Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Similar presentations


Presentation on theme: "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP Eg-CERT Cyber security Awareness Team Ahmed Mashaly Senior IT Security Engineer Egyptian Computer Emergency Response Team EgyCERT 12/4/2014

2 OWASP Roadmap Eg-CERT. Eg-CERT 2013 incident report. Cyber security awareness plan. Application security awareness program.

3 OWASP EG-CERT is charged with providing computer and information security incident response, support, defence and analysis against cyber attacks and collaboration with government, financial entities and any other critical information infrastructure sectors scoped to Egypt.

4 OWASP Established 0n April Under Egyptian National Telecom Regulatory Authority (NTRA)

5 OWASP July 2009, 24/7 Monitoring & Incident Response. September 2009, Forensics Analysis Service..

6 OWASP April 2011, Malware analysis & Reverse Engineering.

7 OWASP March 2012, Full member in FIRST (Forum of Incident Response and Security Teams). September 2013, EG-CERT has it’s own premises.

8 OWASP

9 Cyber Security Awareness Started operations in Small scale operations. Preparation for launching a full scale awareness campaign.

10 OWASP Why do we need awareness The target is simply providing the most possible level of protection to both the Egyptian critical information infrastructure and the Egyptian ordinary computer users.

11 OWASP Why do we need awareness It is fairly known for cyber security professional that humans are the weakest link in the whole ecosystem of cyber security.

12 OWASP Why does Egypt need awareness Percentage of computers running Microsoft software reporting malware infections in Egypt.

13 OWASP Why does Egypt need awareness

14 OWASP Infection rates Many elements can affect the infection rates:- - OS type(It takes a relatively long time to switch to open source, or to develop domestic operating systems ).

15 OWASP Infection rates Many elements can affect the infection rates:- - Lack of antimalware software - Pirated software - Lack of awareness.

16 OWASP What’s the Plan

17 OWASP Fresh ideas How to Spread awareness of online threats and making it a culture ? Looking for more creative ways to make it happen.

18 OWASP Awareness targets The targets for the awareness campaign can be categorized into three categories each has its proper communication channels and method:- -Organizations. - Public. -Technical

19 OWASP Organizations : Which is the most critical We should start by trying to define what is critical. We define the proper communication channels and methods. We handle the critical targets.

20 OWASP Organizations : Which is the most critical Examples for most critical assets :- - Ministries and governmental entities. - Banking sector. -Telecom infrastructure.

21 OWASP Organizations : Which is the most critical Examples for less critical assets :- - Universities. - Private sector organizations.

22 OWASP Public scope The main issue regarding the public scope of the campaign is communication channels and methods.

23 OWASP Communication channels - Printed media. - Radio. -Television. -Social media.

24 OWASP Technical IT professionals. An important part of any national awareness campaign is awareness for IT professionals.

25 OWASP Application Security Awareness Program (ASAP) Program duration: July - November 50 Developer 5 groups (each 10 trainees)

26 OWASP Application Security Awareness Program (ASAP)

27 OWASP Course duration: Three full day sessions (24 hours) Program total number of session: 15 session 4 days per month Application Security Awareness Program (ASAP)

28 OWASP OWASP participants: 3 Application security experts 3 Lab Assistants Application Security Awareness Program (ASAP)

29 OWASP Application Security Awareness Program (ASAP) Program target Audience (Stage 1): -Governmental applications developers -Banking Sector -Ministries websites and applications

30 OWASP Application Security Awareness Program (ASAP) Program partners: Central bank of Egypt (CBE) Information and Decision Support Center (IDSC) Egyptian Banking Institute (EBI)

31 OWASP Questions

32 OWASP


Download ppt "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."

Similar presentations


Ads by Google