Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
16 recommendations for better cybersecurity, digested from the 454 page COI (Committee of Inquiry) report on Singapore's biggest data breach to date (1.5 million patients' records), presented at Cyber Resilience and Risk Forum 2019, Singapore. Useful info for board directors, managers, CSOs, CISOs, cybersecurity professionals
1) APCERT is a forum of Computer Security Incident Response Teams (CSIRTs) and Computer Emergency Response Teams (CERTs) in the Asia Pacific region established in 2003. It currently has 30 operational members from 21 economies.
2) APCERT aims to promote cooperation on cybersecurity, facilitate information sharing, and assist members in responding to cyber incidents through working groups, an annual conference, and incident response drills.
3) Key recent activities include updating governance policies, conducting a capacity building survey, hosting bi-monthly online trainings, and an annual incident response drill with over 30 participating teams.
Development of National Cybersecurity Strategy and OrganisationDr David Probert
3-Day Master Class given at the University of Technology (UTECH) Kingston, Jamaica - 13th to 15th September 2010 - in Partnership with the UN/ITU Centres of Excellence Network for the Caribbean Region - International Telecommunications Union - Global Cybersecurity Agenda.
Cyber Vardzia - Integrated Physical and Cyber Security Systems for GeorgiaDr David Probert
Invited Presentation at the 3rd Georgian IT Innovation & Cybersecurity Conference (GITI) in Tbilisi, Georgia. The presentation focus upon the urgent need to integrate physical and cyber security within a single management team headed by a Chief Security Officer (CSO). The title references - Vardzia - which was a Medieval Georgian Cave Fortress that had extensive physical security and withstood attacks from invaders for many years.
The document discusses the present and future of Taiwan's Information Sharing and Analysis Center (ISAC). Currently, Taiwan has a Government ISAC (G-ISAC) that facilitates information sharing between government agencies and some private sectors. However, coverage is limited. The future plan is to establish a National ISAC (N-ISAC) that expands public-private collaboration to all critical infrastructure sectors. The N-ISAC aims to build a national cybersecurity defense framework through early detection, continuous monitoring, reporting and response, and assistance across sectors. Key tasks to achieve this include strengthening CERT, SOC and ISAC capabilities, developing cybersecurity laws and regulations, and increasing research and training.
Protection of critical information infrastructureNeha Agarwal
Information Infrastructure is the term usually used to describe the totality of inter-connected computers and networks, and information flowing through them. Certain parts of this Information Infrastructure, could be dedicated for management / control etc of infrastructure providers’ e.g. Power generation, Gas/oil pipelines, or support our economy or national
fabric e.g. Banking / Telecom etc. The contribution of the services supported
by these infrastructures, and more importantly, the impact of any sudden
failure or outage on our National well being or National Security marks them as being Critical.
By extension, information infrastructure supporting the operations of Critical Infrastructure (CI) marks this as Critical Information infrastructure (CII). These Networks operate/monitor and control important Governmental and Societal functions and services including, but not limited to, Power (Generation/transmission/ distribution etc), Telecommunication (mobile/landline/internet etc), Transportation (Air/land/rail/sea etc), Defence etc. These CII are becoming increasingly dependent on their information infrastructure for information management, communication and control functions.
The document discusses public-private partnerships (PPPs) in Sweden to promote cybersecurity and resilience of electronic communications networks. It provides examples of several successful PPP projects facilitated by the Swedish NRA, including the National Telecommunications Coordination Group, a geographical information system for crisis management, biannual exercises, a national portal for network information, an internet security strategy, and the national CERT team. The PPPs aim to share information, coordinate responses to disruptions, and improve preparedness through exercises. Lessons learned include the importance of trust, facilitating proactive win-win projects, and how an NRA can initiate partnerships while still overseeing competition.
The document summarizes a presentation given at the 2010 Cyber Security Forum hosted by CTO (Commonwealth Telecommunications Organisation). CTO is an intergovernmental organization focused on ICT capacity building and training. The presentation discusses CTO's role in cybersecurity including advocating for robust frameworks, building capacity through training and research, and facilitating knowledge sharing and international cooperation to address cyber threats. It invites attendees to partner with CTO on future cybersecurity activities and programs.
Lessons learned from the SingHealth Data Breach COI ReportBenjamin Ang
16 recommendations for better cybersecurity, digested from the 454 page COI (Committee of Inquiry) report on Singapore's biggest data breach to date (1.5 million patients' records), presented at Cyber Resilience and Risk Forum 2019, Singapore. Useful info for board directors, managers, CSOs, CISOs, cybersecurity professionals
1) APCERT is a forum of Computer Security Incident Response Teams (CSIRTs) and Computer Emergency Response Teams (CERTs) in the Asia Pacific region established in 2003. It currently has 30 operational members from 21 economies.
2) APCERT aims to promote cooperation on cybersecurity, facilitate information sharing, and assist members in responding to cyber incidents through working groups, an annual conference, and incident response drills.
3) Key recent activities include updating governance policies, conducting a capacity building survey, hosting bi-monthly online trainings, and an annual incident response drill with over 30 participating teams.
Development of National Cybersecurity Strategy and OrganisationDr David Probert
3-Day Master Class given at the University of Technology (UTECH) Kingston, Jamaica - 13th to 15th September 2010 - in Partnership with the UN/ITU Centres of Excellence Network for the Caribbean Region - International Telecommunications Union - Global Cybersecurity Agenda.
Cyber Vardzia - Integrated Physical and Cyber Security Systems for GeorgiaDr David Probert
Invited Presentation at the 3rd Georgian IT Innovation & Cybersecurity Conference (GITI) in Tbilisi, Georgia. The presentation focus upon the urgent need to integrate physical and cyber security within a single management team headed by a Chief Security Officer (CSO). The title references - Vardzia - which was a Medieval Georgian Cave Fortress that had extensive physical security and withstood attacks from invaders for many years.
The document discusses the present and future of Taiwan's Information Sharing and Analysis Center (ISAC). Currently, Taiwan has a Government ISAC (G-ISAC) that facilitates information sharing between government agencies and some private sectors. However, coverage is limited. The future plan is to establish a National ISAC (N-ISAC) that expands public-private collaboration to all critical infrastructure sectors. The N-ISAC aims to build a national cybersecurity defense framework through early detection, continuous monitoring, reporting and response, and assistance across sectors. Key tasks to achieve this include strengthening CERT, SOC and ISAC capabilities, developing cybersecurity laws and regulations, and increasing research and training.
Protection of critical information infrastructureNeha Agarwal
Information Infrastructure is the term usually used to describe the totality of inter-connected computers and networks, and information flowing through them. Certain parts of this Information Infrastructure, could be dedicated for management / control etc of infrastructure providers’ e.g. Power generation, Gas/oil pipelines, or support our economy or national
fabric e.g. Banking / Telecom etc. The contribution of the services supported
by these infrastructures, and more importantly, the impact of any sudden
failure or outage on our National well being or National Security marks them as being Critical.
By extension, information infrastructure supporting the operations of Critical Infrastructure (CI) marks this as Critical Information infrastructure (CII). These Networks operate/monitor and control important Governmental and Societal functions and services including, but not limited to, Power (Generation/transmission/ distribution etc), Telecommunication (mobile/landline/internet etc), Transportation (Air/land/rail/sea etc), Defence etc. These CII are becoming increasingly dependent on their information infrastructure for information management, communication and control functions.
The document discusses public-private partnerships (PPPs) in Sweden to promote cybersecurity and resilience of electronic communications networks. It provides examples of several successful PPP projects facilitated by the Swedish NRA, including the National Telecommunications Coordination Group, a geographical information system for crisis management, biannual exercises, a national portal for network information, an internet security strategy, and the national CERT team. The PPPs aim to share information, coordinate responses to disruptions, and improve preparedness through exercises. Lessons learned include the importance of trust, facilitating proactive win-win projects, and how an NRA can initiate partnerships while still overseeing competition.
The document summarizes a presentation given at the 2010 Cyber Security Forum hosted by CTO (Commonwealth Telecommunications Organisation). CTO is an intergovernmental organization focused on ICT capacity building and training. The presentation discusses CTO's role in cybersecurity including advocating for robust frameworks, building capacity through training and research, and facilitating knowledge sharing and international cooperation to address cyber threats. It invites attendees to partner with CTO on future cybersecurity activities and programs.
Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...Benjamin Ang
Slides from the Internet Society Singapore Chapter's seminar and public consultation on the draft Bill of Singapore’s new Cybersecurity Act, which will be in place by end 2017, and will lay the groundwork for world class cybersecurity practices to overcome emerging threats in cyberspace. The Act seeks to minimize disruption to essential services and to professionalize the cybersecurity industry.
The document provides an event report on the CTO Cybersecurity Forum held in London on June 17-18, 2010. The forum focused on raising awareness of cybersecurity issues, building capacity for robust cybersecurity frameworks, and facilitating dialogue among stakeholders. Key topics discussed included threats to both states and individuals, as well as possible technical, legal, and international cooperation responses. A need for greater international cooperation was a major theme, given issues around jurisdiction and varying capabilities. The inaugural forum aimed to provide a platform for partnership between the UK government and CTO to address these global cybersecurity challenges.
This document discusses the evolving cyber threat landscape and increasing cyber risks that organizations face. It notes that cyber attacks are becoming more frequent, sophisticated, and targeted. The document outlines several recent major cyber attacks including data breaches at Sony, Target, and Ashley Madison, as well as ransomware attacks and hacking incidents. It emphasizes that organizations need to adopt a proactive, intelligence-led approach to cyber security that includes red team exercises, assuming breaches will occur, and deploying security intelligence systems to detect threats early. The key is understanding adversaries and their tactics in order to adapt defenses accordingly.
Global CyberSecurity Index and Cyberwellness ProfilesICT Watch
This document presents the key findings from the first annual Global Cybersecurity Index report published in April 2015 by the International Telecommunication Union. The report ranks 154 countries based on their level of commitment to cybersecurity across five pillars - legal, technical, organizational, capacity building, and international cooperation measures. The United States ranks first overall, followed by Canada and Australia. Regionally, Mauritius ranks highest in Africa, while several other regions see European nations like Estonia and Germany ranking towards the top. The report aims to increase awareness of cybersecurity preparedness and promote greater collaboration between countries.
APrIGF 2015: Security and the Internet of ThingsAPNIC
Adli Wahid addresses the current cybersecurity issues seen with the growth of the Internet of Things at the 2015 Asia Pacific Regional Internet Governance Forum (APrIGF) in Macao.
PRFP-10: Cyber threats and security in the PacificAPNIC
Cyber threats and security in the Pacific was the topic of the 10th Policy and Regulation Forum for Pacific. The document discusses establishing incident response capabilities to address cyber risks like ransomware, vandalism, negligence, natural disasters, accidents, fraud and theft. It promotes creating a safety ecosystem with organizations like police, fire, health, industry and education working together and with a Computer Emergency Response Team (CERT) to respond to incidents. Effective CERTs require infrastructure, procedures, trained staff, and relationships built on trust with other CERT and law enforcement communities. They should engage stakeholders, maintain expertise, and prioritize trust and neutrality when starting small but with a long-term vision.
Defending Critical Infrastructure Against Cyber AttacksTripwire
In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered.
Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats.
Topics covered include:
-Examples of some of the most recent cyber-attacks to critical infrastructure
-Why traditional IT security approaches won't work
-Recommended approaches for securing critical infrastructure
The document discusses a security training program for the financial sector. It aims to identify security challenges from digitization, different types of attacks, and the need for an integrated security approach. The FINSEC platform provides collaborative risk assessment that calculates risk from vulnerabilities, impacts, and threats. It detects security events and can re-calculate risk levels based on pre-defined triggers.
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
Security professionals often struggle with the ‘double intangibility’ of security - the intangibility of risk and intangibility of protection.
Changes hearts and minds often requires legislation and new compliance frameworks to motivate investment.
New Zealand's new Privacy Act comes into play on 1st December 2020 and there are ways security professionals can leverage new aspects including mandatory breach notifications to focus efforts on securing personal information and preventing privacy harms.
The document summarizes the work of the Internet Society in Asia-Pacific in 2018 and upcoming activities in 2019. It discusses the Society's efforts to promote an open, globally connected, secure and trustworthy internet through initiatives like supporting community networks, improving routing security through MANRS, and addressing IoT security issues. Key 2018 activities included collaborating with governments on internet policy issues, training programs, and engagement events. Planned 2019 work focuses on similar collaboration, outreach and capacity building activities across the region.
This document is a presentation on the increasing threat of cybercrime. It discusses the evolution of computers and some of the world's largest data breaches. It identifies key cybersecurity threats for 2013/2014, including the widespread use of new platforms like mobile devices and cloud computing, increasingly available exploit kits, and more sophisticated targeted attacks. The presentation concludes by profiling some infamous computer hackers and opening the floor for questions.
For every organization, effective cybersecurity is reliant on a careful deployment of technology, processes and people. The Global Knowledge cybersecurity perspective features a three-tiered organizational matrix, ranging from foundational to expert skills, coupled with eight functional specializations that encompass the features of a successful cybersecurity organization.
Cybersecurity isn’t a one-person job—it’s dependent on several different factors within an organization. This webinar will show you how to build a strong cyber defense by focusing on:
• The characteristics of winning cybersecurity teams
• The Crown – Organizational map and career progression
• The Castle – The eight functional specializations
• Architecture and data policy
• Data loss prevention
• Governance, risk and compliance
• Identity and access management
• Incident response and forensic analysis
• Penetration testing
• Secure DevOps
• Secure software development
• Building a winning cybersecurity organization
This document outlines Ireland's National Cyber Security Strategy for 2019-2024. It discusses the increasing reliance on digital technologies and the associated cyber security risks. The strategy aims to:
1. Further develop Ireland's National Cyber Security Centre and critical infrastructure protection systems to monitor and respond to cyber threats.
2. Support skills development, research, and the cyber security industry to capitalize on economic opportunities and ensure network resilience.
3. Deepen international engagement on cyber policy to help shape governance of the digital environment.
A range of specific measures are proposed across areas like threat information sharing, baseline security standards, skills and research programs, and diplomatic coordination, to achieve these strategic objectives over the coming years.
This document discusses cybercrime risks in Europe. It provides an overview of ENISA's activities related to facilitating cooperation against cybercrime, developing guidance on new and emerging technologies, and promoting privacy and trust online. Specific contributions from ENISA include developing best practices for cooperation between computer emergency response teams (CERTs) and law enforcement agencies. ENISA also organizes annual workshops for CERTs to share information and hosts a clearinghouse of incident response tools. A proposed new EU Directive aims to more effectively address large-scale cyber attacks by criminalizing certain hacking tools and their use.
Yet another cybersecurity framework for Financial ServicesOlivier Busolini
The document discusses the Financial Services Sector Coordinating Council's (FSSCC) development of a sector-specific "Profile" that extends the NIST Cybersecurity Framework for financial services. The Profile was inspired by ISO/IEC 27001/2 controls and other frameworks. It includes 9 questions for risk-tiering methodology, a more precise diagnostic statement, and addresses new topics like governance, supply chain management, and third-party risk management. The Profile is intended to help regulators assess risk management programs and serve as a common supervisory approach.
This document provides a summary of influence operations from 2017 to 2020. It discusses how threat actors have evolved tactics like moving from large campaigns to more targeted operations and blurring lines between authentic and inauthentic content. The document outlines trends seen over this period like perception hacking and increased operational security. It proposes mitigation strategies platforms and researchers can take like combining automated and manual enforcement, improving detection tools, and building partnerships for information sharing.
This document provides guidance on integrating forensic techniques into incident response. It discusses establishing a forensic capability within an organization, including defining roles and responsibilities, developing policies and procedures, and preparing tools and resources. It also describes the forensic process of collecting, examining, analyzing and reporting on data from various sources, such as files, operating systems, network traffic and applications. The goal is to efficiently and effectively use forensic analysis to understand security incidents and improve an organization's security posture. Legal and technical considerations are also addressed throughout.
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
For all critical sectors to establish robust and systematic cyber risk management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and training across the organisation
continuous measurement of performance through process audits and cyber-security exercises.
Ghana has developed a National Cyber Security Policy and 5-year Strategic Plan to address gaps in existing cybersecurity policies and laws. The policy was developed through a multi-stakeholder process between 2011-2015 and contains 9 pillars including effective governance, legislative frameworks, cybersecurity technology, capacity building, and international cooperation. The strategic plan outlines initiatives to establish cybersecurity institutions, review cyber laws, adopt security standards, and increase awareness and preparedness over the next 5 years. Ghana aims to create a secure cyber environment that enables internet use and economic growth while protecting critical infrastructure through this national cybersecurity strategy.
Are you the I in CII? Cybersecurity Bill public consultation by Internet Soci...Benjamin Ang
Slides from the Internet Society Singapore Chapter's seminar and public consultation on the draft Bill of Singapore’s new Cybersecurity Act, which will be in place by end 2017, and will lay the groundwork for world class cybersecurity practices to overcome emerging threats in cyberspace. The Act seeks to minimize disruption to essential services and to professionalize the cybersecurity industry.
The document provides an event report on the CTO Cybersecurity Forum held in London on June 17-18, 2010. The forum focused on raising awareness of cybersecurity issues, building capacity for robust cybersecurity frameworks, and facilitating dialogue among stakeholders. Key topics discussed included threats to both states and individuals, as well as possible technical, legal, and international cooperation responses. A need for greater international cooperation was a major theme, given issues around jurisdiction and varying capabilities. The inaugural forum aimed to provide a platform for partnership between the UK government and CTO to address these global cybersecurity challenges.
This document discusses the evolving cyber threat landscape and increasing cyber risks that organizations face. It notes that cyber attacks are becoming more frequent, sophisticated, and targeted. The document outlines several recent major cyber attacks including data breaches at Sony, Target, and Ashley Madison, as well as ransomware attacks and hacking incidents. It emphasizes that organizations need to adopt a proactive, intelligence-led approach to cyber security that includes red team exercises, assuming breaches will occur, and deploying security intelligence systems to detect threats early. The key is understanding adversaries and their tactics in order to adapt defenses accordingly.
Global CyberSecurity Index and Cyberwellness ProfilesICT Watch
This document presents the key findings from the first annual Global Cybersecurity Index report published in April 2015 by the International Telecommunication Union. The report ranks 154 countries based on their level of commitment to cybersecurity across five pillars - legal, technical, organizational, capacity building, and international cooperation measures. The United States ranks first overall, followed by Canada and Australia. Regionally, Mauritius ranks highest in Africa, while several other regions see European nations like Estonia and Germany ranking towards the top. The report aims to increase awareness of cybersecurity preparedness and promote greater collaboration between countries.
APrIGF 2015: Security and the Internet of ThingsAPNIC
Adli Wahid addresses the current cybersecurity issues seen with the growth of the Internet of Things at the 2015 Asia Pacific Regional Internet Governance Forum (APrIGF) in Macao.
PRFP-10: Cyber threats and security in the PacificAPNIC
Cyber threats and security in the Pacific was the topic of the 10th Policy and Regulation Forum for Pacific. The document discusses establishing incident response capabilities to address cyber risks like ransomware, vandalism, negligence, natural disasters, accidents, fraud and theft. It promotes creating a safety ecosystem with organizations like police, fire, health, industry and education working together and with a Computer Emergency Response Team (CERT) to respond to incidents. Effective CERTs require infrastructure, procedures, trained staff, and relationships built on trust with other CERT and law enforcement communities. They should engage stakeholders, maintain expertise, and prioritize trust and neutrality when starting small but with a long-term vision.
Defending Critical Infrastructure Against Cyber AttacksTripwire
In our increasingly connected world, networks of machines help critical infrastructure run more efficiently and prevent downtime. However, systems which were once isolated are now being exposed to digital security threats that operators never considered.
Joseph Blankenship of Forrester Research and Gabe Authier of Tripwire discuss the evolving threat landscape and how we can protect these critical assets from cyber threats.
Topics covered include:
-Examples of some of the most recent cyber-attacks to critical infrastructure
-Why traditional IT security approaches won't work
-Recommended approaches for securing critical infrastructure
The document discusses a security training program for the financial sector. It aims to identify security challenges from digitization, different types of attacks, and the need for an integrated security approach. The FINSEC platform provides collaborative risk assessment that calculates risk from vulnerabilities, impacts, and threats. It detects security events and can re-calculate risk levels based on pre-defined triggers.
National Cybersecurity - Roadmap and Action PlanDr David Probert
Analysis, strategies and practical action plans for National Government Cybersecurity based upon the United Nations - International Telecommunications Union - UN/ITU Cybersecurity Framework and their Global Cybersecurity Agenda - GCA.
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
Security professionals often struggle with the ‘double intangibility’ of security - the intangibility of risk and intangibility of protection.
Changes hearts and minds often requires legislation and new compliance frameworks to motivate investment.
New Zealand's new Privacy Act comes into play on 1st December 2020 and there are ways security professionals can leverage new aspects including mandatory breach notifications to focus efforts on securing personal information and preventing privacy harms.
The document summarizes the work of the Internet Society in Asia-Pacific in 2018 and upcoming activities in 2019. It discusses the Society's efforts to promote an open, globally connected, secure and trustworthy internet through initiatives like supporting community networks, improving routing security through MANRS, and addressing IoT security issues. Key 2018 activities included collaborating with governments on internet policy issues, training programs, and engagement events. Planned 2019 work focuses on similar collaboration, outreach and capacity building activities across the region.
This document is a presentation on the increasing threat of cybercrime. It discusses the evolution of computers and some of the world's largest data breaches. It identifies key cybersecurity threats for 2013/2014, including the widespread use of new platforms like mobile devices and cloud computing, increasingly available exploit kits, and more sophisticated targeted attacks. The presentation concludes by profiling some infamous computer hackers and opening the floor for questions.
For every organization, effective cybersecurity is reliant on a careful deployment of technology, processes and people. The Global Knowledge cybersecurity perspective features a three-tiered organizational matrix, ranging from foundational to expert skills, coupled with eight functional specializations that encompass the features of a successful cybersecurity organization.
Cybersecurity isn’t a one-person job—it’s dependent on several different factors within an organization. This webinar will show you how to build a strong cyber defense by focusing on:
• The characteristics of winning cybersecurity teams
• The Crown – Organizational map and career progression
• The Castle – The eight functional specializations
• Architecture and data policy
• Data loss prevention
• Governance, risk and compliance
• Identity and access management
• Incident response and forensic analysis
• Penetration testing
• Secure DevOps
• Secure software development
• Building a winning cybersecurity organization
This document outlines Ireland's National Cyber Security Strategy for 2019-2024. It discusses the increasing reliance on digital technologies and the associated cyber security risks. The strategy aims to:
1. Further develop Ireland's National Cyber Security Centre and critical infrastructure protection systems to monitor and respond to cyber threats.
2. Support skills development, research, and the cyber security industry to capitalize on economic opportunities and ensure network resilience.
3. Deepen international engagement on cyber policy to help shape governance of the digital environment.
A range of specific measures are proposed across areas like threat information sharing, baseline security standards, skills and research programs, and diplomatic coordination, to achieve these strategic objectives over the coming years.
This document discusses cybercrime risks in Europe. It provides an overview of ENISA's activities related to facilitating cooperation against cybercrime, developing guidance on new and emerging technologies, and promoting privacy and trust online. Specific contributions from ENISA include developing best practices for cooperation between computer emergency response teams (CERTs) and law enforcement agencies. ENISA also organizes annual workshops for CERTs to share information and hosts a clearinghouse of incident response tools. A proposed new EU Directive aims to more effectively address large-scale cyber attacks by criminalizing certain hacking tools and their use.
Yet another cybersecurity framework for Financial ServicesOlivier Busolini
The document discusses the Financial Services Sector Coordinating Council's (FSSCC) development of a sector-specific "Profile" that extends the NIST Cybersecurity Framework for financial services. The Profile was inspired by ISO/IEC 27001/2 controls and other frameworks. It includes 9 questions for risk-tiering methodology, a more precise diagnostic statement, and addresses new topics like governance, supply chain management, and third-party risk management. The Profile is intended to help regulators assess risk management programs and serve as a common supervisory approach.
This document provides a summary of influence operations from 2017 to 2020. It discusses how threat actors have evolved tactics like moving from large campaigns to more targeted operations and blurring lines between authentic and inauthentic content. The document outlines trends seen over this period like perception hacking and increased operational security. It proposes mitigation strategies platforms and researchers can take like combining automated and manual enforcement, improving detection tools, and building partnerships for information sharing.
This document provides guidance on integrating forensic techniques into incident response. It discusses establishing a forensic capability within an organization, including defining roles and responsibilities, developing policies and procedures, and preparing tools and resources. It also describes the forensic process of collecting, examining, analyzing and reporting on data from various sources, such as files, operating systems, network traffic and applications. The goal is to efficiently and effectively use forensic analysis to understand security incidents and improve an organization's security posture. Legal and technical considerations are also addressed throughout.
Singapore. industry 4.0 and cybersecurity Yuri Anisimov
For all critical sectors to establish robust and systematic cyber risk management processes and capabilities
Systematic cyber risk management framework
risk assessments, vulnerability assessments and system reviews;
well-informed and conscious trade-offs in security, cost and functionality
sound systems and procedures to mitigate and manage these risks, including disaster recovery and business continuity plans;
effective implementation that encompasses awareness building and training across the organisation
continuous measurement of performance through process audits and cyber-security exercises.
Ghana has developed a National Cyber Security Policy and 5-year Strategic Plan to address gaps in existing cybersecurity policies and laws. The policy was developed through a multi-stakeholder process between 2011-2015 and contains 9 pillars including effective governance, legislative frameworks, cybersecurity technology, capacity building, and international cooperation. The strategic plan outlines initiatives to establish cybersecurity institutions, review cyber laws, adopt security standards, and increase awareness and preparedness over the next 5 years. Ghana aims to create a secure cyber environment that enables internet use and economic growth while protecting critical infrastructure through this national cybersecurity strategy.
The document summarizes ITU's work on cybersecurity since 2003, including:
1) Establishing the Global Cybersecurity Agenda in 2007 to facilitate international cooperation on cybersecurity across five pillars.
2) Forming the High-Level Expert Group in 2007 to develop strategies to curb cyberthreats and promote cybersecurity globally.
3) Conducting various capacity building activities through the ITU-IMPACT initiative to assess countries' cyber readiness and train over 2,700 professionals worldwide.
4) Collaborating with partners like UNODC, Symantec, and Trend Micro to strengthen cybersecurity capabilities globally.
Protecting Critical Infrastructure: a multi-layered approachITU
The document discusses protecting critical infrastructure through a multi-layered cybersecurity approach. It notes the increasing dependence on ICTs and rising cyber threats. A coordinated response is needed across international, regional, and national levels. Key aspects include legal measures, technical/procedural measures, organizational structures, capacity building, and international cooperation. The ITU promotes cybersecurity strategies, drives implementation efforts, and fosters a global culture of cybersecurity through activities like its National CIRT Programme and Global Cybersecurity Index.
The document outlines India's national cyber security policy and strategies. It aims to build a secure and resilient cyberspace for citizens, businesses, and government. The key objectives are to create a secure cyber ecosystem, strengthen regulatory frameworks, enhance mechanisms for information gathering and response, protect critical information infrastructure, develop indigenous security technologies, and create a cybersecurity workforce. The strategies to achieve these objectives include designating agencies to coordinate cybersecurity efforts, encouraging adoption of best practices, developing testing and certification processes, and fostering public-private partnerships and cooperation.
The document discusses building cybersecurity capacity through international cooperation. It notes increasing dependence on ICTs and rising cyber threats. Developing countries are most at risk as they adopt broader ICT use. Building national cybersecurity strategies and response capabilities is important, as is cooperation across international, regional, and national levels. The ITU works to build capacity through national cybersecurity strategies, establishing computer security incident response teams, conducting assessments and trainings, and facilitating information sharing and regional cooperation. The ITU also measures cyber readiness through the Global Cybersecurity Index and creates country profiles to track progress. Strengthening cybersecurity globally requires coordinated multi-stakeholder efforts.
Singapore's National Cyber Security StrategyBenjamin Ang
Singapore's national cyber security strategy has 4 pillars: 1) Protect critical infrastructure through assessments, information sharing, and security by design. 2) Combat cybercrime through education, law enforcement capabilities, and partnerships. 3) Develop a professional cybersecurity workforce and support startups to extend Singapore's advantage. 4) Forge international cooperation to counter cyber threats through ASEAN initiatives and host exchanges on cyber norms. The strategy aims to secure essential services, respond to threats, and establish Singapore as a trusted hub through a whole-of-nation approach.
Computer security, also known as cyber security or IT security, is the protection of computer systems from the theft or damage to their hardware, software or information, as well as from disruption or misdirection of the services they provide.
Emphasizing on Cyber Crime and Threats, Cyberwar Terrorism and Countermeasures.
Be smart & Creative in Cyber World. #D3
This document discusses cyber security strategies and approaches used by various governments and organizations. It outlines national strategies from the UK, US, Estonia, and Singapore, as well as approaches at the European Union level. Common themes across strategies include recognizing the interconnected nature of IT systems, moving from attack detection to prevention, and the need for joint public-private collaboration to develop regulations, share intelligence, and protect critical infrastructure and society.
Final national cyber security strategy november 2014vikawotar
This document outlines Mauritius' National Cyber Security Strategy for 2014-2019. It establishes the vision, mission and goals for cyber security, which include securing cyberspace against cybercrime, enhancing resilience to cyber attacks, developing efficient collaboration models between authorities and businesses, and improving cyber expertise and awareness. The strategy proposes a governance structure and defines the roles of key stakeholders like the Ministry of ICT, National Cyber Security Committee, National CERT, law enforcement, regulatory bodies, critical sectors, and academia. It presents strategic guidelines to achieve the goals, focusing on defense, resilience, collaboration, and capacity building. The importance of the strategy is to effectively manage cyber threats and risks through a coordinated national approach.
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
A primer on Singapore's Cybersecurity Strategy, and the laws of Singapore relating to Cybersecurity (Computer Misuse Act, Personal Data Protection Act, Cybersecurity Act 2018). Also contains a summary of the results of the Public Consultation on the Cybersecurity Bill
A look at why Caribbean cyber security is important, Caribbean experiences achieving cyber security, why an effective strategy is critical and the importance of an effective Information Governance strategy.
The document outlines India's 2013 National Cyber Security Policy. The policy aims to build a secure cyber ecosystem in India by protecting information infrastructure, reducing cyber threats and vulnerabilities, and developing cyber security capabilities. It identifies strategic objectives and approaches across areas such as creating assurance frameworks, strengthening regulatory structures, developing threat monitoring and response mechanisms, securing e-governance, protecting critical infrastructure, fostering research and workforce development, and enhancing domestic and international cooperation. The overarching goal is to secure cyberspace for citizens, businesses and the government of India.
Creating cyber forensic readiness in your organisationJacqueline Fick
The document summarizes the presentation "Creating cyber forensic readiness within your organisation" given at the 2nd African Mine Security Summit. The presentation covered defining cyber crime, the current state of cyber crime in South Africa, why organizations are vulnerable, and what cyber forensic readiness planning entails. It discussed why organizations need to be prepared for cyber incidents, how to approach digital evidence, and provided steps to implement cyber forensic readiness plans, including defining scenarios requiring evidence, identifying evidence sources, and training staff on evidence handling procedures.
This document discusses cybersecurity threats such as malware, denial of service attacks, cybercrime, cyberterrorism, and cyberwarfare. It provides examples of cybercrime cases involving theft, data breaches, and attacks on banking systems. Cyberterrorism examples include France passing anti-terrorism laws and ISIS utilizing social media. Cyberwarfare case studies involve attacks on Iranian nuclear centers and websites. The document also discusses computer emergency response teams, cybersecurity legislation and policies, and Yemen's cyberwellness profile.
This document summarizes Ghana's efforts to curb cyber threats and enhance cybersecurity. It provides an overview of Ghana's growing internet connectivity and interactions online. It then outlines common cyber attacks faced and targets at different levels. Ghana's key critical infrastructure sectors are identified. The document discusses Ghana's draft national cybersecurity policy and strategy, which focuses on governance, legal frameworks, technology, awareness, and international cooperation. It also describes three special initiatives - a national cybersecurity awareness program, establishing a Computer Emergency Response Team, and plans for a National Cyber Security Centre. The document concludes by calling for discussion on further interventions, stakeholder roles, models for public-private partnership, and needed capacity building.
National Strategies against Cyber Attacks - Philip VictorKnowledge Group
The document discusses national strategies against cyber attacks from a global perspective based on the work of ITU-IMPACT. It provides an overview of ITU-IMPACT, current cybersecurity challenges faced by governments, and global efforts to address these challenges through developing national computer incident response teams, public-private partnerships, and international cooperation on cyber laws, standards, and capacity building. The document also presents ITU-IMPACT's role in assisting countries with developing national cybersecurity strategies and implementing programs like computer security incident response teams and cybersecurity drills.
This document discusses cybersecurity trends in Europe. It outlines key drivers of improving cybersecurity like consumerization, regulatory pressures, and emerging threats. It describes the lifecycle of advanced persistent threats and differences between targeted attacks. European strategies on cybersecurity and the Network Information Security Directive are presented. The directive aims to enhance resilience to cyber threats and ensure network security across the EU. Requirements for competent authorities, cooperation between states, and risk management are discussed. Implementation in France and guidance from ISACA on applying the European framework are also summarized.
npCert Initiatives in Nepal (Nepal Computer Emergency Response Team)OneCoverNepal
Information Security Response Team Nepal (NPCERT)
Cyber Security in Nepal
Promote security awareness across industry, academia & public sector
Research and analysis of cyber security incidents
Gather and disseminate technical information on cyber security.
Information Security Response Team Nepal, fondly known as npCert, is a team of Information Security experts unite together to address the urgent need for the protection of national information and growing cyber security threat in Nepal.
Established in 2016, npCert has been playing active role as the Nation’s flagship cyber defense, incident response, and operational integration center.
Objectives:
The main objectives of npCert are:
To provide cybersecurity incident responses.
To promote cyber security situational awareness across industry, academia, and the public sector.
To support critical national infrastructure companies to handle cyber security incidents.
To provide research and analysis of cyber security incidents.
To gather and disseminate technical information on cyber security incidents, vulnerabilities, security fixes and other security information as well as issue alerts and warnings.
To coordinate with other domestic and international Information Security Response Teams and related organizations.
https://npcert.org/about-us/
Similar to Cybersecurity Hub & Operations - Dr. Kiru Pillay (20)
1) DNSSec is a technology that digitally signs data to verify its validity and protect against attacks during domain name lookups from the root zone to the final domain.
2) Signing the country-level domain (.ZA) adds security by ensuring the validity of records and keys in the domain zone file.
3) With DNSSec fully deployed, end users are assured of connecting to the actual website corresponding to a domain name by verifying each step of the lookup process.
The document discusses cyber security awareness in South Africa and introduces the SafeCyberL!fe campaign. It notes that South Africa loses at least R5.8 billion annually to cybercrime. The current risk configuration leaves users aware of risks but without skills to respond, while service providers and the state have limited capabilities. SafeCyberL!fe aims to empower individuals to live safely online through seminars, a media campaign, and training 100,000 community cyber security cadets by June 2018. Major challenges include viewing users as passive, slow government response, and low prioritization of cyber security decisions.
ICANN is a global multistakeholder organization that coordinates the DNS and ensures its stable and secure operation. It has a global presence with regional offices and engagement centers. ICANN's multistakeholder community includes representatives from businesses, governments, technical experts, civil society and others. The community develops policy through bottom-up consensus and the ICANN Board implements policies within its mission. ICANN is currently conducting a key rollover to maintain security of the DNS root zone.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
Gen Z and the marketplaces - let's translate their needsLaura Szabó
The product workshop focused on exploring the requirements of Generation Z in relation to marketplace dynamics. We delved into their specific needs, examined the specifics in their shopping preferences, and analyzed their preferred methods for accessing information and making purchases within a marketplace. Through the study of real-life cases , we tried to gain valuable insights into enhancing the marketplace experience for Generation Z.
The workshop was held on the DMA Conference in Vienna June 2024.
Ready to Unlock the Power of Blockchain!Toptal Tech
Imagine a world where data flows freely, yet remains secure. A world where trust is built into the fabric of every transaction. This is the promise of blockchain, a revolutionary technology poised to reshape our digital landscape.
Toptal Tech is at the forefront of this innovation, connecting you with the brightest minds in blockchain development. Together, we can unlock the potential of this transformative technology, building a future of transparency, security, and endless possibilities.
1. Kiru Pillay
Department of Telecommunications and Postal Services
Cybersecurity Operations & Cybersecurity Hub
iWeek 2017
5th September 2017
Cybersecurity Hub
2. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 2
Cybersecurity
Hub
01
3. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
3
Cybersecurity Hub
• Acts as National point of
contact for the coordination
of Cybersecurity incidents
• Receives and analyses
Cybersecurity incidents,
trends, vulnerabilities and
threats
• Facilitates the establishment
of sector, regional and
continental CSIRT’s
• Disseminates alerts and
warnings to its constituents
• Initiate national
Cybersecurity awareness
campaigns
National Cybersecurity Policy Framework
"Cybersecurity Hub" means a CSIRT established to pool
public and private sector threat information for the
purposes of processing and disseminating such
information to relevant stakeholders including the
Cybersecurity centre.
4. "Computer Security Incident Response Team (CSIRT)" is a team
of dedicated information security specialists that prepares for
and responds to Cybersecurity breaches or Cybersecurity
incidents.
There is no globally accepted definition of what a “National
CSIRT” except that it is a security team with a national
responsibilities
Resolution 58 of the ITU – Encourages the creation of national
CSIRTs particularly for developing countries
There exist various abbreviations for this entity like:
CERT (Computer Emergency Response Team)
IRT (Incident Response Team)
CIRT (Computer Incident Response Team)
SERT (Security Emergency Response Team
National Cybersecurity Policy Framework
6. National CSIRTs Services
ALGERIA, BURKINA FASO, CAMEROON, COTE D’IVOIRE, EGYPT, ETHIOPIA, GHANA, KENYA, NIGERIA, RWANDA,
SOUTH AFRICA, SUDAN, TANZANIA, TUNISIA, UGANDA, ZAMBIA
16 countries with National CSIRTs in Africa
103 countries with National CSIRTs worldwide
7. Cybersecurity Hub Launch –
October 2015
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 7
To report a cybersecurity incident:
Visit : https://www.cybersecurityhub.gov.za
Email: incident@cybersecurityhub.gov.za
8. Cybersecurity Hub Implementation
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 8
The DTPS has been mandated by NCPF to establish a National CSIRT (Cybersecurity Hub) in consultation with the
Justice Crime Prevention and Security (JCPS) cluster departments, the private sector and civil society as well as
the sector CSIRTs
- Phase 1(Nov’14-Mar’15)
- Phase 2(Apr’15-Sep’15)
Phase 3(From Oct’15)
Ultimate Goal
Fully
Capacitated
Cybersecurity
Hub
Basic Cybersecurity Hub
9. Cybersecurity Hub Responsibilities as
per NCPF
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 9
Sector CSIRT Establishment, public-private partnerships, increasing collaboration,
Coordinate Responses to threats at a national level and Resolve (1)
6. 3.1 Coordinate general Cybersecurity activities; identifying stakeholders and
developing public-private relationships and collaborating with any sector CSIRTs that
may be established.
6.3.6.1 Be a point of contact for that specific sector.
6.3.6.2 Coordinate Cybersecurity incident response activities within that sector
Information Dissemination, Best practice Guidelines, Audits, Readiness Exercises,
Standards Compliance (2)
6.3.2; 6.3.6.3 and 6.3.6.4 Disseminate relevant information to sector CSIRTs, vendors,
technology experts.
6. 3.3 and 6.3.6.8 Provide best practice guidance on ICT security for Government,
business and civil society.
6.3.5 and 6.3.6.5 Promote compliance with standards, procedures and policy and best
practices.
6.3.6.7 Conduct Cybersecurity audits, assessments and readiness exercises for the sector
Cybersecurity Awareness (3)
6.3.4 Initiate Cybersecurity awareness campaigns
10. National CSIRTs Services
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 10
REACTIVE SERVICES
• Alerts and warnings
• Incident handling
• Vulnerability handling
• Artifact handling
PROACTIVE SERVICES
• Announcements
• Technology watch
• Security audits or
assessments
• Configuration and
maintenance of tools,
applications
• Development of security
tools
• Intrusion detection
services
• Security-related
information
dissemination
QUALITY MANAGEMENT
SERVICES
• Risk Analysis
• Business continuity and
disaster recovery
planning
• Security consulting
• Awareness building
• Education training
• Product evaluation or
certification
"Computer Security Incident Response Team (CSIRT)” Team of dedicated information security specialists that
prepares for and responds to Cybersecurity breaches or Cybersecurity incidents. Over the years CSIRTs extended
their capacities and increase their service offerings. CSIRTs go from being a reaction force to a complete security
service provider.
11. FIRST Membership
1 2
3 4
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 11
FIRST membership initiative is currently
underway with the CSIR being the
strategic partner
• Infrastructure upgrades are being
undertaken to the Cybersecurity Hub,
which ism physically housed at the CSIR
• Policies and Standards Operating
Procedures (SOPs) are being validated and
verified.
• The Cybersecurity Hub’s network is being
upgraded in line with FIRST requirements
Application for membership will be
made in the 2017 calendar year
12. International, Regional &
National Frameworks
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 12
• Regional Harmonization of policies, legal
frameworks and good practices
• SADC 2012 Model Law on Computer
Crime and Cybercrime to guide
development of cybersecurity laws in
SADC Member States
• African Union 2014 Convention on
Cyber Security and Personal Data
Protection, which aims to harmonize the
laws of African States on electronic
commerce, data protection, cyber
security promotion and cyber crime
control.
• International Cooperation frameworks and
exchange of information
• Resolution 58 of the ITU – Encourages
the creation of National Computer Security
Incident Response Teams (CSIRTs)
particularly for developing countries
• SA 2012 NCPF to set out
an aligned and coherent
approach to Cybersecurity
by outlining broad policy
guidelines on Cybersecurity
• Cybercrimes and
Cybersecurity Bill is
currently before Parliament
Cybersecurity is trans-border in nature and demands cooperation between countries and law enforcement
agencies
13. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 13
Coordination &
Consultation
02
• The Cybersecurity Hub needs to ensure appropriate consultation between the JCPS cluster
departments, the private sector and civil society regarding Cybersecurity matters
Consultation
• Coordinate general Cybersecurity activities; identifying stakeholders and developing public-
private relationships and collaborating with any sector CSIRTs that may be established
Co-ordination
14. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 14
Sector CSIRTs as at end 2015-
2016 financial year
• At the end of the 2015-2016 financial year, the Finance sector was well represented
with respect to sector-based CSIRTs with at least four active CSIRTs, with others
being planned.
• The Higher education sector also has an effective CSIRT responsible for
universities, museums and research councils
SABRIC
CSIRT
ASISA
CSIRT
FMI
CSIRT
SAIA
PASA
CSIRT
SSA Cyber
Response
Committee
FINANCE
SECTOR-CSIRT
Cybersecurity
Hub
RETAIL
SECTOR-CSIRT
LOGISTICS
SECTOR-CSIRT
HEALTH
SECTOR-CSIRT
TELECOMMS
SECTOR-CSIRT
EDUCATION
SECTOR-CSIRT
LEGEND
SABRIC: South African Banking Risk Information Centre
ASISA: Association of Savings and Investments South Africa
PASA: Payments Association of South Africa
SAIA: South African Insurance Association
FMI: Financial Markets Institutions (JSE, Reserve Bank, Bankserv, STRATE)
Other
Finance
CSIRTs
SANREN/
TENET
15. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 15
Sector CSIRT Establishment
SSA Cyber
Response
Committee
FINANCE
SECTOR-CSIRT
Cybersecurity
Hub
RETAIL
SECTOR-CSIRT
LOGISTICS
SECTOR-CSIRT
HEALTH
SECTOR-CSIRT
TELECOMMS
SECTOR-CSIRT
Consumer Goods
Retail sector-CSIRT
Internet Service
Providers
Association sector-
CSIRT
Since April 2017 two new sector-based CSIRTs are in the process of being established
- The retail sector CSIRT being spearheaded by the Consumer Goods Council (CGC)
- The Consumer Goods Council represents the interests of more than 12, 000 member companies engaged in
the manufacture, retail, wholesale and distribution of consumer goods, which has a combined value of R707
billion
- The Internet Service providers CSIRT being spearheaded by the Internet Service Providers Association
(ISPA).
- ISPA currently has many members, comprised of large, medium and small Internet service and access
providers in South Africa.
EDUCATION
SECTOR-CSIRT
17. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 17
Establishment of a CSIRT Forum
SABRIC
CSIRT
ASISA
CSIRT
FMI
CSIRT
SAIA
PASA
CSIRT
FINANCE
SECTOR-CSIRT
RETAIL
SECTOR-CSIRT
TELECOMMS
SECTOR-CSIRT
…
Other
Finance
CSIRTs
• Established what has been termed the CSIRT Forum in April 2017 in response to
increasing number of sector-based CSIRTs being established
• Made up of representatives from the established and soon-to-be established
CSIRTs
• The intention of the CSIRT forum is to coordinate activities amongst the various
CSIRTs.
• Initiatives identified at the launch included:
• Information Sharing between sector-CSIRTs
• Skills Development / Capacity Building
• Promoting of uniform Standards
ISP
CSIRT
RETAIL
CSIRT
18. Improved Consultation
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 18
• Regular interactions with various Stakeholders including:
• The South African Communications Forum
• The Consumer Goods Council
• Financial Sector Continuity Forum Cyber and Information Security Working
Group (Reserve Bank, STRATE, Bankserv, JSE).
• National ICT Forum Working Group on Cybersecurity
• Vendors
• Research institutions
• South African Bureau of Standards
19. Cybersecurity Incident Response
‘War Room’: Improving coordination
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development
• Imperative to be able to engage with all stakeholders when
responding to Threats and Incidents at a National level
• The ‘War Room’ will give the Hub the ability to
respond in real-time and to coordinate responses to
Cybersecurity threats and incidents
• A set of secure collaborative communications tools
• A Business Intelligence (BI) capability that allows
stakeholders to take decisions to resolve threats
• ‘Proof of Concept’ are being
undertaken by various vendors
• The processes and workflow that
support the ‘War Room’ are being
developed in conjunction with
Law Enforcement Agencies and
other constituents
• Use of Skype for Business and open-source collaborative tools
• Request for the appointment of service providers is being finalised
20. Investigate the development of
‘home-grown’ Cybersecurity tools
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 20
Initiated a research project to get a baseline understanding of the Cybersecurity sector in South Africa.
Problem Statement:
• Investigate the cyber security landscape within South Africa for the private and public sector and
determine the cyber related software applications, tools and other capabilities that are being
developed and available respectively.
Rationale for the Study:
• Cybersecurity is a national imperative for countries, and is largely reliant on the use of software tools in
order to identify and resolve cybersecurity incidents and threats.
• The need for locally developed tools have become an imperative for many countries
• In South Africa there is an urgent need for the establishment of sector CSIRTS / SOCs and for the
promotion of public-private partnerships in order to counter cybersecurity breaches and incidents.
• South Africa also has an associated strategic objective of encouraging the local software development
sector.
• Expected Outputs (November 2017):
• Overview of the Cyber security landscape of South Africa and expected growth trajectory
• A report which identifies the various in-house developed or developing cyber security related software
applications and tools within the private and public sector in South Africa.
21. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 21
Dissemination of
Information
03
• Disseminate relevant information to sector CSIRTs, vendors, technology experts.
Disseminate Information
22. Communicating with Sector-CSIRTs
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 22
Communicate with our Stakeholders and Sector-based CSIRTs via the Cybersecurity Hub
website using secure logins.
Provide relevant documentation and security directives via the Website
23. Global Ransomware attacks &
Security Directives
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 23
Alert Name Petya Ransomware Security Advisory
Overview of vulnerability There is an outbreak of a ransomware attack called Petya already making chaos
worldwide, with massive disruption in countries such as Europe, Unites States
(US), India, France, and Russia. This ransomware infects Windows systems by
encrypting the hard drive’s master file table (MFT) and renders the master boot
record (MBR) inoperable. The MRB is then replaced with the Petya’s malicious
code that displays the ransom note and leaves the computer unable to boot.
The ransomware takes over computers and demands $300, paid in Bitcoin, which
is a cryptocurrency. The Petya ransomware spreads rapidly across an organization
once a computer is infected using the EternalBlue vulnerability in Microsoft
Windows. Unlike the recent WannaCry, this attack is very persistent in nature and
has better spreading mechanisms; it tries one option and if it doesn’t work, it tries
another one.
The Cybersecurity Hub advices the infected users not to pay the ransom.
Date 27 June 2017
Systems affected Microsoft Windows
Risk
(Risk e.g. in terms of simple
rating (low, medium, high).
High X Medium Low
The risk for this attack is high.
impact/ potential damage High X Medium Low
The severity for this ransomware is high; organisations could lose a lot of money
by paying the ransom.
Recommendations All Microsoft Windows users are advised to do the following:
Install required Windows updates (MS17-10):
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Turn of SMB1: https://support.microsoft.com/en-
us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-
in-windows-and-windows
It is also advised to block the execution of «PSEXEC.EXE» software on
potentially compromised machines and block remote access to WMI.
References http://thehackernews.com/2017/06/petya-ransomware-attack.html
https://www.theguardian.com/technology/2017/jun/27/petya-
ransomware-cyber-attack-who-what-why-how
http://www.wired.co.uk/article/petya-malware-ransomware-attack-
outbreak-june-2017
The Hub had knowledge of the attacks and
raised the alarm with its Stakeholders.
The Hub developed and released Security
Directives aimed at countering these attacks,
which were distributed to our Stakeholders.
Key to this was the use of the recently
established CSIRT forum for dissemination of
information
The Security Directives were both technical
in nature for the consumption by the CSIRTs
and a general Awareness directive for the
general public
No large-scale breaches were reported in
South Africa
24. Piloting of a Business Intelligence
solution
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 24
• Piloting a Business Intelligence (BI) solution
• The BI solution is meant to develop a capacity to identify threats
prior to them turning into actual incidents
• Inputs various open-source and proprietary threat feeds, and
also incidents from the CSIRTs in order to develop trends and
patters of incidents
• Requested threat information from stakeholders including
Microsoft, Kaspersky, Intel and CISCO
• Output will be a South Africa specific Incident and Threat feed
which will be distributed to Stakeholders
25. Business Intelligence Pilot: Examples
of Visualisations
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 25
26. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 26
Provide
Guidance,
Promote
Compliance
04
• Provide best practice guidance on ICT security for Government, business and civil society
Provide Guidance
• Promote compliance with standards, procedures and policy and best practices
Promote compliance
27. Sector-specific Readiness Survey
Current Initiative
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 27
• The National Readiness survey was the first national survey aimed at
understanding:
• The status of strategic Cybersecurity plans within organisations;
• Governance relating to the Cybersecurity function within organisations;
• Potential Cybersecurity vulnerabilities and risks which have been identified within
organisations;
• The capability of organisations to respond and recover after a Cybersecurity
related attack.
• The survey closed at the end of July and analysis is currently under way
• The results and the report will be available in October 2017
• Sectors that responded included
• Higher education
• State-owned enterprises
• The IT Sector
• The finance sector including the banks, investment houses and the FMIs
28. Development of National Standards
and Guidelines
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 28
• Development of national standards and guidelines
• Assist in the standardization and in the exchange of threat and
vulnerability information
• Assist in developing a minimum levels of operations for CSIRTs
• Include
• National Cybersecurity Standards e.g. ISO, NIST, CoBIT
• Threat Information Standardisation
• Identification of open source and proprietary tools
• Maturity Models in order to evaluate CSIRT maturity
29. Development of a national
Cybersecurity Skills framework
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 29
• Developed a national Cybersecurity Skills Framework
• Based on international best practice model - National Initiative for Cybersecurity
Education (NICE)
• Customised for South Africa
• Developed in collaboration with SABRIC and the BANK SETA
• Has been socialised with various other SETAs
• Development of Organising Framework for Occupations (OFO) Codes in progress
• Once OFO codes have been registered and the framework finalised, standardised
curriculum content can be developed
The development of the national Skills
Framework, once finalised, is a
significant breakthrough in addressing
the issue of the shortage of
Cybersecurity skills
30. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 30
National Awareness
Strategy05
31. Development of a national Awareness
Portal
Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 31
• Awareness Portal currently under development
• Scheduled to ‘go-live’ in September 2017
• Incorporates social media platforms and digital artefacts (mobile apps, videos, etc.)
• Regular cybersecurity campaigns e.g. Cyberbullying will be run jointly with Stakeholders
e.g. CISCO, SABRIC, Reserve Bank, SITA, ISPA, Microsoft etc.
32. Making South Africa a Global Leader in Harnessing ICTs for Socio-economic Development 32
Conclusion06
33. ITU Global Cybersecurity Index (GCI)
2017
Situated on the southern tip of Africa, South Africa
established the national cyber security hub to
serve as a central point for collaboration between
industry, government and civil society on all cyber
security incidents. The cyber security hub is
mandated by the National Cybersecurity Policy
Framework (NCPF) that was passed by Cabinet in
2012. The country is ranked eighth in the continent
and 58th globally, with an overall score of 0.502.
http://www.itnewsafrica.com/2017/07/top-10-african-countries-
committed-to-cybersecurity/
Extracts from ITU Global Cybersecurity Index (GCI 2017’