SlideShare a Scribd company logo

Management Structures for IT Security

Z
zohraz

Management Structures for IT Security

Technology
1 of 27
Download to read offline
Workshop 2 Management Structuresfor ITSecurity Executive summery and key findings 13th IT Conference at Ministry of Higher Education Presented by: ZohraZekeria The image part20 December 2017
Contents –Introduction –Workshop Summary Workshop 2: Management Structures for IT Security 2
Introduction –Afghanistan has already traveled a considerable distance in the past 15 years. –Wide variety of work process are being handled using IT services: –Ministries and Institutions –Banks and Mobile communication –Identification cards (Tazkira) and Election Workshop 2: Management Structures for IT Security 3
New Challenges for the Country –Effective and secure operation of all these technologies and services greatly depends on: –Reliable IT infrastructures –Effective management system –Secure IT systems etc. –Threats –Malware (Spam, phishing –Targeted attacks –Human errors Workshop 2: Management Structures for IT Security 4
Information Security in Afghanistan –From 2011 to 2015 the total loss associated with cyber crimes was 1.3 billion AFN (afghani) –Most of these — 70 percent — were committed by internal staff at financial institutions. –Three out of four computers in Afghanistan are infected with malware, meaning roughly 75 of Internet traffic is infected. [1] Workshop 2: Management Structures for IT Security 5
What is Information Security Management System? –A systematic and structured approach to manage information so that it remains secure. Workshop 2: Management Structures for IT Security 6 It is a Management process It is not a technological process
Workshop Overview – Morning Session - Presentations – Afternoon Session - Discussion+ Q&A 7Workshop 2: Management Structures for IT Security
Speakers – Mustafa Naier and ZohraZekeria - Lecturers at Kabul PolytechnicUniversity – Said JawadSaidi - Lecturer at Kabul EducationUniversity – Niaz Mohammed Ramaki - Lecturer at Kabul PolytechnicUniversity 8Workshop 2: Management Structures for IT Security
Topics Covered 1. CurrentSituation of Network and Internet Policy 2. Result of IT SecurityAnalysis 3. Role of Organization Administration in Information Security 4. Botnets: A destructive force to Cyber Security 9Workshop 2: Management Structures for IT Security
Current Situation of Network and Internet Policy –In Afghanistan –The networks have problem regarding to its performance, traffic logged , network management, and security policies. –NCSA (2014-2015) have started to work on some of the policies but the state of its implementation is unknown –Lack of policy, awareness and enforcement 10Workshop 2: Management Structures for IT Security
Result of IT Security Analysis SecurityChecklists Workshop 2: Management Structures for IT Security 11 CommonAspects Application Development Security
Workshop 2: Management Structures for IT Security 12 27,08 1,99 20,00 8,98 7,00 10,16 55,21 24,38 51,58 19,16 44,00 35,94 17,71 73,63 28,42 71,86 49,00 53,91 Infrastructure Common Aspects IT Systems Network Application Application Development MoWA Survey Result Yes (%) No (%) Not Applicable (%)
Workshop 2: Management Structures for IT Security 13 3,125 0 6,32 8,98 39 81,25 75 0 10,53 19,76 12 9,375 21,875 100 83,16 71,26 49 9,375 Infrastructure Common Aspects IT Systems Network Application Security Application Development Security MoEW Survey Result Yes (%) No (%) Not applicable (%)
Result IT security situation throughout Afghanistan is insufficient and inadequate, mainly due to the following aspects: – Insufficientorganizationalstructures – Lack of qualifiedIT personnel – Absence of solidIT infrastructures – VulnerabilitiesinIT systems (hardware and software) – Communicationand networks – Emergencyplanning – Nation-wideIT security policy Workshop 2: Management Structures for IT Security 14
–Creation of an effective IT security managementsystem –Establishment of anAuthority for Security in InformationTechnology in Afghanistan Workshop 2: Management Structures for IT Security 15
Role of Organization Administrati on in Information Security – Critical Success Factor for ISMS – Visible Support and Commitment from All Levels of Management Workshop 2: Management Structures for IT Security 16
Management Principles for Achieving Security Objectives –Initiative for information security should originate in the management level –Top management level is responsible in general for information security –Management level acts as a role model when it comes to information security Workshop 2: Management Structures for IT Security 17
Fundamental Contribution from Management Provision to fund information security management activities Workshop 2: Management Structures for IT Security 18
Botnets: A destructive force to Cyber Security – Botnets are one of the greatest cyber threats in this time – Bot masters endeavor to keep their identity hide, using P2P technology – The next generationof botnets will target wider rangeof attacks than present day botnets – Most of IoT devices are vulnerable to botnets Workshop 2: Management Structures for IT Security 19
– Deploy an email security gateway, to check email traffic – Utilize corporate firewalls, for detecting suspicious port use or unknown transactions – Deploy a web security gateway, to protect downloadingcontents – Deploy endpoint security with active/behavioral monitoring Workshop 2: Management Structures for IT Security 20
Discussion Questions and answers –Challenges Workshop 2: Management Structures for IT Security 21 Connectivity Lack of Information Security Management System Nation-wide IT security policy Lack of standardized server form Unlicensed software Lack of IT Security awareness
Discussion Questions and answers –Challenges + Solutions Workshop 2: Management Structures for IT Security 22 Connectivity Lack of Information Security Management System Nation-wide IT security policy Lack of standardized server form Unlicensed software Lack of IT Security awareness Establishment of anAfghanIXP Establishmentof an authority for security in Information TechnologyinAfghanistan
Challenges of Establishing a Management Structure for ITSecurity Workshop 2: Management Structures for IT Security 23 Political issues Organizational issues Qualified Human Resource Funding Project Maintenance
Executive Summary Workshop 2: Management Structures for IT Security 24 Secure IT Culture Training programs and courses Seminars and conferences Journals Bulletin boards Posters Media coverage Daily news websites Security policy Guidelines A solid management structure (Office) Mitigating risks for IT and cyberspace in Afghanistan Protecting networks Maintaining a trustworthy operationof the IT supply of the country
Thanks for your attention Workshop 2: Management Structuresfor IT Security 25
Workshop 2: Management Structuresfor IT Security 26
Reference [1]. Z.Wafa, “Cyber Security inAfghanistan,” Unipath, 20-Aug-2015 [2]. IT Security Team, ITCCAfghanistan,IT Security Strategic Plan for Afghanistan,Setting up anAuthority for Security in InformationTechnology ,September 30, 2017 [3]. IT Security Team, ITCCAfghanistan,Ministry of Energy and Water Survey Report,July,30,2017 Workshop 2: Management Structures for IT Security 27

Recommended

Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Malaysia University of Science and Technology (MUST)
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET Journal
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecuritySai Chandra Chittuluri
 

Recommended

Security Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsSecurity Solutions against Computer Networks Threats
Security Solutions against Computer Networks ThreatsEswar Publications
 
Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Conference Paper at International Conference on Enterprise Information System...
Conference Paper at International Conference on Enterprise Information System...Malaysia University of Science and Technology (MUST)
 
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...Analytical survey of active intrusion detection techniques in mobile ad hoc n...
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
 
Comparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for SmartphonesComparative Study on Intrusion Detection Systems for Smartphones
Comparative Study on Intrusion Detection Systems for Smartphonesiosrjce
 
Safeguarding the Internet of Things
Safeguarding the Internet of ThingsSafeguarding the Internet of Things
Safeguarding the Internet of ThingsCognizant
 
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET- A Review of Information Systems Security: Types, Security Issues, and ...
IRJET- A Review of Information Systems Security: Types, Security Issues, and ...IRJET Journal
 
IRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET- Cybersecurity: The Agenda for the Decade
IRJET- Cybersecurity: The Agenda for the DecadeIRJET Journal
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecuritySai Chandra Chittuluri
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile SecurityArrow ECS UK
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8virtualmemory
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017Sustainable Resources Management
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systemsAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Cisco Service Provider Mobility
 
Epic Sales Presentation
Epic Sales PresentationEpic Sales Presentation
Epic Sales Presentationdpsmith1968
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsSukanya Ben
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Symantec government technology summit abstract
Symantec government technology summit abstractSymantec government technology summit abstract
Symantec government technology summit abstractCarahsoft
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns Exosite
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docxAmir Khan
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesomriyad
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systemsOmid Aminzadeh Gohari
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
 
ITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 
188
188188
188vivatechijri
 
Intrusion detection systems for internet of thing based big data: a review
Intrusion detection systems for internet of thing based big data: a reviewIntrusion detection systems for internet of thing based big data: a review
Intrusion detection systems for internet of thing based big data: a reviewInternational Journal of Reconfigurable and Embedded Systems
 

More Related Content

What's hot

Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile SecurityArrow ECS UK
 
Epic Sales Presentation
Epic Sales PresentationEpic Sales Presentation
Epic Sales Presentationdpsmith1968
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsSukanya Ben
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESijcsit
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specificationsSsendiSamuel
 
Symantec government technology summit abstract
Symantec government technology summit abstractSymantec government technology summit abstract
Symantec government technology summit abstractCarahsoft
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16James Rutt
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns Exosite
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docxAmir Khan
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesomriyad
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systemsOmid Aminzadeh Gohari
 
Internet of things
Internet of thingsInternet of things
Internet of thingsvarungoyal98
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIOSR Journals
 
ITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution marketSameerShaikh225
 

What's hot (20)

Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
 
386sum08ch8
386sum08ch8386sum08ch8
386sum08ch8
 
ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017ISA Toronto Chapter Presentation-March 2017
ISA Toronto Chapter Presentation-March 2017
 
Securing information systems
Securing information systemsSecuring information systems
Securing information systems
 
Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)Wireless Security on Context (disponible en español)
Wireless Security on Context (disponible en español)
 
Epic Sales Presentation
Epic Sales PresentationEpic Sales Presentation
Epic Sales Presentation
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
MIS-CH08: Securing Information Systems
MIS-CH08: Securing Information SystemsMIS-CH08: Securing Information Systems
MIS-CH08: Securing Information Systems
 
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVESAN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
AN EFFECTIVE METHOD FOR INFORMATION SECURITY AWARENESS RAISING INITIATIVES
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Symantec government technology summit abstract
Symantec government technology summit abstractSymantec government technology summit abstract
Symantec government technology summit abstract
 
Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16Cybersecurity-Real World Approach FINAL 2-24-16
Cybersecurity-Real World Approach FINAL 2-24-16
 
IoT security patterns
IoT security patterns IoT security patterns
IoT security patterns
 
Chapter 3.docx
Chapter 3.docxChapter 3.docx
Chapter 3.docx
 
Ics & computer security for nuclear facilities
Ics & computer security for nuclear facilitiesIcs & computer security for nuclear facilities
Ics & computer security for nuclear facilities
 
Session#7; securing information systems
Session#7; securing information systemsSession#7; securing information systems
Session#7; securing information systems
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Intrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile NetworksIntrusion Detection Techniques In Mobile Networks
Intrusion Detection Techniques In Mobile Networks
 
ITU-T Study Group 2 Introduction
ITU-T Study Group 2 IntroductionITU-T Study Group 2 Introduction
ITU-T Study Group 2 Introduction
 
Web application firewall solution market
Web application firewall solution marketWeb application firewall solution market
Web application firewall solution market
 

Similar to Management Structures for IT Security

S nandakumar
S nandakumarS nandakumar
S nandakumarIPPAI
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_bangloreIPPAI
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network SecuritySachithra Gayan
 
TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS
TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKSTWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS
TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKSijcsit
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...ijtsrd
 
A signature-based data security and authentication framework for internet of...
A signature-based data security and authentication framework for internet of...A signature-based data security and authentication framework for internet of...
A signature-based data security and authentication framework for internet of...IJECEIAES
 
A review: Artificial intelligence and expert systems for cyber security
A review: Artificial intelligence and expert systems for cyber securityA review: Artificial intelligence and expert systems for cyber security
A review: Artificial intelligence and expert systems for cyber securitybijejournal
 
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)Abbie Barbir
 
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...IJECEIAES
 
IRJET- CHAOS based Security for Online Transactions through GUI Implementation
IRJET- CHAOS based Security for Online Transactions through GUI ImplementationIRJET- CHAOS based Security for Online Transactions through GUI Implementation
IRJET- CHAOS based Security for Online Transactions through GUI ImplementationIRJET Journal
 
Cyber Attacks and Crimes in Cyber Security: A Comparative Analysis
Cyber Attacks and Crimes in Cyber Security: A Comparative AnalysisCyber Attacks and Crimes in Cyber Security: A Comparative Analysis
Cyber Attacks and Crimes in Cyber Security: A Comparative AnalysisIRJET Journal
 

Similar to Management Structures for IT Security (20)

188
188188
188
 
Intrusion detection systems for internet of thing based big data: a review
Intrusion detection systems for internet of thing based big data: a reviewIntrusion detection systems for internet of thing based big data: a review
Intrusion detection systems for internet of thing based big data: a review
 
Cybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - SkillmineCybersecurity in the Age of IoT - Skillmine
Cybersecurity in the Age of IoT - Skillmine
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 
S nandakumar_banglore
S nandakumar_bangloreS nandakumar_banglore
S nandakumar_banglore
 
Overview of IoT and Security issues
Overview of IoT and Security issuesOverview of IoT and Security issues
Overview of IoT and Security issues
 
Computer Network Security
Computer Network SecurityComputer Network Security
Computer Network Security
 
TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS
TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKSTWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS
TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKS
 
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
An Analytical Study on Attacks and Threats in Cyber Security and its Evolving...
 
Iot cyber security
Iot cyber securityIot cyber security
Iot cyber security
 
A signature-based data security and authentication framework for internet of...
A signature-based data security and authentication framework for internet of...A signature-based data security and authentication framework for internet of...
A signature-based data security and authentication framework for internet of...
 
Class activity 4
Class activity 4 Class activity 4
Class activity 4
 
A review: Artificial intelligence and expert systems for cyber security
A review: Artificial intelligence and expert systems for cyber securityA review: Artificial intelligence and expert systems for cyber security
A review: Artificial intelligence and expert systems for cyber security
 
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
ITU-T Perspectives on the Standards-Based Security Landscape (SG 17 Main Focus)
 
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...Proposed T-Model to cover 4S quality metrics based on empirical study of root...
Proposed T-Model to cover 4S quality metrics based on empirical study of root...
 
Federal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive PanelFederal IT Initiatives - BDPA Conference Executive Panel
Federal IT Initiatives - BDPA Conference Executive Panel
 
Cyber Security.pptx
Cyber Security.pptxCyber Security.pptx
Cyber Security.pptx
 
Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2Helping Utilities with Cybersecurity Preparedness: The C2M2
Helping Utilities with Cybersecurity Preparedness: The C2M2
 
IRJET- CHAOS based Security for Online Transactions through GUI Implementation
IRJET- CHAOS based Security for Online Transactions through GUI ImplementationIRJET- CHAOS based Security for Online Transactions through GUI Implementation
IRJET- CHAOS based Security for Online Transactions through GUI Implementation
 
Cyber Attacks and Crimes in Cyber Security: A Comparative Analysis
Cyber Attacks and Crimes in Cyber Security: A Comparative AnalysisCyber Attacks and Crimes in Cyber Security: A Comparative Analysis
Cyber Attacks and Crimes in Cyber Security: A Comparative Analysis
 

Recently uploaded

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 

Recently uploaded (20)

#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 

Management Structures for IT Security

  • 1. Workshop 2 Management Structuresfor ITSecurity Executive summery and key findings 13th IT Conference at Ministry of Higher Education Presented by: ZohraZekeria The image part20 December 2017
  • 2. Contents –Introduction –Workshop Summary Workshop 2: Management Structures for IT Security 2
  • 3. Introduction –Afghanistan has already traveled a considerable distance in the past 15 years. –Wide variety of work process are being handled using IT services: –Ministries and Institutions –Banks and Mobile communication –Identification cards (Tazkira) and Election Workshop 2: Management Structures for IT Security 3
  • 4. New Challenges for the Country –Effective and secure operation of all these technologies and services greatly depends on: –Reliable IT infrastructures –Effective management system –Secure IT systems etc. –Threats –Malware (Spam, phishing –Targeted attacks –Human errors Workshop 2: Management Structures for IT Security 4
  • 5. Information Security in Afghanistan –From 2011 to 2015 the total loss associated with cyber crimes was 1.3 billion AFN (afghani) –Most of these — 70 percent — were committed by internal staff at financial institutions. –Three out of four computers in Afghanistan are infected with malware, meaning roughly 75 of Internet traffic is infected. [1] Workshop 2: Management Structures for IT Security 5
  • 6. What is Information Security Management System? –A systematic and structured approach to manage information so that it remains secure. Workshop 2: Management Structures for IT Security 6 It is a Management process It is not a technological process
  • 7. Workshop Overview – Morning Session - Presentations – Afternoon Session - Discussion+ Q&A 7Workshop 2: Management Structures for IT Security
  • 8. Speakers – Mustafa Naier and ZohraZekeria - Lecturers at Kabul PolytechnicUniversity – Said JawadSaidi - Lecturer at Kabul EducationUniversity – Niaz Mohammed Ramaki - Lecturer at Kabul PolytechnicUniversity 8Workshop 2: Management Structures for IT Security
  • 9. Topics Covered 1. CurrentSituation of Network and Internet Policy 2. Result of IT SecurityAnalysis 3. Role of Organization Administration in Information Security 4. Botnets: A destructive force to Cyber Security 9Workshop 2: Management Structures for IT Security
  • 10. Current Situation of Network and Internet Policy –In Afghanistan –The networks have problem regarding to its performance, traffic logged , network management, and security policies. –NCSA (2014-2015) have started to work on some of the policies but the state of its implementation is unknown –Lack of policy, awareness and enforcement 10Workshop 2: Management Structures for IT Security
  • 11. Result of IT Security Analysis SecurityChecklists Workshop 2: Management Structures for IT Security 11 CommonAspects Application Development Security
  • 12. Workshop 2: Management Structures for IT Security 12 27,08 1,99 20,00 8,98 7,00 10,16 55,21 24,38 51,58 19,16 44,00 35,94 17,71 73,63 28,42 71,86 49,00 53,91 Infrastructure Common Aspects IT Systems Network Application Application Development MoWA Survey Result Yes (%) No (%) Not Applicable (%)
  • 13. Workshop 2: Management Structures for IT Security 13 3,125 0 6,32 8,98 39 81,25 75 0 10,53 19,76 12 9,375 21,875 100 83,16 71,26 49 9,375 Infrastructure Common Aspects IT Systems Network Application Security Application Development Security MoEW Survey Result Yes (%) No (%) Not applicable (%)
  • 14. Result IT security situation throughout Afghanistan is insufficient and inadequate, mainly due to the following aspects: – Insufficientorganizationalstructures – Lack of qualifiedIT personnel – Absence of solidIT infrastructures – VulnerabilitiesinIT systems (hardware and software) – Communicationand networks – Emergencyplanning – Nation-wideIT security policy Workshop 2: Management Structures for IT Security 14
  • 15. –Creation of an effective IT security managementsystem –Establishment of anAuthority for Security in InformationTechnology in Afghanistan Workshop 2: Management Structures for IT Security 15
  • 16. Role of Organization Administrati on in Information Security – Critical Success Factor for ISMS – Visible Support and Commitment from All Levels of Management Workshop 2: Management Structures for IT Security 16
  • 17. Management Principles for Achieving Security Objectives –Initiative for information security should originate in the management level –Top management level is responsible in general for information security –Management level acts as a role model when it comes to information security Workshop 2: Management Structures for IT Security 17
  • 18. Fundamental Contribution from Management Provision to fund information security management activities Workshop 2: Management Structures for IT Security 18
  • 19. Botnets: A destructive force to Cyber Security – Botnets are one of the greatest cyber threats in this time – Bot masters endeavor to keep their identity hide, using P2P technology – The next generationof botnets will target wider rangeof attacks than present day botnets – Most of IoT devices are vulnerable to botnets Workshop 2: Management Structures for IT Security 19
  • 20. – Deploy an email security gateway, to check email traffic – Utilize corporate firewalls, for detecting suspicious port use or unknown transactions – Deploy a web security gateway, to protect downloadingcontents – Deploy endpoint security with active/behavioral monitoring Workshop 2: Management Structures for IT Security 20
  • 21. Discussion Questions and answers –Challenges Workshop 2: Management Structures for IT Security 21 Connectivity Lack of Information Security Management System Nation-wide IT security policy Lack of standardized server form Unlicensed software Lack of IT Security awareness
  • 22. Discussion Questions and answers –Challenges + Solutions Workshop 2: Management Structures for IT Security 22 Connectivity Lack of Information Security Management System Nation-wide IT security policy Lack of standardized server form Unlicensed software Lack of IT Security awareness Establishment of anAfghanIXP Establishmentof an authority for security in Information TechnologyinAfghanistan
  • 23. Challenges of Establishing a Management Structure for ITSecurity Workshop 2: Management Structures for IT Security 23 Political issues Organizational issues Qualified Human Resource Funding Project Maintenance
  • 24. Executive Summary Workshop 2: Management Structures for IT Security 24 Secure IT Culture Training programs and courses Seminars and conferences Journals Bulletin boards Posters Media coverage Daily news websites Security policy Guidelines A solid management structure (Office) Mitigating risks for IT and cyberspace in Afghanistan Protecting networks Maintaining a trustworthy operationof the IT supply of the country
  • 25. Thanks for your attention Workshop 2: Management Structuresfor IT Security 25
  • 26. Workshop 2: Management Structuresfor IT Security 26
  • 27. Reference [1]. Z.Wafa, “Cyber Security inAfghanistan,” Unipath, 20-Aug-2015 [2]. IT Security Team, ITCCAfghanistan,IT Security Strategic Plan for Afghanistan,Setting up anAuthority for Security in InformationTechnology ,September 30, 2017 [3]. IT Security Team, ITCCAfghanistan,Ministry of Energy and Water Survey Report,July,30,2017 Workshop 2: Management Structures for IT Security 27