Top online frauds 2010
 

Cyber Security 2016 Cade Zvavanjanja1

  • 1. SECURE E-SYSTEMS AS A COMPETITIVE ADVANTAGE IN A GLOBAL MARKETS By Cade Zvavanjanja Cybersecurity Strategist Presentation for e-Tech 2016 organized by Ministry of ICT Zimbabwe (Government)
  • 2. AGENDA  5 Common Mistakes  Is Zimbabwe under threat  What is cybersecurity  Case for competitive advantage  Way forward
  • 3.
  • 4. Is Zimbabwe under threat??
  • 6. HACKERS INFORMATION WARRIORS? Personal motives  Retaliate or ”get even”  Political or terrorism  Make a joke  Show off/Just Because Elite Hackers  Black Hat  Grey Hat  White Hat  No hat  Malicious Code Writers  Criminal Enterprises  Trusted Insiders Economic gain  Steal information  Blackmail  Financial fraud Inflicting damage  Alter, damage or delete information  Deny services  Damage public image
  • 7. How is info attacked
  • 8. TODAY’S TREND Terrorists White Collar Crime Open Source Disasters Theft Scripts ID Theft Insider/Espionage
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 16. Zimbabwe vs. Global Landscape
  • 17. ProcessProcess OrganizationOrganization TechnologyTechnology Opt/in/outOpt/in/out Regulatory Requirement Regulatory Requirement Security/Pr ivacy Policy Security/Pr ivacy Policy Planning and Strategy Program Maturity Program Metrics Cybersecurity Architecture • Privacy Strategy • Data Classification Analysis • Privacy Teams • Policy Development • Policy Update Plans • Decision Management • Privacy Support Architecture • Awareness • Privacy Strategy • Data Classification Analysis • Privacy Teams • Policy Development • Policy Update Plans • Decision Management • Privacy Support Architecture • Awareness • Privacy Risk Assessments • Data Governance • Vendor Governance • Technology Planning • Business Process Review • Information Security • Information Privacy • Privacy Risk Assessments • Data Governance • Vendor Governance • Technology Planning • Business Process Review • Information Security • Information Privacy • External Support Infrastructure • Privacy Auditing • Incident Response • Crisis Management • Knowledge Management • Consumer Support Infrastructure • Open Source Intelligence • External Support Infrastructure • Privacy Auditing • Incident Response • Crisis Management • Knowledge Management • Consumer Support Infrastructure • Open Source Intelligence PeoplePeople ComplianceCompliance
  • 18. 18 Ecommerce Site Data Storage Business Interfaces IT/IS/ DevelopmentAnti-Virus Firewalls Encryption Security in SDLC Threat Modelling Build Standards Information Security Policies Legislative Compliance Configuration Reviews Patch Management Access Control Reviews Application Testing Penetration Testing Intrusion Detection Vulnerability Assessment Vetting / References Disciplinary Procedure Awareness & Training Holistic IT security
  • 19. -Technology containment - Process containment - Procedure containment - Engage digital forensics process - Collect evidence - Engage 3rd party - Detect Incident - Identify source of identified -Log incident - Reduce false positive HIGH LEVEL OVERVIEW Detection Digital Forensics Resolution & Reporting Assessment AnalysisContainment - Determine scope - Assemble Response Team - Collect & sort facts - Determine scope - Assemble Response Team - Collect & sort facts - Notify client - Notify regulators - Remediate - Analyze long term effects - Analyze lessons learned Privacy Incident Response Process
  • 20. Thank You Tel: +236 733 782 490 +263 773 796 365 +263 -4- 733 117 cadezvavanjanja@gmail.com

Editor's Notes

  1. The bullets are just examples of the three main motives. Be sure to exemplify most of them. Invite participants to come up with other motives and see if they fit into the three top categories. There’s no direct relationship between threats and motives, basically any mix is possible. However, the teen hackers are mostly hacking for personal motives. Criminals almost exclusively do it for economic gain.
  2. Detection – Incidents are detected from many sources such as People, Customer Service Desks, Audits, Alerts and Technology Trouble Tickets System. Assessment –. Determine scope & assemble Response Team members. Analysis – Classify an incident; determine actions and possible escalation requirements; and work with Response Team to determine actions. Containment – Activities designed to keep the incident from escalating in severity and limiting the number of affected clients. Forensics – When required identify, preserve, and analyze potential evidence. Resolution/Recover - Determine the extent of damage, the type of response needed, prepare necessary resolution statements (e.g. notification letter, inbound and outbound scripts). Evaluate if notification is necessary and then document lessons learned. It is at this stage where other major stakeholders maybe involved like Human Resources, OGC, Public Relations, Physical Security and Law Enforcement.