SlideShare a Scribd company logo

Cyber Security - Awareness Presentation - High Level

Download as PPTX, PDF
B
bbothma718

Cyber

Technology
1 of 11
Cyber Security Awareness
Contents • Overview of Cybersecurity • Guidelines / Frameworks / Acts • South African and Public Sector context • Departmental context (Strategic risks) • DPSA Guidance – Executive leadership • Key Questions • Three pillar approach to Cybersecurity • References • Thank you
Overview ● What is Cybersecurity? Cybersecurity, a subset of information security, is the practice of defending your organisation's cloud, networks, computers, and data from unauthorised digital access, attack, or damage by implementing various defence processes, technologies, and practices. ● Cybersecurity awareness involves being mindful of cybersecurity in day-to-day situations. Being aware of the dangers of browsing the web, checking email and interacting online are all components of cybersecurity awareness. As leaders, it’s our responsibility to make sure everyone considers cybersecurity an essential part of their role. 3
Guidelines / frameworks / acts • Corporate Governance of ICT Policy Framework of 2012 • National Cybersecurity policy framework Published Dec 2015 • Cyber crimes Act 19 of 2020 • Protection of Personal Information Act 3 of 2013 ( Effected 1 July 2020) • Corporate Governance of ICT Policy Framework of March 2022 – Circular 21 of 2022 • CIRCULAR 1 OF 2022 CLOUD COMPUTING DETERMINATION AND DIRECTIVE AWARENESS • CIRCULAR 23 OF 2022 DIRECTIVE ON PUBLIC SERVICE INFORMATION SECURITY 4
South African cyber attacks 5
Government cybersecurity awareness drive 6
DEPARTMENTAL RISK REGISTERS – STRATEGIC 23/24 7 Risk No. Prog Risk Description Root Causes SR02 P1 Existing infrastructure unable to handle the growing demands of business/ Inadequate ICT infrastructure to support the Department's needs 1. Poor ICT infrastructure 2. Dilapidating ICT infrastructure 3. Inadequate ICT resources (ICT Funding and skills on infrastructure management) 4. Outdated ICT policies (bureaucracy and non agile policy environment) 5. Operational ineffeciences on the ICT network , 6. Inadequate Budget for Repairs and Maintenance 7. Aging of systems ( BAS, PERSAL And LOGIS, SCOA system) 8. Prolong IFMS Project– (need a stopgap) 9. PT dependency on OTP and SITA for service delivery 10. National Policies environment constraints 11. Slow Implementation of 4IR ( 4th Industrial Revolution) 12. Loadshedding/ unavailability of power 13. Water outages SR03 P1 Lack of business continuity: 1 Existing infrastructure unable to handle the growing demands of business/ Inadequate ICT infrastructure to support the Department's needs 2. Lack of funding 3. Inadequate resources ( Human and financial Resources) 4. Negative impact caused by Disasters ( e.g Covid -19 ) 5. Bulk infrastructure (building, water, electricity, sanitation, pests). 6. IT solutions for remote access. 7. Cyber security attacks. 8. Community protests. 9. Occupational health and safety 10. Reliance on third parties for service delivery ( OTP, SITA and Public Works- consider to move it to TRM) 11. Loadshedding/ unavailability of power 12. Water outages 13. Fire hazards 14. ICT Network outages 15. Vandalism and theft of infrastructure( cable theft ect) 16. Ineffective Business Continuity Committee 17. Business Continuity Plans do not address a wide enough range of potential incidents High demand on the infrastructure and that actually shows how much cyber security should be taken seriously, because the higher the usage the higher the risk of security threats on the network .
DPSA Directives – Executive Leadership 8 • Corporate Governance of ICT Policy Framework of March 2022 • “The Head of Department is the designated governance champion accountable for the corporate governance of ICT and is responsible for the establishment of corporate governance of the ICT system and monitoring of its performance.” • “It directs the strategic leadership of the department (executive management) to take responsibility for the governance of ICT equivalent to the other departments, including but not limited to finances and human resources.” • “The Policy Framework directs the strategic leadership of the department to take responsibility for the corporate governance of ICT and provide leadership for the use of ICT to support the achievement of the strategic objectives and goals of the department.” • “Principle 4: Manage ICT-related business risks • The ICT-related business risks, including security and cybersecurity, must be managed (mitigated and audited regularly). • Regular reporting to the ICT Steering committee and EXCO on key general IT Controls.” • Directive on Public Service Information Security • 25. CYBERSECURITY • The Head of Department must ensure that - • a) Penetration testing, vulnerability scans, and threat risk analysis are part of the • departmental cybersecurity initiatives.
Key Questions Executive needs to ask • Do we know what needs to be protected? • Hardware and software • Data • Policies (Who wrote them, suitable for our environment, available and updated, does everyone know them, enforced, awareness of policies and audit of policies) • Are we all educated enough in terms of cyber security? • Do we understand security polices, cookies, phishing attacks?) • How would we be attacked? • Mitre listing – Vectors of attack. What kind of ransomware? How would data be stolen? What is the damage? • Are we able to recover from an attack? • Incident Response Plan, Disaster Recovery Plan and Business Continuity Plan • Do we have metrics that matter? • Risks are tangible and quantifiable. Have metrics that matter with right KPI’s and KRI’s.
Three pillar approach to Cybersecurity CIA TRIAD: An information security model made up of three main components: Confidentiality Integrity Availability
References • DPSA • ISACA.ORG • TECHTARGET.COM • https://attack.mitre.org/#

Recommended

security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
Rohana K Amarakoon
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)
Rohana K Amarakoon
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 

Recommended

security in it (data and cyber security)
security in it (data and cyber security)security in it (data and cyber security)
security in it (data and cyber security)
Rohana K Amarakoon
 
Security in IT (data and cyber security)
Security in IT (data and cyber security)Security in IT (data and cyber security)
Security in IT (data and cyber security)
Rohana K Amarakoon
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 
National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
Indian Air Force
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
vngundi
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
Khalizan Halid
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
segughana
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...
Malaysia University of Science and Technology (MUST)
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
NISIInstituut
 
The importance of cie in the digital era
The importance of cie in the digital eraThe importance of cie in the digital era
The importance of cie in the digital era
Ricardo de Almeida
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Shiva Bissessar
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
Emyana Ruth
 
Deliovering Secure e-Goverment Facilities in Africa
Deliovering Secure e-Goverment Facilities in AfricaDeliovering Secure e-Goverment Facilities in Africa
Deliovering Secure e-Goverment Facilities in Africa
Commonwealth Telecommunications Organisation
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the Decade
IRJET Journal
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
AkfeteAssefa
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
OSIsoft, LLC
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
IT Governance Ltd
 
Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2
KBIZEAU
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
itnewsafrica
 
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptxSecurity FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
S .Ali Raza
 
Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
confluent
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
CzechDreamin
 

More Related Content

Similar to Cyber Security - Awareness Presentation - High Level

WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
segughana
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...
Malaysia University of Science and Technology (MUST)
 
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptxSecurity FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
S .Ali Raza
 

Similar to Cyber Security - Awareness Presentation - High Level (20)

National cyber security policy final
National cyber security policy finalNational cyber security policy final
National cyber security policy final
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Cyber Security Strategies and Approaches
Cyber Security Strategies and ApproachesCyber Security Strategies and Approaches
Cyber Security Strategies and Approaches
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
The importance of cie in the digital era
The importance of cie in the digital eraThe importance of cie in the digital era
The importance of cie in the digital era
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
 
Deliovering Secure e-Goverment Facilities in Africa
Deliovering Secure e-Goverment Facilities in AfricaDeliovering Secure e-Goverment Facilities in Africa
Deliovering Secure e-Goverment Facilities in Africa
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the Decade
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
 
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoftHow Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
How Facility Controls Systems Present Cybersecurity Challenges - OSIsoft
 
Using international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber securityUsing international standards to improve Asia-Pacific cyber security
Using international standards to improve Asia-Pacific cyber security
 
Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2Afac device-security-july-7-2014v7-2
Afac device-security-july-7-2014v7-2
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptxSecurity FJ_Exec_Strattegy_Comittee_V13.4.pptx
Security FJ_Exec_Strattegy_Comittee_V13.4.pptx
 

Recently uploaded

Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
UXDXConf
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
UXDXConf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
UXDXConf
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at Priceline
UXDXConf
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
CzechDreamin
 

Recently uploaded (20)

Speed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in MinutesSpeed Wins: From Kafka to APIs in Minutes
Speed Wins: From Kafka to APIs in Minutes
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
The architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdfThe architecture of Generative AI for enterprises.pdf
The architecture of Generative AI for enterprises.pdf
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
Agentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdfAgentic RAG What it is its types applications and implementation.pdf
Agentic RAG What it is its types applications and implementation.pdf
 
Strategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering TeamsStrategic AI Integration in Engineering Teams
Strategic AI Integration in Engineering Teams
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101AI presentation and introduction - Retrieval Augmented Generation RAG 101
AI presentation and introduction - Retrieval Augmented Generation RAG 101
 
What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024What's New in Teams Calling, Meetings and Devices April 2024
What's New in Teams Calling, Meetings and Devices April 2024
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
A Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System StrategyA Business-Centric Approach to Design System Strategy
A Business-Centric Approach to Design System Strategy
 
Intelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdfIntelligent Gimbal FINAL PAPER Engineering.pdf
Intelligent Gimbal FINAL PAPER Engineering.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi IbrahimzadeFree and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
Free and Effective: Making Flows Publicly Accessible, Yumi Ibrahimzade
 
Server-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at PricelineServer-Driven User Interface (SDUI) at Priceline
Server-Driven User Interface (SDUI) at Priceline
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
Integrating Telephony Systems with Salesforce: Insights and Considerations, B...
 

Cyber Security - Awareness Presentation - High Level

  • 2. Contents • Overview of Cybersecurity • Guidelines / Frameworks / Acts • South African and Public Sector context • Departmental context (Strategic risks) • DPSA Guidance – Executive leadership • Key Questions • Three pillar approach to Cybersecurity • References • Thank you
  • 3. Overview ● What is Cybersecurity? Cybersecurity, a subset of information security, is the practice of defending your organisation's cloud, networks, computers, and data from unauthorised digital access, attack, or damage by implementing various defence processes, technologies, and practices. ● Cybersecurity awareness involves being mindful of cybersecurity in day-to-day situations. Being aware of the dangers of browsing the web, checking email and interacting online are all components of cybersecurity awareness. As leaders, it’s our responsibility to make sure everyone considers cybersecurity an essential part of their role. 3
  • 4. Guidelines / frameworks / acts • Corporate Governance of ICT Policy Framework of 2012 • National Cybersecurity policy framework Published Dec 2015 • Cyber crimes Act 19 of 2020 • Protection of Personal Information Act 3 of 2013 ( Effected 1 July 2020) • Corporate Governance of ICT Policy Framework of March 2022 – Circular 21 of 2022 • CIRCULAR 1 OF 2022 CLOUD COMPUTING DETERMINATION AND DIRECTIVE AWARENESS • CIRCULAR 23 OF 2022 DIRECTIVE ON PUBLIC SERVICE INFORMATION SECURITY 4
  • 7. DEPARTMENTAL RISK REGISTERS – STRATEGIC 23/24 7 Risk No. Prog Risk Description Root Causes SR02 P1 Existing infrastructure unable to handle the growing demands of business/ Inadequate ICT infrastructure to support the Department's needs 1. Poor ICT infrastructure 2. Dilapidating ICT infrastructure 3. Inadequate ICT resources (ICT Funding and skills on infrastructure management) 4. Outdated ICT policies (bureaucracy and non agile policy environment) 5. Operational ineffeciences on the ICT network , 6. Inadequate Budget for Repairs and Maintenance 7. Aging of systems ( BAS, PERSAL And LOGIS, SCOA system) 8. Prolong IFMS Project– (need a stopgap) 9. PT dependency on OTP and SITA for service delivery 10. National Policies environment constraints 11. Slow Implementation of 4IR ( 4th Industrial Revolution) 12. Loadshedding/ unavailability of power 13. Water outages SR03 P1 Lack of business continuity: 1 Existing infrastructure unable to handle the growing demands of business/ Inadequate ICT infrastructure to support the Department's needs 2. Lack of funding 3. Inadequate resources ( Human and financial Resources) 4. Negative impact caused by Disasters ( e.g Covid -19 ) 5. Bulk infrastructure (building, water, electricity, sanitation, pests). 6. IT solutions for remote access. 7. Cyber security attacks. 8. Community protests. 9. Occupational health and safety 10. Reliance on third parties for service delivery ( OTP, SITA and Public Works- consider to move it to TRM) 11. Loadshedding/ unavailability of power 12. Water outages 13. Fire hazards 14. ICT Network outages 15. Vandalism and theft of infrastructure( cable theft ect) 16. Ineffective Business Continuity Committee 17. Business Continuity Plans do not address a wide enough range of potential incidents High demand on the infrastructure and that actually shows how much cyber security should be taken seriously, because the higher the usage the higher the risk of security threats on the network .
  • 8. DPSA Directives – Executive Leadership 8 • Corporate Governance of ICT Policy Framework of March 2022 • “The Head of Department is the designated governance champion accountable for the corporate governance of ICT and is responsible for the establishment of corporate governance of the ICT system and monitoring of its performance.” • “It directs the strategic leadership of the department (executive management) to take responsibility for the governance of ICT equivalent to the other departments, including but not limited to finances and human resources.” • “The Policy Framework directs the strategic leadership of the department to take responsibility for the corporate governance of ICT and provide leadership for the use of ICT to support the achievement of the strategic objectives and goals of the department.” • “Principle 4: Manage ICT-related business risks • The ICT-related business risks, including security and cybersecurity, must be managed (mitigated and audited regularly). • Regular reporting to the ICT Steering committee and EXCO on key general IT Controls.” • Directive on Public Service Information Security • 25. CYBERSECURITY • The Head of Department must ensure that - • a) Penetration testing, vulnerability scans, and threat risk analysis are part of the • departmental cybersecurity initiatives.
  • 9. Key Questions Executive needs to ask • Do we know what needs to be protected? • Hardware and software • Data • Policies (Who wrote them, suitable for our environment, available and updated, does everyone know them, enforced, awareness of policies and audit of policies) • Are we all educated enough in terms of cyber security? • Do we understand security polices, cookies, phishing attacks?) • How would we be attacked? • Mitre listing – Vectors of attack. What kind of ransomware? How would data be stolen? What is the damage? • Are we able to recover from an attack? • Incident Response Plan, Disaster Recovery Plan and Business Continuity Plan • Do we have metrics that matter? • Risks are tangible and quantifiable. Have metrics that matter with right KPI’s and KRI’s.
  • 10. Three pillar approach to Cybersecurity CIA TRIAD: An information security model made up of three main components: Confidentiality Integrity Availability
  • 11. References • DPSA • ISACA.ORG • TECHTARGET.COM • https://attack.mitre.org/#

Editor's Notes

  1. TO BE UPDATED