S ECURE E-S YSTEMS AS A COMPETITIVE ADVANTAGE IN A GLOBAL MARKETS By Cade Zvavanjanja Cybersecurity Strategist By Cade Zvavanjanja Cybersecurity Strategist

A GENDA 5 Common Mistakes Is Zimbabwe under threat What is cybersecurity Case for competitive advantage Way forward

Is Zimbabwe under threat??

Some Responses

H ACKERS I NFORMATION W ARRIORS ? Personal motives Retaliate or ”get even” Political or terrorism Make a joke Show off/Just Because Elite Hackers Black Hat Grey Hat White Hat No hat Malicious Code Writers Criminal Enterprises Trusted Insiders Economic gain Steal information Blackmail Financial fraud Inflicting damage Alter, damage or delete information Deny services Damage public image

How is info attacked

T ODAY ’ S T REND TerroristsWhite Collar Crime Open Source Disasters Theft Scripts ID Theft Insider/Espionage

Easy of attacks

Zimbabwe Landscape

Zimbabwe vs. Global Landscape

Process Organization Technology Opt/in/out Regulatory Requirement Security/Pr ivacy Policy Planning and Strategy Program Maturity Program Metrics Cybersecurity Architecture Privacy Strategy Data Classification Analysis Privacy Teams Policy Development Policy Update Plans Decision Management Privacy Support Architecture Awareness Privacy Strategy Data Classification Analysis Privacy Teams Policy Development Policy Update Plans Decision Management Privacy Support Architecture Awareness Privacy Risk Assessments Data Governance Vendor Governance Technology Planning Business Process Review Information Security Information Privacy Privacy Risk Assessments Data Governance Vendor Governance Technology Planning Business Process Review Information Security Information Privacy External Support Infrastructure Privacy Auditing Incident Response Crisis Management Knowledge Management Consumer Support Infrastructure Open Source Intelligence External Support Infrastructure Privacy Auditing Incident Response Crisis Management Knowledge Management Consumer Support Infrastructure Open Source Intelligence - # - 17 People Compliance

18 Ecommerce Site Data Storage Business Interfaces IT/IS/ Developmen t IT/IS/ Developmen t Anti-Virus Firewalls Encryption Security in SDLC Threat Modelling Build Standards Information Security Policies Legislative Compliance Configuration Reviews Patch Management Access Control Reviews Application Testing Penetration Testing Intrusion Detection Vulnerability Assessment Vetting / References Disciplinary Procedure Awareness & Training Holistic IT security

-Technology containment - Process containment - Procedure containment - Engage digital forensics process - Collect evidence - Engage 3 rd party - Detect Incident - Identify source of identified -Log incident - Reduce false positive H IGH L EVEL O VERVIEW Detection Assessment AnalysisContainment Digital Forensics Resolution & Reporting - Determine scope - Assemble Response Team - Collect & sort facts - Determine scope - Assemble Response Team - Collect & sort facts - Notify client - Notify regulators - Remediate - Analyze long term effects - Analyze lessons learned Privacy Incident Response Process

Thank You Tel: