ITU-IMPACT Capacity Building for Least Developed & Developed Countries

Similar documents
ITU-IMPACT. Regional Cybersecurity Forum - CLMV

INTRODUCTION OVERVIEW ON CYBERCRIME

Global Cybersecurity Agenda

INTERNATIONAL TELECOMMUNICATION UNION

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Cybersecurity for ALL

Global cybersecurity and international standards

RESOLUTION 45 (Rev. Hyderabad, 2010)

Regional Cyber security Forum for Africa and Arab States, Tunis, Tunisia 4 th -5 th June 2009

Stakeholders Analysis

Collaboration between National CSIRTs. Marco Obiso Cybersecurity Coordinator International Telecommunication Union (ITU)

RESOLUTION 130 (REV. BUSAN, 2014)

About Issues in Building the National Strategy for Cybersecurity in Vietnam

KENYA YOUR RELIABLE PARTNER AT THE ITU. Candidate for the ITU Council in Region D

RESOLUTION 130 (Rev. Antalya, 2006)

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

Implementation Strategy for Cybersecurity Workshop ITU 2016

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Role of ITU in Building Security & Trust in Cyberspace

Cybersecurity Capacity ITU Preetam Maloor Strategy & Policy Advisor 3 March 2015

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Panel 1 National CSIRT Experience

Bradford J. Willke. 19 September 2007

The role of COP/ITU on international level. Dr Ibrahim Al dabal chair of child on line council working group

ENISA s Position on the NIS Directive

Securing Europe's Information Society

ITU-ACMA Asia Pacific Regulators Roundtable July 2014

UCD Centre for Cybersecurity & Cybercrime Investigation

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Security and resilience in Information Society: the European approach

GLOBAL CYBERSECURITY INDEX 2016

National CIRT - Montenegro. Ministry for Information Society and Telecommunications

Cybersecurity & Spam after WSIS: How MAAWG can help

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

CIRT: Requirements and implementation

RESOLUTION 47 (Rev. Buenos Aires, 2017)

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

CyberSecurity Training and Capacity Building: A Starting Point for Collaboration and Partnerships. from the most trusted name in information security

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Provisional Translation

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

JOINT MEDIA STATEMENT

Australian Government Cyber-security Activities in the Pacific

JOINT MEDIA STATEMENT

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Promoting Global Cybersecurity

Related to the Internet

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

Best Practices in Public Information Management in Sri Lanka. Presented by Nimal Athukorala D.C. Dissanayake

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Caribbean Cyber Security: Not Only Government s Responsibility

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

IMPACT Global Response Centre. Technical Note GLOBAL RESPONSE CENTRE

DHS Cybersecurity: Services for State and Local Officials. February 2017

Achieving effective risk management and continuous compliance with Deloitte and SAP

Cyber Resilience. Think18. Felicity March IBM Corporation

Action Plan to enhance preparedness against CBRN security risks

CONTEMPORARY CYBER ATTACK TRENDS AND CHALLENGES DR SHASHWAT RAIZADA

Training + Information Sharing: Pillars of enhancing cybersecurity posture

California Cybersecurity Integration Center (Cal-CSIC)

ITU Centre of the Czech Technical University in Prague

Package of initiatives on Cybersecurity

ITU- Arab Regional Cyber Security Center s Activities & Regional Threats landscape

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Centre for cybersecurity Belgium : Role, Missions et future capacities

PIPELINE SECURITY An Overview of TSA Programs

Forum. Ningbo, China 25 February

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

RESOLUTION 67 (Rev. Buenos Aires, 2017)

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Position Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED

National Cybersecurity preparation to deal with Cyber Attacks

Cybersecurity & Digital Privacy in the Energy sector

WSIS Implementation and Follow-up Towards the Overall Review WSIS+10

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

Strengthening Emergency Preparedness and Response Capacity in Asia. Irfan Maqbool Director, Risk Governance Department ADPC, Thailand

OAS Cybersecurity Capacity Building Efforts

Cyber Security Technologies

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

How Boards use the NIST Cybersecurity Framework as a Roadmap to oversee cybersecurity

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Establishing National Incident Response Capability for Viet Nam - VNCERT activities and challenges

Today s cyber threat landscape is evolving at a rate that is extremely aggressive,

Building a Resilient Security Posture for Effective Breach Prevention

Big Data Value cppp Big Data Value Association Big Data Value ecosystem

CYBER CAMPUS KPMG BUSINESS SCHOOL THE CYBER SCHOOL FOR THE REAL WORLD. The Business School for the Real World

The UK s National Cyber Security Strategy

PacNOG-21. Migrating to IPv6 : Experiences from Asia-Pacific

National Policy and Guiding Principles

This is UNDAC United Nations Disaster Assessment and Coordination

Transcription:

ITU-IMPACT Capacity Building for Least Developed & Developed Countries Marco Obiso Cybersecurity Coordinator International Telecommunication Union (ITU) 30 January 2012

ITU and cybersecurity 2003 2005 WSIS entrusted ITU as sole facilitator for WSIS Action Line C5 Building Confidence and Security in the use of ICTs 2007 ITU Secretary General launched the Global Cybersecurity Agenda (GCA) A framework for international cooperation in cybersecurity 2008 2010 ITU Membership endorsed the GCA as the ITU wide strategy on international cooperation. 2

ITU-IMPACT strategy IMPACT s partners Industry Experts Academia International Bodies Think Tanks 3

Training & Skills Development

Training & Skills Development Mission To increase knowledge and skills in cybersecurity domains for ITU-IMPACT partner countries. Vision To become a global training provider in cybersecurity to effectively understand and manage cybersecurity to prevent, defend against and respond to cyber threats. 5

Training & Skills Development Providing world class capability & capacity programmes Specialised training programs IMPACT SecurityCore IMPACT Network Forensics IMPACT Developing & Implementing a CIRT IMPACT Forensics Investigation for Law Enforcement IMPACT Malware Analysis Scholarship - partnership with global certification body EC-Council (USD $1mil. grant) Global certification courses and Partners ITU Centres of Excellence (ISC) 2 EC-Council 6

Training & Skills Development Training Roadmap 7

ITU-IMPACT Training Milestones 2009-2011 Trained over 200 cybersecurity professionals and practitioners in 2010 Deployed 220 scholarships to 41 partner countries globally Trained 50 law enforcement officers globally on Network Investigation for Law Enforcement Trained 40 government, CIRT & telecom officers from 19 Countries on Securing Networks under ITU CoE (Asia Pacific) Developed IMPACT SecurityCore Programme to meet needs of partner countries and governments 8

ITU-IMPACT CIRT Assessment & Implementation Project

Developing National CIRTs Encourage the creation of national computer incident response teams, particularly for developing countries There is still a low level of computer emergency preparedness within many countries particularly developing countries The high level of interconnectivity of ICT networks could be affected by the launch of an attack from networks of the less-prepared nations, which are mostly the developing countries The importance of having an appropriate level of computer emergency preparedness in all countries The need for establishment of computer incident response teams (CIRTs) on a national basis Importance of coordination within and among the regions, 10

ITU-IMPACT Support for Member States Proposed CIRT Model ITU IMPACT Support 11

CIRT Deployment Phase 1 : Basic CIRT Services (6 Months) Proactive Services» Cybersecurity Training & Awareness Activities within the country Reactive Services» Incident response & handling (both remote and on-site).» Alerts & warnings» Vulnerability response Key Activities (sub phases) :- Assessment Planning & Design Implementation & Testing Operations Collaboration 12

Current Status ITU IMPACT performed readiness assessment Countries are now moving to the implementation phase 13

CYBER DRILL ITU-IMPACT ALERT (Applied Learning for Emergency Response Team)

Objectives The objectives of the ITU-IMPACT ALERT are to encourage participants to: Recognize the growing importance of cross-border cooperation and coordination in cyber security; Enhance the communication and participating teams incident response capabilities; and Enhance the CERT/CIRTs current processes and procedures in handling cyber threats and attacks. 15

ITU-IMPACT ALERT Execution The cyber drill exercise was based on real life scenarios to gauge the CERT/CIRTs incident handling capabilities such as: Spam Web defacement Malware 16

ITU-IMPACT ALERT Execution (Contd.) Start The attack details were sent by the organizer to the participants in the form of e-mails. The participants performed their analysis on the incident and came out with the mitigation solution Player receives incidents via email Player performs incident analysis Done Team observer assists the players Prepare advisory report on the incident and submit to the organizer via email. Submit advisory report to organiser via email Organiser sends an acknowledgement End 17

Participants The ITU-IMPACT ALERT 2011 participants included members of Computer Emergency / Incident Response Team (CERT/CIRT) from four countries Cambodia, Lao P.D.R., Myanmar and Vietnam. 18

ITU-IMPACT ALERT 2011 Yangon, Myanmar Drill is a good supplemental way for capacity building said Dr. Hoang Dang Hai, Deputy Director General of Vietnam Computer Emergency Response Team (VNCERT). 19

Thank you www.facebook.com/impactalliance IMPACT Jalan IMPACT 63000 Cyberjaya Malaysia T +60 (3) 8313 2020 F +60 (3) 8319 2020 E contactus@impact-alliance.org impact-alliance.org Copyright 2010 IMPACT. All Rights Reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback