Session 4.2 Creation of national ICT security infrastructure for developing countries Industry-wide approach: Raising awareness for ICT security infrastructure.

Slides:

Advertisements

Similar presentations

The IT Staff of the Future: The Importance of IT Business Alignment for Staff Development Katherine Spencer Lee Executive Director Robert Half Technology.

Advertisements

Eastern Africa Sub-Regional Meeting on Climate Change Kigali,31 August-3 September 2009.

STRENGTHENING COOPERATION ON CYBER SECURITY WITHIN THE ASEAN REGION

International Telecommunication Union ITU-D Overview.

Committed to Connecting the World International Telecommunication Union ITU-D Overview.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

Anti-SPAM activities in Malaysia - Current Situation, Regulatory Environment and Future Developments ITU virtual conference on anti-spam regulation and.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Principles of Marketing Lecture-40. Summary of Lecture-39.

EACO, WORKING GROUP 10 E-WASTE WORKSHOP REPORT

Collaborating with competitors. INTRODUCTION Alliance among competitors have risk One study estimate that U.S. company lost $50 billion a year in 1995.

MIS 524, Assignment 41 Is Outsourcing IT Like Giving the Store Away?

Viewpoint Consulting – Committed to your success.

Geneva, Switzerland, September 2014 Overview of Kenya’s Cybersecurity Framework Michael K. Katundu Director, Information Technology Communications.

Stephen S. Yau CSE , Fall Security Strategies.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

Joel Maloff Phone.com February, 2012.

 The framework of task-and-authority relationships in a company that coordinates and motivates employees to work together toward a common goal.

The big Data security Analytics Era Is Here Reporter ： Ximeng Liu Supervisor: Rongxing Lu School of EEE, NTU

1 Jon Whitfield Agency CEO Head of Government Internal Audit.

Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.

© 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker May 24, 2012 Page: 1 © 2012-Robert G Parker.

Large Space IPv4 Trial Usage Program for Future IPv6 Deployment ACTIVITIES UPDATE Vol.4 15 th APNIC Meeting / Policy SIG February 27th, 2003 at Taipei.

Tourism Skills Delivery: Sharing Tourism Knowledge Online 1.

1 - 1 Copyright © 2006, The McGraw-Hill Companies, Inc. All rights reserved.

International Telecommunication Union CHALLENGING POLICY STEPS TOWARDS IMPLEMENTING COMMON ALERTING PLATFORMS Orhan Osmani Emergency Telecommunications.

HCIMA Unit 3 The Internet Revolution and Electronic Tools Next slide.

1 Todays Challenges for transport corridors The perspective of the Interreg IVC project PORT Integration Michael Stange.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

International Cyber Warfare and Security Conference Cyber Defence Germany's Analysis of Global Threats 19th November 2013, Ankara.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

Ministry of State for Administrative Development Towards Meaningful ICT Indicators for Developing Countries Dr. Ahmed M. Darwish EGYPT Government and Education.

NCIPI: National Center for Industrial Property Information and Training Promotion of Technology Transfer and Patent Licensing - The NCIPI ’ s Unlimited.

IFAP Special Event: Information and Knowledge for All, Emerging Trends and Challenges Information Preservation 4000 Years of Traditions Challenged by Digital.

Recent Cyber Attacks and Countermeasures September 2006.

2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.

Why do they die? Understanding why and how joint ventures die gives insight into how firms can make better use of them. Even though we focus on termination,

Economic Development for a Healthy Community! League of Oregon Cities Portland, Oregon 2009 By Dennie Houle Business Development Officer Oregon Business.

Forum on Greening Mobile Devices: Building Eco-Rating Schemes Daniela Torres Global Head of Green ICT & Environment, Telefónica S.A Associate Rapporteur.

Organization of Multinational Operations. Organizational structure in the early stage of international expansion Advantages No commissions for specialized.

DOCUMENT #:GSC15-PLEN-62 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (6.14) CONTACT(S):Jim MacFie Cloud Computing Jim MacFie Chairman, ISACC.

What Keeps Your Board Up at Night? Sylvia Kerrigan, Exec. VP, General Counsel & Secretary – Marathon Oil Sean Gorman, Partner – Bracewell & Giuliani.

Overview: Electronic Commerce Electronic Commerce, Seventh Annual Edition.

Cyber-security policy to encourage CSIRTs activities Yasuhiro KITAURA Ministry of Economy, Trade and Industry, JAPAN.

How we work as a national CERT in China ZHOU Yonglin CNCERT/CC, China 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010.

Initial Plan from Feedback Suresh Krishnan Kathleen Moriarty

Alexander Consulting Enterprise 12/14/2015 Opportunity Identification and Country Selection.

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

UNICEF-supported Global Pilot School Sanitation & Hygiene Education (SSHE) Project Participatory Assessment Sharing Workshop, 6-10 March 2006 Presentation.

Foundations of Information Systems in Business. System ® System  A system is an interrelated set of business procedures used within one business unit.

Kathy Corbiere Service Delivery and Performance Commission

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.

1 INTERNATIONAL NETWORK ON FINANCIAL MANAGEMENT OF LARGE-SCALE CATASTROPHES Global Conference on Insurance and Reinsurance for Natural Catastrophe Risk.

AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.

JILAF- ACTRAV/ITC-ILO Workshop A Trade Union Training on Employment Relationships, Contractualization & Labour Law 9 – 13 Aug 2010, Bangkok ACTRAV-Turin.

New York City PMI Chapter Professor Martin Flank MBA, PMP April 20, 2016 Managing Global Projects.

Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.

Law Firm Data Security: What In-house Counsel Need to Know

Eric Peirano BRIDGE Support Team, Technofi

Cybersecurity, competence and preparedness

MGT301 Principles of Marketing

© 2016 Global Market Insights, Inc. USA. All Rights Reserved Behavior Analytics Market to surpass $3.5bn by 2024: Global Market Insights,

Opportunity Identification and Country Selection

Innovation policy for sustainable development by Azerbaijan Rashad Azizov Head of Innovational Development Department Ministry of Transport, Communication.

Requirements engineering in Cloud Computing

Presentation transcript:

Session 4.2 Creation of national ICT security infrastructure for developing countries Industry-wide approach: Raising awareness for ICT security infrastructure Miho Naganuma Little eArth Corporation Rapporteur Q3/17 Information Security Operators Group Japan (ISOG-J) 2 Addressing security challenges on a global scaleGeneva, 6-7 December 2010

Issues in Cybersecurity Together with rapid growth of economies, multi- rateral business relations are expanding and connected. Meanwhile, it also raises issues for the necessity of secure network infrastructures with sophisticated cybersecurity services. 3 Geneva, 6-7 December 2010Addressing security challenges on a global scale We are facing an urgent crisis in a continuing effort to raise awareness of cybersecurity  incident response planning against DDoS attacks, targeted attacks including Advanced Persistent Threat (APT) attacks with practice-based information  fast development of technologies for countermeasures

Issues in Cybersecurity (cont.) Key issue : Information exchange  Cybersecurity information exchange and technical collaboration  Wide range of collaboration – International, regional, national level and industry level 4 Geneva, 6-7 December 2010Addressing security challenges on a global scale Developing international recommendation/ standards in Cybersecurity and information exchange industry-wide/unique collaboration by Managed Security Service Providers

Information Security Operators Group Japan 5 Geneva, 6-7 December 2010Addressing security challenges on a global scale 1. Support for industry a.Providing guideline for service users b.Research for related legal, regulatory requirements 2 ． Communications a.Technical exchange and update b.workshop and seminar Building trust in the community and enhance active collaboration

Organisation 6 Geneva, 6-7 December 2010Addressing security challenges on a global scale Active involvement of related parties Government support New WG: Security Operation Information sharing and collaboration

Members organisations

Security Operation information sharing and collaboration WG Seeking “effective” information sharing and collaboration by  Providing information and analysis methodologies  Review actions with management view  Support actions with research view  Involving SOC Operators/Analyst, specialist for process management etc. Information transmission enjoying the nature of neutrality Consideration on the requirements for cybersecurity operation collaboration  Obstacles toward the collaboration  Criteria of collaborating operations / sharing information  Actions to conquer the obstacles 8 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Obstacles for information sharing Differences between free-of-charge information and charged one Differences between contracted users and non- contracted ones Disadvantageous to offer information first? Difficulties to provide information even if the information is wanted Difficulties to acquire information due to separation of operational unit 9 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Case 1 Failed to re-utilise the collected information  Failed to find the reason to share the information  Lack of sense of purpose to continue the sharing  Trap of money as a purpose  the information sharing will be terminated when the monetary relationship terminated Failed to invoke any meaningful actions after gaining some information from the logs of the other companies  Value of Information possess 10 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Case 2 Collaboration based on personal relationship disappears when the person moves to the other place  The information sharing is difficult if the boss/supervisor is not supportive to the activities  It is difficult to advance the collaboration actively if we cannot get any useful feedback for our customers  When the person in charge move to different department, the hand-over procedure is not good enough  If sharing information itself becomes the objective, the motivation of the operators at field will drop 11 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Other obstacles Different view of Technologies, and operations among organizations  best to start from information sharing  collaboration will be next step Internal relations vs External relations Reluctant feeling to share information in Security-industry Question what kind of information we want to share Support from management level and department heads.  How does the information sharing and collaboration lead to the profit of the company?  Merit for each organization need to be considered 12 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Advantage of information sharing in ISOG-J Members can  issue incident information with the name of ISOG-J  use both individual company name and ISOG-J name when disclosing information depending on the situation  share the practices of certain incidents among members  share some trend information or some notes on that instead of cybersecurity information itself By disclosing information periodically from ISOG-J such information becomes a reference source From the viewpoint of education, it is beneficial to analyze detection information over certain network collaboratively is a good first step 13 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Candidate solutions 1.Issuing threat analysis document for management figures  Information on what kind of threats against IT system we have, and what kind of business continuity risk they pose 2.Starting with sharing statistical information on logs of IDS/IPS, NW appliances, servers etc.  Objective of sharing information and collaboration  Policy of the data handling  Manipulate the log so that sensitive information can be hidden (such as user name)  Log information sharing scheme  Standard log format  With considering how we can take best advantage of the log data of each company 14 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Candidate solutions 3.Quantative information of incidents that are detected  Gather incident information collected by SOCs  Member organisations get access to the information 4.Sharing Meta information instead of raw data  Sensitive information including threads information that is difficult to be disclosed can be shared  General information can be shared to customers 15 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Highlights for raising awareness Industry–wide approach  Involving related parties for ICT infrastructure security (Gov, Gov. agencies, CIRT, ISP, MSSP, Security Vendors etc.)  “Neutral” organisation/association Communication in industries  Encourage bottom-up approach  Analyse obstacles and make feasible scenarios and candidate solutions  Communication as education 16 Geneva, 6-7 December 2010Addressing security challenges on a global scale

Contact: 17 Addressing security challenges on a global scaleGeneva, 6-7 December 2010 Thank you