SlideShare uma empresa Scribd logo

Session 5.2 Martin Koyabe

Commonwealth Telecommunications Organisation
Commonwealth Telecommunications Organisation
Tecnologia
1 de 23
Baixar para ler offline
E-Government Security Threats BYOD – “The Elephant in the Room” Dr Martin Koyabe Head of Research & Consultancy (CTO)
© Commonwealth Telecommunications Organisation What is e-Government ? “ The use by government agencies of information communications technology to transform relations with citizens, businesses, and other arms of government.” Source: World Bank 2 radically
© Commonwealth Telecommunications Organisation Why e-Government ? “around 170 out of 193 countries have implemented some form of ICT (i.e. just having a website or even an email) “ Source: ITU 3 Better Government Government Efficient ParticipatoryEffective Accountable Transparent
© Commonwealth Telecommunications Organisation e-Government Interactions & Relationships 4 Government Citizens BusinessG-to-C C-to-G B-to-C C-to-B G-to-B B-to-GG-to-G C-to-C B-to-B
© Commonwealth Telecommunications Organisation South Korea e-Government Portal 5 Note: Very interactive despite having complex backend processing
© Commonwealth Telecommunications Organisation Swedish Tax Agency Portal 6 Note: Very trusted and easy to use
© Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #1 – Technical – Lack of adequate IT infrastructure o public service legacy systems still being used – Lack of technical knowledge o in deploying e-government strategic programs – Lack of efficient & robust secure system o in terms of information security & data privacy 7
© Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #2 – Political – Low prioritization of e-Government initiatives o Lack of policies, regulatory structures & resources – Poor strategic vision o Lack of integration with mainstream strategies – Lack of broad partnerships & collaborations o with relevant multi-stakeholders 8
© Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #3 – Cultural – e-Government -> “Big Brother” o Perception of government spying on its citizens – e-Government -> “Retrenchment” o Fears by public service staff about loosing jobs – Lack of confidence/trust in using e-Government systems o Poor education and lack of awareness – General fears o About loosing control or ownership of information 9
© Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #4 – Legal/Regulatory – Lack of relevant legislation o Data protection & privacy laws critical – Non-existence of cross-border peering agreements o To apprehend or pursue cybercriminal criminals – Less friendly regulatory environment o Need to encourage investment 10
© Commonwealth Telecommunications Organisation Hundreds of targets Dozens of campaigns Direct/Indirect attacks Target Security Threats Source: Symantec
© Commonwealth Telecommunications Organisation Target Security Threats (per Sector & Function) Source: Symantec
© Commonwealth Telecommunications Organisation Security Trends Impacting e-Government 13 “The Mobile – Paradigm Shift, is among the four key security trends impacting e-Government. Others are Malware, Targeted and Data Breaches attacks. “ Source: Symantec
© Commonwealth Telecommunications Organisation “The Elephant in the Room” • Bring Your Own Device (BYOD) – BYOD refers to smart phones and tablets that are not owned by the organisation 14
© Commonwealth Telecommunications Organisation Unmasking “The Elephant in the Room” • Despite high rate of BYOD adoption – Governance not well understood by many organisations – Initiatives sometimes approved without a business case – Inadequate information security functions 15 Study on BYOD Source: ISF/Ponemon Institute
© Commonwealth Telecommunications Organisation Main BYOD Risks • Caused by ownership of the device – Exposes organisations to different risk caused by owners behaviour & constrains available controls 16 Study on mobile devices Source: ISF/Trustwave Study (2013)
© Commonwealth Telecommunications Organisation How do you manage BYOD risks? • Approach should be information-centric – Impact on data (information) should be the focus 17 Physical Software Data • Hardware • Connectivity • Operating system • Applications • Information
© Commonwealth Telecommunications Organisation Managing BYOD risks • #2 A threat and Vulnerability assessment – Determines the likelihood of that impact 18 • #1 Conduct a Business Impact Assessment – Impact on organisation should Confidentiality, Integrity or Availability of information is compromised – Where applicable, use existing BIA for guidance
© Commonwealth Telecommunications Organisation Managing BYOD risks • #3 Conduct a Risk Treatment – Mitigation – applying appropriate security controls o e.g. malware protection, mobile devise management (MDM) or Data Loss Prevention (DLP) – Transfer – risks are shared with an external or via insurance – Avoidance – risk are avoided by cancelling a particular BYOD initiative – Acceptance – Business owners take responsibility 19
© Commonwealth Telecommunications Organisation Managing BYOD risks • Other deployment issues to consider – Implementing BYOD in the organisation o Need to define governance structures and policies – Evaluation o Collect metrics and user feedback – Enhancement o Maintain effective risk management efforts o Update the BYOD programme strategy and policies 20
© Commonwealth Telecommunications Organisation My thoughts • BYOD is here to stay • Ignore BYOD risk at your own peril • BYOD ownership behaviour adds more risk • If you want BYOD be prepared to compromise • BYOD data/stored information is more important 21
© Commonwealth Telecommunications Organisation Finally • e-Government is not the destination it’s the path to the destination 22
© Commonwealth Telecommunications Organisation Martin Koyabe e: m.koyabe@cto.int m: +44 (0) 791 871 2490 t: +44 (0) 208 600 3815 23 Q & A Session

Recomendados

Module 5 ig presentation iran 2
Module 5 ig presentation iran 2Module 5 ig presentation iran 2
Module 5 ig presentation iran 2Habib Noroozi
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
The importance of cie in the digital era
The importance of cie in the digital eraThe importance of cie in the digital era
The importance of cie in the digital eraRicardo de Almeida
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwesegughana
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Wardsegughana
 

Recomendados

Module 5 ig presentation iran 2
Module 5 ig presentation iran 2Module 5 ig presentation iran 2
Module 5 ig presentation iran 2Habib Noroozi
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
The importance of cie in the digital era
The importance of cie in the digital eraThe importance of cie in the digital era
The importance of cie in the digital eraRicardo de Almeida
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective amarukanda
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwesegughana
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Wardsegughana
 
Session 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiSession 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiCommonwealth Telecommunications Organisation
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet GovernanceKenny Huang Ph.D.
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johansonsegughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmannsegughana
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115Devaraj Sl
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problemShiva Bissessar
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 

Mais conteúdo relacionado

Mais procurados

Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slidesecommerce
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementKeelan Stewart
 
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Benjamin Ang
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet GovernanceKenny Huang Ph.D.
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Benjamin Ang
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johansonsegughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Benjamin Ang
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information securitySyaiful Ahdan
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmannsegughana
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceShiva Bissessar
 
The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115Devaraj Sl
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Securitysappingtonkr
 

Mais procurados (20)

Session 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiSession 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El Shami
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
 
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
 
The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 

Semelhante a Session 5.2 Martin Koyabe

Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Cyril Soeri
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sDr Lendy Spires
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseSelectedPresentations
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabesegughana
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...Judith Beckhard Cardoso
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...James Fisher
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network InfrastructureMuhammad Zeeshan
 
REPORT USE OF CYBERSECURITY.pptx
REPORT USE OF CYBERSECURITY.pptxREPORT USE OF CYBERSECURITY.pptx
REPORT USE OF CYBERSECURITY.pptxeresavenzon
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Don Grauel
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and securityJuliette Foine
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOJim Romeo
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsKristian Alisasis Pura
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatuChinatu Uzuegbu
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, LondonJohn Palfreyman
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themRadouane Mrabet
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 

Semelhante a Session 5.2 Martin Koyabe (20)

Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network Infrastructure
 
REPORT USE OF CYBERSECURITY.pptx
REPORT USE OF CYBERSECURITY.pptxREPORT USE OF CYBERSECURITY.pptx
REPORT USE OF CYBERSECURITY.pptx
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 

Mais de Commonwealth Telecommunications Organisation

Mais de Commonwealth Telecommunications Organisation (20)

Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le RouxCommonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael OjoCommonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint GironsCommonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois HernandezCommonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
 
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatseCommonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
 
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijerCommonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer HopeCommonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat DegertCommonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
 
we.learn.it - February 2015
we.learn.it - February 2015we.learn.it - February 2015
we.learn.it - February 2015
 
We learn it agenda
We learn it agendaWe learn it agenda
We learn it agenda
 
Reflections on scale up and transferability
Reflections on scale up and transferabilityReflections on scale up and transferability
Reflections on scale up and transferability
 
Planning your learning expedition final
Planning your learning expedition finalPlanning your learning expedition final
Planning your learning expedition final
 
Le template 2015 final
Le template 2015 finalLe template 2015 final
Le template 2015 final
 
Mapping Tools Version 3
Mapping Tools Version 3Mapping Tools Version 3
Mapping Tools Version 3
 
5 expedition posters
5 expedition posters5 expedition posters
5 expedition posters
 
Session 6.1 Stewart Room
Session 6.1 Stewart RoomSession 6.1 Stewart Room
Session 6.1 Stewart Room
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
Session 4.1 Roy Arends
Session 4.1 Roy ArendsSession 4.1 Roy Arends
Session 4.1 Roy Arends
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 

Último

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 

Último (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 

Session 5.2 Martin Koyabe

  • 1. E-Government Security Threats BYOD – “The Elephant in the Room” Dr Martin Koyabe Head of Research & Consultancy (CTO)
  • 2. © Commonwealth Telecommunications Organisation What is e-Government ? “ The use by government agencies of information communications technology to transform relations with citizens, businesses, and other arms of government.” Source: World Bank 2 radically
  • 3. © Commonwealth Telecommunications Organisation Why e-Government ? “around 170 out of 193 countries have implemented some form of ICT (i.e. just having a website or even an email) “ Source: ITU 3 Better Government Government Efficient ParticipatoryEffective Accountable Transparent
  • 4. © Commonwealth Telecommunications Organisation e-Government Interactions & Relationships 4 Government Citizens BusinessG-to-C C-to-G B-to-C C-to-B G-to-B B-to-GG-to-G C-to-C B-to-B
  • 5. © Commonwealth Telecommunications Organisation South Korea e-Government Portal 5 Note: Very interactive despite having complex backend processing
  • 6. © Commonwealth Telecommunications Organisation Swedish Tax Agency Portal 6 Note: Very trusted and easy to use
  • 7. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #1 – Technical – Lack of adequate IT infrastructure o public service legacy systems still being used – Lack of technical knowledge o in deploying e-government strategic programs – Lack of efficient & robust secure system o in terms of information security & data privacy 7
  • 8. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #2 – Political – Low prioritization of e-Government initiatives o Lack of policies, regulatory structures & resources – Poor strategic vision o Lack of integration with mainstream strategies – Lack of broad partnerships & collaborations o with relevant multi-stakeholders 8
  • 9. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #3 – Cultural – e-Government -> “Big Brother” o Perception of government spying on its citizens – e-Government -> “Retrenchment” o Fears by public service staff about loosing jobs – Lack of confidence/trust in using e-Government systems o Poor education and lack of awareness – General fears o About loosing control or ownership of information 9
  • 10. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #4 – Legal/Regulatory – Lack of relevant legislation o Data protection & privacy laws critical – Non-existence of cross-border peering agreements o To apprehend or pursue cybercriminal criminals – Less friendly regulatory environment o Need to encourage investment 10
  • 11. © Commonwealth Telecommunications Organisation Hundreds of targets Dozens of campaigns Direct/Indirect attacks Target Security Threats Source: Symantec
  • 12. © Commonwealth Telecommunications Organisation Target Security Threats (per Sector & Function) Source: Symantec
  • 13. © Commonwealth Telecommunications Organisation Security Trends Impacting e-Government 13 “The Mobile – Paradigm Shift, is among the four key security trends impacting e-Government. Others are Malware, Targeted and Data Breaches attacks. “ Source: Symantec
  • 14. © Commonwealth Telecommunications Organisation “The Elephant in the Room” • Bring Your Own Device (BYOD) – BYOD refers to smart phones and tablets that are not owned by the organisation 14
  • 15. © Commonwealth Telecommunications Organisation Unmasking “The Elephant in the Room” • Despite high rate of BYOD adoption – Governance not well understood by many organisations – Initiatives sometimes approved without a business case – Inadequate information security functions 15 Study on BYOD Source: ISF/Ponemon Institute
  • 16. © Commonwealth Telecommunications Organisation Main BYOD Risks • Caused by ownership of the device – Exposes organisations to different risk caused by owners behaviour & constrains available controls 16 Study on mobile devices Source: ISF/Trustwave Study (2013)
  • 17. © Commonwealth Telecommunications Organisation How do you manage BYOD risks? • Approach should be information-centric – Impact on data (information) should be the focus 17 Physical Software Data • Hardware • Connectivity • Operating system • Applications • Information
  • 18. © Commonwealth Telecommunications Organisation Managing BYOD risks • #2 A threat and Vulnerability assessment – Determines the likelihood of that impact 18 • #1 Conduct a Business Impact Assessment – Impact on organisation should Confidentiality, Integrity or Availability of information is compromised – Where applicable, use existing BIA for guidance
  • 19. © Commonwealth Telecommunications Organisation Managing BYOD risks • #3 Conduct a Risk Treatment – Mitigation – applying appropriate security controls o e.g. malware protection, mobile devise management (MDM) or Data Loss Prevention (DLP) – Transfer – risks are shared with an external or via insurance – Avoidance – risk are avoided by cancelling a particular BYOD initiative – Acceptance – Business owners take responsibility 19
  • 20. © Commonwealth Telecommunications Organisation Managing BYOD risks • Other deployment issues to consider – Implementing BYOD in the organisation o Need to define governance structures and policies – Evaluation o Collect metrics and user feedback – Enhancement o Maintain effective risk management efforts o Update the BYOD programme strategy and policies 20
  • 21. © Commonwealth Telecommunications Organisation My thoughts • BYOD is here to stay • Ignore BYOD risk at your own peril • BYOD ownership behaviour adds more risk • If you want BYOD be prepared to compromise • BYOD data/stored information is more important 21
  • 22. © Commonwealth Telecommunications Organisation Finally • e-Government is not the destination it’s the path to the destination 22
  • 23. © Commonwealth Telecommunications Organisation Martin Koyabe e: m.koyabe@cto.int m: +44 (0) 791 871 2490 t: +44 (0) 208 600 3815 23 Q & A Session