The need for developing a cyber security ecosystem of professionals

Similar documents
Regulatory, Policy and Legisla4ve Issues in Countering Cyber Crimes

Package of initiatives on Cybersecurity

National Open Source Strategy

Commonwealth Cyber Declaration

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Stakeholder feedback form

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

OAS Cybersecurity Capacity Building Efforts

Cyber Security Strategy

Driving Global Resilience

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

Madam MC, Distinguished Ladies and Gentlemen, Presenters and Conference Participants,

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

CYBER SECURITY AND DATA PROTECTION Theme: Securing Businesses and Public Transactions. Regional Headquarters, The University of the West Indies, Mona

AAPA Smart Ports. Cyber Management for Ports Panel. Small Port Cyber Security Workshops. March 6, 2018

Way to new challenges

Mobile Money Takes Centrestage at UWI s Fourth National Cyber Security Conference

Presented by: - Anselm Charles ICT Manager CARICOM IMPACS

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

Caribbean Cyber Security: Not Only Government s Responsibility

Cyber Security Roadmap

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

ENISA s Position on the NIS Directive

Awareness and training programs OPTUS MACQUARIE UNIVERSITY CYBER SECURITY HUB

***I DRAFT REPORT. EN United in diversity EN. European Parliament 2018/0328(COD)

Global Wildlife Cybercrime Action Plan1

Discussion on MS contribution to the WP2018

13967/16 MK/mj 1 DG D 2B

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

New CEPIS Mission

MASTER OF SCIENCE IN COMPUTER SCIENCE

Implementation Strategy for Cybersecurity Workshop ITU 2016

Cyber Management for Ports Results of Small Port Cyber Security Workshops

RESOLUTION 130 (Rev. Antalya, 2006)

EISAS Enhanced Roadmap 2012

Security Awareness Training Courses

ITU CBS. Digital Security Capacity Building: Role of the University GLOBAL ICT CAPACITY BUILDING SYMPOSIUM SANTO DOMINGO 2018

GUIDING PRINCIPLES I. BACKGROUND. 1 P a g e

College Of. Technological Innovation

RESOLUTION 45 (Rev. Hyderabad, 2010)

Promoting Global Cybersecurity

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

3/13/2015. COSO Revised: Implications for Compliance and Ethics Programs. Session Agenda. The COSO Framework

Virtual Currencies and The Commonwealth. 1 June 2016

RESOLUTION 130 (REV. BUSAN, 2014)

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

School of Engineering & Built Environment

CURRICULUM VITAE. Central European University, Graduate School of Business - Budapest Hungary From To September 2002 December 2003

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Fostering Competitiveness, Growth and Jobs. Wrocław, Poland, 15 October 2014

The NIS Directive and Cybersecurity in

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

Les joies et les peines de la transformation numérique

Bradford J. Willke. 19 September 2007

Provisional Translation

OCTOPUS CONFERENCE COOPERATION AGAINST CYBERCRIME Workshop 1: Policies, activities and initiatives on cybercrime of international organisations

Security in Today s Insecure World for SecureTokyo

BSc (Honours) Computer Science Curriculum Outline

European Risk Management Certification. Candidate Information Guide

European Union Agency for Network and Information Security

Dated 3 rd of November 2017 MEMORANDUM OF UNDERSTANDING SIERRA LEONE NATIONAL ehealth COORDINATION HUB

THE INSTITUTE OF CERTIFIED MANAGERS.

Draft Resolution for Committee Consideration and Recommendation

Cloud solution consultant

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

Objectives and Agenda

Digital government toolkit

School of Engineering & Built Environment

INTERNATIONAL TELECOMMUNICATION UNION

BSc/MSci Professional Accounting in Business Programme Structure

PMP Certification Program

KENYA SCHOOL OF GOVERNMENT EMPLOYMENT OPORTUNITY (EXTERNAL ADVERTISEMENT)

10025/16 MP/mj 1 DG D 2B

Cybersecurity for ALL

A Strategy for a secure Information Society Dialogue, Partnership and empowerment

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Implementing Cyber Standards for SMEs: A Commonwealth Approach

LEHMAN COLLEGE OF THE CITY UNIVERSITY OF NEW YORK. Department of Economics and Business. Curriculum Change

PROGRAMME SUMMARY You are required to take eight core modules in terms one and two as outlined in the module list.

Current skills gap for capable CTI analysts: Training for forensics & analysis

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION

Regional Development Forum For the Arab States(RDF-ARB) 2018

Reducing Risk and Building Capacity

KEY PROGRAMME INFORMATION. Originating institution(s) Bournemouth University. Faculty responsible for the programme Faculty of Science and Technology

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

ROJECT ANAGEMENT PROGRAM AND COURSE GUIDE

ASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat

COMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises

Workshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Chartered Membership: Professional Standards Framework

Call for Expressions of Interest

Association for International PMOs. Expert. Practitioner. Foundation PMO. Learning.

CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK

Update: IQ Certification Program UALR/IAIDQ

Revised November EFESC Handbook

Transcription:

The need for developing a cyber security ecosystem of professionals 24 th March 2017 Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director shiva@pinaka.co.tt @PinakaTT www.pinaka.co.tt

In Brief Over 20 years ICT experience now providing consultancy services to various clients, including Caribbean based Telcos and FinTech startups seeking to offer Digital Financial Services (DFS). Also assists clients in business development of Information Security services. In 2013, attained M.Sc. Information Security from University College London (UCL), UK. Pinaka Technology Solutions formed to assist organization with their strategic ICT needs. Adjunct Lecturer, University of West Indies, Arthur Lok Jack School of Business: Masters, Information Systems & Technology Management: Information Security, Ethics & Law Visit website, www.pinaka.co.tt, for additional information on services, workshops, publications

Oct 22 nd 2016 DYN attack 10s of millions of discrete IP addresses associated with the Mirai botnet were part of the attack.

Skype conversation with perpetrators

Internet of Things (IoT) In order to get users to use it, it must be simple to setup & reset. It is often copies of existing systems which are thrown together with little understanding of security. In order to keep costs down, it uses cheap processors, with limited capabilities and where memory is limited. Software developers often have no idea about how to properly implement secure code and, especially, encryption. The code is often "borrowed" from the Internet. Patching vulnerabilities for IoT devices is often difficult, as they often require the user to update them. Let's Take A "Bin" Walk Through IoT; William Buchanan, Professor, Napier University (2016)

State of cyber security in Trinidad & Tobago A senior position with responsibility for information security at a government agency with responsibility for implementation of the national strategy towards Information and Communication Technology (ICT) has been vacant since 2010. A senior representative of a multinational with local presence claimed he knew many world class Information Security professionals of Trinidadian heritage; but went further to state they all worked outside of Trinidad and Tobago. At a 2016 Christmas dinner event for an association of lawyers, a prominent lawyer lamented that Trinidad lawyers, having opted not to pursue continuing education, were deficient in various areas of increasing import including cybercrime.

Cybercrime underground economy Criminal entrepreneurs devise scams by procuring the necessary resources al a carte; taking advantage of specialization and economies of scale and resulting in a web of interactions which potentially span the globe. http://cseweb.ucsd.edu/~savage/papers/weis15.pdf

In out favour but TTPS Cybercrime Unit Cyber Security Agency & TT CSIRT Cybercrime Bill? Participation in regional cyber security development exercises However; At CSMII in St. Lucia 2016 Commonwealth Secretariat declared cyber security awareness and basics cyber hygiene were recurring deficiencies in the needs assessments exercises. Capacity development has public sector focus There is an emphasis on addressing legislative issues rather than implementing technical controls.

Cyber security needs private sector participation During the signing ceremony, OAS Secretary General Luis Almagro reiterated the commitment of the Organization to promote a comprehensive and multi-stakeholder approach to cyber issues, where the private sector and civil society play a fundamental role. He added that the contribution will be instrumental for enhancing the capacity of member states to prevent and respond to cyber threats,

Fight fire with fire One can argue that a criminal ecosystem, like many other cyber security threats, can only be disrupted by an equally powerful cyber security ecosystem of professionals. Ensure national pool of talent, at all levels, is being developed today to address unknown future needs. The status quo will forever bind us to a dependency upon the importation of expertise. The up-skilling of a national pool of experts also presents Trinidad and Tobago with opportunity in providing exportable resources both regionally and internationally as others seek to develop cyber security.

Tough questions Do we have an InfoSec community of experts in Trinidad and Tobago focusing on cyber security? If yes, who are the persons comprising this community? Is this a formal community or a loosely defined community which comes together temporarily during exercises such as this one? Does its membership lean towards greater participation from the public sector or the private sector? Is there recognition that private sector interest from a Small Medium Enterprise (SME) is not the same as the private sector interest of a large commercial entity?

Tough questions How are potential candidates encouraged to contribute within this community? Is the community comprised in such a way that both of fresh ideas and a wealth of experience are expressed in deliverables? Do the participants of this community come from different professions, backgrounds and skill sets? Can such a community adopt value chain relationships to be transformed into an active ecosystem of professionals seeking to promote national cyber security? Can the Integrated Threat Assessment Centre (ITAC) be the catalyst in the formation of such an ecosystem?

Recommendations 1. Proper recognition and appointment of national champion to oversee the development of cyber security locally. 2. National consultative body for cyber security with membership encouraging development of cyber security focused SMEs. Formal body can lead to informal cyber security ecosystem of professionals. 3. Encourage participation from the private sector/smes in local and regional cyber security meetings. Qualified entities should also be invited to participate in the training and capacity building exercises arising from such meetings. Financial assistance needed.

Recommendations 4. Assessment of critical infrastructure & key ministries and agencies in ICT. Organizational structure of these bodies should reflect cyber security maturity extending to the roles and responsibilities. Comprehensive set of policies and audit mechanisms to be defined. 5. Information Security Governance training for boards and senior management of various key organisations. Information Security Awareness training for the general population of employees. 6. InfoSec academic and professional development via alignment between the academic institutions, the national development needs scholarship system and the intake of graduates into the public and private sectors. Coordination with corporate entities towards the creation of funding for cyber security research.

Recommendations 7. Gov t should facilitate opportunities within the private sector to build and develop future cyber security competencies. InfoSec researchers, writers, lecturers, practitioners, policy makers, legal specialists and technical experts are needed. Gov t leads by example and procure services from fledgling entities seeking to provide services in cyber security. 8. Information Security awareness training needs to be conducted extensively within the secondary school system. 9. Take advantage of training and capacity development exercises from international bodies and multinational corporate entities to up-skill the national pool of experts (public and private sector) towards the goal of developing cyber security for economic development.

The need for developing a cyber security ecosystem of professionals 24 th March 2017 Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director shiva@pinaka.co.tt @PinakaTT www.pinaka.co.tt

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback