Cyber security standards
-
Upload
vaughan-olufemi-acib-aicen-anim -
Category
Technology
-
view
155 -
download
0
Transcript of Cyber security standards
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Cyber Security Standards
Olufemi Vaughan CISA, ITIL
Instructor, ICSDL
July, 2015
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Table of Content:
Cyber Security Standards: Purpose and Challenges International Organization for Standardization (ISO) ISO Standards Regulations (PCIDSS, COBIT, ITIL) Other Standards (SOX, HIPAA, FISMA and COSO) Africa Union (AU) Cyber Security Standards Cyber Crime
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
What is Cyber Security Standards?:
Cyber security standards are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks.
PURPOSE Improving the efficiency and effectiveness of key processes; Facilitating systems integration and interoperability; Enabling different products or methods to be compared meaningfully; Providing a means for users to assess new products or services; Structuring the approach to deploying new technologies or business
models; Simplification of complex environments; and promoting economic growth.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Too many SDO Limited area of standardization Lack of agility by the implementing organization Competing set of standards Economic consideration
Challenges of Standardization
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
The International Organization for Standardization (ISO), established in 1947, is a non-governmental international body that collaborates with the International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU) on information and communications technology (ICT) standards5
ISO Standards
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
ISO Security Standards
1. ISO/IEC 27002:2005 (Code of Practice for Information Security Management)
2. ISO/IEC 27001:2005 (Information Security Management System - Requirements)
3. ISO/IEC 15408 (Evaluation Criteria for IT Security)
4. ISO/IEC 13335 (IT Security Management)
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Other Standards:
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) COBIT ITIL (OR ISO/IEC 20000 SERIES)
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Various industry standards, bodies and guidelines, certain regulated businesses, such as banking, may need to observe the regulations and guidelines specified by their own industry or professional regulatory bodies
REGULATIONS RELATED TO INFORMATION SECURITY
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
OTHERS
Sarbanes-Oxley Act of 2002 Committee of Sponsoring Organizations of
the Tread way Commission (COSO) Health Insurance Portability and
Accountability Act (HIPAA) of 1996 Federal Information Security Management
Act (FISMA)
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
AU Standards
The African Union has created a new convention aimed at tackling cybercrime, but it has not been ratified by a single African country and only six countries on the entire African continent have any laws governing cybercrime (Cameroon, Kenya, Mauritius, South Africa and Zambia and lately, Nigeria). Only a handful of African countries have taken the step of criminalizing cybercrime. That’s really what the policy brief looks at - the gap between such a pressing problem on the continent and the fact that so few countries have actually adjusted through legislation and laws.
Unfortunately, it’s not really on the radar screen for many of the countries and for good reason: there are certainly pressing problems across the continent. But cybercrime is a problem that is going to creep up on folks here. Unless African nations start to address this it’s really going to damage the economic potential of the continent and the national security of the continent.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Cyber Crime
What is Cyber Crime?
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Cyber Crime
The former descriptions were "computer crime", "computer-related crime" or "crime by computer". With the pervasion of digital technology, some new terms like "high-technology" or "information-age" crime were added to the definition. Also, Internet brought other new terms, like "cybercrime" and "net" crime.
Other forms include "digital", "electronic", "virtual" , "IT", "high-tech" and technology-enabled" crime .
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Cyber Crime Includes
Illegal access Illegal Interception System Interference Data Interference Misuse of devices Fraud
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Why should we care?
It is a criminal activity committed on the internet.
Cyber crime-Where computer is either a tool or target or both.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
How can we protect?
Read Privacy policy carefully when you submit the data through internet.
Encryption: lots of website uses SSL (secure socket layer)to encrypt a data.
Disable remote connectivity
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Advantage of Cyber Security
It will defend from hacks and virus.
The application of cyber security used in our PC needs update every week.
The security developers will update their database every week once. Hence the new virus also deleted.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Conclusion
The only system which is truly secure is one which is switched off and unplugged.
So , only way to be safe is Pay attention and Act smart.
Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM
Questions?
For more information, please visit www.deafrica.org