3. Introduction
–Afghanistan has already traveled a
considerable distance in the past 15
years.
–Wide variety of work process are being
handled using IT services:
–Ministries and Institutions
–Banks and Mobile communication
–Identification cards (Tazkira) and Election
Workshop 2: Management Structures for IT Security 3
4. New
Challenges
for the
Country
–Effective and secure operation of all
these technologies and services greatly
depends on:
–Reliable IT infrastructures
–Effective management system
–Secure IT systems etc.
–Threats
–Malware (Spam, phishing
–Targeted attacks
–Human errors
Workshop 2: Management Structures for IT Security 4
5. Information
Security in
Afghanistan
–From 2011 to 2015 the total loss
associated with cyber crimes was 1.3
billion AFN (afghani)
–Most of these — 70 percent — were
committed by internal staff at financial
institutions.
–Three out of four computers in
Afghanistan are infected with malware,
meaning roughly 75 of Internet traffic is
infected. [1]
Workshop 2: Management Structures for IT Security 5
6. What is
Information
Security
Management
System?
–A systematic and structured approach to
manage information so that it remains
secure.
Workshop 2: Management Structures for IT Security 6
It is a Management process
It is not a technological process
8. Speakers
– Mustafa Naier and ZohraZekeria
- Lecturers at Kabul PolytechnicUniversity
– Said JawadSaidi
- Lecturer at Kabul EducationUniversity
– Niaz Mohammed Ramaki
- Lecturer at Kabul PolytechnicUniversity
8Workshop 2: Management Structures for IT Security
9. Topics
Covered
1. CurrentSituation of Network and Internet
Policy
2. Result of IT SecurityAnalysis
3. Role of Organization Administration in
Information Security
4. Botnets: A destructive force to Cyber
Security
9Workshop 2: Management Structures for IT Security
10. Current
Situation of
Network and
Internet
Policy
–In Afghanistan
–The networks have problem regarding to
its performance, traffic logged , network
management, and security policies.
–NCSA (2014-2015) have started to work on
some of the policies but the state of its
implementation is unknown
–Lack of policy, awareness and enforcement
10Workshop 2: Management Structures for IT Security
12. Workshop 2: Management Structures for IT Security 12
27,08
1,99
20,00
8,98
7,00
10,16
55,21
24,38
51,58
19,16
44,00
35,94
17,71
73,63
28,42
71,86
49,00
53,91
Infrastructure Common Aspects IT Systems Network Application Application Development
MoWA Survey Result
Yes (%) No (%) Not Applicable (%)
13. Workshop 2: Management Structures for IT Security 13
3,125 0 6,32
8,98
39
81,25
75
0
10,53
19,76
12
9,375
21,875
100
83,16
71,26
49
9,375
Infrastructure Common Aspects IT Systems Network Application Security Application Development Security
MoEW Survey Result
Yes (%) No (%) Not applicable (%)
14. Result
IT security situation throughout Afghanistan is
insufficient and inadequate, mainly due to the
following aspects:
– Insufficientorganizationalstructures
– Lack of qualifiedIT personnel
– Absence of solidIT infrastructures
– VulnerabilitiesinIT systems (hardware and
software)
– Communicationand networks
– Emergencyplanning
– Nation-wideIT security policy
Workshop 2: Management Structures for IT Security 14
15. –Creation of an effective IT security
managementsystem
–Establishment of anAuthority for
Security in InformationTechnology in
Afghanistan
Workshop 2: Management Structures for IT Security 15
17. Management
Principles for
Achieving
Security
Objectives
–Initiative for information security should
originate in the management level
–Top management level is responsible in general
for information security
–Management level acts as a role model when it
comes to information security
Workshop 2: Management Structures for IT Security 17
19. Botnets: A
destructive
force to
Cyber
Security
– Botnets are one of the greatest cyber threats in this time
– Bot masters endeavor to keep their identity hide, using P2P
technology
– The next generationof botnets will target wider rangeof
attacks than present day botnets
– Most of IoT devices are vulnerable to botnets
Workshop 2: Management Structures for IT Security 19
20. – Deploy an email security gateway, to check email
traffic
– Utilize corporate firewalls, for detecting suspicious port
use or unknown transactions
– Deploy a web security gateway, to protect
downloadingcontents
– Deploy endpoint security with active/behavioral
monitoring
Workshop 2: Management Structures for IT Security 20
21. Discussion
Questions
and answers
–Challenges
Workshop 2: Management Structures for IT Security 21
Connectivity
Lack of
Information
Security
Management
System
Nation-wide
IT security
policy
Lack of
standardized
server form
Unlicensed
software
Lack of IT
Security
awareness
22. Discussion
Questions
and answers
–Challenges + Solutions
Workshop 2: Management Structures for IT Security 22
Connectivity
Lack of
Information
Security
Management
System
Nation-wide
IT security
policy
Lack of
standardized
server form
Unlicensed
software
Lack of IT
Security
awareness
Establishment of
anAfghanIXP
Establishmentof an authority
for security in Information
TechnologyinAfghanistan
24. Executive
Summary
Workshop 2: Management Structures for IT Security 24
Secure IT Culture
Training programs
and courses
Seminars and
conferences
Journals
Bulletin boards
Posters
Media coverage
Daily news websites
Security policy
Guidelines
A solid management structure (Office)
Mitigating risks for IT and cyberspace in
Afghanistan
Protecting networks
Maintaining a trustworthy operationof the IT
supply of the country
27. Reference
[1]. Z.Wafa, “Cyber Security inAfghanistan,” Unipath, 20-Aug-2015
[2]. IT Security Team, ITCCAfghanistan,IT Security Strategic Plan for
Afghanistan,Setting up anAuthority for Security in InformationTechnology
,September 30, 2017
[3]. IT Security Team, ITCCAfghanistan,Ministry of Energy and Water
Survey Report,July,30,2017
Workshop 2: Management Structures for IT Security 27