Post on 20-Jul-2015
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 1
CYBER SECURITY
WEBINARCYBER SECURITY IN MEXICO: THE BIG PICTURE AND STATUS
5 February 2015
CYBER SECURITY WEBINAR
Guest Speakers
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 2
Agenda
•Cyber Security's Overview• Gonzalo Espinosa
•Privacy and Personal Data Protection• Manuel Mejías
•Information Security Management, Business Continuity
and Incident Response • Jorge Garibay
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 3
Cyber Security's Overview
Gonzalo Espinosa
Academy
Gov
PressPrivate Business
NGOs &
Society
ALAPSI AC & Cyber security
• Established in 1995, Mexico City
• 300+ Latin American Info Sec
Professionals• Belgium, Ecuador, Finland,
Mexico, Spain, USA
• Promotes knowledge• Improves skills• Nurtures experience
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 4
The Federal Government and cyber
security
• The National Development Plan 2013 – 2018 • Deep changes to Mexico in
• Security
• Productivity
• Quality of education and
• Prosperity
Defending networks and disrupting
criminal activity
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 5
Protecting from cyber threats
Investing in cyber security
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 6
References
http://es.slideshare.net/edgbargaye/mint-countries-mexico-indonesia-nigeria-and-turkey
Privacy and Personal Data Protection
Manuel Mejías
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 7
0. The big picture
01. Cyber-attacks • 02. Data breaches
03. Perception & Understanding
01. Cyber-attacks
• Research by foreign enterprises doing
business in Mexico:
• Mexico held worst place in cyber-attack resilience (201201)• http://www.bbc.co.uk/mundo/noticias/2012/01/120131_ciberataques_paises_mejor_peor_preparados_adz.shtml
• Mexico is target of a cyber-attack every 12 seconds (201404)• http://eleconomista.com.mx/tecnociencia/2014/04/20/mexico-sufre-12-ataques-ciberneticos-cada-segundo-0
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 8
01. Cyber-attacks
•Research by foreign enterprises doing business
in Mexico:
Mexican businesses neglect cyber-security (201406)http://eleconomista.com.mx/tecnociencia/2014/06/03/empresas-piensan-medias-seguridad-digital
Increase
2012 → 2013 | 113% • 2013 → 2014 | 300%
Distribution
Academic sector: 39% Public sector: 31%
Private sector: 26% Other entities: 4%
02. Data breaches
•Research by journalists in Mexican media:
Electoral database (INE, formerly IFE) (1999-2002)http://www.cronica.com.mx/notas/2003/65060.html
Other governmental databases: electoral, vehicle, "driver's
license", police (201004)http://www.eluniversal.com.mx/nacion/177126.html
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 9
02. Data breaches
•Research by journalists in Mexican media:Data breach at Liverpool, a major department store, third in
nation in issued credit cards
Analysis of disclosed documents (201501)http://www.ultimapalabra.mx/radiografia-del-hackeo-a-liverpool/
Monetary loss estimation at $100 million MXN (201501)http://www.elfinanciero.com.mx/empresas/hackeo-a-liverpool-podria-costarle-mas-de-100-mdp-estiman.html
Paradigm change: Businesses will be exposed!!
03. Perception & Understanding
•Research by foreign enterprises doing business
in Mexico:
1 in every 4 Mexicans distrust info-security industry (201410)http://www.elitinfraservices.com/index.php/netnews/531-1-de-cada-4-usuarios-mexicanos-no-creen-en-ciberamenazas
The rest does not even understand the problem because of age
and education
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 10
A. Public Sector
A1. Creation of normative instruments
A2. Federal government budget:
Intelligence
A1. Creation of normative
instruments•Laws & secondary regulations
1.Personal data protection, Public sector (LFTAIPG) 2002
2.Personal data protection, Private sector (LFPDPPP) 2010
3.Telecommunications (Mass surveillance chapter), Private
sector (LFTR) 2014
•Mandatory framework1.Governance · Strategy · Service delivery · Support
(MAAGTIC) 2010
2.Governance + Information security · Strategy · Service
delivery · Support (MAAGTIC-SI) 2011
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 11
A2. Federal government budget:
Intelligence•Federal government budget - Intelligence
http://sipse.com/mexico/cisen-triplico-intervencion-comunicaciones-gobierno-pena-nieto-130054.html
http://eleconomista.com.mx/sociedad/2014/12/23/vigilancia-telefonica-cisen-crecio-2000-tres-anos
A2. Federal government budget:
Intelligence•Federal government budget - Intelligence
http://sipse.com/mexico/cisen-triplico-intervencion-comunicaciones-gobierno-pena-nieto-130054.html
http://eleconomista.com.mx/sociedad/2014/09/14/cisen-tendra-7616-mdp-2015
http://www.cisen.gob.mx/pdfs/doc_desclasificados/17_2008_PRESUPUESTO_DICIEMBRE_2006_JULIO_2008.pdf
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 12
A2. Federal government budget:
Intelligence•Federal government budget - Intelligence
http://sipse.com/mexico/presupuesto-cisen-nueva-tecnologia-mexico-grafica-111235.html
B. Private Sector
B1. R&D (startups)
B2. Compliance with personal data
protection
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 13
B1. R&D (startups)
•Hardware: Firewall technologies
•Software: Safe Web navigation for kids
•Core technologies1. Fraud detectionSuitable for financial institutions • One patent • Founders sold enterprise to another,
larger firm • One of its founders moved to Silicon Valley to open a venture capital firm
2. Software hygieneMethodology based on a paradigm that substantially differs from the traditional
detection paradigm • 8 patents • Able to stop data breaches in 3 of the 7 stages of
the Lockheed Martin cyber-attack kill chain model • Proven effectiveness by Swedish
and Spanish security experts
B2. Compliance with PDP
Secretaría de Economía (the Mexican ministry of
economy) Survey (2013):–5.1 million registered businesses | 0.2% are large
enterprises
27%
73%
Yes
No
53%45%
Electronic
Paper
Other
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 14
C. Academic Sector
C1. Info-security curriculum
C1. Info-security curriculum
•Incorporation of information security courses in
IT-related curricula:1. MASTERS and DIPLOMA level
Tec de Monterrey • Universidad Iberoamericana
2. BACHELOR level
UNAM
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 15
D. Social Sector
D1. Exercise of granted rights
D1. Exercise of granted rights
• Already exercising rights• Personal data protection, Public sector (LFTAIPG) 2002
• Incipient• Personal data protection, Private sector (LFPDPPP) 2010
• Not yet• Telecommunications (Mass surveillance chapter), Private
sector (LFTR) 2014
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 16
Information Security Management, Business Continuity and Incident Response Jorge Garibay
Information Security Management
• Current Situation
• Requirements
• Future
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 17
Business Continuity
• Current Situation
• Requirements
• Future
Incident Response
• Current Situation
• Requirements
• Future
Asociación Latinoamericana de Profesionales en
Seguridad Informática A.C.
Cyber Security Webinar
February 5, 2015 www.alapsi.org 18
CYBER SECURITY WEBINAR
Guest Speakers
CYBER SECURITY
WEBINARCYBER SECURITY IN MEXICO: THE BIG PICTURE AND STATUS
5 February 2015