SlideShare uma empresa Scribd logo

National Cybersecurity Management System Framework

S
segughana

The document discusses the National Cybersecurity Management System (NCSecMS) framework proposed by Mohamed Dafir EL KETTANI for evaluating and improving national cybersecurity. The NCSecMS includes a National Cybersecurity Framework with 5 domains and 34 processes, a Maturity Model to assess process maturity levels, a Roles and Responsibilities chart (RACI) to define stakeholder roles, and an Implementation Guide roadmap. It also summarizes Morocco's "Maroc Numeric 2013" ICT Strategic Plan and Cybersecurity Roadmap initiatives to comply with international laws, set up a CERT team, and protect critical infrastructures.

TecnologiaNegócios
1 de 35
Baixar para ler offline
National Cybersecurity Management System Mohamed Dafir EL KETTANI PhD, ISO 27001 Lead Implementer Professor ENSIAS, University Mohammed V-Souissi, Morocco
Agenda 1 – Introduction 2 – National Cybersecurity Management System NCSec Framework Maturity Model Roles & Responsibilities Implementation Guide 3 – Morocco Case ICT Strategic Plan Cybersecurity Roadmap 4 – Conclusion
1 - Introduction
Introduction (1/3) • Increasing computer security challenges in the world; • Which entity(s) should be given the responsibility for National Cyber Security? – Case by case organisational structures – Partially standardized organisational structures (for example, CERTs) • Self-Assessment: – Best practices that organizations can refer to evaluate their readiness status; – Case by case strategies – Gap between countries and regions 1
Introduction (2/3) • But, there is lack of international standards (clear guidance) with which a State or region can measure its current security status. – Lack of framework – Lack of global vision in terms of: • Capacity building, Certification, • Self assessment • Responsibilities & Roles • Implementation process • Measurement through indicators • etc. – Harmonization between countries and regions is a delicate process 2
Introduction (3/3) • The main objective of this presentation is to propose a Model of National Cybersecurity Management System (NCSecMS), which is a global framework that best responds to the needs expressed by the ITU Global Cybersecurity Agenda (GCA 2007). – More than recommendations... – ... result of benchmarking – Answers real needs in terms of CyberSecurity – Adapted to a case by case implementation process • Working Team : – Former members of the HLEG Working Area 3 (Organisational Structures) 3
2 – National Cybersecurity Management System
NCSecMS Components NCSec Management System 1 NCSecFR ITU ISO Documents 27002 NCSec Framework 5 Domains 34 Processes 2 NCSec NCSecMM COBIT V4.1 Framework Maturity Model For each Process 3 NCSecRR National NCSec Stakeholders Framework Roles & RACI Chart Responsibilities by Process 4 ISO ISO NCSecIG 27003 27001 Implementation PDCA Guide 4
NCSecMS Components ITU Q22/1 (September 2009) NCSec Management System Moroccan Proposal ICEGOV 2008 1 NCSecFR Conference ITU ISO Documents 27002 NCSec Framework 5 Domains 34 Processes ECEG 2009 2 Conference NCSec NCSecMM COBIT V4.1 Framework Maturity Model For each Process ECIW 2009 3 NCSecRR Conference National NCSec Stakeholders Framework Roles & RACI Chart Responsibilities by Process ITU Tunis 2009 4 National ISO ISO NCSecIG 27003 27001 Implementation PDCA Recommandation Guide 6
NCSecMS Components ITU Q22/1 (September 2009) NCSec Management System Moroccan Proposal 1 NCSecFR –Points out vulnerabilities NCSec Framework 5 Domains 34 Processes & demonstrate them to gov. –Provides metrics to measure 2 their achievement NCSecMM Maturity Model For each Process – Points out Roles 3 NCSecRR and Responsibilities Roles & RACI Chart Responsibilities by Process – Find out needed profiles to achieve the role of 4 a stakeholder NCSecIG Implementation PDCA Guide 4
2.1 – National Cybersecurity Framework
NCSec Framework : 5 Domains / 34 proc 5
Domain 1: Strategy and Policies (SP) Proc Process Description NCSec Strategy SP1 Promulgate & endorse a National Cybersecurity Strategy Lead Institutions SP2 Identify a lead institutions for developing a national strategy, and 1 lead institution per stakeholder category NCSec Policies SP3 Identify or define policies of the NCSec strategy Critical Information Infrastructures Protection SP4 Establish & integrate risk management for identifying & prioritizing protective efforts regarding CII Stakeholders SP5 Identify the degree of readiness of each stakeholder regarding to the implementation of NCSec strategy & how stakeholders pursue the NCSec strategy & policies 6
Domain 2: Implementation and Organisation (IO) Proc Process Description NCSec Council IO1 Define National Cybersecurity Council for coordination between all stakeholders, to approve the NCSec strategy NCSec Authority IO2 Define Specific high level Authority for coordination among cybersecurity stakeholders National CERT IO3 Identify or establish a national CERT to prepare for, detect, respond to, and recover from national cyber incidents Privacy and Personnal Data Protection IO4 Review existing privacy regime and update it to the on-line environment Laws IO5 Ensure that a lawful framework is settled and regularly levelled Institutions IO6 Identify institutions with cybersecurity responsibilities, and procure resources that enable NCSec implementation National Experts and Policymakers IO7 Identify the appropriate experts and policymakers within government, private sector and university Training IO8 Identify training requirements and how to achieve them Government IO9 Implement a cybersecurity plan for government-operated systems, that takes into account changes management International Expertise IO10 Identify international expert counterparts and foster international efforts to address cybersecurity issues, including information sharing and assistance efforts 7
Domain 3: Awareness and Communication (AC) Proc Process Description AC1 Leaders in the Government Persuade national leaders in the government of the need for national action to address threats to and vulnerabilities of the NCSec through policy-level discussions AC2 National Cybersecurity and Capacity Manage National Cybersecurity and capacity at the national level AC3 Continuous Service Ensure continuous service within each stakeholder and among stakeholders AC4 National Awareness Promote a comprehensive national awareness program so that all participants—businesses, the general workforce, and the general population—secure their own parts of cyberspace AC5 Awareness Programs Implement security awareness programs and initiatives for users of systems and networks AC6 Citizens and Child Protection Support outreach to civil society with special attention to the needs of children and individual users AC7 Research and Development Enhance Research and Development (R&D) activities (through the identification of opportunities and allocation of funds) AC8 CSec Culture for Business Encourage the development of a culture of security in business enterprises AC9 Available Solutions Develop awareness of cyber risks and available solutions AC10 NCSec Communication 8 Ensure National Cybersecurity Communication
Domain 4 :Compliance and Coordination (CC) PS Process Description CC1 International Compliance & Cooperation Ensure regulatory compliance with regional and international recommendations, standards … CC2 National Cooperation Identify and establish mechanisms and arrangements for cooperation among government, private sector entities, university and ONGs at the national level CC3 Private sector Cooperation Encourage cooperation among groups from interdependent industries (through the identification of common threats) Encourage development of private sector groups from different critical infrastructure industries to address common security interest collaboratively with government (through the identification of problems and allocation of costs) CC4 Incidents Handling Manage incidents through national CERT to detect, respond to, and recover from national cyber incidents, through cooperative arrangement (especially between government and private sector) CC5 Points of Contact Establish points of contact (or CSIRT) within government, industry and university to facilitate consultation, cooperation and information exchange with national CERT, in order to monitor and evaluate NCSec performance in each sector 9
Domain 5: Evaluation and Monitoring (EM) Proc Process Description NCSec Observatory EM1 Set up the NCSec observatory Mechanisms for Evaluation EM2 Define mechanisms that can be used to coordinate the activities of the lead institution, the government, the private sector and civil society, in order to monitor and evaluate the global NCSec performance NCSec Assessment EM3 Assess and periodically reassess the current state of cybersecurity efforts and develop program priorities NCSec Governance EM4 Provide National Cybersecurity Governance 10
2.2 – Maturity Model
Maturity Model • CMM's Five Maturity Levels of Software Processes: • 1 : At the initial level, processes are disorganized, even chaotic. • 2 : At the repeatable level, basic project management techniques are established, and successes could be repeated. • 3 : At the defined level, an organization has developed its own standard software process. • 4 : At the managed level, an organization monitors and controls its own processes through data collection and analysis. • 5 : At the optimizing level, processes are constantly being improved through monitoring feedback 11
Maturity Model PS Process Level 1 Level 2 Level 3 Level 4 Level 5 Description SP1 Promulgate & Recognition of the NCSec is NCSec is NCSec is under NCSec is under endorse a National need for a announced & operational for all regular review continuous Cybersecurity National strategy planned. key activities improvement Strategy SP2 Identify a lead Some institutions Lead institutions Lead institutions Lead institutions Lead institutions institution for have an are announced are operational are under regular are under developing a national individual cyber- for all key for all key review continuous strategy, and 1 lead security strategy activities activities improvement institution per stakeholder category SP3 Identify or define Ad-hoc & Similar & Policies and National best Integrated policies of the Isolated common procedures are practices are policies & NCSec strategy approaches to processes defined, applied procedures policies & announced & documented, &repeatable Transnational practices planned operational best practice SP4 Establish & Recognition of the CIIP are Risk management CIIP risk CIIP risk integrate risk need for risk identified & process is management management management management planned. Risk approved & process is process evolves process for process in CIIP management operational for all complete, to automated identifying & process is CIIP repeatable, and workflow & prioritizing announced lead to CI best integrated to protective efforts practices enable regarding NCSec improvement (CIIP) 11
Self-Assessment SP1 5 EM4 4 SP4 3 2 CC2 1 IO2 0 SP1 Strategy CC1 IO3 SP4 CIIP IO2 Authority IO3 N-CERT IO5 Laws AC5 IO5 AC5 Awareness Prg CC1 Intern Coop CC2 Nat Coord EM4 Governance 12
2.3 - Roles and Responsibilities (RACI Chart)
RACI Chart / Stakeholders NCSec Strategy Promulgate & endorse a SP1 National I A C C R C C C I I R I I I Cybersecurity Strategy Lead Institutions Identify a lead institutions for developing a SP2 national strategy, I I A C R C C I I R C C C C and 1 lead institution per stakeholder category NCSec Policies Identify or define policies SP3 A C R C I C I R I I of the NCSec strategy Critical Infrastructures Establish & integrate risk management for SP4 identifying & A R R C I R C R I prioritizing protective efforts regarding NCSec (CIIP) 13 R = Responsible, A = Accountable, C = Consulted, I = Informed
2.4 – Implementation Guide
Implementation Guide •A roadmap to assist High Level Decision Makers CyberSecurity Implementation at the National Level 1 HL HL Awarness Approve Commitment Implementation 2 HL NCSec NCSec Commitment Framework Define Scope Strategy & Strategy 3 NCSec NCSec Nat. Inf Sec Conduct Strategy Maturity Model Assessment National Context Analysis 4 Nat. Inf Sec NCSec Processes Assessment Framework Conduct Risk Selected Assessment 5 NCSec Processes NCSec Design Managnt Syst Selected RACI Chart NCSec Managnt System 6 ISO NCSec MS NCSecIG Implement 27001 Implemt Prg 14 NCSec Managnt System
ACM Publication 15
3 – Morocco Case
“Maroc Numeric 2013” Morocco ICT Strategic Plan consists of… 2 Accompanying 2 Implementation 4 Strategic Priorities Measures Modes User-Oriented Social Computerization IT Industry Human Transformation Development of of SMEs Development Capital Cybersecurity Governance Budget Public Services Ensuring Access Public SMEs Entrepreneurial Supervision and Financial to Education Administration Professional Regulatory Follow-up and Areas of Cluster TI Governance Resources Players Efficiency Solutions Cluster TI Framework Structures Excellence Internet Citizens’ Raising Organizational Broadband IT Offshoring Offshoring TI Training Plans IT Observatory Services Awareness Offshoring TI Structures Access Local Content Enterprises’ Mobilization of New Training Promotion and Development Services prescriptions Courses Awareness 18 Initiatives 51 actions 16 28
Cybersecurity (1/2) Ambition Objectives 2013 • Compliance of IT Moroccan Laws (Protection of Ensure business trust, enhance Personal Data, Consumer Protection, Legal Electronic Cyber-confidence security capabilities, and secure Data Exchange) with common international Laws critical information infrastructures • 60 000 Electronic Certificates delivered Initiatives Projects Description Protection of Set up the National Commission for Data Protection (CNDP) Personal Data Regulatory Consumer Framework Elaborate the necessary legal and regulatory texts to protect online Consumers Protection ICT Legal Study Upgrade/update the legal and regulatory framework in order to face the Cybersecurity challenges and harmonize it with the partners countries Electronic Certification Provider Support the creation of PKI provider for ensuring electronic signature Creation of Computer Organizational Emergency Response Set up the National Computer Emergency Response Team (MA-CERT) Structures Team (ma-CERT) Critical Information Infrastructures Encourage the development of backup sites to ensure the Business Continuity Protection of Critical Information Infrastructures in Morocco 17 29
Cybersecurity (2/2) Initiatives Projects Description Awareness and Child/Younger Arise awareness of the children, younger and parents on the Cybersecurity Online Protection Communication and cyberconfidence issues s Administration and Enterprise Arise awareness of the administration and enterprises on the Cybersecurity awareness and cyberconfidence issues ISS integration in the Integrate the Information Security Systems (ISS) in the Higher Scientific Higher Education Education and training programs Judge/Magistrate Capacity ISS Training Ensure training on ISS for judges/magistrates building Continuous Training Ensure continuous training for administration employees/officials on ISS 18 30
4 – Conclusion
Conclusion • NCSecMS: – More than a best practice document related to National CyberSecurity. – Affords a complete environment with indicators at the national level, – Provides metrics to measure their achievement, and to identify from a cybersecurity viewpoint the associated responsibilities of stakeholders and control process. • Extensions: – Quality of implementation measurement for each element – Security metrics : a meaningful gauge of NCSec perf. – Costs and benefits of an organized, mature and high- quality security program can be better understood 19
Conclusion • National Cybersecurity Capacity Building: – Affords a complete environment describing needs and profiles at the national level, – Might provide metrics to measure their achievement, – Identifies from a cybersecurity viewpoint the associated responsibilities of stakeholders and the needed profiles (certification, etc.) • Extensions : – Quality of implementation measurement for each element – Capacity Building metrics – High-quality security adequate profiles can better answer national needs 20
Conclusion • Results: – NCSecMS: Adopted as a National Recommandation by the ITU during the ITU Regional Cybersecurity Forum for Africa and Arab States (4-5 June 2009, Tunis) – NCSecMS & ITU: Q22.1- september 2009 • Extension of this work: – Questionnaire elaboration – A benchmarking tool for evaluating CyberSecurity at the trans-national level, in collaboration with the ITU within its Global CyberSecurity Agenda: some national case studies 21
Thank you for your attention Email : dafir@ensias.ma

Recomendados

3DD 1e 31 Luglio Apertura
3DD 1e 31 Luglio Apertura3DD 1e 31 Luglio Apertura
3DD 1e 31 Luglio AperturaMarco Santambrogio
 
NESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewNESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewEnergySec
 
Fulltext02
Fulltext02Fulltext02
Fulltext02Aichetou Elkhadar
 
Best one cyber security roles gsr background-paper-on-cybersecurity-2009
Best one cyber security roles gsr background-paper-on-cybersecurity-2009Best one cyber security roles gsr background-paper-on-cybersecurity-2009
Best one cyber security roles gsr background-paper-on-cybersecurity-2009Syed Nasir Shah Gillani
 
ICT for Development Workers
ICT for Development WorkersICT for Development Workers
ICT for Development WorkersMark Walker
 
ICT For Economic Development A View From The CTO 12-07-07
ICT For Economic Development A View From The CTO 12-07-07ICT For Economic Development A View From The CTO 12-07-07
ICT For Economic Development A View From The CTO 12-07-07segughana
 
Digital Careers in Australia
Digital Careers in AustraliaDigital Careers in Australia
Digital Careers in AustraliaMatthew Bulat
 
The Development of e-Government in Uganda
The Development of e-Government in UgandaThe Development of e-Government in Uganda
The Development of e-Government in UgandaCommonwealth Telecommunications Organisation
 

Recomendados

3DD 1e 31 Luglio Apertura
3DD 1e 31 Luglio Apertura3DD 1e 31 Luglio Apertura
3DD 1e 31 Luglio AperturaMarco Santambrogio
 
NESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewNESCO/NESCOR Joint Overview
NESCO/NESCOR Joint OverviewEnergySec
 
Fulltext02
Fulltext02Fulltext02
Fulltext02Aichetou Elkhadar
 
Best one cyber security roles gsr background-paper-on-cybersecurity-2009
Best one cyber security roles gsr background-paper-on-cybersecurity-2009Best one cyber security roles gsr background-paper-on-cybersecurity-2009
Best one cyber security roles gsr background-paper-on-cybersecurity-2009Syed Nasir Shah Gillani
 
ICT for Development Workers
ICT for Development WorkersICT for Development Workers
ICT for Development WorkersMark Walker
 
ICT For Economic Development A View From The CTO 12-07-07
ICT For Economic Development A View From The CTO 12-07-07ICT For Economic Development A View From The CTO 12-07-07
ICT For Economic Development A View From The CTO 12-07-07segughana
 
Digital Careers in Australia
Digital Careers in AustraliaDigital Careers in Australia
Digital Careers in AustraliaMatthew Bulat
 
The Development of e-Government in Uganda
The Development of e-Government in UgandaThe Development of e-Government in Uganda
The Development of e-Government in UgandaCommonwealth Telecommunications Organisation
 
National Security Review
National Security ReviewNational Security Review
National Security ReviewSimoun Ung
 
Roles and Challenges for Government CIOs
Roles and Challenges for Government CIOsRoles and Challenges for Government CIOs
Roles and Challenges for Government CIOsNational Science and Technology Development Agency (NSTDA) - Thailand
 
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...Gayan Kalanamith Mannapperuma
 
e-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticatione-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticationderektop
 
ict policy scenario in Bangladesh
ict policy scenario in Bangladeshict policy scenario in Bangladesh
ict policy scenario in BangladeshMushfiqur Rahman
 
ICT Challenges for the Teachers
ICT Challenges for the TeachersICT Challenges for the Teachers
ICT Challenges for the TeachersMetamorphosis
 
The Case for Voice + Face Recognition
The Case for Voice + Face RecognitionThe Case for Voice + Face Recognition
The Case for Voice + Face Recognitionderektop
 
E-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica BoatengE-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica BoatengFrancisco J Grajales III
 
Day1 Bernard Ewah
Day1 Bernard EwahDay1 Bernard Ewah
Day1 Bernard EwahUS-Ignite
 
ICT AND NATIONAL DEVELOPMENT
ICT AND NATIONAL DEVELOPMENTICT AND NATIONAL DEVELOPMENT
ICT AND NATIONAL DEVELOPMENTONECITIZEN NETWORK
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyDirectorate of Information Security | Ditjen Aptika
 
Indonesia Broadband Plan
Indonesia Broadband PlanIndonesia Broadband Plan
Indonesia Broadband PlanThe World Bank
 
MySQL And Search At Craigslist
MySQL And Search At CraigslistMySQL And Search At Craigslist
MySQL And Search At CraigslistJeremy Zawodny
 
Agile Roles & responsibilities
Agile Roles & responsibilitiesAgile Roles & responsibilities
Agile Roles & responsibilitiesRavi Tadwalkar
 
ICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in IndiaICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in IndiaAttaluri Srinivasacharyulu
 
World Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - MéxicoWorld Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - MéxicoWCIT 2014
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy DevelopmentAlan McSweeney
 
Applications of Emotions Recognition
Applications of Emotions RecognitionApplications of Emotions Recognition
Applications of Emotions RecognitionFrancesco Bonadiman
 
Hive Quick Start Tutorial
Hive Quick Start TutorialHive Quick Start Tutorial
Hive Quick Start TutorialCarl Steinbach
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 
CISQ Introduction & Objectives - Dr. Bill Curtis
CISQ Introduction & Objectives - Dr. Bill CurtisCISQ Introduction & Objectives - Dr. Bill Curtis
CISQ Introduction & Objectives - Dr. Bill CurtisCISQ - Consortium for IT Software Quality
 
ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsMoutasm Tamimi
 

Mais conteúdo relacionado

Destaque

National Security Review
National Security ReviewNational Security Review
National Security ReviewSimoun Ung
 
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...Gayan Kalanamith Mannapperuma
 
e-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticatione-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticationderektop
 
ict policy scenario in Bangladesh
ict policy scenario in Bangladeshict policy scenario in Bangladesh
ict policy scenario in BangladeshMushfiqur Rahman
 
ICT Challenges for the Teachers
ICT Challenges for the TeachersICT Challenges for the Teachers
ICT Challenges for the TeachersMetamorphosis
 
The Case for Voice + Face Recognition
The Case for Voice + Face RecognitionThe Case for Voice + Face Recognition
The Case for Voice + Face Recognitionderektop
 
E-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica BoatengE-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica BoatengFrancisco J Grajales III
 
Day1 Bernard Ewah
Day1 Bernard EwahDay1 Bernard Ewah
Day1 Bernard EwahUS-Ignite
 
Indonesia Broadband Plan
Indonesia Broadband PlanIndonesia Broadband Plan
Indonesia Broadband PlanThe World Bank
 
MySQL And Search At Craigslist
MySQL And Search At CraigslistMySQL And Search At Craigslist
MySQL And Search At CraigslistJeremy Zawodny
 
Agile Roles & responsibilities
Agile Roles & responsibilitiesAgile Roles & responsibilities
Agile Roles & responsibilitiesRavi Tadwalkar
 
ICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in IndiaICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in IndiaAttaluri Srinivasacharyulu
 
World Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - MéxicoWorld Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - MéxicoWCIT 2014
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy DevelopmentAlan McSweeney
 
Applications of Emotions Recognition
Applications of Emotions RecognitionApplications of Emotions Recognition
Applications of Emotions RecognitionFrancesco Bonadiman
 
Hive Quick Start Tutorial
Hive Quick Start TutorialHive Quick Start Tutorial
Hive Quick Start TutorialCarl Steinbach
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
 

Destaque (20)

National Security Review
National Security ReviewNational Security Review
National Security Review
 
Roles and Challenges for Government CIOs
Roles and Challenges for Government CIOsRoles and Challenges for Government CIOs
Roles and Challenges for Government CIOs
 
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
Speech Recognition , Noise Filtering and Content Search Engine , Research Do...
 
e-Government Applications for Voice Authentication
e-Government Applications for Voice Authenticatione-Government Applications for Voice Authentication
e-Government Applications for Voice Authentication
 
ict policy scenario in Bangladesh
ict policy scenario in Bangladeshict policy scenario in Bangladesh
ict policy scenario in Bangladesh
 
ICT Challenges for the Teachers
ICT Challenges for the TeachersICT Challenges for the Teachers
ICT Challenges for the Teachers
 
The Case for Voice + Face Recognition
The Case for Voice + Face RecognitionThe Case for Voice + Face Recognition
The Case for Voice + Face Recognition
 
E-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica BoatengE-Government and E-Health Strategies by Mrs. Veronica Boateng
E-Government and E-Health Strategies by Mrs. Veronica Boateng
 
Day1 Bernard Ewah
Day1 Bernard EwahDay1 Bernard Ewah
Day1 Bernard Ewah
 
ICT AND NATIONAL DEVELOPMENT
ICT AND NATIONAL DEVELOPMENTICT AND NATIONAL DEVELOPMENT
ICT AND NATIONAL DEVELOPMENT
 
Indonesia National Cyber Security Strategy
Indonesia National Cyber Security StrategyIndonesia National Cyber Security Strategy
Indonesia National Cyber Security Strategy
 
Indonesia Broadband Plan
Indonesia Broadband PlanIndonesia Broadband Plan
Indonesia Broadband Plan
 
MySQL And Search At Craigslist
MySQL And Search At CraigslistMySQL And Search At Craigslist
MySQL And Search At Craigslist
 
Agile Roles & responsibilities
Agile Roles & responsibilitiesAgile Roles & responsibilities
Agile Roles & responsibilities
 
ICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in IndiaICT-enabled services for agricultural development in India
ICT-enabled services for agricultural development in India
 
World Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - MéxicoWorld Congress on Information Technology 2014 - México
World Congress on Information Technology 2014 - México
 
Ict Vision And Strategy Development
Ict Vision And Strategy DevelopmentIct Vision And Strategy Development
Ict Vision And Strategy Development
 
Applications of Emotions Recognition
Applications of Emotions RecognitionApplications of Emotions Recognition
Applications of Emotions Recognition
 
Hive Quick Start Tutorial
Hive Quick Start TutorialHive Quick Start Tutorial
Hive Quick Start Tutorial
 
Enterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber SecurityEnterprise Security Architecture for Cyber Security
Enterprise Security Architecture for Cyber Security
 

Semelhante a National Cybersecurity Management System Framework

ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsMoutasm Tamimi
 
Vectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric InteroperabilityVectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric InteroperabilityGovCloud Network
 
The Latest in Cloud Computing Standards
The Latest in Cloud Computing StandardsThe Latest in Cloud Computing Standards
The Latest in Cloud Computing StandardsCA API Management
 
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smbCost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smbLalit Choudhary
 
Nist Cloud Computing Program Overview Nov 2010
Nist Cloud Computing Program Overview Nov 2010Nist Cloud Computing Program Overview Nov 2010
Nist Cloud Computing Program Overview Nov 2010GovCloud Network
 
Exploring NISC Architectures for Matrix Application
Exploring NISC Architectures for Matrix ApplicationExploring NISC Architectures for Matrix Application
Exploring NISC Architectures for Matrix ApplicationIDES Editor
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and productsJavier Tallón
 
RMAA Adelaide Bringing it all back home Slide Notes
RMAA Adelaide Bringing it all back home Slide NotesRMAA Adelaide Bringing it all back home Slide Notes
RMAA Adelaide Bringing it all back home Slide NotesStephen Clarke
 
Mpkk 2012 ICT SPM
Mpkk 2012 ICT SPMMpkk 2012 ICT SPM
Mpkk 2012 ICT SPMaimarashid
 
Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report fcleary
 
Application Logging for Forensics
Application Logging for ForensicsApplication Logging for Forensics
Application Logging for ForensicsRaffael Marty
 
The Cloudification Perspectives of Search-based Software Testing
The Cloudification Perspectives of Search-based Software TestingThe Cloudification Perspectives of Search-based Software Testing
The Cloudification Perspectives of Search-based Software TestingSebastiano Panichella
 
IT - Enterprise Service Operation Center
IT - Enterprise Service Operation CenterIT - Enterprise Service Operation Center
IT - Enterprise Service Operation CenterSameer Paradia
 
Cloud Native DevOps
Cloud Native DevOpsCloud Native DevOps
Cloud Native DevOpsJim Bugwadia
 
Towards an Agile Foundation for the Creation and Enactment of Software Engine...
Towards an Agile Foundation for the Creation and Enactment of Software Engine...Towards an Agile Foundation for the Creation and Enactment of Software Engine...
Towards an Agile Foundation for the Creation and Enactment of Software Engine...Brian Elvesæter
 
Systems development fall 2006
Systems development fall 2006Systems development fall 2006
Systems development fall 2006eeetq
 

Semelhante a National Cybersecurity Management System Framework (20)

CISQ Introduction & Objectives - Dr. Bill Curtis
CISQ Introduction & Objectives - Dr. Bill CurtisCISQ Introduction & Objectives - Dr. Bill Curtis
CISQ Introduction & Objectives - Dr. Bill Curtis
 
ISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEsISO 29110 Software Quality Model For Software SMEs
ISO 29110 Software Quality Model For Software SMEs
 
Vectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric InteroperabilityVectors in Federal Cloud Computing - Network-centric Interoperability
Vectors in Federal Cloud Computing - Network-centric Interoperability
 
The Latest in Cloud Computing Standards
The Latest in Cloud Computing StandardsThe Latest in Cloud Computing Standards
The Latest in Cloud Computing Standards
 
Cost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smbCost effective auditing of web applications and networks in smb
Cost effective auditing of web applications and networks in smb
 
Nist Cloud Computing Program Overview Nov 2010
Nist Cloud Computing Program Overview Nov 2010Nist Cloud Computing Program Overview Nov 2010
Nist Cloud Computing Program Overview Nov 2010
 
Exploring NISC Architectures for Matrix Application
Exploring NISC Architectures for Matrix ApplicationExploring NISC Architectures for Matrix Application
Exploring NISC Architectures for Matrix Application
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
DevOps PPt.pptx
DevOps PPt.pptxDevOps PPt.pptx
DevOps PPt.pptx
 
Experiences evaluating cloud services and products
Experiences evaluating cloud services and productsExperiences evaluating cloud services and products
Experiences evaluating cloud services and products
 
RMAA Adelaide Bringing it all back home Slide Notes
RMAA Adelaide Bringing it all back home Slide NotesRMAA Adelaide Bringing it all back home Slide Notes
RMAA Adelaide Bringing it all back home Slide Notes
 
Mpkk 2012 ICT SPM
Mpkk 2012 ICT SPMMpkk 2012 ICT SPM
Mpkk 2012 ICT SPM
 
Effectsplus july event report
Effectsplus july event report Effectsplus july event report
Effectsplus july event report
 
Application Logging for Forensics
Application Logging for ForensicsApplication Logging for Forensics
Application Logging for Forensics
 
The Cloudification Perspectives of Search-based Software Testing
The Cloudification Perspectives of Search-based Software TestingThe Cloudification Perspectives of Search-based Software Testing
The Cloudification Perspectives of Search-based Software Testing
 
IT - Enterprise Service Operation Center
IT - Enterprise Service Operation CenterIT - Enterprise Service Operation Center
IT - Enterprise Service Operation Center
 
Internship Report
Internship ReportInternship Report
Internship Report
 
Cloud Native DevOps
Cloud Native DevOpsCloud Native DevOps
Cloud Native DevOps
 
Towards an Agile Foundation for the Creation and Enactment of Software Engine...
Towards an Agile Foundation for the Creation and Enactment of Software Engine...Towards an Agile Foundation for the Creation and Enactment of Software Engine...
Towards an Agile Foundation for the Creation and Enactment of Software Engine...
 
Systems development fall 2006
Systems development fall 2006Systems development fall 2006
Systems development fall 2006
 

Mais de segughana

CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Reportsegughana
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Borensegughana
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhousesegughana
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Wardsegughana
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johansonsegughana
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victorsegughana
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Wardsegughana
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpsonsegughana
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francissegughana
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwesegughana
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernandosegughana
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carrsegughana
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crainsegughana
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundusegughana
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torressegughana
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowskisegughana
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardnersegughana
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oramsegughana
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesingsegughana
 

Mais de segughana (20)

CTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-ReportCTO-CRC-Africa-2010-Report
CTO-CRC-Africa-2010-Report
 
CTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-BorenCTO-CyberSecurityForum-2010-Brisson-Boren
CTO-CyberSecurityForum-2010-Brisson-Boren
 
CTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouseCTO-CyberSecurityForum-2010-Anthony dyhouse
CTO-CyberSecurityForum-2010-Anthony dyhouse
 
CTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles WardCTO-CyberSecurityForum-2010-Charles Ward
CTO-CyberSecurityForum-2010-Charles Ward
 
CTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders JohansonCTO-CyberSecurityForum-2010-Anders Johanson
CTO-CyberSecurityForum-2010-Anders Johanson
 
CTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip VictorCTO-CyberSecurityForum-2010-Philip Victor
CTO-CyberSecurityForum-2010-Philip Victor
 
CTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des WardCTO-CybersecurityForum-2010-Des Ward
CTO-CybersecurityForum-2010-Des Ward
 
CTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard SimpsonCTO-CybersecurityForum-2010-Richard Simpson
CTO-CybersecurityForum-2010-Richard Simpson
 
CTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francisCTO-CybersecurityForum-2010-Daisy francis
CTO-CybersecurityForum-2010-Daisy francis
 
CTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia AsognweCTO-CybersecurityForum-2010-Patricia Asognwe
CTO-CybersecurityForum-2010-Patricia Asognwe
 
CTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha FernandoCTO-CybersecurityForum-2010-Jayantha Fernando
CTO-CybersecurityForum-2010-Jayantha Fernando
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
CTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John CarrCTO-CybersecurityForum-2010-John Carr
CTO-CybersecurityForum-2010-John Carr
 
CTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John CrainCTO-CybersecurityForum-2010-John Crain
CTO-CybersecurityForum-2010-John Crain
 
CTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael KatunduCTO-CybersecurityForum-2010-Michael Katundu
CTO-CybersecurityForum-2010-Michael Katundu
 
CTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe TorresCTO-CybersecurityForum-2010-Joe Torres
CTO-CybersecurityForum-2010-Joe Torres
 
Tomasz Czajkowski
Tomasz CzajkowskiTomasz Czajkowski
Tomasz Czajkowski
 
CTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will GardnerCTO-CybersecurityForum-2010-Will Gardner
CTO-CybersecurityForum-2010-Will Gardner
 
CTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-OramCTO-CybersecurityForum-2010-Mark-Oram
CTO-CybersecurityForum-2010-Mark-Oram
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 

Último

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Último (20)

Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

National Cybersecurity Management System Framework

  • 1. National Cybersecurity Management System Mohamed Dafir EL KETTANI PhD, ISO 27001 Lead Implementer Professor ENSIAS, University Mohammed V-Souissi, Morocco
  • 2. Agenda 1 – Introduction 2 – National Cybersecurity Management System NCSec Framework Maturity Model Roles & Responsibilities Implementation Guide 3 – Morocco Case ICT Strategic Plan Cybersecurity Roadmap 4 – Conclusion
  • 4. Introduction (1/3) • Increasing computer security challenges in the world; • Which entity(s) should be given the responsibility for National Cyber Security? – Case by case organisational structures – Partially standardized organisational structures (for example, CERTs) • Self-Assessment: – Best practices that organizations can refer to evaluate their readiness status; – Case by case strategies – Gap between countries and regions 1
  • 5. Introduction (2/3) • But, there is lack of international standards (clear guidance) with which a State or region can measure its current security status. – Lack of framework – Lack of global vision in terms of: • Capacity building, Certification, • Self assessment • Responsibilities & Roles • Implementation process • Measurement through indicators • etc. – Harmonization between countries and regions is a delicate process 2
  • 6. Introduction (3/3) • The main objective of this presentation is to propose a Model of National Cybersecurity Management System (NCSecMS), which is a global framework that best responds to the needs expressed by the ITU Global Cybersecurity Agenda (GCA 2007). – More than recommendations... – ... result of benchmarking – Answers real needs in terms of CyberSecurity – Adapted to a case by case implementation process • Working Team : – Former members of the HLEG Working Area 3 (Organisational Structures) 3
  • 7. 2 – National Cybersecurity Management System
  • 8. NCSecMS Components NCSec Management System 1 NCSecFR ITU ISO Documents 27002 NCSec Framework 5 Domains 34 Processes 2 NCSec NCSecMM COBIT V4.1 Framework Maturity Model For each Process 3 NCSecRR National NCSec Stakeholders Framework Roles & RACI Chart Responsibilities by Process 4 ISO ISO NCSecIG 27003 27001 Implementation PDCA Guide 4
  • 9. NCSecMS Components ITU Q22/1 (September 2009) NCSec Management System Moroccan Proposal ICEGOV 2008 1 NCSecFR Conference ITU ISO Documents 27002 NCSec Framework 5 Domains 34 Processes ECEG 2009 2 Conference NCSec NCSecMM COBIT V4.1 Framework Maturity Model For each Process ECIW 2009 3 NCSecRR Conference National NCSec Stakeholders Framework Roles & RACI Chart Responsibilities by Process ITU Tunis 2009 4 National ISO ISO NCSecIG 27003 27001 Implementation PDCA Recommandation Guide 6
  • 10. NCSecMS Components ITU Q22/1 (September 2009) NCSec Management System Moroccan Proposal 1 NCSecFR –Points out vulnerabilities NCSec Framework 5 Domains 34 Processes & demonstrate them to gov. –Provides metrics to measure 2 their achievement NCSecMM Maturity Model For each Process – Points out Roles 3 NCSecRR and Responsibilities Roles & RACI Chart Responsibilities by Process – Find out needed profiles to achieve the role of 4 a stakeholder NCSecIG Implementation PDCA Guide 4
  • 11. 2.1 – National Cybersecurity Framework
  • 12. NCSec Framework : 5 Domains / 34 proc 5
  • 13. Domain 1: Strategy and Policies (SP) Proc Process Description NCSec Strategy SP1 Promulgate & endorse a National Cybersecurity Strategy Lead Institutions SP2 Identify a lead institutions for developing a national strategy, and 1 lead institution per stakeholder category NCSec Policies SP3 Identify or define policies of the NCSec strategy Critical Information Infrastructures Protection SP4 Establish & integrate risk management for identifying & prioritizing protective efforts regarding CII Stakeholders SP5 Identify the degree of readiness of each stakeholder regarding to the implementation of NCSec strategy & how stakeholders pursue the NCSec strategy & policies 6
  • 14. Domain 2: Implementation and Organisation (IO) Proc Process Description NCSec Council IO1 Define National Cybersecurity Council for coordination between all stakeholders, to approve the NCSec strategy NCSec Authority IO2 Define Specific high level Authority for coordination among cybersecurity stakeholders National CERT IO3 Identify or establish a national CERT to prepare for, detect, respond to, and recover from national cyber incidents Privacy and Personnal Data Protection IO4 Review existing privacy regime and update it to the on-line environment Laws IO5 Ensure that a lawful framework is settled and regularly levelled Institutions IO6 Identify institutions with cybersecurity responsibilities, and procure resources that enable NCSec implementation National Experts and Policymakers IO7 Identify the appropriate experts and policymakers within government, private sector and university Training IO8 Identify training requirements and how to achieve them Government IO9 Implement a cybersecurity plan for government-operated systems, that takes into account changes management International Expertise IO10 Identify international expert counterparts and foster international efforts to address cybersecurity issues, including information sharing and assistance efforts 7
  • 15. Domain 3: Awareness and Communication (AC) Proc Process Description AC1 Leaders in the Government Persuade national leaders in the government of the need for national action to address threats to and vulnerabilities of the NCSec through policy-level discussions AC2 National Cybersecurity and Capacity Manage National Cybersecurity and capacity at the national level AC3 Continuous Service Ensure continuous service within each stakeholder and among stakeholders AC4 National Awareness Promote a comprehensive national awareness program so that all participants—businesses, the general workforce, and the general population—secure their own parts of cyberspace AC5 Awareness Programs Implement security awareness programs and initiatives for users of systems and networks AC6 Citizens and Child Protection Support outreach to civil society with special attention to the needs of children and individual users AC7 Research and Development Enhance Research and Development (R&D) activities (through the identification of opportunities and allocation of funds) AC8 CSec Culture for Business Encourage the development of a culture of security in business enterprises AC9 Available Solutions Develop awareness of cyber risks and available solutions AC10 NCSec Communication 8 Ensure National Cybersecurity Communication
  • 16. Domain 4 :Compliance and Coordination (CC) PS Process Description CC1 International Compliance & Cooperation Ensure regulatory compliance with regional and international recommendations, standards … CC2 National Cooperation Identify and establish mechanisms and arrangements for cooperation among government, private sector entities, university and ONGs at the national level CC3 Private sector Cooperation Encourage cooperation among groups from interdependent industries (through the identification of common threats) Encourage development of private sector groups from different critical infrastructure industries to address common security interest collaboratively with government (through the identification of problems and allocation of costs) CC4 Incidents Handling Manage incidents through national CERT to detect, respond to, and recover from national cyber incidents, through cooperative arrangement (especially between government and private sector) CC5 Points of Contact Establish points of contact (or CSIRT) within government, industry and university to facilitate consultation, cooperation and information exchange with national CERT, in order to monitor and evaluate NCSec performance in each sector 9
  • 17. Domain 5: Evaluation and Monitoring (EM) Proc Process Description NCSec Observatory EM1 Set up the NCSec observatory Mechanisms for Evaluation EM2 Define mechanisms that can be used to coordinate the activities of the lead institution, the government, the private sector and civil society, in order to monitor and evaluate the global NCSec performance NCSec Assessment EM3 Assess and periodically reassess the current state of cybersecurity efforts and develop program priorities NCSec Governance EM4 Provide National Cybersecurity Governance 10
  • 19. Maturity Model • CMM's Five Maturity Levels of Software Processes: • 1 : At the initial level, processes are disorganized, even chaotic. • 2 : At the repeatable level, basic project management techniques are established, and successes could be repeated. • 3 : At the defined level, an organization has developed its own standard software process. • 4 : At the managed level, an organization monitors and controls its own processes through data collection and analysis. • 5 : At the optimizing level, processes are constantly being improved through monitoring feedback 11
  • 20. Maturity Model PS Process Level 1 Level 2 Level 3 Level 4 Level 5 Description SP1 Promulgate & Recognition of the NCSec is NCSec is NCSec is under NCSec is under endorse a National need for a announced & operational for all regular review continuous Cybersecurity National strategy planned. key activities improvement Strategy SP2 Identify a lead Some institutions Lead institutions Lead institutions Lead institutions Lead institutions institution for have an are announced are operational are under regular are under developing a national individual cyber- for all key for all key review continuous strategy, and 1 lead security strategy activities activities improvement institution per stakeholder category SP3 Identify or define Ad-hoc & Similar & Policies and National best Integrated policies of the Isolated common procedures are practices are policies & NCSec strategy approaches to processes defined, applied procedures policies & announced & documented, &repeatable Transnational practices planned operational best practice SP4 Establish & Recognition of the CIIP are Risk management CIIP risk CIIP risk integrate risk need for risk identified & process is management management management management planned. Risk approved & process is process evolves process for process in CIIP management operational for all complete, to automated identifying & process is CIIP repeatable, and workflow & prioritizing announced lead to CI best integrated to protective efforts practices enable regarding NCSec improvement (CIIP) 11
  • 21. Self-Assessment SP1 5 EM4 4 SP4 3 2 CC2 1 IO2 0 SP1 Strategy CC1 IO3 SP4 CIIP IO2 Authority IO3 N-CERT IO5 Laws AC5 IO5 AC5 Awareness Prg CC1 Intern Coop CC2 Nat Coord EM4 Governance 12
  • 22. 2.3 - Roles and Responsibilities (RACI Chart)
  • 23. RACI Chart / Stakeholders NCSec Strategy Promulgate & endorse a SP1 National I A C C R C C C I I R I I I Cybersecurity Strategy Lead Institutions Identify a lead institutions for developing a SP2 national strategy, I I A C R C C I I R C C C C and 1 lead institution per stakeholder category NCSec Policies Identify or define policies SP3 A C R C I C I R I I of the NCSec strategy Critical Infrastructures Establish & integrate risk management for SP4 identifying & A R R C I R C R I prioritizing protective efforts regarding NCSec (CIIP) 13 R = Responsible, A = Accountable, C = Consulted, I = Informed
  • 25. Implementation Guide •A roadmap to assist High Level Decision Makers CyberSecurity Implementation at the National Level 1 HL HL Awarness Approve Commitment Implementation 2 HL NCSec NCSec Commitment Framework Define Scope Strategy & Strategy 3 NCSec NCSec Nat. Inf Sec Conduct Strategy Maturity Model Assessment National Context Analysis 4 Nat. Inf Sec NCSec Processes Assessment Framework Conduct Risk Selected Assessment 5 NCSec Processes NCSec Design Managnt Syst Selected RACI Chart NCSec Managnt System 6 ISO NCSec MS NCSecIG Implement 27001 Implemt Prg 14 NCSec Managnt System
  • 28. “Maroc Numeric 2013” Morocco ICT Strategic Plan consists of… 2 Accompanying 2 Implementation 4 Strategic Priorities Measures Modes User-Oriented Social Computerization IT Industry Human Transformation Development of of SMEs Development Capital Cybersecurity Governance Budget Public Services Ensuring Access Public SMEs Entrepreneurial Supervision and Financial to Education Administration Professional Regulatory Follow-up and Areas of Cluster TI Governance Resources Players Efficiency Solutions Cluster TI Framework Structures Excellence Internet Citizens’ Raising Organizational Broadband IT Offshoring Offshoring TI Training Plans IT Observatory Services Awareness Offshoring TI Structures Access Local Content Enterprises’ Mobilization of New Training Promotion and Development Services prescriptions Courses Awareness 18 Initiatives 51 actions 16 28
  • 29. Cybersecurity (1/2) Ambition Objectives 2013 • Compliance of IT Moroccan Laws (Protection of Ensure business trust, enhance Personal Data, Consumer Protection, Legal Electronic Cyber-confidence security capabilities, and secure Data Exchange) with common international Laws critical information infrastructures • 60 000 Electronic Certificates delivered Initiatives Projects Description Protection of Set up the National Commission for Data Protection (CNDP) Personal Data Regulatory Consumer Framework Elaborate the necessary legal and regulatory texts to protect online Consumers Protection ICT Legal Study Upgrade/update the legal and regulatory framework in order to face the Cybersecurity challenges and harmonize it with the partners countries Electronic Certification Provider Support the creation of PKI provider for ensuring electronic signature Creation of Computer Organizational Emergency Response Set up the National Computer Emergency Response Team (MA-CERT) Structures Team (ma-CERT) Critical Information Infrastructures Encourage the development of backup sites to ensure the Business Continuity Protection of Critical Information Infrastructures in Morocco 17 29
  • 30. Cybersecurity (2/2) Initiatives Projects Description Awareness and Child/Younger Arise awareness of the children, younger and parents on the Cybersecurity Online Protection Communication and cyberconfidence issues s Administration and Enterprise Arise awareness of the administration and enterprises on the Cybersecurity awareness and cyberconfidence issues ISS integration in the Integrate the Information Security Systems (ISS) in the Higher Scientific Higher Education Education and training programs Judge/Magistrate Capacity ISS Training Ensure training on ISS for judges/magistrates building Continuous Training Ensure continuous training for administration employees/officials on ISS 18 30
  • 32. Conclusion • NCSecMS: – More than a best practice document related to National CyberSecurity. – Affords a complete environment with indicators at the national level, – Provides metrics to measure their achievement, and to identify from a cybersecurity viewpoint the associated responsibilities of stakeholders and control process. • Extensions: – Quality of implementation measurement for each element – Security metrics : a meaningful gauge of NCSec perf. – Costs and benefits of an organized, mature and high- quality security program can be better understood 19
  • 33. Conclusion • National Cybersecurity Capacity Building: – Affords a complete environment describing needs and profiles at the national level, – Might provide metrics to measure their achievement, – Identifies from a cybersecurity viewpoint the associated responsibilities of stakeholders and the needed profiles (certification, etc.) • Extensions : – Quality of implementation measurement for each element – Capacity Building metrics – High-quality security adequate profiles can better answer national needs 20
  • 34. Conclusion • Results: – NCSecMS: Adopted as a National Recommandation by the ITU during the ITU Regional Cybersecurity Forum for Africa and Arab States (4-5 June 2009, Tunis) – NCSecMS & ITU: Q22.1- september 2009 • Extension of this work: – Questionnaire elaboration – A benchmarking tool for evaluating CyberSecurity at the trans-national level, in collaboration with the ITU within its Global CyberSecurity Agenda: some national case studies 21
  • 35. Thank you for your attention Email : dafir@ensias.ma