SlideShare uma empresa Scribd logo

Why Government & Corporate Cyber Programmes are Failing

Transferir como PPTX, PDF
c0c0n - International Cyber Security and Policing Conference
c0c0n - International Cyber Security and Policing Conference

Why Government & Corporate Cyber Programmes are Failing by Dr. Frederick Wamala at c0c0n - International Cyber Security and Policing Conference http://is-ra.org/c0c0n/speakers.html

TecnologiaNegócios
1 de 41
Why Government & Corporate Cyber Programmes are failing Dr. Frederick Wamala, CISSP® Trivandrum, Kerala, India, 3-4 August 2012 International Telecommunication Union
Disclaimer – One for the Lawyers Opinions expressed here are mine. The view I express do not necessarily reflect those of any past or present employers and/or associates. All trademarks are the properties of their respective owners. © Dr. Frederick Wamala, CISSP® 2
Quotation – Cybercrime  “In fact, in my opinion, it's the greatest transfer of wealth in history ... McAfee estimates that $1 trillion was spent globally under remediation. And that's our future disappearing in front of us.” – Gen. Keith Alexander, NSA/CYBERCOM © Dr. Frederick Wamala, CISSP® 3
ITU Cybersecurity Strategy Guides © Dr. Frederick Wamala, CISSP® 4
Cybersecurity Strategy Model © Dr. Frederick Wamala, CISSP® 5
Cybersecurity Strategy Model URL: http://www.itu.int/ITU-D/cyb/cybersecurity/strategies.html © Dr. Frederick Wamala, CISSP® 6
Strategic Context © Dr. Frederick Wamala, CISSP® 7
Critical Information Infrastructure (CII) © Dr. Frederick Wamala, CISSP® 8
Privately-owned – Govt oversight? © Dr. Frederick Wamala, CISSP® 9
© Dr. Frederick Wamala, CISSP® 10
Focus on attack methods not Sources © Dr. Frederick Wamala, CISSP® 11
Threat Assessment © Dr. Frederick Wamala, CISSP® 12
Incomplete Threat Assessments  Threat Sources and Threat Actors  Capability  Level 1 – Opportunistic  Level 5 – Extremely capable and well resourced to carry out sophisticated attacks e.g. Flame  Motivation  Level 0 – No interest in attacking a given system  Level 5 – An absolute priority of the actor to breach the security of a given system. Use all means e.g. Detailed research, bribery, coercion, © Dr. Frederick Wamala, CISSP® 13
Failure to understand “Cybersecurity Ends” © Dr. Frederick Wamala, CISSP® 14
Cybersecurity “Intensity of Interest”  Cybersecurity is not JUST a technical issue  Cyber attacks threat „vital‟ interests of States © Dr. Frederick Wamala, CISSP® 15
India – Impact on Diplomatic Affairs  “A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process.” © Dr. Frederick Wamala, CISSP® 16
Gaps – Legal Measures © Dr. Frederick Wamala, CISSP® 17
Cybercrime legislation coverage  Criminalisation  Substantive criminal law e.g. Unauthorised access to computer systems and networks  Jurisdiction  Procedure and law enforcement investigative measures  Electronic evidence  Liability of internet service providers  International cooperation © Dr. Frederick Wamala, CISSP® 18
Convention on Cybercrime – 2001 Criminalization International Cooperation Procedures Jurisdiction Criminalization Procedures Council of Europe Convention on Cybercrime Electronic evidence Jurisdiction Service Provider Liability International Cooperation © Dr. Frederick Wamala, CISSP® 19
Commonwealth Legislation – 2002 International Cooperation Criminalization Jurisdiction Electronic evidence Criminalization Procedures Procedures Electronic evidence Commonwealth Model Legislation Jurisdiction Service Provider Liability International Cooperation © Dr. Frederick Wamala, CISSP® 20
US – Joint Chief Lobby for Legislation © Dr. Frederick Wamala, CISSP® 21
© Dr. Frederick Wamala, CISSP® 22
Technical and Procedural Measures © Dr. Frederick Wamala, CISSP® 23
Reactive – Subversion of Products © Dr. Frederick Wamala, CISSP® 24
UK – Capacity to certify products © Dr. Frederick Wamala, CISSP® 25
India – Comprehensive Approach © Dr. Frederick Wamala, CISSP® 26
Gaps – Organisational Structures © Dr. Frederick Wamala, CISSP® 27
India – National Cybersecurity Strategy  MCIT/Departmental cybersecurity strategy  Only CERT-In has a national cyber mandate  Oversight: MCIT; Defence, Home Affairs, NSA © Dr. Frederick Wamala, CISSP® 28
DHS vs. White House Czar mandates © Dr. Frederick Wamala, CISSP® 29
US – NSA involvement questioned © Dr. Frederick Wamala, CISSP® 30
Gaps – Capacity Building © Dr. Frederick Wamala, CISSP® 31
Gaps – Cybersecurity Skills  “India is regarded as an IT superpower but its record on IT security is not too brilliant. ... It does not have the required number of experts and professionals in cyber security.” – Dr. Arvind Gupta, IDSA, India, 27/06/2012 © Dr. Frederick Wamala, CISSP® 32
© Dr. Frederick Wamala, CISSP® 33
UK – Intelligence not retaining staff © Dr. Frederick Wamala, CISSP® 34
Gaps – International Cooperation © Dr. Frederick Wamala, CISSP® 35
Russia rejects Convention © Dr. Frederick Wamala, CISSP® 36
Convention – Article 32 © Dr. Frederick Wamala, CISSP® 37
EU and US wreck UN Treaty © Dr. Frederick Wamala, CISSP® 38
Conclusion © Dr. Frederick Wamala, CISSP® 39
© Dr. Frederick Wamala, CISSP® 40
Questions? Dr. Frederick Wamala, CISSP® Cybersecurity Adviser – Strategic and Technical E-mail: f.wamala@efrivo.com Twitter: @DrWamala © Dr. Frederick Wamala, CISSP® 41

Recomendados

Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Worldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsWorldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsAPNIC
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 

Recomendados

Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc e safety presentation AoC 2014
Jisc e safety presentation AoC 2014Jisc
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Halvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk Cyber Webinar
Halvorsen on Risk Cyber WebinarHalvorsen on Risk
 
Worldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsWorldwide Infrastructure Security Report Highlights
Worldwide Infrastructure Security Report HighlightsAPNIC
 
Ci2 cyber insurance presentation
Ci2 cyber insurance presentationCi2 cyber insurance presentation
Ci2 cyber insurance presentationEthan S. Burger
 
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...
Task Incident Readiness with Veris, Judy Nowak at TASK Toronto, April 27, 2...patmisasi
 
The Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesThe Threats Posed by Portable Storage Devices
The Threats Posed by Portable Storage DevicesGFI Software
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final PresentationKartik Uppal
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyGovernment Technology and Services Coalition
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...Government Technology and Services Coalition
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Blancco
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13Skillspire LLC
 
Itec 299 multimedia
Itec 299 multimediaItec 299 multimedia
Itec 299 multimedia_niickyd
 
Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!jc viola
 

Mais conteúdo relacionado

Mais procurados

2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age padler01
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Don Grauel
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelPaul Di Gangi
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3techcouncil
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksThis account is closed
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Gabriel Dusil
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15James Fisher
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationAmy Larrimore
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?PECB
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructureUnisys Corporation
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016centralohioissa
 
Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Blancco
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crimeNathan Desfontaines
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspacetimmcguinness
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?PECB
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to knowNathan Desfontaines
 

Mais procurados (20)

2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
Data Risks In A Digital Age
Data Risks In A Digital Age Data Risks In A Digital Age
Data Risks In A Digital Age
 
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
Discussing Cyber Risk Coverage With Your Commercial Clients by Steve Robinson...
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3Emids Morning Security Virtual India V3
Emids Morning Security Virtual India V3
 
Protecting Your Business From Cyber Risks
Protecting Your Business From Cyber RisksProtecting Your Business From Cyber Risks
Protecting Your Business From Cyber Risks
 
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
Cognitive Security - Anatomy of Advanced Persistent Threats ('12)
 
Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15Foley-Cybersecurity-White-Paper_3.9.15
Foley-Cybersecurity-White-Paper_3.9.15
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar Association
 
What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?What trends will 2018 bring for Business Continuity Professionals?
What trends will 2018 bring for Business Continuity Professionals?
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber SurveyKristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
Kristina Tanasichuk: Presentation of GTSC/InfraGard Cyber Survey
 
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
GTSC Annual Meeting 2014: Justin Chiarodo: Ethics & Compliance: Suspension an...
 
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
Dino Tsibouris & Mehmet Munur - Legal Perspective on Data Security for 2016
 
Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files Delete vs Erase: How Are Companies Wiping Active Files
Delete vs Erase: How Are Companies Wiping Active Files
 
The ever increasing threat of cyber crime
The ever increasing threat of cyber crimeThe ever increasing threat of cyber crime
The ever increasing threat of cyber crime
 
The Legal Aspects of Cyberspace
The Legal Aspects of CyberspaceThe Legal Aspects of Cyberspace
The Legal Aspects of Cyberspace
 
Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?Digital Forensics 101 – How is it used to protect an Organization’s Data?
Digital Forensics 101 – How is it used to protect an Organization’s Data?
 
Cyber Security - Things you need to know
Cyber Security - Things you need to knowCyber Security - Things you need to know
Cyber Security - Things you need to know
 
Forensic3e ppt ch13
Forensic3e ppt ch13Forensic3e ppt ch13
Forensic3e ppt ch13
 

Destaque

Itec 299 multimedia
Itec 299 multimediaItec 299 multimedia
Itec 299 multimedia_niickyd
 
Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!jc viola
 
Itec 299 mobile learning
Itec 299 mobile learningItec 299 mobile learning
Itec 299 mobile learning_niickyd
 
Itec 299 social&collaborative learning
Itec 299 social&collaborative learningItec 299 social&collaborative learning
Itec 299 social&collaborative learning_niickyd
 
Itec 299 mobile learning
Itec 299 mobile learningItec 299 mobile learning
Itec 299 mobile learning_niickyd
 
Overcome Your Fear of Selling
Overcome Your Fear of SellingOvercome Your Fear of Selling
Overcome Your Fear of SellingAbhishek Shah
 

Destaque (7)

Itec 299 multimedia
Itec 299 multimediaItec 299 multimedia
Itec 299 multimedia
 
Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!Reflita sobre suas atitudes:Não disperdice comida!
Reflita sobre suas atitudes:Não disperdice comida!
 
Itec 299 mobile learning
Itec 299 mobile learningItec 299 mobile learning
Itec 299 mobile learning
 
Itec 299 social&collaborative learning
Itec 299 social&collaborative learningItec 299 social&collaborative learning
Itec 299 social&collaborative learning
 
Itec 299 mobile learning
Itec 299 mobile learningItec 299 mobile learning
Itec 299 mobile learning
 
Overcome Your Fear of Selling
Overcome Your Fear of SellingOvercome Your Fear of Selling
Overcome Your Fear of Selling
 
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job? Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
Succession “Losers”: What Happens to Executives Passed Over for the CEO Job?
 

Semelhante a Why Government & Corporate Cyber Programmes are Failing

CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"OCTF Industry Engagement
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...Symantec
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
Cybersecurity Facts & Figures - What Every Business Needs to Know
Cybersecurity Facts & Figures - What Every Business Needs to KnowCybersecurity Facts & Figures - What Every Business Needs to Know
Cybersecurity Facts & Figures - What Every Business Needs to KnowCBIZ, Inc.
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Ricardo Resnik
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptAkfeteAssefa
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaAlibaba Cloud
 
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Javier Junquera
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsResilient Systems
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco Canada
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data SecurityImperva
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Chris Hails
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionUlf Mattsson
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityAhmed Habib
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?CBIZ, Inc.
 

Semelhante a Why Government & Corporate Cyber Programmes are Failing (20)

CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
WCIT 2014 Som Mittal - Managing risks in an interdependent economy risks rela...
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Cybersecurity Facts & Figures - What Every Business Needs to Know
Cybersecurity Facts & Figures - What Every Business Needs to KnowCybersecurity Facts & Figures - What Every Business Needs to Know
Cybersecurity Facts & Figures - What Every Business Needs to Know
 
Damballa automated breach defense june 2014
Damballa automated breach defense june 2014Damballa automated breach defense june 2014
Damballa automated breach defense june 2014
 
Network Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.pptNetwork Security for Computer science and Engineering.ppt
Network Security for Computer science and Engineering.ppt
 
Guide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in ChinaGuide to Cybersecurity Compliance in China
Guide to Cybersecurity Compliance in China
 
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
Don’t go breaking my heart: hacking medical devices (RootedCON 2023)
 
A Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 PredictionsA Breach Carol: 2013 Review, 2014 Predictions
A Breach Carol: 2013 Review, 2014 Predictions
 
Cisco's 2016 Annual Security report
Cisco's 2016 Annual Security reportCisco's 2016 Annual Security report
Cisco's 2016 Annual Security report
 
The Business Case for Data Security
The Business Case for Data SecurityThe Business Case for Data Security
The Business Case for Data Security
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 
Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...Crossing the streams: How security professionals can leverage the NZ Privacy ...
Crossing the streams: How security professionals can leverage the NZ Privacy ...
 
Advanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protectionAdvanced PII / PI data discovery and data protection
Advanced PII / PI data discovery and data protection
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
CCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network securityCCNA Security 02- fundamentals of network security
CCNA Security 02- fundamentals of network security
 
Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?Hacking the Human - How Secure Is Your Organization?
Hacking the Human - How Secure Is Your Organization?
 
MIS ppt 1
MIS ppt 1MIS ppt 1
MIS ppt 1
 

Mais de c0c0n - International Cyber Security and Policing Conference

Mais de c0c0n - International Cyber Security and Policing Conference (7)

Leveraging mobile & wireless technology for Law and Order
Leveraging mobile & wireless technology for Law and OrderLeveraging mobile & wireless technology for Law and Order
Leveraging mobile & wireless technology for Law and Order
 
Cracking the Mobile Application Code
Cracking the Mobile Application CodeCracking the Mobile Application Code
Cracking the Mobile Application Code
 
I haz you and pwn your maal
I haz you and pwn your maalI haz you and pwn your maal
I haz you and pwn your maal
 
Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime Public Private Partnership - Combating CyberCrime
Public Private Partnership - Combating CyberCrime
 
OSINT - Open Source Intelligence
OSINT - Open Source IntelligenceOSINT - Open Source Intelligence
OSINT - Open Source Intelligence
 
Web-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting EnginesWeb-App Remote Code Execution Via Scripting Engines
Web-App Remote Code Execution Via Scripting Engines
 
UI-Redressing Attacks - The Process & Exploitation
UI-Redressing Attacks - The Process & ExploitationUI-Redressing Attacks - The Process & Exploitation
UI-Redressing Attacks - The Process & Exploitation
 

Último

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Último (20)

Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate AgentsRyan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
Ryan Mahoney - Will Artificial Intelligence Replace Real Estate Agents
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Why Government & Corporate Cyber Programmes are Failing

  • 1. Why Government & Corporate Cyber Programmes are failing Dr. Frederick Wamala, CISSP® Trivandrum, Kerala, India, 3-4 August 2012 International Telecommunication Union
  • 2. Disclaimer – One for the Lawyers Opinions expressed here are mine. The view I express do not necessarily reflect those of any past or present employers and/or associates. All trademarks are the properties of their respective owners. © Dr. Frederick Wamala, CISSP® 2
  • 3. Quotation – Cybercrime  “In fact, in my opinion, it's the greatest transfer of wealth in history ... McAfee estimates that $1 trillion was spent globally under remediation. And that's our future disappearing in front of us.” – Gen. Keith Alexander, NSA/CYBERCOM © Dr. Frederick Wamala, CISSP® 3
  • 4. ITU Cybersecurity Strategy Guides © Dr. Frederick Wamala, CISSP® 4
  • 5. Cybersecurity Strategy Model © Dr. Frederick Wamala, CISSP® 5
  • 6. Cybersecurity Strategy Model URL: http://www.itu.int/ITU-D/cyb/cybersecurity/strategies.html © Dr. Frederick Wamala, CISSP® 6
  • 7. Strategic Context © Dr. Frederick Wamala, CISSP® 7
  • 8. Critical Information Infrastructure (CII) © Dr. Frederick Wamala, CISSP® 8
  • 9. Privately-owned – Govt oversight? © Dr. Frederick Wamala, CISSP® 9
  • 10. © Dr. Frederick Wamala, CISSP® 10
  • 11. Focus on attack methods not Sources © Dr. Frederick Wamala, CISSP® 11
  • 12. Threat Assessment © Dr. Frederick Wamala, CISSP® 12
  • 13. Incomplete Threat Assessments  Threat Sources and Threat Actors  Capability  Level 1 – Opportunistic  Level 5 – Extremely capable and well resourced to carry out sophisticated attacks e.g. Flame  Motivation  Level 0 – No interest in attacking a given system  Level 5 – An absolute priority of the actor to breach the security of a given system. Use all means e.g. Detailed research, bribery, coercion, © Dr. Frederick Wamala, CISSP® 13
  • 14. Failure to understand “Cybersecurity Ends” © Dr. Frederick Wamala, CISSP® 14
  • 15. Cybersecurity “Intensity of Interest”  Cybersecurity is not JUST a technical issue  Cyber attacks threat „vital‟ interests of States © Dr. Frederick Wamala, CISSP® 15
  • 16. India – Impact on Diplomatic Affairs  “A portion of the recovered data included visa applications submitted to Indian diplomatic missions in Afghanistan. This data was voluntarily provided to the Indian missions by nationals of 13 countries as part of the regular visa application process.” © Dr. Frederick Wamala, CISSP® 16
  • 17. Gaps – Legal Measures © Dr. Frederick Wamala, CISSP® 17
  • 18. Cybercrime legislation coverage  Criminalisation  Substantive criminal law e.g. Unauthorised access to computer systems and networks  Jurisdiction  Procedure and law enforcement investigative measures  Electronic evidence  Liability of internet service providers  International cooperation © Dr. Frederick Wamala, CISSP® 18
  • 19. Convention on Cybercrime – 2001 Criminalization International Cooperation Procedures Jurisdiction Criminalization Procedures Council of Europe Convention on Cybercrime Electronic evidence Jurisdiction Service Provider Liability International Cooperation © Dr. Frederick Wamala, CISSP® 19
  • 20. Commonwealth Legislation – 2002 International Cooperation Criminalization Jurisdiction Electronic evidence Criminalization Procedures Procedures Electronic evidence Commonwealth Model Legislation Jurisdiction Service Provider Liability International Cooperation © Dr. Frederick Wamala, CISSP® 20
  • 21. US – Joint Chief Lobby for Legislation © Dr. Frederick Wamala, CISSP® 21
  • 22. © Dr. Frederick Wamala, CISSP® 22
  • 23. Technical and Procedural Measures © Dr. Frederick Wamala, CISSP® 23
  • 24. Reactive – Subversion of Products © Dr. Frederick Wamala, CISSP® 24
  • 25. UK – Capacity to certify products © Dr. Frederick Wamala, CISSP® 25
  • 26. India – Comprehensive Approach © Dr. Frederick Wamala, CISSP® 26
  • 27. Gaps – Organisational Structures © Dr. Frederick Wamala, CISSP® 27
  • 28. India – National Cybersecurity Strategy  MCIT/Departmental cybersecurity strategy  Only CERT-In has a national cyber mandate  Oversight: MCIT; Defence, Home Affairs, NSA © Dr. Frederick Wamala, CISSP® 28
  • 29. DHS vs. White House Czar mandates © Dr. Frederick Wamala, CISSP® 29
  • 30. US – NSA involvement questioned © Dr. Frederick Wamala, CISSP® 30
  • 31. Gaps – Capacity Building © Dr. Frederick Wamala, CISSP® 31
  • 32. Gaps – Cybersecurity Skills  “India is regarded as an IT superpower but its record on IT security is not too brilliant. ... It does not have the required number of experts and professionals in cyber security.” – Dr. Arvind Gupta, IDSA, India, 27/06/2012 © Dr. Frederick Wamala, CISSP® 32
  • 33. © Dr. Frederick Wamala, CISSP® 33
  • 34. UK – Intelligence not retaining staff © Dr. Frederick Wamala, CISSP® 34
  • 35. Gaps – International Cooperation © Dr. Frederick Wamala, CISSP® 35
  • 36. Russia rejects Convention © Dr. Frederick Wamala, CISSP® 36
  • 37. Convention – Article 32 © Dr. Frederick Wamala, CISSP® 37
  • 38. EU and US wreck UN Treaty © Dr. Frederick Wamala, CISSP® 38
  • 39. Conclusion © Dr. Frederick Wamala, CISSP® 39
  • 40. © Dr. Frederick Wamala, CISSP® 40
  • 41. Questions? Dr. Frederick Wamala, CISSP® Cybersecurity Adviser – Strategic and Technical E-mail: f.wamala@efrivo.com Twitter: @DrWamala © Dr. Frederick Wamala, CISSP® 41