Implementation Strategy for Cybersecurity Workshop ITU 2016

Similar documents
The UK s National Cyber Security Strategy

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

CALIFORNIA CYBERSECURITY TASK FORCE

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Optus Macquarie University Cyber Security Hub A/Prof Christophe Doche Executive Director

Commonwealth Cyber Declaration

Directive on security of network and information systems (NIS): State of Play

STRATEGIC PLAN. USF Emergency Management

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Cyber Security Strategy

Security and resilience in Information Society: the European approach

Package of initiatives on Cybersecurity

ENISA EU Threat Landscape

U.S. Department of Homeland Security Office of Cybersecurity & Communications

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

Legal and Regulatory Developments for Privacy and Security

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Which Side Are You On?

JSC THE JUSTICE & SAFETY CENTER. Snapshot 2014

EUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity

Introductory Speech to the Ramboll Event on the future of ENISA. Speech by ENISA s Executive Director, Prof. Dr. Udo Helmbrecht

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

You will choose to study units from one of four specialist pathways depending on the career you wish to pursue. The four pathways are:

Valérie Andrianavaly European Commission DG INFSO-A3

Cyber Security in Europe

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

ENISA s Position on the NIS Directive

Ms. Izumi Nakamitsu High Representative for Disarmament Affairs United Nations

Cybersecurity & Digital Privacy in the Energy sector

Cyber Security Beyond 2020

BOARD OF REGENTS ACADEMIC AFFAIRS COMMITTEE 4 STATE OF IOWA SEPTEMBER 12-13, 2018

EU policy on Network and Information Security & Critical Information Infrastructures Protection

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Security by Default: Enabling Transformation Through Cyber Resilience

Introducing Maryville University s CYBER SECURITY ONLINE PROGRAMS. Bachelor of Science in Cyber Security & Master of Science in Cyber Security

CYBER RESILIENCE & INCIDENT RESPONSE

PEOPLE INNOVATION CAPITAL INFRASTRUCTURE AGILITY. New Brunswick Growth Opportunity. Cybersecurity

Security Director - VisionFund International

Cybersecurity, Trade, and Economic Development

Gujarat Forensic Sciences University

Digital Health Cyber Security Centre

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

ASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat

State Governments at Risk: State CIOs and Cybersecurity. CSG Cybersecurity and Privacy Policy Academy November 2, 2017

Cyber Resilience. Think18. Felicity March IBM Corporation

Position Title: IT Security Specialist

Bradford J. Willke. 19 September 2007

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

The Office of Infrastructure Protection

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

Cyber Security Roadmap

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

PIPELINE SECURITY An Overview of TSA Programs

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Cyber Resilience: Developing a Shared Culture. Sponsor Guide

Department of Homeland Security Updates

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

The role of COP/ITU on international level. Dr Ibrahim Al dabal chair of child on line council working group

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

Information Security Controls Policy

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Discussion on MS contribution to the WP2018

MALAYSIA S APPROACH IN CAPACITY BUILDING. Dr Amirudin Abdul Wahab Chief Executive Officer CyberSecurity Malaysia 24 March 2017

Current skills gap for capable CTI analysts: Training for forensics & analysis

Canada Life Cyber Security Statement 2018

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction

Global cybersecurity and international standards

Iowa Cyber Alliance Protecting the nation through cyber education Doug Jacobson Information Assurance Center Iowa State University

The Office of Infrastructure Protection

Itu regional workshop

Liberia ICT Policy

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

The Australian Government s Approach to Critical Infrastructure Resilience

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established

Aligning Academic Supply and Industry Demand

HPH SCC CYBERSECURITY WORKING GROUP

Disaster Recovery and Business Continuity Planning (Mile2)

Protecting information across government

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

Provisional Translation

Why you should adopt the NIST Cybersecurity Framework

Transcription:

Implementation Strategy for Cybersecurity Workshop ITU 2016 Council for Scientific and Industrial Research Joey Jansen van Vuuren

Intricacies and interdependencies cyber policies must address potential attacks by individuals organised crime terrorism aggressive nations seeking to involve themselves in the internal affairs of another country with the aim of cause irreparable harm to its economy or political structures

Elements

National Cybersecurity Implementation Framework

Cybersecurity Approach and Culture Political will Adapted organisational structures Identification of accurate proactive and reactive measures Reducing criminal opportunities Education and awareness (Ghernouti-Hélie)

Implementation process Do a detailed analysis of the policy strategy in manageable, comprehensible parts. Develop the governance structures responsible for the implementation of the strategy. Design strategic moves to achieve the identified strategic goals. (Otoom)

Proposed African Structure

Strategic Moves and Controls (1) Cybersecurity contingency plans that will include the national response capability and contingency plans. Cybersecurity exercises are used to assess the preparedness of a community for technology failures and emergencies. Baseline security requirements are developed in consultation with security partners. Vision, scope, objectives and priorities established using the assessment of objectives of the strategy that is used to evaluate and update the action plan due to operational environment changes. A national risk assessment approach ensure that all government bodies identify and monitor most significant emergencies regarding cybersecurity that citizens could face.

Strategic Moves and Controls (2) Evaluation of existing laws and policies to determine gaps in the governance models of cybersecurity. Development of governance structures including command, control and communication Engagement of stakeholders includes the identification and involvement of these stakeholders. Establishment of information sharing platforms and mechanisms include the level of utilisation, actions taken based on analysis of data collected, parties involved and incidents, threats and vulnerabilities identified. Goche and Gouveia

Resilience program Definition of risks that goes beyond compliance and identifies the measures that should to be in place if a cyberattack is made. Development of a security policy that focuses on the threats to secure assets. This includes people, processes, and technology that are connected to, or have access to those assets. Compilation of a cyber-recovery plan in the case of a cyberattack. Emergency exercises on a regular basis and testing of recovery plans to ensure that cyber resilience is in place in case the environment changes. ENISA

Cybersecurity Centre for Innovation Government Research Industry/Business Collaboration between industry, universities and government to address advanced cyber threats; to build a sustainable knowledgebased workforce that support the needs of government, industry, and academia. Higher Education

Cybersecurity Centre of Innovation Centre must be a world-class centre designed for cyber research and development, customer and partner collaboration and innovation. Centre must be fully equipped for live cyber technology exercises and demonstrations required by industry; Centre must be the able to do safe testing in both simulated & real world environment for development of integrated cyber solutions.

Cybersecurity Centre of Innovation Functions: Coordination of collaboration to bring together expert practitioners and researchers to conduct threat analysis and share best practices under a Non-Disclosure Agreement including technical exchange meetings that can build personal relationships among front-line cyber operations staff. Launch of a secure Cybersecurity Web Portal to enhance information-sharing and access to key data. Develop R&D solutions to improve cyber defences and address cyber security gaps. Expand education opportunities for pipeline in the cyber security field. Develop new Qualifications and Certifications

Key Activities Information Sharing Identify new threat indicators Share best practices Build cross sector networks and personal relations Technical exchange meetings Web portal (Non disclosure Agreement) Education Development of a knowledgeable cyber workforce Availability of bursaries, internships and studentships Formal qualifications Awareness Cyber exercises Research & Development Innovative cyber solutions Research chairs Support for policy development and legislation Save testing in real and simulated environments for integrated cyber solutions Funded by Government, Industry and NRF

Exchange Platform Provides a single cyber threat intelligence repository Leverage collective intelligence of the security community Turn volumes of raw data into actionable intelligence

The Platform Data visualisation & analysis tools

Education Build a Cybersecurity pipeline and cultivate a knowledge-based workforce in the Cyber domain. Availability of bursaries, internships and studentships sponsored by industry and government. Use new educational approaches e.g. online training and collaborative environments into cyber security education. Create a standardised and comprehensive training and development program to grow and retain existing Cybersecurity workforce. Create and implement standards of performance through a professional certification system Courses to citizens on Cybersecurity Awareness Subject e.g. Cyber Science in Schools Curriculate new university courses pre and post graduate.

Education Qualifications Currently Information Security done mostly by short courses, or specialisation in Masters Degrees Build a Cybersecurity pipeline through academic institutions nationwide and with other key partners. Launch new technology degrees geared toward cultivating a knowledge-based workforce in the Cyber domain. Certificate in Cybersecurity Awareness at Colleges (For workforce and citizens) Diploma in Cybersecurity catering for Operators of Security Operation Centres and Network Operation Centresh Cybersecurity degrees (3 years) Cyber Engineering a four-year undergraduate degree that is best described as the marriage of Computer Science (CS) and Electrical Engineering (EE) applied to the cyberspace domain. Post graduate Diploma in Cybersecurity (workforce) Masters Degree in Cybersecurity

Games Secur-a-thon Siberytic

Training the Cybersecurity Workforce Internet simulation platform to do Custom training scenario construction Real-time integration of users in network Rehearse and improve cybersecurity skills Real-time visualisation, management & control over training scenario

Cybersecurity Research in CCOI Create cybersecurity research groups Identification of research staff and study leaders. Identification of students. Seed funding. Workshops for technical training of new research groups. Collaboration between institutions in geographical area. Collaboration with industry. Scholarship and bursaries must be available to students.

Testing Facilities for Cybersecurity devices Internet Simulator is a test range: Emulates realistic networking environments Networking technologies are tested and analysed Hardware is performance tested and analysed (DMZ Project) Before it is used in an organisation's networking infrastructure It is also used to train the cyber-warriors and develop cyber tools to keep networks secure.

Network Emulation and Simulation laboratory (NESL) Security & networks research platform with high throughput rates and malware. (Web Based Internet Simulator) for Collaborative R D & I Supports: o o Device verification and product testing. Network evaluation Hardware Software Runtime behaviour o o Network security training and cyber exercises. Industry collaborative research and product testing.

Capabilities Aims to assist researchers by providing a platform to conduct security research. Can emulate network nodes and simulate network traffic. Can provide the following capabilities: Validation of a network and device configuration (hardware in the loop). Conducting network performance testing. Perform penetration testing and other security tests without exposing real network. Testing of custom built security applications. Provide a platform to conduct user training on networking and security fundamentals. Accessible through a web browser

Industry Collaboration Contacts to be made with Industry partners First negotiations for cybersecurity patent.

Thank You jjvvuuren@csir.co.za

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback