a practical overview zain-sd experience - tt · a practical overview zain-sd experience 24-25 july...
TRANSCRIPT
ITU-ATU CyberSecurity workshop in
African Countries
Khartoum, Sudan
CyberSecurity:
A practical overview Zain-SD Experience
24-25 July 2016
- People (training and awareness, management ,,,)
-Technology (Firewall, encryption, IPS, IDS DLP, Endpoint,
- Environmental (other security issues)
- Monitoring
- Revision and update
InfoSec Journey – Road map
13/07/2016Zain Limited2
Effective InfoSec Standards
3
Ron Rivest, Adi
Shamir, Len Adleman
S&P (Oakland)
IEEE Symposium on Security and Privacy
CCSACM Conference on Computer a
nd Communications Security
Crypto International Cryptology Conference
EurocryptEuropean Cryptology Conference
Security Usenix Security Symposium
Zain Sudan is ISO Certified for Quality
and Security since 2008
13/07/2016Zain Limited4
How to start and effective successful InfoSec program
- Selling InfoSec Plan to the Board – Huge work to do and then we should follow these points
InfoSec Story
13/07/2016Zain Limited5
- People (training and awareness, management ,,,)
-Technology (Firewall, encryption, IPS, IDS DLP, Endpoint,
- Environmental (other security issues)
- Monitoring
- Revision and update
People (training and awareness, ,,,)
Top IS Expert , author of Corporate Espionage
And Spies Among us and more other books
What is his advice ………
Let us see what the BIG-Brothers
saying
Ira Winkler Stole a billion Dollars’ worth of
information from a leading corporation ?
Starting ….
LACK of
AWARENES
Build up InfoSec Awareness Program
13/07/2016Zain Limited8
InfoSec Week for all the Staff.
Continue the InfoSec Awarenss
13/07/2016Zain Limited9
Baseline Security
If you are ISO certified you will Know
exactly what is Baseline Security
This is a must
Security Strategies, Policies
and Compliance Antivirus-
Firewall, Threat Management
Technology (Firewall, encryption, IPS, IDS
13/07/2016Zain Limited10
Putting all these InfoSec Tech is not
enough!!
Adding more security system??
Get the best of the best.???
That will not make it better……
We must consider the whole
journey
What is enough…..
13/07/2016Zain Limited11
The weakest Link:
Social Engineering (David Mitnick)
Management and followup
Budget and ROI issue
Human Factor
13/07/2016Zain Limited12
-Healthy Check and Audit
- iSOC for NW and Databases Activities
Monitoring and action
13/07/2016Zain Limited13
We are trying to keep everything
up-to-date
Review our security and enhance what
is need
We shifted from InfoSec to Risk Based
InfoSec.
Keep it up and keep it updated
13/07/2016Zain Limited14
• Buy a computer that is by default
secured,,,
• UTM that has no back doors
• An operating system that with
everything needed to operate securely
• an application that is not stealing my
information
Thoughts ….. Vendor and regulations
13/07/2016Zain Limited15
Thank you