SlideShare uma empresa Scribd logo

Session 5.2 Martin Koyabe

Commonwealth Telecommunications Organisation
Commonwealth Telecommunications Organisation
Tecnologia
1 de 23
Baixar para ler offline
E-Government Security Threats BYOD – “The Elephant in the Room” Dr Martin Koyabe Head of Research & Consultancy (CTO)
© Commonwealth Telecommunications Organisation What is e-Government ? “ The use by government agencies of information communications technology to transform relations with citizens, businesses, and other arms of government.” Source: World Bank 2 radically
© Commonwealth Telecommunications Organisation Why e-Government ? “around 170 out of 193 countries have implemented some form of ICT (i.e. just having a website or even an email) “ Source: ITU 3 Better Government Government Efficient ParticipatoryEffective Accountable Transparent
© Commonwealth Telecommunications Organisation e-Government Interactions & Relationships 4 Government Citizens BusinessG-to-C C-to-G B-to-C C-to-B G-to-B B-to-GG-to-G C-to-C B-to-B
© Commonwealth Telecommunications Organisation South Korea e-Government Portal 5 Note: Very interactive despite having complex backend processing
© Commonwealth Telecommunications Organisation Swedish Tax Agency Portal 6 Note: Very trusted and easy to use
© Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #1 – Technical – Lack of adequate IT infrastructure o public service legacy systems still being used – Lack of technical knowledge o in deploying e-government strategic programs – Lack of efficient & robust secure system o in terms of information security & data privacy 7
© Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #2 – Political – Low prioritization of e-Government initiatives o Lack of policies, regulatory structures & resources – Poor strategic vision o Lack of integration with mainstream strategies – Lack of broad partnerships & collaborations o with relevant multi-stakeholders 8
© Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #3 – Cultural – e-Government -> “Big Brother” o Perception of government spying on its citizens – e-Government -> “Retrenchment” o Fears by public service staff about loosing jobs – Lack of confidence/trust in using e-Government systems o Poor education and lack of awareness – General fears o About loosing control or ownership of information 9
© Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #4 – Legal/Regulatory – Lack of relevant legislation o Data protection & privacy laws critical – Non-existence of cross-border peering agreements o To apprehend or pursue cybercriminal criminals – Less friendly regulatory environment o Need to encourage investment 10
© Commonwealth Telecommunications Organisation Hundreds of targets Dozens of campaigns Direct/Indirect attacks Target Security Threats Source: Symantec
© Commonwealth Telecommunications Organisation Target Security Threats (per Sector & Function) Source: Symantec
© Commonwealth Telecommunications Organisation Security Trends Impacting e-Government 13 “The Mobile – Paradigm Shift, is among the four key security trends impacting e-Government. Others are Malware, Targeted and Data Breaches attacks. “ Source: Symantec
© Commonwealth Telecommunications Organisation “The Elephant in the Room” • Bring Your Own Device (BYOD) – BYOD refers to smart phones and tablets that are not owned by the organisation 14
© Commonwealth Telecommunications Organisation Unmasking “The Elephant in the Room” • Despite high rate of BYOD adoption – Governance not well understood by many organisations – Initiatives sometimes approved without a business case – Inadequate information security functions 15 Study on BYOD Source: ISF/Ponemon Institute
© Commonwealth Telecommunications Organisation Main BYOD Risks • Caused by ownership of the device – Exposes organisations to different risk caused by owners behaviour & constrains available controls 16 Study on mobile devices Source: ISF/Trustwave Study (2013)
© Commonwealth Telecommunications Organisation How do you manage BYOD risks? • Approach should be information-centric – Impact on data (information) should be the focus 17 Physical Software Data • Hardware • Connectivity • Operating system • Applications • Information
© Commonwealth Telecommunications Organisation Managing BYOD risks • #2 A threat and Vulnerability assessment – Determines the likelihood of that impact 18 • #1 Conduct a Business Impact Assessment – Impact on organisation should Confidentiality, Integrity or Availability of information is compromised – Where applicable, use existing BIA for guidance
© Commonwealth Telecommunications Organisation Managing BYOD risks • #3 Conduct a Risk Treatment – Mitigation – applying appropriate security controls o e.g. malware protection, mobile devise management (MDM) or Data Loss Prevention (DLP) – Transfer – risks are shared with an external or via insurance – Avoidance – risk are avoided by cancelling a particular BYOD initiative – Acceptance – Business owners take responsibility 19
© Commonwealth Telecommunications Organisation Managing BYOD risks • Other deployment issues to consider – Implementing BYOD in the organisation o Need to define governance structures and policies – Evaluation o Collect metrics and user feedback – Enhancement o Maintain effective risk management efforts o Update the BYOD programme strategy and policies 20
© Commonwealth Telecommunications Organisation My thoughts • BYOD is here to stay • Ignore BYOD risk at your own peril • BYOD ownership behaviour adds more risk • If you want BYOD be prepared to compromise • BYOD data/stored information is more important 21
© Commonwealth Telecommunications Organisation Finally • e-Government is not the destination it’s the path to the destination 22
© Commonwealth Telecommunications Organisation Martin Koyabe e: m.koyabe@cto.int m: +44 (0) 791 871 2490 t: +44 (0) 208 600 3815 23 Q & A Session

Recomendados

Module 5 ig presentation iran 2
Module 5 ig presentation iran 2Module 5 ig presentation iran 2
Module 5 ig presentation iran 2
Habib Noroozi
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
segughana
 
The importance of cie in the digital era
The importance of cie in the digital eraThe importance of cie in the digital era
The importance of cie in the digital era
Ricardo de Almeida
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
segughana
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwe
segughana
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
segughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Ward
segughana
 

Recomendados

Module 5 ig presentation iran 2
Module 5 ig presentation iran 2Module 5 ig presentation iran 2
Module 5 ig presentation iran 2
Habib Noroozi
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
segughana
 
The importance of cie in the digital era
The importance of cie in the digital eraThe importance of cie in the digital era
The importance of cie in the digital era
Ricardo de Almeida
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
segughana
 
Cyber security general perspective a
Cyber security general perspective aCyber security general perspective a
Cyber security general perspective a
marukanda
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwe
segughana
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
segughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Ward
segughana
 
Session 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiSession 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El Shami
Commonwealth Telecommunications Organisation
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
ecommerce
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
Keelan Stewart
 
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Benjamin Ang
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
Kenny Huang Ph.D.
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
Benjamin Ang
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
segughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
segughana
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
Unisys Corporation
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Shiva Bissessar
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
Kartik Uppal
 
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Benjamin Ang
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Benjamin Ang
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
Syaiful Ahdan
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
segughana
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
Shiva Bissessar
 
The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115
Devaraj Sl
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
Shiva Bissessar
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 
Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
Cyril Soeri
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
Dr Lendy Spires
 

Mais conteúdo relacionado

Mais procurados

Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
ecommerce
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
segughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
segughana
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
Kartik Uppal
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
segughana
 
The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115
Devaraj Sl
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
sappingtonkr
 

Mais procurados (20)

Session 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiSession 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El Shami
 
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
Dr Dev Kambhampati | Strategic Principles for Securing the Internet of Things...
 
Maloney Slides
Maloney SlidesMaloney Slides
Maloney Slides
 
Cybersecurity Law and Risk Management
Cybersecurity Law and Risk ManagementCybersecurity Law and Risk Management
Cybersecurity Law and Risk Management
 
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...Framework of responsible state behaviour in cyberspace - for Marshall Center ...
Framework of responsible state behaviour in cyberspace - for Marshall Center ...
 
Cybersecurity and Internet Governance
Cybersecurity and Internet GovernanceCybersecurity and Internet Governance
Cybersecurity and Internet Governance
 
Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)Singapore Cybersecurity Strategy and Legislation (2018)
Singapore Cybersecurity Strategy and Legislation (2018)
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
 
Potential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical InfrastructurePotential Impact of Cyber Attacks on Critical Infrastructure
Potential Impact of Cyber Attacks on Critical Infrastructure
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
 
Capstone Final Presentation
Capstone Final PresentationCapstone Final Presentation
Capstone Final Presentation
 
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
Law and warfare in the cyber domain (for NSSP, AFP, NDCP)
 
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)
 
Chapter 11 laws and ethic information security
Chapter 11 laws and ethic information securityChapter 11 laws and ethic information security
Chapter 11 laws and ethic information security
 
CyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario HoffmannCyberSecurity-Forum-2010-Mario Hoffmann
CyberSecurity-Forum-2010-Mario Hoffmann
 
Cybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due DiligenceCybercrime Bill 2014: Due Diligence
Cybercrime Bill 2014: Due Diligence
 
The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115The criticality-of-security-in-the-internet-of-things joa-eng_1115
The criticality-of-security-in-the-internet-of-things joa-eng_1115
 
Its not ITs problem
Its not ITs problemIts not ITs problem
Its not ITs problem
 
02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security02 Legal, Ethical, and Professional Issues in Information Security
02 Legal, Ethical, and Professional Issues in Information Security
 

Semelhante a Session 5.2 Martin Koyabe

WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
Dr Lendy Spires
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
SelectedPresentations
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
segughana
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
Omlis
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
James Fisher
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network Infrastructure
Muhammad Zeeshan
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
Jim Romeo
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
Jim Romeo
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
John Palfreyman
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 

Semelhante a Session 5.2 Martin Koyabe (20)

Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.Your organization is at risk! Upgrade your IT security & IT governance now.
Your organization is at risk! Upgrade your IT security & IT governance now.
 
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT'sWSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
WSIS10 Action Line C5 Building Confidence and Security in the use of ICT's
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
 
CTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin KoyabeCTO-Cybersecurity-2010-Dr. Martin Koyabe
CTO-Cybersecurity-2010-Dr. Martin Koyabe
 
A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...A holistic approach to risk management 20210210 w acfe france & cyber rea...
A holistic approach to risk management 20210210 w acfe france & cyber rea...
 
Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective Omlis Data Breaches Report - An Inside Perspective
Omlis Data Breaches Report - An Inside Perspective
 
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
protectingyourbusinessfromcyberrisks-pptforseminarnov122014-141120120959-conv...
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network Infrastructure
 
REPORT USE OF CYBERSECURITY.pptx
REPORT USE OF CYBERSECURITY.pptxREPORT USE OF CYBERSECURITY.pptx
REPORT USE OF CYBERSECURITY.pptx
 
Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012Clinton- Cyber IRT Balto 10_2012
Clinton- Cyber IRT Balto 10_2012
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
AST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIOAST-0002415_MobileSecurity-CIO
AST-0002415_MobileSecurity-CIO
 
Cybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security ControlsCybersecurity: Connectivity, Collaboration and Security Controls
Cybersecurity: Connectivity, Collaboration and Security Controls
 
Combating cyber crimes chinatu
Combating cyber crimes chinatuCombating cyber crimes chinatu
Combating cyber crimes chinatu
 
Cyber Security at CTX15, London
Cyber Security at CTX15, LondonCyber Security at CTX15, London
Cyber Security at CTX15, London
 
IoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address themIoT security and privacy: main challenges and how ISOC-OTA address them
IoT security and privacy: main challenges and how ISOC-OTA address them
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
 

Mais de Commonwealth Telecommunications Organisation

Mais de Commonwealth Telecommunications Organisation (20)

Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le RouxCommonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael OjoCommonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint GironsCommonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois HernandezCommonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
 
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatseCommonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
 
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijerCommonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer HopeCommonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat DegertCommonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
 
we.learn.it - February 2015
we.learn.it - February 2015we.learn.it - February 2015
we.learn.it - February 2015
 
We learn it agenda
We learn it agendaWe learn it agenda
We learn it agenda
 
Reflections on scale up and transferability
Reflections on scale up and transferabilityReflections on scale up and transferability
Reflections on scale up and transferability
 
Planning your learning expedition final
Planning your learning expedition finalPlanning your learning expedition final
Planning your learning expedition final
 
Le template 2015 final
Le template 2015 finalLe template 2015 final
Le template 2015 final
 
Mapping Tools Version 3
Mapping Tools Version 3Mapping Tools Version 3
Mapping Tools Version 3
 
5 expedition posters
5 expedition posters5 expedition posters
5 expedition posters
 
Session 6.1 Stewart Room
Session 6.1 Stewart RoomSession 6.1 Stewart Room
Session 6.1 Stewart Room
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
Session 4.1 Roy Arends
Session 4.1 Roy ArendsSession 4.1 Roy Arends
Session 4.1 Roy Arends
 
Session 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj YunosSession 3.2 Zahri Hj Yunos
Session 3.2 Zahri Hj Yunos
 

Último

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Último (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Session 5.2 Martin Koyabe

  • 1. E-Government Security Threats BYOD – “The Elephant in the Room” Dr Martin Koyabe Head of Research & Consultancy (CTO)
  • 2. © Commonwealth Telecommunications Organisation What is e-Government ? “ The use by government agencies of information communications technology to transform relations with citizens, businesses, and other arms of government.” Source: World Bank 2 radically
  • 3. © Commonwealth Telecommunications Organisation Why e-Government ? “around 170 out of 193 countries have implemented some form of ICT (i.e. just having a website or even an email) “ Source: ITU 3 Better Government Government Efficient ParticipatoryEffective Accountable Transparent
  • 4. © Commonwealth Telecommunications Organisation e-Government Interactions & Relationships 4 Government Citizens BusinessG-to-C C-to-G B-to-C C-to-B G-to-B B-to-GG-to-G C-to-C B-to-B
  • 5. © Commonwealth Telecommunications Organisation South Korea e-Government Portal 5 Note: Very interactive despite having complex backend processing
  • 6. © Commonwealth Telecommunications Organisation Swedish Tax Agency Portal 6 Note: Very trusted and easy to use
  • 7. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #1 – Technical – Lack of adequate IT infrastructure o public service legacy systems still being used – Lack of technical knowledge o in deploying e-government strategic programs – Lack of efficient & robust secure system o in terms of information security & data privacy 7
  • 8. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #2 – Political – Low prioritization of e-Government initiatives o Lack of policies, regulatory structures & resources – Poor strategic vision o Lack of integration with mainstream strategies – Lack of broad partnerships & collaborations o with relevant multi-stakeholders 8
  • 9. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #3 – Cultural – e-Government -> “Big Brother” o Perception of government spying on its citizens – e-Government -> “Retrenchment” o Fears by public service staff about loosing jobs – Lack of confidence/trust in using e-Government systems o Poor education and lack of awareness – General fears o About loosing control or ownership of information 9
  • 10. © Commonwealth Telecommunications Organisation Challenges & Obstacles in e-Government #4 – Legal/Regulatory – Lack of relevant legislation o Data protection & privacy laws critical – Non-existence of cross-border peering agreements o To apprehend or pursue cybercriminal criminals – Less friendly regulatory environment o Need to encourage investment 10
  • 11. © Commonwealth Telecommunications Organisation Hundreds of targets Dozens of campaigns Direct/Indirect attacks Target Security Threats Source: Symantec
  • 12. © Commonwealth Telecommunications Organisation Target Security Threats (per Sector & Function) Source: Symantec
  • 13. © Commonwealth Telecommunications Organisation Security Trends Impacting e-Government 13 “The Mobile – Paradigm Shift, is among the four key security trends impacting e-Government. Others are Malware, Targeted and Data Breaches attacks. “ Source: Symantec
  • 14. © Commonwealth Telecommunications Organisation “The Elephant in the Room” • Bring Your Own Device (BYOD) – BYOD refers to smart phones and tablets that are not owned by the organisation 14
  • 15. © Commonwealth Telecommunications Organisation Unmasking “The Elephant in the Room” • Despite high rate of BYOD adoption – Governance not well understood by many organisations – Initiatives sometimes approved without a business case – Inadequate information security functions 15 Study on BYOD Source: ISF/Ponemon Institute
  • 16. © Commonwealth Telecommunications Organisation Main BYOD Risks • Caused by ownership of the device – Exposes organisations to different risk caused by owners behaviour & constrains available controls 16 Study on mobile devices Source: ISF/Trustwave Study (2013)
  • 17. © Commonwealth Telecommunications Organisation How do you manage BYOD risks? • Approach should be information-centric – Impact on data (information) should be the focus 17 Physical Software Data • Hardware • Connectivity • Operating system • Applications • Information
  • 18. © Commonwealth Telecommunications Organisation Managing BYOD risks • #2 A threat and Vulnerability assessment – Determines the likelihood of that impact 18 • #1 Conduct a Business Impact Assessment – Impact on organisation should Confidentiality, Integrity or Availability of information is compromised – Where applicable, use existing BIA for guidance
  • 19. © Commonwealth Telecommunications Organisation Managing BYOD risks • #3 Conduct a Risk Treatment – Mitigation – applying appropriate security controls o e.g. malware protection, mobile devise management (MDM) or Data Loss Prevention (DLP) – Transfer – risks are shared with an external or via insurance – Avoidance – risk are avoided by cancelling a particular BYOD initiative – Acceptance – Business owners take responsibility 19
  • 20. © Commonwealth Telecommunications Organisation Managing BYOD risks • Other deployment issues to consider – Implementing BYOD in the organisation o Need to define governance structures and policies – Evaluation o Collect metrics and user feedback – Enhancement o Maintain effective risk management efforts o Update the BYOD programme strategy and policies 20
  • 21. © Commonwealth Telecommunications Organisation My thoughts • BYOD is here to stay • Ignore BYOD risk at your own peril • BYOD ownership behaviour adds more risk • If you want BYOD be prepared to compromise • BYOD data/stored information is more important 21
  • 22. © Commonwealth Telecommunications Organisation Finally • e-Government is not the destination it’s the path to the destination 22
  • 23. © Commonwealth Telecommunications Organisation Martin Koyabe e: m.koyabe@cto.int m: +44 (0) 791 871 2490 t: +44 (0) 208 600 3815 23 Q & A Session