cyber security 2016 cade zvavanjanja1
TRANSCRIPT
![Page 1: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/1.jpg)
SECURE E-SYSTEMS AS A COMPETITIVE
ADVANTAGE IN A GLOBAL MARKETS
ByCade Zvavanjanja
Cybersecurity Strategist
Presentation for e-Tech 2016 organized by
Ministry of ICT Zimbabwe (Government)
![Page 2: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/2.jpg)
AGENDA 5 Common Mistakes Is Zimbabwe under threat What is cybersecurity Case for competitive advantage Way forward
![Page 3: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/3.jpg)
![Page 4: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/4.jpg)
Is Zimbabwe under threat??
![Page 5: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/5.jpg)
Some Responses
![Page 6: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/6.jpg)
HACKERS INFORMATION WARRIORS?
Personal motives Retaliate or ”get even” Political or terrorism Make a joke Show off/Just BecauseElite Hackers
Black Hat Grey Hat White Hat No hat
Malicious Code Writers Criminal Enterprises Trusted Insiders
Economic gain Steal information
Blackmail
Financial fraud
Inflicting damage Alter, damage or delete
information
Deny services
Damage public image
![Page 7: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/7.jpg)
How is info attacked
![Page 8: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/8.jpg)
TODAY’S TREND
Terrorists White Collar Crime
Open Source
Disasters Theft Scripts ID Theft
Insider/Espionage
![Page 9: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/9.jpg)
Easy of attacks
![Page 10: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/10.jpg)
![Page 11: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/11.jpg)
![Page 12: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/12.jpg)
![Page 13: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/13.jpg)
![Page 14: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/14.jpg)
![Page 15: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/15.jpg)
Zimbabwe Landscape
![Page 16: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/16.jpg)
Zimbabwe vs. Global Landscape
![Page 17: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/17.jpg)
Process
Organization
Technology
Opt/in/out
Regulatory Requirement
Security/Privacy Policy
Planning and Strategy Program Maturity Program Metrics
Cybersecurity Architecture
• Privacy Strategy• Data Classification Analysis• Privacy Teams• Policy Development• Policy Update Plans• Decision Management• Privacy Support Architecture• Awareness
• Privacy Risk Assessments• Data Governance• Vendor Governance• Technology Planning • Business Process Review• Information Security • Information Privacy
• External Support Infrastructure• Privacy Auditing• Incident Response• Crisis Management• Knowledge Management• Consumer Support Infrastructure• Open Source Intelligence
People
ComplianceCompliance
![Page 18: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/18.jpg)
18
Ecommerce Site
Data Storage
Business Interfaces
IT/IS/Developme
ntAnti-Virus
Firewalls
Encryption
Security in SDLC
Threat Modelling
Build Standards
Information Security Policies
Legislative Compliance
Configuration Reviews
Patch Management
Access Control Reviews
Application Testing
Penetration Testing
Intrusion Detection
Vulnerability Assessment
Vetting / ReferencesDisciplinary Procedure
Awareness & Training
Holistic IT security
![Page 19: Cyber Security 2016 Cade Zvavanjanja1](https://reader036.vdocument.in/reader036/viewer/2022062503/5881afb51a28abdd348b4e99/html5/thumbnails/19.jpg)
-Technology containment- Process containment- Procedure containment
- Engage digital forensics process- Collect evidence- Engage 3rd party
- Detect Incident - Identify source of identified-Log incident- Reduce false positive
HIGH LEVEL OVERVIEW
Detection
Digital Forensics
Resolution & Reporting
Assessment
AnalysisContainment
- Determine scope- Assemble Response Team- Collect & sort facts
- Determine scope- Assemble Response Team- Collect & sort facts
- Notify client- Notify regulators- Remediate- Analyze long term effects- Analyze lessons learned
Privacy Incident Response Process