cyber security 2016 cade zvavanjanja1
TRANSCRIPT
SECURE E-SYSTEMS AS A COMPETITIVE
ADVANTAGE IN A GLOBAL MARKETS
ByCade Zvavanjanja
Cybersecurity Strategist
Presentation for e-Tech 2016 organized by
Ministry of ICT Zimbabwe (Government)
AGENDA 5 Common Mistakes Is Zimbabwe under threat What is cybersecurity Case for competitive advantage Way forward
Is Zimbabwe under threat??
Some Responses
HACKERS INFORMATION WARRIORS?
Personal motives Retaliate or ”get even” Political or terrorism Make a joke Show off/Just BecauseElite Hackers
Black Hat Grey Hat White Hat No hat
Malicious Code Writers Criminal Enterprises Trusted Insiders
Economic gain Steal information
Blackmail
Financial fraud
Inflicting damage Alter, damage or delete
information
Deny services
Damage public image
How is info attacked
TODAY’S TREND
Terrorists White Collar Crime
Open Source
Disasters Theft Scripts ID Theft
Insider/Espionage
Easy of attacks
Zimbabwe Landscape
Zimbabwe vs. Global Landscape
Process
Organization
Technology
Opt/in/out
Regulatory Requirement
Security/Privacy Policy
Planning and Strategy Program Maturity Program Metrics
Cybersecurity Architecture
• Privacy Strategy• Data Classification Analysis• Privacy Teams• Policy Development• Policy Update Plans• Decision Management• Privacy Support Architecture• Awareness
• Privacy Risk Assessments• Data Governance• Vendor Governance• Technology Planning • Business Process Review• Information Security • Information Privacy
• External Support Infrastructure• Privacy Auditing• Incident Response• Crisis Management• Knowledge Management• Consumer Support Infrastructure• Open Source Intelligence
People
ComplianceCompliance
18
Ecommerce Site
Data Storage
Business Interfaces
IT/IS/Developme
ntAnti-Virus
Firewalls
Encryption
Security in SDLC
Threat Modelling
Build Standards
Information Security Policies
Legislative Compliance
Configuration Reviews
Patch Management
Access Control Reviews
Application Testing
Penetration Testing
Intrusion Detection
Vulnerability Assessment
Vetting / ReferencesDisciplinary Procedure
Awareness & Training
Holistic IT security
-Technology containment- Process containment- Procedure containment
- Engage digital forensics process- Collect evidence- Engage 3rd party
- Detect Incident - Identify source of identified-Log incident- Reduce false positive
HIGH LEVEL OVERVIEW
Detection
Digital Forensics
Resolution & Reporting
Assessment
AnalysisContainment
- Determine scope- Assemble Response Team- Collect & sort facts
- Determine scope- Assemble Response Team- Collect & sort facts
- Notify client- Notify regulators- Remediate- Analyze long term effects- Analyze lessons learned
Privacy Incident Response Process