SlideShare a Scribd company logo

Why Government & Corporate Cyber Programmes are Failing

Download as PPTX, PDF
c0c0n - International Cyber Security and Policing Conference
c0c0n - International Cyber Security and Policing Conference

Why Government & Corporate Cyber Programmes are Failing by Dr. Frederick Wamala at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html

TechnologyBusiness
1 of 41
Why Government & Corporate Cyber Programmes are failing Dr. Frederick Wamala, CISSP® Trivandrum, Kerala, India, 3-4 August 2012 International Telecommunication Union
Disclaimer – One for the Lawyers Opinions expressed here are mine. The view I express do not necessarily reflect those of any past or present employers and/or associates. All trademarks are the properties of their respective owners. © Dr. Frederick Wamala, CISSP® 2
Quotation – Cybercrime  “In fact, in my opinion, it's the greatest transfer of wealth in history ... McAfee estimates that $1 trillion was spent globally under remediation. And that's our future disappearing in front of us.” – Gen. Keith Alexander, NSA/CYBERCOM © Dr. Frederick Wamala, CISSP® 3
ITU Cybersecurity Strategy Guides © Dr. Frederick Wamala, CISSP® 4
Cybersecurity Strategy Model © Dr. Frederick Wamala, CISSP® 5
Cybersecurity Strategy Model URL: http://www.itu.int/ITU-D/cyb/cybersecurity/strategies.html © Dr. Frederick Wamala, CISSP® 6
Strategic Context © Dr. Frederick Wamala, CISSP® 7
Critical Information Infrastructure (CII) © Dr. Frederick Wamala, CISSP® 8
Privately-owned – Govt oversight? © Dr. Frederick Wamala, CISSP® 9
© Dr. Frederick Wamala, CISSP® 10
Focus on attack methods not Sources © Dr. Frederick Wamala, CISSP® 11
Threat Assessment © Dr. Frederick Wamala, CISSP® 12
Incomplete Threat Assessments  Threat Sources and Threat Actors  Capability  Level 1 – Opportunistic  Level 5 – Extremely capable and well resourced to carry out sophisticated attacks e.g. Flame  Motivation  Level 0 – No interest in attacking a given system  Level 5 – An absolute priority of the actor to breach the security of a given system. Use all means e.g. Detailed research, bribery, coercion, © Dr. Frederick Wamala, CISSP® 13
Failure to understand “Cybersecurity Ends” © Dr. Frederick Wamala, CISSP® 14
Cybersecurity “Intensity of Interest”  Cybersecurity is not JUST a technical issue  Cyber attacks threat „vital‟ interests of States © Dr. Frederick Wamala, CISSP® 15
India – Impact on Diplomatic Affairs  “A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process.” © Dr. Frederick Wamala, CISSP® 16
Gaps – Legal Measures © Dr. Frederick Wamala, CISSP® 17
Cybercrime legislation coverage  Criminalisation  Substantive criminal law e.g. Unauthorised access to computer systems and networks  Jurisdiction  Procedure and law enforcement investigative measures  Electronic evidence  Liability of internet service providers  International cooperation © Dr. Frederick Wamala, CISSP® 18
Convention on Cybercrime – 2001 Criminalization International Cooperation Procedures Jurisdiction Criminalization Procedures Council of Europe Convention on Cybercrime Electronic evidence Jurisdiction Service Provider Liability International Cooperation © Dr. Frederick Wamala, CISSP® 19
Commonwealth Legislation – 2002 International Cooperation Criminalization Jurisdiction Electronic evidence Criminalization Procedures Procedures Electronic evidence Commonwealth Model Legislation Jurisdiction Service Provider Liability International Cooperation © Dr. Frederick Wamala, CISSP® 20
US – Joint Chief Lobby for Legislation © Dr. Frederick Wamala, CISSP® 21
© Dr. Frederick Wamala, CISSP® 22
Technical and Procedural Measures © Dr. Frederick Wamala, CISSP® 23
Reactive – Subversion of Products © Dr. Frederick Wamala, CISSP® 24
UK – Capacity to certify products © Dr. Frederick Wamala, CISSP® 25
India – Comprehensive Approach © Dr. Frederick Wamala, CISSP® 26
Gaps – Organisational Structures © Dr. Frederick Wamala, CISSP® 27
India – National Cybersecurity Strategy  MCIT/Departmental cybersecurity strategy  Only CERT-In has a national cyber mandate  Oversight: MCIT; Defence, Home Affairs, NSA © Dr. Frederick Wamala, CISSP® 28
DHS vs. White House Czar mandates © Dr. Frederick Wamala, CISSP® 29
US – NSA involvement questioned © Dr. Frederick Wamala, CISSP® 30
Gaps – Capacity Building © Dr. Frederick Wamala, CISSP® 31
Gaps – Cybersecurity Skills  “India is regarded as an IT superpower but its record on IT security is not too brilliant. ... It does not have the required number of experts and professionals in cyber security.” – Dr. Arvind Gupta, IDSA, India, 27/06/2012 © Dr. Frederick Wamala, CISSP® 32
© Dr. Frederick Wamala, CISSP® 33
UK – Intelligence not retaining staff © Dr. Frederick Wamala, CISSP® 34
Gaps – International Cooperation © Dr. Frederick Wamala, CISSP® 35
Russia rejects Convention © Dr. Frederick Wamala, CISSP® 36
Convention – Article 32 © Dr. Frederick Wamala, CISSP® 37
EU and US wreck UN Treaty © Dr. Frederick Wamala, CISSP® 38
Conclusion © Dr. Frederick Wamala, CISSP® 39
© Dr. Frederick Wamala, CISSP® 40
Questions? Dr. Frederick Wamala, CISSP® Cybersecurity Adviser – Strategic and Technical E-mail: f.wamala@efrivo.com Twitter: @DrWamala © Dr. Frederick Wamala, CISSP® 41

Recommended

Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Worldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsWorldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsAPNIC
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 

Recommended

Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Worldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsWorldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsAPNIC
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...Government Technology and Services Coalition
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Blancco
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13Skillspire LLC
 
Itec 299 multimedia
Itec 299 multimediaItec 299 multimedia
Itec 299 multimedia_niickyd
 
Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!jc viola
 

More Related Content

What's hot

2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Blancco
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 

What's hot (20)

2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar Association
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crime
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspace
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13
 

Viewers also liked

Itec 299 multimedia
Itec 299 multimediaItec 299 multimedia
Itec 299 multimedia_niickyd
 
Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!jc viola
 
Itec 299 mobile learning
Itec 299 mobile learningItec 299 mobile learning
Itec 299 mobile learning_niickyd
 
Itec 299 social&collaborative learning
Itec 299 social&collaborative learningItec 299 social&collaborative learning
Itec 299 social&collaborative learning_niickyd
 
Itec 299 mobile learning
Itec 299 mobile learningItec 299 mobile learning
Itec 299 mobile learning_niickyd
 
Overcome Your Fear of Selling
Overcome Your Fear of SellingOvercome Your Fear of Selling
Overcome Your Fear of SellingAbhishek Shah
 

Viewers also liked (7)

Itec 299 multimedia
Itec 299 multimediaItec 299 multimedia
Itec 299 multimedia
 
Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!
 
Itec 299 mobile learning
Itec 299 mobile learningItec 299 mobile learning
Itec 299 mobile learning
 
Itec 299 social&collaborative learning
Itec 299 social&collaborative learningItec 299 social&collaborative learning
Itec 299 social&collaborative learning
 
Itec 299 mobile learning
Itec 299 mobile learningItec 299 mobile learning
Itec 299 mobile learning
 
Overcome Your Fear of Selling
Overcome Your Fear of SellingOvercome Your Fear of Selling
Overcome Your Fear of Selling
 
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job? Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
 

Similar to Why Government & Corporate Cyber Programmes are Failing

CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"OCTF Industry Engagement
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
Cybersecurity Facts & Figures - What Every Business Needs to Know
Cybersecurity Facts & Figures - What Every Business Needs to KnowCybersecurity Facts & Figures - What Every Business Needs to Know
Cybersecurity Facts & Figures - What Every Business Needs to KnowCBIZ, Inc.
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptAkfeteAssefa
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaAlibaba Cloud
 
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Javier Junquera
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco Canada
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 

Similar to Why Government & Corporate Cyber Programmes are Failing (20)

CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Cybersecurity Facts & Figures - What Every Business Needs to Know
Cybersecurity Facts & Figures - What Every Business Needs to KnowCybersecurity Facts & Figures - What Every Business Needs to Know
Cybersecurity Facts & Figures - What Every Business Needs to Know
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in China
 
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 Predictions
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security report
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protection
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1
 

More from c0c0n - International Cyber Security and Policing Conference

More from c0c0n - International Cyber Security and Policing Conference (7)

Leveraging mobile & wireless technology for Law and Order
Leveraging mobile & wireless technology for Law and OrderLeveraging mobile & wireless technology for Law and Order
Leveraging mobile & wireless technology for Law and Order
 
Cracking the Mobile Application Code
Cracking the Mobile Application CodeCracking the Mobile Application Code
Cracking the Mobile Application Code
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting EnginesWeb-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Engines
 
UI-Redressing Attacks - The Process & Exploitation
UI-Redressing Attacks - The Process & ExploitationUI-Redressing Attacks - The Process & Exploitation
UI-Redressing Attacks - The Process & Exploitation
 

Recently uploaded

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Product School
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀DianaGray10
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupCatarinaPereira64715
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIES VE
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Thierry Lestable
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyJohn Staveley
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomCzechDreamin
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsPaul Groth
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...Elena Simperl
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Product School
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesThousandEyes
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...Product School
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 

Recently uploaded (20)

Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
IESVE for Early Stage Design and Planning
IESVE for Early Stage Design and PlanningIESVE for Early Stage Design and Planning
IESVE for Early Stage Design and Planning
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
Demystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John StaveleyDemystifying gRPC in .Net by John Staveley
Demystifying gRPC in .Net by John Staveley
 
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone KomSalesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
Salesforce Adoption – Metrics, Methods, and Motivation, Antone Kom
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 

Why Government & Corporate Cyber Programmes are Failing

  • 1. Why Government & Corporate Cyber Programmes are failing Dr. Frederick Wamala, CISSP® Trivandrum, Kerala, India, 3-4 August 2012 International Telecommunication Union
  • 2. Disclaimer – One for the Lawyers Opinions expressed here are mine. The view I express do not necessarily reflect those of any past or present employers and/or associates. All trademarks are the properties of their respective owners. © Dr. Frederick Wamala, CISSP® 2
  • 3. Quotation – Cybercrime  “In fact, in my opinion, it's the greatest transfer of wealth in history ... McAfee estimates that $1 trillion was spent globally under remediation. And that's our future disappearing in front of us.” – Gen. Keith Alexander, NSA/CYBERCOM © Dr. Frederick Wamala, CISSP® 3
  • 4. ITU Cybersecurity Strategy Guides © Dr. Frederick Wamala, CISSP® 4
  • 5. Cybersecurity Strategy Model © Dr. Frederick Wamala, CISSP® 5
  • 6. Cybersecurity Strategy Model URL: http://www.itu.int/ITU-D/cyb/cybersecurity/strategies.html © Dr. Frederick Wamala, CISSP® 6
  • 7. Strategic Context © Dr. Frederick Wamala, CISSP® 7
  • 8. Critical Information Infrastructure (CII) © Dr. Frederick Wamala, CISSP® 8
  • 9. Privately-owned – Govt oversight? © Dr. Frederick Wamala, CISSP® 9
  • 10. © Dr. Frederick Wamala, CISSP® 10
  • 11. Focus on attack methods not Sources © Dr. Frederick Wamala, CISSP® 11
  • 12. Threat Assessment © Dr. Frederick Wamala, CISSP® 12
  • 13. Incomplete Threat Assessments  Threat Sources and Threat Actors  Capability  Level 1 – Opportunistic  Level 5 – Extremely capable and well resourced to carry out sophisticated attacks e.g. Flame  Motivation  Level 0 – No interest in attacking a given system  Level 5 – An absolute priority of the actor to breach the security of a given system. Use all means e.g. Detailed research, bribery, coercion, © Dr. Frederick Wamala, CISSP® 13
  • 14. Failure to understand “Cybersecurity Ends” © Dr. Frederick Wamala, CISSP® 14
  • 15. Cybersecurity “Intensity of Interest”  Cybersecurity is not JUST a technical issue  Cyber attacks threat „vital‟ interests of States © Dr. Frederick Wamala, CISSP® 15
  • 16. India – Impact on Diplomatic Affairs  “A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process.” © Dr. Frederick Wamala, CISSP® 16
  • 17. Gaps – Legal Measures © Dr. Frederick Wamala, CISSP® 17
  • 18. Cybercrime legislation coverage  Criminalisation  Substantive criminal law e.g. Unauthorised access to computer systems and networks  Jurisdiction  Procedure and law enforcement investigative measures  Electronic evidence  Liability of internet service providers  International cooperation © Dr. Frederick Wamala, CISSP® 18
  • 19. Convention on Cybercrime – 2001 Criminalization International Cooperation Procedures Jurisdiction Criminalization Procedures Council of Europe Convention on Cybercrime Electronic evidence Jurisdiction Service Provider Liability International Cooperation © Dr. Frederick Wamala, CISSP® 19
  • 20. Commonwealth Legislation – 2002 International Cooperation Criminalization Jurisdiction Electronic evidence Criminalization Procedures Procedures Electronic evidence Commonwealth Model Legislation Jurisdiction Service Provider Liability International Cooperation © Dr. Frederick Wamala, CISSP® 20
  • 21. US – Joint Chief Lobby for Legislation © Dr. Frederick Wamala, CISSP® 21
  • 22. © Dr. Frederick Wamala, CISSP® 22
  • 23. Technical and Procedural Measures © Dr. Frederick Wamala, CISSP® 23
  • 24. Reactive – Subversion of Products © Dr. Frederick Wamala, CISSP® 24
  • 25. UK – Capacity to certify products © Dr. Frederick Wamala, CISSP® 25
  • 26. India – Comprehensive Approach © Dr. Frederick Wamala, CISSP® 26
  • 27. Gaps – Organisational Structures © Dr. Frederick Wamala, CISSP® 27
  • 28. India – National Cybersecurity Strategy  MCIT/Departmental cybersecurity strategy  Only CERT-In has a national cyber mandate  Oversight: MCIT; Defence, Home Affairs, NSA © Dr. Frederick Wamala, CISSP® 28
  • 29. DHS vs. White House Czar mandates © Dr. Frederick Wamala, CISSP® 29
  • 30. US – NSA involvement questioned © Dr. Frederick Wamala, CISSP® 30
  • 31. Gaps – Capacity Building © Dr. Frederick Wamala, CISSP® 31
  • 32. Gaps – Cybersecurity Skills  “India is regarded as an IT superpower but its record on IT security is not too brilliant. ... It does not have the required number of experts and professionals in cyber security.” – Dr. Arvind Gupta, IDSA, India, 27/06/2012 © Dr. Frederick Wamala, CISSP® 32
  • 33. © Dr. Frederick Wamala, CISSP® 33
  • 34. UK – Intelligence not retaining staff © Dr. Frederick Wamala, CISSP® 34
  • 35. Gaps – International Cooperation © Dr. Frederick Wamala, CISSP® 35
  • 36. Russia rejects Convention © Dr. Frederick Wamala, CISSP® 36
  • 37. Convention – Article 32 © Dr. Frederick Wamala, CISSP® 37
  • 38. EU and US wreck UN Treaty © Dr. Frederick Wamala, CISSP® 38
  • 39. Conclusion © Dr. Frederick Wamala, CISSP® 39
  • 40. © Dr. Frederick Wamala, CISSP® 40
  • 41. Questions? Dr. Frederick Wamala, CISSP® Cybersecurity Adviser – Strategic and Technical E-mail: f.wamala@efrivo.com Twitter: @DrWamala © Dr. Frederick Wamala, CISSP® 41