Cyber security standards

Distance Education for Africa / Enseignement á Distance Pour L’Afrique WWW.DEAFRICA.COM

Cyber Security Standards

Olufemi Vaughan CISA, ITIL

Instructor, ICSDL

July, 2015


Table of Content:

Cyber Security Standards: Purpose and Challenges International Organization for Standardization (ISO) ISO Standards Regulations (PCIDSS, COBIT, ITIL) Other Standards (SOX, HIPAA, FISMA and COSO) Africa Union (AU) Cyber Security Standards Cyber Crime


What is Cyber Security Standards?:

Cyber security standards are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks.

PURPOSE Improving the efficiency and effectiveness of key processes; Facilitating systems integration and interoperability; Enabling different products or methods to be compared meaningfully; Providing a means for users to assess new products or services; Structuring the approach to deploying new technologies or business

models; Simplification of complex environments; and promoting economic growth.


Too many SDO Limited area of standardization Lack of agility by the implementing organization Competing set of standards Economic consideration

Challenges of Standardization


The International Organization for Standardization (ISO), established in 1947, is a non-governmental international body that collaborates with the International Electro-technical Commission (IEC) and the International Telecommunication Union (ITU) on information and communications technology (ICT) standards5

ISO Standards


ISO Security Standards

1. ISO/IEC 27002:2005 (Code of Practice for Information Security Management)

2. ISO/IEC 27001:2005 (Information Security Management System - Requirements)

3. ISO/IEC 15408 (Evaluation Criteria for IT Security)

4. ISO/IEC 13335 (IT Security Management)


Other Standards:

PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS) COBIT ITIL (OR ISO/IEC 20000 SERIES)


Various industry standards, bodies and guidelines, certain regulated businesses, such as banking, may need to observe the regulations and guidelines specified by their own industry or professional regulatory bodies

REGULATIONS RELATED TO INFORMATION SECURITY


OTHERS

Sarbanes-Oxley Act of 2002 Committee of Sponsoring Organizations of

the Tread way Commission (COSO) Health Insurance Portability and

Accountability Act (HIPAA) of 1996 Federal Information Security Management

Act (FISMA)


AU Standards

The African Union has created a new convention aimed at tackling cybercrime, but it has not been ratified by a single African country and only six countries on the entire African continent have any laws governing cybercrime (Cameroon, Kenya, Mauritius, South Africa and Zambia and lately, Nigeria). Only a handful of African countries have taken the step of criminalizing cybercrime. That’s really what the policy brief looks at - the gap between such a pressing problem on the continent and the fact that so few countries have actually adjusted through legislation and laws.

Unfortunately, it’s not really on the radar screen for many of the countries and for good reason: there are certainly pressing problems across the continent. But cybercrime is a problem that is going to creep up on folks here. Unless African nations start to address this it’s really going to damage the economic potential of the continent and the national security of the continent.

http://www.issafrica.org/publications/policy-brief/the-aus-cybercrime-response-a-positive-start-but-substantial-challenges-ahead


Cyber Crime

What is Cyber Crime?


Cyber Crime

The former descriptions were "computer crime", "computer-related crime" or "crime by computer". With the pervasion of digital technology, some new terms like "high-technology" or "information-age" crime were added to the definition. Also, Internet brought other new terms, like "cybercrime" and "net" crime.

Other forms include "digital", "electronic", "virtual" , "IT", "high-tech" and technology-enabled" crime .


Cyber Crime Includes

Illegal access Illegal Interception System Interference Data Interference Misuse of devices Fraud


Why should we care?

It is a criminal activity committed on the internet.

Cyber crime-Where computer is either a tool or target or both.


How can we protect?

Read Privacy policy carefully when you submit the data through internet.

Encryption: lots of website uses SSL (secure socket layer)to encrypt a data.

Disable remote connectivity


Advantage of Cyber Security

It will defend from hacks and virus.

The application of cyber security used in our PC needs update every week.

The security developers will update their database every week once. Hence the new virus also deleted.


Conclusion

The only system which is truly secure is one which is switched off and unplugged.

So , only way to be safe is Pay attention and Act smart.


Questions?

For more information, please visit www.deafrica.org

or [email protected]

http://www.deafrica.org/

mailto:[email protected]

Cyber security standards

Technology

Transcript of Cyber security standards