1) The document outlines Huawei's definition and approach to cyber security, emphasizing protecting customer networks and data as well as complying with laws and regulations.
2) It discusses establishing a cyber security management structure within Huawei's Global Technical Service department to implement cyber security policies and identify risks.
3) The management structure involves multiple levels working together to improve security through standards, training, reviews and addressing issues in order to meet customer demands and gain their trust in Huawei's cyber security.
HCSCA101 Basic Concepts of Information Security.pptxJordanKinobe1
This document from Huawei describes the basic concepts of information security. It discusses the history of information security development from the early 1900s focus on communication secrecy to the modern era where information assurance aims to protect diverse network traffic. The document also outlines various risks to information security like physical risks, information risks, system risks, and management risks. It emphasizes that while technology plays a role, effective information security management is also essential to address 70% of information loss issues.
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future. The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
The document discusses information security and analyzes its importance. It describes key aspects of information security like confidentiality, integrity and availability. It also outlines some common threats to information security such as computer viruses, theft, sabotage and vandalism. The document then analyzes some challenges to effective information security, including employees being fooled by scams, issues with authentication, and the growing threat of phishing. It emphasizes the importance of addressing security concerns to build trust with customers and gain a competitive advantage.
netwealth and Sense Of Security webinar: What you need to know about cyber se...netwealthInvest
The document is a presentation by Neville Golan of Sense of Security about cyber security. It discusses what information security is, the threats posed by different actors, the costs of cybercrime in Australia, and provides recommendations for small businesses to improve their cyber security practices. The presentation covers topics such as regulatory frameworks, data breaches, and provides a case study on ransomware attacks targeting small businesses.
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
This document discusses cybersecurity issues, challenges, and security controls. It begins with an abstract that outlines the increasing reliance on cyber infrastructure and the vulnerabilities that come with that reliance. It then provides background information on cybersecurity and discusses issues and challenges facing federal information systems, corporations, and service providers. The document goes on to explore cybersecurity tools and methods, including cryptography, firewalls, application gateways, packet filtering, and hybrid approaches. It also addresses cybersecurity management issues, recommendations for network security, wireless security, and specific cybersecurity technologies like SSL-VPN and intrusion detection systems. Overall, the document provides a comprehensive overview of cybersecurity topics.
101 Basic concepts of information securitySsendiSamuel
This document provides an overview of basic concepts in information security. It discusses the history of information security development from early 1900s focus on communication secrecy to modern emphasis on confidentiality, integrity and availability. The document also defines information and information security, describing how information security aims to protect data through technical and management measures. It outlines various risks to information security like physical risks, information risks, system risks and management risks.
The Threats Posed by Portable Storage DevicesGFI Software
In a society where the use of portable storage devices is commonplace, there is a real risk to business. The threat that these devices pose to corporations and organizations is often ignored. This white paper examines the nature of the threat that devices such as iPods, USB sticks, flash drives and PDAs present and the counter-measures that organizations can adopt to eliminate them.
HCSCA101 Basic Concepts of Information Security.pptxJordanKinobe1
This document from Huawei describes the basic concepts of information security. It discusses the history of information security development from the early 1900s focus on communication secrecy to the modern era where information assurance aims to protect diverse network traffic. The document also outlines various risks to information security like physical risks, information risks, system risks, and management risks. It emphasizes that while technology plays a role, effective information security management is also essential to address 70% of information loss issues.
Cybersecurity is a difficult and serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Peering into the future of cybersecurity provides valuable insights around the challenges and opportunities. The industry is changing rapidly and attackers seem to always be one step ahead. Organizations must not only address what is ongoing, but also prepare for how cyber-threats will maneuver in the future. The 2016 Cybersecurity Predictions presentation showcases the cause-and-effect relationships and provides insights and perspectives of the forthcoming challenges the industry is likely to face and how we can be better prepared for it.
The document discusses information security and analyzes its importance. It describes key aspects of information security like confidentiality, integrity and availability. It also outlines some common threats to information security such as computer viruses, theft, sabotage and vandalism. The document then analyzes some challenges to effective information security, including employees being fooled by scams, issues with authentication, and the growing threat of phishing. It emphasizes the importance of addressing security concerns to build trust with customers and gain a competitive advantage.
netwealth and Sense Of Security webinar: What you need to know about cyber se...netwealthInvest
The document is a presentation by Neville Golan of Sense of Security about cyber security. It discusses what information security is, the threats posed by different actors, the costs of cybercrime in Australia, and provides recommendations for small businesses to improve their cyber security practices. The presentation covers topics such as regulatory frameworks, data breaches, and provides a case study on ransomware attacks targeting small businesses.
ZamanAsad_INFA 670_9041_RPAPER_Cybersecurity-3Asad Zaman
This document discusses cybersecurity issues, challenges, and security controls. It begins with an abstract that outlines the increasing reliance on cyber infrastructure and the vulnerabilities that come with that reliance. It then provides background information on cybersecurity and discusses issues and challenges facing federal information systems, corporations, and service providers. The document goes on to explore cybersecurity tools and methods, including cryptography, firewalls, application gateways, packet filtering, and hybrid approaches. It also addresses cybersecurity management issues, recommendations for network security, wireless security, and specific cybersecurity technologies like SSL-VPN and intrusion detection systems. Overall, the document provides a comprehensive overview of cybersecurity topics.
101 Basic concepts of information securitySsendiSamuel
This document provides an overview of basic concepts in information security. It discusses the history of information security development from early 1900s focus on communication secrecy to modern emphasis on confidentiality, integrity and availability. The document also defines information and information security, describing how information security aims to protect data through technical and management measures. It outlines various risks to information security like physical risks, information risks, system risks and management risks.
The Threats Posed by Portable Storage DevicesGFI Software
In a society where the use of portable storage devices is commonplace, there is a real risk to business. The threat that these devices pose to corporations and organizations is often ignored. This white paper examines the nature of the threat that devices such as iPods, USB sticks, flash drives and PDAs present and the counter-measures that organizations can adopt to eliminate them.
The burgeoning mobile enterprise brings opportunities as well as risks. Organizations are expanding beyond email to mobilizing a wide range of enterprise apps for tasks like workflow, business intelligence, sales, and customer support. They aim to support a mix of corporate and employee-owned devices through BYOD programs. This allows greater flexibility and choice for employees while improving productivity and business value through faster access to information and more agile, collaborative workflows. However, the use of consumer devices and expanding mobile apps also introduces new security challenges that must be addressed.
This document discusses digital forensics. It begins with an overview of cybercrime and digital forensics, defining cybercrime as illegal computer-related activities and digital forensics as the process of examining digital evidence in a forensically sound manner. The document then outlines the typical digital forensic process, which involves steps to protect the investigation scene, obtain evidence, preserve evidence, verify evidence, analyze evidence, trace evidence, and present findings in court. Regulations and standards for digital forensics from countries and organizations are also reviewed.
The document discusses various topics relating to internet privacy, security, and netiquette. It covers computer security and the importance of protecting systems from harm. Examples are given of different systems that are at risk of attacks, including financial systems, utilities, aviation, consumer devices, large corporations, and automobiles. Specific security issues and past attacks are described for each one.
This document discusses critical information infrastructure protection (CIIP) and the threats and challenges for developing countries. It outlines that CIIs like telecommunications, power, and water systems are essential to modern economies. Ensuring the confidentiality, integrity, and availability of these systems is important. Developing countries face challenges like limited financial resources, technical complexity, and lack of relevant policies and legal frameworks for CIIP. Cooperation and information sharing between stakeholders is key to addressing these challenges and deploying effective CIIP.
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfVikashSinghBaghel1
The document discusses cyber security in the private sector and domestic use. It covers several topics: the private sector's important role in cyber security given its management of online activity; practical barriers that have limited private sector security improvements, such as lack of incentives and high costs; and the responsibilities of cyber security professionals to implement controls, monitor networks, perform audits, and more. It also outlines cyber security challenges in India like lack of device uniformity and national architecture, and types of domestic cyber threats like critical infrastructure and IoT security issues.
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
The document is a resolution from the American Bar Association that encourages organizations to develop and maintain cybersecurity programs to protect their data and systems from threats. It recommends that organizations conduct risk assessments, implement security controls based on the risks identified, develop response plans for cyber attacks, and engage in information sharing about cyber threats. The resolution aims to address the growing cybersecurity threats facing both private and public sector organizations and the nation's critical infrastructure systems.
Here is how the cyber security helps to make our online information secure. Also check out Principale of Cyber security confidentiality, Integrity & Availibilty
This document discusses organizational and technical challenges faced by government agencies in securing their networks and data. It summarizes the solution provided by ForeScout CounterACT for continuous monitoring of endpoints, enforcing network access controls, and integrating with other security tools. Key benefits highlighted include gaining visibility of all connected devices, enforcing policies to demonstrate compliance with regulations, and improving security through orchestration of information across systems.
Top 10 Cybersecurity Trends to Watch Out For in 2022ManviShukla4
With the Digital revolution around all businesses, small or large, corporates, organizations and even governments are relying on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks or any unauthorized access. Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breach, ransomware and hacks become the norms. Here are the top cybersecurity trends for 2022.
Breaking down the cyber security framework closing critical it security gapsIBM Security
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
While progress has been made in cybersecurity education, reducing spam, and increasing secure online transactions and incident response capabilities, international cooperation remains fragmented and several challenges remain. Key ongoing challenges include the evolution of technologies and applications, weaknesses in user authentication like passwords, securing the growing Internet of Things, improving detection and response to cyber incidents, developing metrics to measure cybersecurity effectiveness, issues with cloud computing, ensuring child online safety, strengthening the capabilities of national CERT teams, and having more countries develop national cybersecurity strategies. Addressing these challenges will be important for continuing to build confidence and security in ICT use globally.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
Your organization is at risk of cyber threats according to cyber security experts presenting at a conference. They recommend upgrading IT security and governance by implementing frameworks like COBIT 5 and ISO 27001 to address increasing risks from incidents like data breaches, malware attacks, and vulnerabilities in connected devices. National computer emergency response teams can also help organizations respond to IT security incidents.
The wireless industry has baked security into our networks since the beginning, and works diligently to continually update and build on our security capabilities with every generation of wireless. Today’s 4G LTE networks have the most advanced security features to date, and 5G will further improve upon them.
IRJET- Android Device Attacks and ThreatsIRJET Journal
This document discusses security threats to Android devices. It begins by providing background on the growth of mobile technology and its integration into daily life and the workplace. This has increased security risks as mobile devices now store and access large amounts of personal and corporate data. The document then discusses some specific threats to Android devices, including data breaches, social engineering, Wi-Fi interference, out-of-date devices, cryptojacking attacks, and poor password hygiene. It emphasizes that Android devices, like other mobile technologies, are vulnerable to these online and physical attacks that can result in compromised data and device access. Strong mobile security practices are needed to protect against the threats.
Cyber security involves protecting networks, computers, programs, and data from damage, unauthorized access, and impairment. It includes securing physical access to hardware and protecting against network attacks, data and code injection, and misuse by operators. As cyber attacks increase daily, nations face higher risks, so cyber security is a growing priority. Hacking, child pornography, copyright infringement, and other cybercrimes harm people's and nations' security and financial well-being. Effective cyber security incorporates measures across applications, information, networks, and disaster recovery to detect and prevent illegal computer use and ensure confidentiality, integrity, and availability of data. National cyber security policies aim to safeguard information systems and critical infrastructure through public-private cooperation and awareness
Network Security and Privacy Liability - Four Reasons Why You need This Cove...CBIZ, Inc.
This document discusses the need for corporate information protection and cyber liability insurance. It outlines four reasons why businesses need this coverage: 1) Increasingly stringent laws and regulations, 2) Advances in technology, 3) Risks associated with global outsourcing, and 4) User error. Statistically, attackers are often able to compromise organizations within minutes, and most theft or loss of sensitive data occurs within the victim's work area. Cyber liability insurance provides coverage for legal liability, defense costs, expense reimbursement, and helps businesses assess privacy programs and risks.
This document discusses system vulnerabilities and securing information systems. It begins by defining security and controls, and explains why systems are vulnerable, including issues with large networks like the Internet. It then describes various types of malicious software like viruses, worms, and Trojan horses that can exploit system vulnerabilities. The document also discusses hackers and computer crimes such as denial of service attacks and identity theft. It emphasizes the business value of security and control and legal requirements around protecting information. Finally, it outlines how organizations can establish a framework for security, including information system controls.
This document contains a presentation on cybersecurity risks in the Middle East given by Abdullah Mutawi, a partner at the law firm Baker Botts. The presentation covers several topics:
- An overview of common cyber threats like data breaches, ransomware, and state-sponsored attacks. It also discusses the costs of cyber attacks for businesses.
- A case study on the Shamoon malware attacks against organizations in Saudi Arabia in 2016-2017.
- The legal responsibilities and obligations organizations have to protect data, systems, and infrastructure from cyber risks. This includes the duties of directors and officers.
- Compliance with privacy, data protection, and cybercrime laws, and how the new GDPR regulation
This document discusses strategies for ensuring the security of enterprise image viewers and mobile health solutions. It notes that data security is a major concern in healthcare, with security breaches potentially resulting in large fines. The document then recommends educating staff on mobile security, using device security features, implementing network security policies, using authentication, secure connections, and ensuring solutions have built-in encryption and integrate with IT policies. It outlines Calgary Scientific's approach to securing its ResolutionMD image viewer, which does not leave patient data on devices, requires login credentials, uses SSL encryption, and optionally a VPN.
The document summarizes QBE's cyber and data security insurance product. It covers risks associated with non-physical assets like data and network risks, providing public relations support, asset recovery costs, business interruption costs, regulatory fines, and privacy breach costs. It also covers employee dishonesty, cyber extortion, and IP infringement. Red24 provides 24/7 crisis management support. Claims are handled by experienced specialists familiar with technology and cybersecurity issues.
Discover the Unseen: Tailored Recommendation of Unwatched ContentScyllaDB
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
More Related Content
Similar to Cyber Security Education Materials.pptx
The burgeoning mobile enterprise brings opportunities as well as risks. Organizations are expanding beyond email to mobilizing a wide range of enterprise apps for tasks like workflow, business intelligence, sales, and customer support. They aim to support a mix of corporate and employee-owned devices through BYOD programs. This allows greater flexibility and choice for employees while improving productivity and business value through faster access to information and more agile, collaborative workflows. However, the use of consumer devices and expanding mobile apps also introduces new security challenges that must be addressed.
This document discusses digital forensics. It begins with an overview of cybercrime and digital forensics, defining cybercrime as illegal computer-related activities and digital forensics as the process of examining digital evidence in a forensically sound manner. The document then outlines the typical digital forensic process, which involves steps to protect the investigation scene, obtain evidence, preserve evidence, verify evidence, analyze evidence, trace evidence, and present findings in court. Regulations and standards for digital forensics from countries and organizations are also reviewed.
The document discusses various topics relating to internet privacy, security, and netiquette. It covers computer security and the importance of protecting systems from harm. Examples are given of different systems that are at risk of attacks, including financial systems, utilities, aviation, consumer devices, large corporations, and automobiles. Specific security issues and past attacks are described for each one.
This document discusses critical information infrastructure protection (CIIP) and the threats and challenges for developing countries. It outlines that CIIs like telecommunications, power, and water systems are essential to modern economies. Ensuring the confidentiality, integrity, and availability of these systems is important. Developing countries face challenges like limited financial resources, technical complexity, and lack of relevant policies and legal frameworks for CIIP. Cooperation and information sharing between stakeholders is key to addressing these challenges and deploying effective CIIP.
CYBER SECURITY FOR PRIVATE AND DOMESTIC USE -VIKASH SINGH BAGHEL.pdfVikashSinghBaghel1
The document discusses cyber security in the private sector and domestic use. It covers several topics: the private sector's important role in cyber security given its management of online activity; practical barriers that have limited private sector security improvements, such as lack of incentives and high costs; and the responsibilities of cyber security professionals to implement controls, monitor networks, perform audits, and more. It also outlines cyber security challenges in India like lack of device uniformity and national architecture, and types of domestic cyber threats like critical infrastructure and IoT security issues.
American Bar Association guidelines on Cyber Security standardsDavid Sweigert
The document is a resolution from the American Bar Association that encourages organizations to develop and maintain cybersecurity programs to protect their data and systems from threats. It recommends that organizations conduct risk assessments, implement security controls based on the risks identified, develop response plans for cyber attacks, and engage in information sharing about cyber threats. The resolution aims to address the growing cybersecurity threats facing both private and public sector organizations and the nation's critical infrastructure systems.
Here is how the cyber security helps to make our online information secure. Also check out Principale of Cyber security confidentiality, Integrity & Availibilty
This document discusses organizational and technical challenges faced by government agencies in securing their networks and data. It summarizes the solution provided by ForeScout CounterACT for continuous monitoring of endpoints, enforcing network access controls, and integrating with other security tools. Key benefits highlighted include gaining visibility of all connected devices, enforcing policies to demonstrate compliance with regulations, and improving security through orchestration of information across systems.
Top 10 Cybersecurity Trends to Watch Out For in 2022ManviShukla4
With the Digital revolution around all businesses, small or large, corporates, organizations and even governments are relying on computerized systems to manage their day-to-day activities and thus making cybersecurity a primary goal to safeguard data from various online attacks or any unauthorized access. Continuous change in technologies also implies a parallel shift in cybersecurity trends as news of data breach, ransomware and hacks become the norms. Here are the top cybersecurity trends for 2022.
Breaking down the cyber security framework closing critical it security gapsIBM Security
Cyber crime is pervasive and here to stay. Whether you work in the Public Sector, Private Sector, are the CEO for a Fortune 500 Company or trying to sustain a SMB everyone is under attack. This February, President Obama, issued an executive order aimed at protecting critical business and government infrastructure due to the scale and sophistication of IT security threats that have grown at an explosive rate. Organizations and Government agencies have to contend with industrialized attacks, which, in some cases, rival the size and sophistication of the largest legitimate computing efforts. In addition, they also have to guard against a more focused adversary with the resources and capabilities to target highly sensitive information, often through long-term attack campaigns. Many security executives are struggling to answer questions about the most effective approach.
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
While progress has been made in cybersecurity education, reducing spam, and increasing secure online transactions and incident response capabilities, international cooperation remains fragmented and several challenges remain. Key ongoing challenges include the evolution of technologies and applications, weaknesses in user authentication like passwords, securing the growing Internet of Things, improving detection and response to cyber incidents, developing metrics to measure cybersecurity effectiveness, issues with cloud computing, ensuring child online safety, strengthening the capabilities of national CERT teams, and having more countries develop national cybersecurity strategies. Addressing these challenges will be important for continuing to build confidence and security in ICT use globally.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
Your organization is at risk of cyber threats according to cyber security experts presenting at a conference. They recommend upgrading IT security and governance by implementing frameworks like COBIT 5 and ISO 27001 to address increasing risks from incidents like data breaches, malware attacks, and vulnerabilities in connected devices. National computer emergency response teams can also help organizations respond to IT security incidents.
The wireless industry has baked security into our networks since the beginning, and works diligently to continually update and build on our security capabilities with every generation of wireless. Today’s 4G LTE networks have the most advanced security features to date, and 5G will further improve upon them.
IRJET- Android Device Attacks and ThreatsIRJET Journal
This document discusses security threats to Android devices. It begins by providing background on the growth of mobile technology and its integration into daily life and the workplace. This has increased security risks as mobile devices now store and access large amounts of personal and corporate data. The document then discusses some specific threats to Android devices, including data breaches, social engineering, Wi-Fi interference, out-of-date devices, cryptojacking attacks, and poor password hygiene. It emphasizes that Android devices, like other mobile technologies, are vulnerable to these online and physical attacks that can result in compromised data and device access. Strong mobile security practices are needed to protect against the threats.
Cyber security involves protecting networks, computers, programs, and data from damage, unauthorized access, and impairment. It includes securing physical access to hardware and protecting against network attacks, data and code injection, and misuse by operators. As cyber attacks increase daily, nations face higher risks, so cyber security is a growing priority. Hacking, child pornography, copyright infringement, and other cybercrimes harm people's and nations' security and financial well-being. Effective cyber security incorporates measures across applications, information, networks, and disaster recovery to detect and prevent illegal computer use and ensure confidentiality, integrity, and availability of data. National cyber security policies aim to safeguard information systems and critical infrastructure through public-private cooperation and awareness
Network Security and Privacy Liability - Four Reasons Why You need This Cove...CBIZ, Inc.
This document discusses the need for corporate information protection and cyber liability insurance. It outlines four reasons why businesses need this coverage: 1) Increasingly stringent laws and regulations, 2) Advances in technology, 3) Risks associated with global outsourcing, and 4) User error. Statistically, attackers are often able to compromise organizations within minutes, and most theft or loss of sensitive data occurs within the victim's work area. Cyber liability insurance provides coverage for legal liability, defense costs, expense reimbursement, and helps businesses assess privacy programs and risks.
This document discusses system vulnerabilities and securing information systems. It begins by defining security and controls, and explains why systems are vulnerable, including issues with large networks like the Internet. It then describes various types of malicious software like viruses, worms, and Trojan horses that can exploit system vulnerabilities. The document also discusses hackers and computer crimes such as denial of service attacks and identity theft. It emphasizes the business value of security and control and legal requirements around protecting information. Finally, it outlines how organizations can establish a framework for security, including information system controls.
This document contains a presentation on cybersecurity risks in the Middle East given by Abdullah Mutawi, a partner at the law firm Baker Botts. The presentation covers several topics:
- An overview of common cyber threats like data breaches, ransomware, and state-sponsored attacks. It also discusses the costs of cyber attacks for businesses.
- A case study on the Shamoon malware attacks against organizations in Saudi Arabia in 2016-2017.
- The legal responsibilities and obligations organizations have to protect data, systems, and infrastructure from cyber risks. This includes the duties of directors and officers.
- Compliance with privacy, data protection, and cybercrime laws, and how the new GDPR regulation
This document discusses strategies for ensuring the security of enterprise image viewers and mobile health solutions. It notes that data security is a major concern in healthcare, with security breaches potentially resulting in large fines. The document then recommends educating staff on mobile security, using device security features, implementing network security policies, using authentication, secure connections, and ensuring solutions have built-in encryption and integrate with IT policies. It outlines Calgary Scientific's approach to securing its ResolutionMD image viewer, which does not leave patient data on devices, requires login credentials, uses SSL encryption, and optionally a VPN.
The document summarizes QBE's cyber and data security insurance product. It covers risks associated with non-physical assets like data and network risks, providing public relations support, asset recovery costs, business interruption costs, regulatory fines, and privacy breach costs. It also covers employee dishonesty, cyber extortion, and IP infringement. Red24 provides 24/7 crisis management support. Claims are handled by experienced specialists familiar with technology and cybersecurity issues.
Similar to Cyber Security Education Materials.pptx (20)
Discover the Unseen: Tailored Recommendation of Unwatched ContentScyllaDB
The session shares how JioCinema approaches ""watch discounting."" This capability ensures that if a user watched a certain amount of a show/movie, the platform no longer recommends that particular content to the user. Flawless operation of this feature promotes the discover of new content, improving the overall user experience.
JioCinema is an Indian over-the-top media streaming service owned by Viacom18.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsScyllaDB
ScyllaDB monitoring provides a lot of useful information. But sometimes it’s not easy to find the root of the problem if something is wrong or even estimate the remaining capacity by the load on the cluster. This talk shares our team's practical tips on: 1) How to find the root of the problem by metrics if ScyllaDB is slow 2) How to interpret the load and plan capacity for the future 3) Compaction strategies and how to choose the right one 4) Important metrics which aren’t available in the default monitoring setup.
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...AlexanderRichford
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation Functions to Prevent Interaction with Malicious QR Codes.
Aim of the Study: The goal of this research was to develop a robust hybrid approach for identifying malicious and insecure URLs derived from QR codes, ensuring safe interactions.
This is achieved through:
Machine Learning Model: Predicts the likelihood of a URL being malicious.
Security Validation Functions: Ensures the derived URL has a valid certificate and proper URL format.
This innovative blend of technology aims to enhance cybersecurity measures and protect users from potential threats hidden within QR codes 🖥 🔒
This study was my first introduction to using ML which has shown me the immense potential of ML in creating more secure digital environments!
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
"NATO Hackathon Winner: AI-Powered Drug Search", Taras KlobaFwdays
This is a session that details how PostgreSQL's features and Azure AI Services can be effectively used to significantly enhance the search functionality in any application.
In this session, we'll share insights on how we used PostgreSQL to facilitate precise searches across multiple fields in our mobile application. The techniques include using LIKE and ILIKE operators and integrating a trigram-based search to handle potential misspellings, thereby increasing the search accuracy.
We'll also discuss how the azure_ai extension on PostgreSQL databases in Azure and Azure AI Services were utilized to create vectors from user input, a feature beneficial when users wish to find specific items based on text prompts. While our application's case study involves a drug search, the techniques and principles shared in this session can be adapted to improve search functionality in a wide range of applications. Join us to learn how PostgreSQL and Azure AI can be harnessed to enhance your application's search capability.
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
From Natural Language to Structured Solr Queries using LLMsSease
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
Leveraging the Graph for Clinical Trials and Standards
Cyber Security Education Materials.pptx
1. HUAWEI TECHNOLOGIES CO., LTD.
www.huawei.com
Huawei Confidential
Security Level: 内部公开
December 27, 2023
April, 2014
Cyber Security Awareness and
Code of Conduct
INTERNAL
Cyber Security Office, GTS
2. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 2
Chapter 1 What Is Cyber Security About?
Chapter 2 Cyber Security Case Studies
Chapter 3 Requirements and Regulations on
Cyber Security
3. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 3
Cyber Security Issues May Lead International Political Crisis
Caution:
Telecommunications networks are key national infrastructure, any risk on it might bring crisis to
even a country.
Cyber security issue is not only technical issues; It may lead to international political crisis.
8th October, 2012: the US Congress released an
investigative report on the US national security issues posed
by Huawei and ZTE;
6th June 2013: Snowdon Disclosure National Security
Agency and the United States Federal Bureau of
Investigation is carrying out a code for "prism" secret project,
direct access to the nine U.S. Internet company central
server, data mining to collect intelligence.
24th March 2014: For recent media reports the U.S.
National Security Agency (NSA) invade Huawei server events,
Shenzhen Huawei responded by saying: Huawei oppose all
acts that endanger network security
4. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 4
Cyber Security Is Critical to Company’s Survival
As the British media revealed on July 5, 2011, employees of News of
the World had illegally eavesdropped on voice-mails and deleted voice
messages on the mobile phone of slain schoolgirl Millie Doyle while
police were searching for the missing 13-year-old in 2002, interfering
with a police investigation into the missing person-turned-murder case.
On July 6, 2011, more reports exposed the phone-hacking scandal. On
the same day, Prime Minister Cameron requested to initiate an
investigation into the matter.
The 168-year-old newspaper was one of the best-selling newspapers
in the UK. As a result of the scandal, the publication was shut down on
July 10, 2011.
On July 4, 2014, British Prime Minister David Cameron's former media
director Andy Coulson (2003-2007 “NEWS World" editor) involved in
wiretapping plan convicted, was sentenced to 18 months jail
The News of the World closed down because of illegal interception and
monitoring :
5. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 5
Cyber security is to ensure the availability, integrity, confidentiality, traceability, and robustness & resilience of
products, solutions, and services based on a legal framework. Additionally, it protects the customers' or users'
communication content, personal data and privacy carried therein, and the flow of unbiased information.
Cyber security assurance aims to prevent the economic benefits and reputation of Huawei and its customers
from harm. Cyber security protects Huawei‘s employees or the company itself from bearing civil, administrative liability,
or even criminal liability, avoids cyber security to be used as an excuse for trade protection, and a fuse that sets off an
international political crisis which may lead to the collapse of the company.
Carried & protected
data/privacy
Business continuity &
robust network
Integrity
Availability
Confidentiality
Traceability
Robustness &
Resilience
1: Cyber security=Information
security
2: Cyber security= anti-attack &
anti-virus
3: Cyber security= physical &
personal safety
4: Cyber= Network
What is Cyber Security?
Huawei definition of Cyber Security
Cyber Security
Cyber Security is to protect customer’s networks.
And in the same time, protect Huawei and Huawei’s employee.
6. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 6
Government supervision
Technical impact
Many countries such as US and countries in
EU regard cyber security as an integral part
of their national security strategy.
Governments of UK, France & India etc.
proposed security compliance requirements
on operators & vendors in government
supervision & laws and regulations,
based on trust issue & security concerns.
Legal regulations
Market access
The legislation of cyber security and privacy
protection globally tends become more stringent
In European & American countries, compared with
general corporate legal breach (tax, IPR, breach of
contract), a breach of cyber security legislation
will be seen in the light of violation of human
rights and national security threats. Therefore,
government and the public will condemn it
more aggressively and it is more likely to
damage the trustworthiness of the company.
As ICT technology becomes increasingly open,
telecom networks develop towards all-IP, devices
become smarter, and with the convergence of
multiple businesses, the telecom network is facing
increasingly serious security threats and
challenges. Vendors should attach great
importance to robustness & resilience;
Improper solutions or implementation (e.g.
undocumented interface) may trigger external
attacks and cause trust crisis;
Cyber security incidents cause material risks & loss to
customers’ normal business. Security protection
must be enhanced to further reduce the cost of
security Mgmt & O&M.
Major security issues in the industry and
cyber security concerns make vendors
lose orders or prevent them from
entering key markets;
Operators transfer the legal obligations
to vendors. More & more mainstream
operators require vendors to sign security
agreements, and require vendors to comply
with local laws & regulations and propose the
requirements of product security, security
education & vetting, etc. e.g.: all Indian
operators prescribe that a vendor will face a
large penalty and withdrawal from the network if
any security problems are found.
Cyber security concern is the trend of the times
7. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 7
“It(Cyber Security)is for our survival. “
“Recession is tolerable but collapse is not(允许
衰退但不允许崩溃) . Be more aware of cyber
security. Do not cause any cyber security issues
that may lead to international political crisis."
--- Huawei EMT Meeting Minutes No. [2012] 003
Summary of Cyber Security Meeting (Excerpts)
Cyber security is one of the important strategy for Huawei
8. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Cyber Security
Content in BCG
Outline
4.1 Support the secure operation of customers’ networks and business
Huawei will never tolerate any of the following conduct:
• Accessing, without customers’ authorization, customers’ systems and equipment to collect, possess, process or
modify data and information in customers’ networks and equipment, or disclose and disseminate customers’ data
and information.
• Embedding malicious code, malware or backdoors in products and services, developing and/ or distributing
viruses, or conducting other illegal behavior.
• Attacking, destroying or damaging customers’ networks or taking advantage of customers’ networks to steal or
destroy information or commit any activity that endangers national security, the public interest, or the legal rights
and/or interests of other parties.
• Soliciting or helping any third party to do any of the above.
2.0 Basic Guidelines
The responsibility to protect the security of customers’ network and business will never be outweighed by
the Company’s own commercial interests.
4.2 Protect End Users’ Privacy and Communication Freedom
• The Universal Declaration of Human Rights states that no one shall be subjected to arbitrary interference with their
privacy and correspondence. Many countries have implemented, or are planning to implement, privacy or personal
data protection laws.
Huawei will never tolerate any of the following conduct:
• Illegal collection, disclosure, distortion, impairment, sale or provision of end users’ personal data and information.
• Misuse of information and telecommunication technology to conduct surveillance on end users’ communications
and / or movements, or to block or disrupt communications, or to restrict the free flow of unbiased information.
As a leading global ICT solutions provider, we provide information network products and services. The global network
needs to be stable at all times. It is our primary social responsibility to support stable and secure networks for
customers, including in times of natural disasters, such as earthquake and tsunami, and other emergencies like war.
Cyber Security Requirements have been Included in BCG as one Commercial
Conduct Regulation
9. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Carrier Network BG
Cyber Security Office
Consumer BG
Cyber Security Office
Enterprise BG
Cyber Security Office
GCSC: Strategic direction. Responsible for agreeing the
strategy, planning, policies, road map, investment, driving the
implementation resolving conflicting strategic priorities and
auditing.
GCSO: Leading the team to develop the security strategy,
establishing the cyber security assurance system internally,
supporting GR/PR and supporting global accounts customers
externally.
GCSO Office: coordinating related departments to formulate
detailed operational rules and actions to support the strategy
and its implementation, promoting the application, auditing
and tracking of the implementation. The company focal point
to identify and resolve cyber security issues
Regional/ Department Security
Officers: Accountable for working
with GCSO to identify changes to
departmental/ business unit
processes so that the cyber
security strategy and its
requirements are fully imbedded in
their areas.. They are also experts
in their own right and contribute to
the development and
enhancement of the strategy
Director of GCSO Office
Jupiter Wang
CEO
Ren Zhengfei
GCSO
John Suffolk
Chairman of GCSC
Ken Hu
PAC
LA
MKT
JCR
CHR
BP&IT
Audit
Security
Competence
Centre
Supply
Chain
Cyber
Security
Office
2012
Lab
Cyber
Security
Office
CCSO
of
USA
CCSO
of
France
CCSO
of
India
Procurement
Cyber
Security
Office
External Cyber Security Lab/
CSEC
CCSO
of
UK
Internal Cyber Security Lab
Huawei Cyber Security Management
Organization
10. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Implement Cyber Security Policy
Requirements, Proactively Identify Risk Points
Domain Policy recommendations
Laws Huawei comply with all applicable laws and regulations in each administrative region, tracking cyber security-
related legislation, particularly for critical infrastructure-related legislative requirements
R&D Local R&D institutions shall comply with the cyber security requirements, and local laws and regulations
baseline.
Verification Guide the customer's certification requirements are: internal cyber security validation lab, sharing the reports,
Security Certification Center, third-party testing agency. Certification involves the use of safety and the need
for government intervention endorsement, third-party testing to avoid source-level testing.
Sales Proactively identify customer cyber security requirements, effective management and delivery; timely update
sales management and control strategies to ensure the implementation of landing.
GTS Enhanced cyber security personnel awareness, customer authorization awareness, customer data protection.
Emergency
Response
According to the frontline country and key account, make the CERT connection through PSIRT
Supply chain On the reverse logistics deal with the GTS comply with the provisions of the storage medium, for customer
data clean-up and even scrap material handling
Procurement Strengthen local procurement, project management outsourcer, back to back signed a security agreement,
the transfer of network security requirements.
HR Locally, in conjunction with national or regional legal requirements for localization of human resources policy
11. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
GTS Cyber Security Management Organization
• Implementing cyber security
management and internal control
requirements to ensure the healthy
development of the business
Managers at all levels is the first
responsibility of cyber security and internal
controls. To keep the risks to cyber security
and internal control, the initiative to prevent
and reduce the incidence of the problem, to
put an end to cyber security, internal control
and to guard against corruption. From HQ
and frontline, managers at all levels have to
really pay attention to cyber security
management, business executives are the
first responsible person
--Liang Hua at
GTS Annual Conference in 2012
GTS
Region
1
PS DS
Q&O
CSO
Region
Q&O
NIS
AMS LS PMO RMD
Appoint the responsibility
Securit
y TDT
12. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
GTS Cyber Security Management Organization
Policy
Bidding、FAQ
Business Improvement
Rules、Process
Consciousn
ess
Check
安全TDT
CSO
Stand
ard
Technic
al
Problem
Mgmt
Process
Merge
Business
Improvement
Redline
Rectify
Forec
ast
Training &
Campaign
Technical
Implement
Self-
check
BU
Cyber Security Office(CSO)
Policy Analysis: Analyze company
policies and issued GTS guidance
documents; Support the bidding of
safety part; FAQs
Business Improvement:Develop GTS
Business Improvement rules to promote
processes integration
Consciousness Atmosphere : Create a
safe cyber security atmosphere in GTS,
enhance employee safety awareness
Check:Develop operational security
check standards and inspection system,
periodic inspection business security
risks and promote business improvement
Cyber security TDT
Security Technology Standards: Develop GTS
business security technology standards to
provide input for BU Business
Security Technology Solutions: Promote
security technology solutions, to let BU
business technically meet the operational and
compliance requirements
Security Problem Management: Build security
management mechanism, discover cyber security
issues in the process and technical to
improve the business
BU
Business Improvement Implementation: Join the
business improvement program organized by CSO,
execute the plans and security processes into
the red rectification (services & physical
products)
Consciousness Atmosphere : Create a positive BU
internal cyber security environment, enhance
employee safety awareness
Check:Doing business security self check to
find the risks and timely corrective
Technical implementation : Complete the
implementation of cyber security solutions in BU
Pre-warning management: cyber security early
warning into early warning management product
category
Monito
r
13. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Through continuous business improvement and building systems /
platforms / tools, pay close attention to the regional implementation and
compliance, eliminate cyber security incidents caused by human errors
GTS cyber security management architecture
Strategy II . Improve robustness of systems and platforms,
and capability of security services.
Measure 5 : Complete security redline tests on 100% tool
software and clear non-compliance tools.
Measure 6 : Apply the "three locks" and achieve manageable
and traceable remote access.
Measure 7 : Develop security serviceability to support
security delivery in the frontline.
Strategy I. Persist service improvement and reduce cyber
security risks.
Measure 1 : Further refine the cyber security business
standards , form a clear Executable guidance and implement
improvements
Measure 2 : Perform penetration tests on Romania GSC
networks to improve the cyber security capability.
Measure 3 : Improve E2E customer data management and
eliminate related risks in data sensitive areas.
Measure 4 : Prevent any controlled spare parts from backing to
China by implementing customer authorization and return repair
processes.
Meet
customer
demands
and
gain
trust
in
cyber
security.
Customer
security
demands
Portfoli
o
Security serviceability (physical products)
SOP (Instruction guides, contract templates)
Security platform hardening
Tool software security authentication
Network deployment
Build cyber
security on
product elements.
Make a sales control system and salable list.
Review bids/contracts.
Build cyber
security on
service sales.
System
integration
service
Network
deployme
nt service
Customer
support
service
Customer
experienc
e service
Traini
ng
servic
e
Managem
ent
service
Consultan
t service
Global
delivery
organizations
consistently
comply
to
cyber
security
requirements.
Behavior
standardizat
ion
Privacy
protection
Security
hardening
Software
integrity
…
Accountability system
Network OM and customer support
Project management
Build cyber
security on
delivery
execution.
Self-check and
audit
Security
technologies/Management
standards
(1)
(2)
(3)
Strategy III. Continually educate staff about cyber security to
improve security delivery compliance.
Measure 8 : Take measures on data and account management
to eliminate outflow of sensitive data.
Measure 9 : Improve cyber security awareness of staff and
apply management responsibilities at the project level.
For GTS, The largest cyber security risks
from employee behavior. Each employee
must responsible for what he has done, to
avoid unintentional violations.
14. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Build Cyber Security responsibility matrix in GTS to ensure cyber security
requirements can be fulfill in service and delivery activities
HQ
(GTS BUs /
CSO/TDT)
Region & Key
Account
(BU Manager /
CSO)
Project
(PD/PM/TD/PC/
QA)
Undertake cyber security policy
• Regional security programs /
platform construction
• Establish notification mechanism.
Organize handling security incidents
• Improve business continuously by
self-audit & correction
Analysis of customer needs on cyber security to develop business rules and establish GTS
management system
• Analysis of cyber security from customer/ government to develop business rules
• Integrate Cyber security elements into GTS delivery process to meet requirement
• Develop GSC solutions and delivery-able tools to meet operational safety requirements
with technology
• Build Cyber Security responsibility matrix in GTS: the competent responsibilities and
levels; Improve business continuously by self-audit & correction.
1)Deliver service with cyber security
policy according delivery process
• Data protection
• Process
approval
• Sub-contractor
2)Discuss data privacy protection measures
with customer in delivery process
3)Routine learning cyber security
requirements and case, etc., Periodically
self-check on delivery activities
Actively thinking security business
• Analysis of local government & customers
requirement on CS; organize workshop on
CS
• Customize security solutions according to
customer demand
• Provide demands on CS serviceable
features
• Check on Configuration
• Manage access
account
• Identify & notice on
Safety issue
15. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Key Dimensions of
Cyber Security
Hig
h
Low
USA, Australia, and China
Taiwan
Japan, France, Germany,
Great Britain, New Zealand,
Denmark, Canada, and
South Korea
Other countries
Coverage
of VDF
subnets
Coverage
of TEF, FT,
DT
subnets
Government:
36 countries that are
sensitive to cyber security,
defined by Huawei
Customer:
Customers with high
requirements on cyber
security, such as VDF,
Telefonica, FT, and DT
Regional implementation:
(Self-check results and
cyber security events of
2013)
Regions in which the cyber
security risk is high and
security events frequently
occur, such as South
Pacific, Mid-Asia, and
South America
Medium
Russia, Saudi Arabia,
Turkey, Austria, Spain, Italy,
Poland, Mexico, Brazil,
South Africa, India, Malaysia,
and Indonesia
High and medium level regions: Be aligned with
customers' requirements on cyber security and
manage big risks.
Formulate service-based management
schemes for regions-Q1
Implement anonymity in data collection, to
prevent leaking of personal data.
Account management: Clear the accounts of
quit personnel and staff whose positions have
shifted.-Q2
Focus on audit these areas account using,
Customer authorizes,E2E data management,
project team etc requirements Implement
status.
Sensitivity Level Management Policy
Continuous education on cyber security
Routine perform self-check on
implementation.
Account management: Solve the issue of
incomplete transfer of transfer-to-
maintenance accounts and the sharing of
accounts.-Q3
Technical
sensitivity
Take Measures on Data and Account Management to
Eliminate Outflow of Sensitive Data
16. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 16
Chapter 1 What Is Cyber Security About?
Chapter 2 Cyber Security Case Studies
Chapter 3 Requirements and Regulations
on Cyber Security
17. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 17
GTS Should Focus on Cyber Security
Three business areas of the GTS are closely related to cyber
security. We attach great importance to cyber security of the GTS.
—Global Cyber Security Office Manager
GTS Businesses Are Closely Related to Cyber Security
Development of
Service Products
The same as physical
products, the service
products can also bring
many Cyber Security
problems, such as
vulnerabilities, back doors,
etc. Misuse of service
products will cause serious
damage.
Many tools used in delivery
and service can also be
used to access and collect
sensitive informations.
GTS staff often directly access customer networks ,so
they face high risks with respect to cyber security.
For example, they may access customer assets without
authorization; misuse accounts and passwords; expose
data in the customer network; get out of line to conduct
remote operation or transfer data in the customer network;
use tools obtained from non-official channels; use virus-
infected computers to access customer assets.
Unauthorized access, remote access, and personal data
transfer are illegal in most countries.
Sales of Service
Products
Engineers of the GTS are
also responsible for
contacting customers. Their
behaviors influence Huawei's
image.
When communicating with
customers, engineers should
avoid using sensitive words
and exercise caution not to
share or expose customer
information.
Project Delivery & Maintenance and
Management Services
For GTS, the most severe cyber security risk is staff’s behavior. Employees should avoid Cyber
Security Accidents because of unawareness.
18. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 18
Case Study I: Unauthorized Operation (Event Description)
Causes:
In September 20XX, in an engineering delivery project. In order to test and verify whether
the email format sent from customer's network was correct, Employee B from Company A,
without obtaining the customer's written permission, added his personal emails
address(including qq.com ,163.com ) to the list of email addresses in which alerts would be
sent by the customer's network.
Consequences:
The customer's IT Department discovered the relevant records through its internal email
system. The customer, very unsatisfied with Company A, made a complaint in writing
claiming that Company A was very unprofessional and brought forth information exposure
risks.
Without customer
authorization, I
modified...as
necessary.
Customer Service
Engineer
Without my authorization,
how dare you access my
network.
Customer
19. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 20
Case Study II: Using Another Person's Account to
Log into Customer's Network (Event Description)
Causes: Maintenance employees in Country F always change. New arrivals need to apply for their own accounts,
but the company's approval process takes a long time. These new arrivals therefore use other employees' accounts
to operate and maintain the customer's network.
Consequences:
In the customer's opinion, this company was very unprofessional. The customer
complained to regional executives of the company and expressed strong dissatisfaction.
This event decreased the customer's confidence in this company and was likely to
negatively influence later cooperation between the two.
I haven't got my
account yet. May I use
yours to log into the
customer's network?
Sure. My
account is
XXX.
You are so unprofessional...
Customer Service
Engineer 2
Customer
Customer Service
Engineer 1
20. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 22
Case Study III: Exposing and Disseminating Data
in Customer Network (Event Description)
Causes: In an exhibition held by a company, service and sales employee of the
company talked with all visitors about how they improved the network
performance for Customer A and displayed this customer's network information
(including some confidential information).
Consequences:
Customers who visited the exhibition thought this company was very
unprofessional. They worried that their network information might one day be
displayed in such a manner. This event decreased the level of confidence these
potential customers had in the company.
How can I trust you?
Hey, look at the network
diagram of Company X. It
used to have many
problems.
Sales Personnel
Customer
21. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 24
Case Study IV: Unauthorized Tools (Event Description)
Causes:
In May 2012, during a microwave delivery project, in order to enhance the delivery efficiency,
engineer B of Company A, requested tools from R&D employee C.
The R&D employee C provided B a tool that had not been strictly tested.
Project teams in frontline used the tool to deliver many products. Unfortunately, when the delivery
was almost completed , the tool activated a fault and caused incident.
Project delivery is moving too
slowly. I hope that R&D can
provide us special tools to
enhance the delivery.
You are lucky! I have a
tool that can help. I will
send it to you directly.
Consequences:
Such behaviors caused N hours of service interruption in N sites, led
costumer complain.
Oh my, what
did I do?
Customer Service
Engineer
Customer Service
Engineer R&D Engineer
22. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 26
Case Study V: Access Customer Network by Virus-
Infected Computer (Event Description)
Causes:
In March 20XX, when providing on-site maintenance for a customer, an
employee of Company A directly accessed the customer's network through a
virus-infected laptop.
The customer's security center monitored data packages that were sent
outward and triggered alerts.
Consequences:
This event attracted highly negative attention from the customer. The
customer's global security center sent weekly security reports to their CTO.
The customer clearly expressed: "The frequent occurrence of such events will
decrease confidence in your company."
Why is so much data being
sent outward? I am
wondering if you are
eavesdropping on us!
My computer is infected by a
virus, but the customer
requested services over and
over, so I have to use this
computer to access the
customer's network.
Customer Service
Engineer
Customer
23. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 28
Case Study VI: Remote Access Brings Risks (Event
Description)
Causes:
Since April 20XX, a European customer required Company A to collect their end user’s data from the
customer's system and send the data to the customer every day.
In October 20XX, employee B of Company A who was responsible for the job was on vacation in
China. Without the customer's authorization, Employee B accessed the customer's network remotely
from China and downloaded the end user’s data. The employee then uploaded the information to a
server located in China through which the information was sent to the customer.
Customer
Network
Access a European
customer's network
remotely.
Consequences:
The customer found that their network was remotely accessed from China
without their authorization, and the sensitive data was sent to China. The
customer filed a serious complaint and asked Company A for explanation.
Our network is remotely
accessed by someone from
China. Is it a Chinese spy?
Though I am on vacation, I still handle
customer requests. How dedicated I am!
Customer Service
Engineer
Customer
24. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 30
Consider: Key Points of Cyber Security
Which cyber security issues do
we need to consider in our daily
work?
25. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 31
Answer: Key Points of Cyber Security
Scenario No. Key points of focus with respect to cyber security
Accessing the
customer's
network.
1
Customer authorization is a prerequisite. Without the customer's written permission, employees are not
allowed to access the customer's network.
2
Do not use other people's accounts. Employees are not allowed to use other people's accounts or
unauthorized accounts to log into customer equipment.
3
Be cautious when launching any remote access. Employees are not allowed to access a customer's network
remotely without the customer's written authorization.
Employees are prohibited from accessing the networks of customers in sensitive regions remotely from China.
4
Check and kill viruses. We must killing viruses on all computers, communications terminals, and storage
media before using them to access the customer's network.
Operating the
customer's
network.
5
Customer authorization is necessary. Without the customer's written authorization, employees are not
allowed to install or use any software in the customer's network.
Without the customer's written authorization, employees are not allowed to collect data contained in the
customer's network.
Never perform any operations that are beyond the scope of customer's written authorization.
6
Use only official software and tools. Never use software versions, patches, licenses, or tools that are not
obtained through Huawei's official channels (such as Support Website, delivered with equipment, or official
procurement by field offices).
7
Be cautious when sending data back to China. Employees are not allowed to send data (including personal
data) in a customer's network back to China without the customer's written authorization. (2) Even though
customer authorization has been obtained, employees are still not allowed to send personal data of customers
located in sensitive countries back to China.
8
Keep accounts and passwords secret. Without the customer's written authorization, employees are not
allowed to disseminate or share accounts and/or passwords.
9
Never disrupt a customer's network. Employees are prohibited from attacking or disrupting a customer's
network, or cracking the customer's accounts and/or passwords.
Leaving the
post that
involves work
relating to the
customer's
network.
10
Do not take the customer's data. Without the customer's written authorization, employees are not allowed to
take equipment or storage media that contain data (including personal data) in the customer's network away
from customer's premises.
11
Do not expose the customer's data. Employees are not allowed to expose or disseminate data and
information contained in the customer's network.
12
Relinquish accounts. After a customer's network is put into commercial use or is maintained by another party,
employees must relinquish and delete their administrator accounts and any other accounts that become
unauthorized as a result.
26. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 32
Chapter 1 What Is Cyber Security About?
Chapter 2 Cyber Security Case Studies
Chapter 3 Requirements and Regulations on
Cyber Security
27. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 33
Red Lines of GTS Cyber Security Conducts
1. Access customer's system and collect, process, or modify the data and information on
customer network without documented permission.
2. Connect personal portable device or storage media to customer network without
documented permission.
3. Operations beyond the scope approved by customer.
4. Operations by using other people's account or unauthorized account to log in to
customer's devices.
5. Implant malicious codes, malicious software, backdoor, reserve concealed interfaces or
accounts in products or services.
6. Attack and undermine customer networks. Crack customer's account password.
7. Disclose and spread the data and information on customer's network.
8. Use shared accounts and passwords without customer's documented permission.
9. Retain or use the administrator account and unauthorized accounts after the commercial
use of network or the maintenance transition.
10. Run illegal software on customer network. Use software versions, patches, or licenses
that are not obtained through official channels.
11. Use information and data in customer's system to seek improper gains or for illegal
purposes.
28. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Accountability System of Cyber Security Violation
Page 34
Purpose: to improve employees’ cyber security awareness to mitigate risks of cyber security violations &
ensure smooth operation of the corporate business; take disciplinary actions against cyber security
violations through strict accountability system.
Principle:
• Accountability is not based on the consequence or whether the actor had malicious intent. Instead,
it is based on the behavior itself. The actor has to bear liability if he/she violates the laws or
regulations;
Accountability levels & measures
Cyber Security Violations
Accountabili
ty Level
Punishment
Level 1 of Cyber Security Violations or
causing severe crises, complaints, severe
loss, potential security dangers, and risks
1
1. Terminate the employment contract with the violator. 2. Do not provide economic
compensation for the violator in situations where no economic compensation should be paid
according to the Regulations on Compensation for Employment Contract Rescinding or
Termination (Huawei BOD Doc. No. [2007] 01). 3. Pursue or reserve the right to pursue legal
actions against the employee if he/she violates the laws and regulations.
4. Record the incident in the Employee Integrity Database and never rehire the employee.
Level 2 of Cyber Security Violations (see
Attachment 1) or causing major customer
complaints, loss, potential security
dangers, and risks
2
1. Give severe warning to the violator. 2. Specify the violation as a key event to the
competency and qualification of the violator, demote the violator and decrease the violator's
benefits based on the violator's position. 3. Record the incident in the Employee Integrity
Database.
Level 3 of Cyber Security Violations or
causing minor loss, potential security
dangers, and risks
3
1. Give minor warning to the violator. 2. Reduce the grade of related incentive appraisal.
3. Two level-3 violations within 12 months will be escalated to one level-2 violation. 4. Record
the incident in the Employee Integrity Database.
Level 4 of Cyber Security Violations or
causing no loss, but causing minor
potential security dangers and risks
4
1. Warning the violator by email. 2. The violation should be considered during the violator's
incentive appraisal.
3. Two level-4 violations within 12 months will be escalated to one level-3 violation.
29. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Cyber security violations in various scenarios (1/2)
Page 35
Scenario Description of cyber security violations Level
Common
behavior
Use networks to carry out any activities that harm national security and the public interest, steal or destroy others’ data,
infringe others’ legal rights; be instigated or bribed or take advantage of one's position to carry out any of the above
activities.
1
Without written authorization from the customer, access the customer's network; collect, keep, process and modify any
data and information in the customer's network.
1
Disclose and disseminate data and information in customers’ networks 1
Without written authorization from the customer, access and process users' voice information, accurate location
information and key pressing information; those behaviors that may lead to suspicion of infringement of users' private
communication content and personal data.
1
Without written authorization from the customer, remove devices or storage media with customer network data
(including personal data) out of the customer's premises.
1
Attack and crack communication facilities like customers' network; crack customers' passwords of accounts. 1
Embed any malicious code, malware and backdoor in products or services; maintain any undocumented interfaces
and accounts.
1
Without the authorization of the company, hold and disseminate the relevant information of product security
vulnerabilities.
2
Customer
communic
ation &
commitme
nt
Without written authorization from the customer, use any data and information from the customer's network for external
communication except the data and information from public channels.
1
Without written authorization from the customer, disclose and disseminate the customer's confidential information in
external communication.
1
Make commitments to customers that may violate the relevant cyber security laws(e.g.: Disrupt, Monitor, Track etc.). 1
Without the authorization of the company, reveal or disclose redline problems or vulnerabilities or other information that
may arouse customers' cyber security concerns in external communication.
2
Disseminate method tool to break the system of terminal devices (jailbreak) 3
In customer communication and demonstrations, use sensitive wording in the materials or presentation that make
customers misunderstand our cyber security.
3
30. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Cyber security violations in various scenarios (2/2)
Page 36
Scenario Description of cyber security violations Level
delivery
&Service
Without written authorization from the customer, access the customer's operation networks of production or
testing, or office network etc, by using equipment like computers, communication devices and storage media to
carry out any operation beyond the approval of the customer.
1
Without written authorization from the customer, installs or run software in the customer's network; or use any
software versions, patches, licenses and software tools that are not from official channels.
1
Without written authorization from the customer, use self-designed or third party tools for data collection and
performance analysis, etc.
1
Log in on a system by using others' accounts or an unauthorized account to carry out operations. 1
Retain or use the previous administrator account or other unauthorized accounts after the system is in
commercial use or has been transferred to the maintenance phase.
1
Collecting and processing personal data without the users’ authorization in after-sales repairing process of
devices.
1
Without written authorization from the customer or the onsite supervision of the designated person, access and
maintain legal interception interfaces or transfer relevant information out of the operators' network.
1
Without written authorization from the customer, remotely access the customer's network from China. 1
Without written authorization from the customer, transfer the customer's network data (including personal data)
back to China.
1
Not killing virus in computers, communication devices and storage media before accessing the customer's
network, which causes the customer network to be infected with virus or a virus to be detected on the customer
network.
2
Without written authorization from the customer, disseminate and use shared accounts and passwords. 2
After the expiration of the customer's authorization, fail to delete and destroy the stored customer network data. 2
31. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Page 37
Respect freedom and privacy; keep customer data secret.
Obtain customer authorization first; get access later.
Keep account and passwords secret; never share your account
with anybody.
Use official software and tools; always check and kill viruses.
Be cautious when launching remote access; be vigilant when
sending data back to China.
Report hidden dangers immediately; the company needs an early
warning.
Avoid behaviors that may cause violations; increase security
awareness.
Code of Conduct Concerning Cyber Security
32. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential
Assistance and Feedback Channels for Cyber
Security Issues
Assistance and feedback channels:
First, you can seek help from your business supervisor.
Second, you can seek help from local lawyers or Cyber Security contact
persons.
If you find any external forums and third-party individuals or organizations
provide the security vulnerabilities of products, please report this information to
GTS Cyber Security community.
GTS cyber security community: http://3ms.huawei.com/hi/group/1005849
You can gain knowledge, discuss issues, or seek help here.
Or you can in put “GTS cyber security community” in W3 home page to find the link)
Page 38
34. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 40
Attachment:High risk regions of cyber security
Country Rep office Region
Europe (all countries in
WE and NE Regions)
UK
UK office
Western Europe Sub-
Regional Division
Ireland
France France office
Germany Germany office
Italy
Italy office
Malta
Switzerland
Liechtenstein
the Netherland
The Netherland office
Belgium
Luxemburg
Portugal
Spain & Portugal office
Spain
Poland
Poland office
Eastern Europe Sub-
Regional Division
Estonia
Latvia
Republic of Lithuania
Hungary Hungary office
Czekh
Czekh office
Slovakia
Slovenia
Austria
Greece
Greece office
Bulgaria
Cyprus
Sweden
Sweden office
Denmark
Finland
Norway
Iceland
Romania Romania office
North America
United States USA office USA office
Canada Canada office Canada office
Southern Pacific
Australia
Australia office
Southern Pacific Sub-
Regional Division
New Zealand
Japan Japan Japan office Japan office
35. HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential Page 41
Learning materials for GTS employees
Huawei GCSC Doc. No.[2012] 02 -Compliance Policy of Privacy Protection & Cyber Security
Huawei GCSC Doc. No.[2012] 05 -Accountability System of Cyber Security Violations
HW GTS Dept Doc. No.006[2012]-Red Lines Management Regulations of GTS Cyber Security
Conducts
HW GTS Dept Joint Cir _No 020 2012-Requirements on Anti-Virus before Laptops Accessing
to Customer Networks
HW GTS Dept Cir No.018[2012]-Notice on Controlling Remote Access Security Risks
GTS PMO Dept. Cir. No.【2013】Requirements Regarding Enhancing Cyber Security
Management in Major Delivery Projects Management
Huawei CNBG GTS Q&O Dept. No. [2013]005-Notice on Enhancing the Field Cyber Security
Management for Staff on Business Trip
Link to GTS Cyber Security related circulars:
http://3ms.huawei.com/hi/group/1005849/thread_3553999.html?mapId=1998927
Link to the service delivery cyber security flash:
http://ilearning.huawei.com/ilearning/app/management/LMS_ActDetails.aspx?UserMode=0&Ac
tivityId=15145