CONE 2019 Project Proposal on Cybersecurity

Similar documents
National Policy and Guiding Principles

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

The NIST Cybersecurity Framework

Accelerate Your Enterprise Private Cloud Initiative

White Paper. View cyber and mission-critical data in one dashboard

G7 Bar Associations and Councils

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Cybersecurity and Hospitals: A Board Perspective

Cyber Security and Cyber Fraud

Gujarat Forensic Sciences University

Cybersecurity, Trade, and Economic Development

locuz.com SOC Services

BUSINESS CONTINUITY MANAGEMENT

Principles for a National Space Industry Policy

Securing Your Digital Transformation

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cybersecurity & Privacy Enhancements

Cyber Security Program

Provisional Translation

The public sector s cybersecurity imperative

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Using the NIST Framework for Metrics 5/14/2015

Background. Threats. Present Status. Challenges and Strategies 9/30/2009 TRAI 2

CCISO Blueprint v1. EC-Council

Sage Data Security Services Directory

PROTECTION FOR WORKSTATIONS, SERVERS, AND TERMINAL DEVICES ENDPOINT SECURITY NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Section One of the Order: The Cybersecurity of Federal Networks.

Caribbean Cyber Security: Not Only Government s Responsibility

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

David Fletcher Co-Principal Investigator Western Management & Consulting LLC Albuquerque, NM

CYBERSECURITY MATURITY ASSESSMENT

IT-CNP, Inc. Capability Statement

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Integrated C4isr and Cyber Solutions

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

Certified Cyber Security Specialist

CA Security Management

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

Security by Default: Enabling Transformation Through Cyber Resilience

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

CYBER SECURITY AIR TRANSPORT IT SUMMIT

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Service. Sentry Cyber Security Gain protection against sophisticated and persistent security threats through our layered cyber defense solution

DHS Cybersecurity: Services for State and Local Officials. February 2017

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

DHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017

CYBERSECURITY FOR STARTUPS AND SMALL BUSINESSES OVERVIEW OF CYBERSECURITY FRAMEWORKS

Industrial control systems

Address C-level Cybersecurity issues to enable and secure Digital transformation

19-20 September 2018 The Trans Resort Kuta, Bali - Indonesia

FTA 2017 SEATTLE. Cybersecurity and the State Tax Threat Environment. Copyright FireEye, Inc. All rights reserved.

Cybersmart Buildings: Securing Your Investments in Connectivity and Automation

DEPARTMENT OF THE AIR FORCE PRESENTATION TO THE SUBCOMMITTEE ON STRATEGIC FORCES U.S. HOUSE OF REPRESENTATIVES

Cyber Security: Threat and Prevention

Symantec Business Continuity Solutions for Operational Risk Management

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Product Security Program

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

Cyber Security Summit 2014 USCENTCOM Cybersecurity Cooperation

CAPABILITY STATEMENT

THE EFFECTIVE APPROACH TO CYBER SECURITY VALIDATION BREACH & ATTACK SIMULATION

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Cybersecurity. Securely enabling transformation and change

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

CYBER RESILIENCE & INCIDENT RESPONSE

Information Technology General Control Review

Cyber Risk in the Marine Transportation System

THE POWER OF TECH-SAVVY BOARDS:

Vulnerability Assessments and Penetration Testing

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Continuous protection to reduce risk and maintain production availability

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

About Issues in Building the National Strategy for Cybersecurity in Vietnam

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

CYBER SECURITY TRAINING

Department of Defense. Installation Energy Resilience

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

GEORGIA CYBERSECURITY WORKFORCE ACADEMY. NASCIO 2018 State IT Recognition Awards

Cybersecurity in Government

Changing the Game: An HPR Approach to Cyber CRM007

PROFILE: ACCESS DATA

Cyber Intelligence Professional Certificate Program Booz Allen Hamilton 2-Day Seminar Agenda September 2016

The Value of Bipartisanship

IBM Global Technology Services Provide around-the-clock expertise and protect against Internet threats.

Critical Infrastructure Resilience

Cybersecurity for Service Providers

ISE Cyber Security UCITS Index (HUR)

A Methodology to Build Lasting, Intelligent Cybersecurity Programs

DELIVERING SIMPLIFIED CYBER SECURITY JOURNEYS

Transcription:

CONE 2019 Project Proposal on Cybersecurity Project title: Comprehensive Cybersecurity Platform for Bangladesh and its Corporate Environments Sector or area: Cybersecurity for IT, Communications, Transportation, Manufacturing, Energy, Health Care, Financial Sectors, Defense, Energy, Agriculture and all other government agencies Short description: The development of a meaningful Information Assurance and Cyber Security Plan for an organization is a key component of a viable strategy of any large enterprise. The protection and safeguarding of information must be integrated with the long-term corporate vision and plan to ensure resiliency against emerging cyber threats. The vision for the future begins with the existing computing infrastructure and Information Technology assets. The primary focus then is to develop requirements to drive a robust, responsive and scalable approach to using IT as a strategic asset. One of the key challenges facing the government and private enterprise is the need to ensure business continuity in the face of natural and man-made disasters. A comprehensive and enterprise level cyber security plan is a corner stone of building resiliency in the IT Infrastructure. This effort requires infrastructure development, a cyber security system, processes and standards as well as strong frameworks for compliance and governance. The cybersecurity threats are becoming more complex and sophisticated. In order to effectively protect organizations, tools and processes will also need to evolve. In many ways, this field is still in its infancy and presents opportunities for new ideas and products. The nature and scale of the cybersecurity threats to the government data centers and individual computing facilities continue to remain high. The threats range from individual hacking, virus and other malware attacks, targeted foreign intelligence gathering, sabotage to unpredictable but recurring natural and manmade disasters. The impacts of these threats include loss of critical assets, compromised national security and loss of commercial competitiveness in the marketplace. The United States has determined that threat of Cyber Warfare is the next big challenge to be confronted by American forces. This threat has recently evolved from direct attack on Civilian and Defense Government Agencies to private sector enterprises that are supporting the wide-ranging use of the Internet Infrastructure. This has become a recent priority on the same footing as defense military spending on arms and weapons. Figure 1: National Critical Infrastructure Sectors 1

Likewise, as shown in figure 1 above, we need to think about the security infrastructure in Bangladesh for all sectors such as IT, Communications, Transportation, Manufacturing, Energy, Health Care, Financial Sectors, Defense, Energy, Agriculture and all other government agencies. We need to look at a comprehensive view of the IT infrastructure for an agency and provide guidance to safeguard vulnerabilities in the security framework. This paper will provide a cook book to checkup the health of the cybersecurity environment for an agency and the steps to mitigate any risks and vulnerabilities. We will also provide case studies from the world s largest financial institutes (IRS) and show how we secure their IT infrastructure. Expected outcomes: Expected outcome is a comprehensive approach to cybersecurity. In order to protect the enterprise, the organization must take this holistic view that addresses the entire range of threats, vulnerabilities and associated remediation. The following diagram illustrates the typical technology solution mapped to the corresponding cybersecurity components. Impact on Bangladesh: Figure 2: Technology Solutions Mapped to Cybersecurity Components The impact on Bangladesh is tremendous as follows: Protecting the National Interest: Cyber-threats are pervasive and persistence. It is opportunistic in the sense that it exploits perceived and actual vulnerabilities. There are significant weaknesses in the country s cyber security posture to be able to adequately defend against sophisticated series of attacks targeted to both 2

commercial and public infrastructures. The potential impact of successful attacks may cripple the country s telecommunication infrastructure, major data centers and even the defense establishment. Protecting the National Security: Each organization will need to evaluate its current vulnerabilities in the area of security assets and determine the level of investment that would be necessary to harden the information and communication infrastructure (ICT). Personnel entrusted with information do not often have the tools or the infrastructure to perform the mandate to provide the highest level of security in protecting the organization assets. Protecting Government Information: Government recognizes the need to protect its information that is vital to its operation and to the national security. The defense sector has implemented much more rigorous methodology to support the insertion of advanced technology to protect its data. However, the data centers that contain government Sensitive but Unclassified (SBU) plans on roads and highways projects, international relationship management, RFP and bidding process, taxation data and national bank transactions are all vulnerable and can be compromised. Protecting Citizens Information: In this regard, government holds some of the largest databases of its citizens amongst all countries. The taxation, driver license and motor vehicle, health care and the voters registration database have resulted in large scale personally identifiable information (PII) to be hosted in the government care. The government recognizes much of this threat and have in the recent years have begun to develop enterprise level initiatives to protect this information from the technologically savvy cyber criminals and foreign intelligence gathering agencies. The health care sectors in the recent years have been aggressively introducing electronic record systems to keep track of individual health record, emphasizing the need for establishing robust security framework for protecting this information. Protecting from Fraud and Other Abuse: The private banking industry has been in the forefront of adoption curve for the latest information technology, accumulating massive amount of data on both domestic and foreign financial transactions. As it begins to roll out convenience features, such as Automated Teller Machines (ATM) and Internet Banking, the need for hardening its data centers becomes even more paramount. There are several agencies with specialized systems monitoring possible fraud with advanced fraud detection and remediation solution. This level of sophistication, however, will need to be adopted across the agencies as the frequency of the incidence and the nature of these abuses increase. Needed resources: Project/Program Manager, Business Analysists, Architects, CISSP certified Subject Matter Experts (SME), Software Engineers, QA Engineers, Hardware, Software, COTS Solutions Business plan: A detailed business plan will be furnished in the subsequent phase. The overall strategy is to provide a comprehensive step-by-step process for securing IT infrastructure with the most cost effective and optimized way. This project should create local talents within Bangladesh to secure its own environments as well as providing cybersecurity support elsewhere around the world as an outsourcing capability. If pilot project is needed, what will be the cost? A pilot or a proof of concept lab environment will be established as part of the cybersecurity center of excellence knowledge center. A prototype of world class cybersecurity solutions will be stood up for hands on 3

knowledge sharing in Cybersecurity field of study. The actual cost for developing this environment will be available in the next phase. Expected ROI: The ROI would be to safeguard different sectors of both government and commercial agencies from all sorts of cyber threats. This would enable Bangladesh to produce an exponential return on investment by eliminating data loss and privacy. 250 ROI Forecast: Polynomial Trendline 200 $10k 150 100 50 0 Jan-19 Mar-19 May-19 Expected timeline: Figure 3: ROI Forecast At a very high level, it will take about a year to establish a Cybersecurity lab to demonstrate the solutions to security professionals and the stakeholders. The detailed implementation and its overall timeline will be provided in the subsequent phase. Project sustainability plan: Jul-19 Sep-19 Nov-19 Jan-20 Mar-20 May-20 Jul-20 Sep-20 Nov-20 Jan-21 Mar-21 May-21 Jul-21 Sep-21 Nov-21 Sustainability plan for this project will furnished using the following key action items: Develop Goals and Objectives Research and identify potential stakeholders Jan-22 Mar-22 Period May-22 Jul-22 Sep-22 Nov-22 Jan-23 Mar-23 May-23 Jul-23 Sep-23 Nov-23 Jan-24 Mar-24 May-24 Jul-24 Sep-24 Nov-24 4

Initiate relationship with potential stakeholders Analyze Program Cost Continue to cultivate stakeholders and create buy in Concise and distinct ROI Follow-up Be a Good Steward Create and execute a sustainable plan List of NRB experts in this field: Cybersecurity Analyst, Cybersecurity SME, Architect, Software Engineer and Data Scientists Principal project contact: Name: Faisal Quader Designation: President at Technuf LLC Email Address: Faisal.quader@technuf.com Phone: 301-526-7888 Please insert the author s picture. 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback