Digital & Security Transformation · Cyber security Basics. Data Security Basics Protect:...
Transcript of Digital & Security Transformation · Cyber security Basics. Data Security Basics Protect:...
Information SecurityDigital & Security Transformation
8/19/20191
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
Introduction
Presenter Elly Kabaji,
MTN Business Kenya Ltd
Area Manager, Coastal Region.
Mombasa Office-Tea House 1st Floor
Nyerere Avenue.
Our Journey To study Information Security
in the pension industry.
There are No Strict Cyber Security Laws.
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
Are you secure?
Data Security is Vital Cyber security Basics.
Data Security Basics Protect: Confidentiality, Integrity and Availability of information
Pension Schemes have a duty to protect their client’s information
The Key to compliance is taking "reasonable" measures to secure data and manage risks.
It is important to seek help from security experts.
Expectations:
Cyber security Basics.
Risks of in-adequate cyber security.
What to ask from Service Providers.
Best Practices.
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
What do you Secure?
• Date of birth.
• Beneficiaries.
• Previous employer records.
• Interest rates
• Scheme Tenure.
• Data Transfers
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
Information & Data
• Raw & unorganized facts
• Simple and seemingly random
• Useless until it is organized.
• Transmission & Storage
• Processed & organized data,
• Structured in presentation,
• Context that make it useful.
• Transmission & Storage
• Organizing & Assigning meaning.
• Improves the reliability
• Ensuring understandability
• Reduces uncertainty.
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
How safe are your members’ records?
Reputation and Trust + Business Competitiveness.
Data Security ≠ Applications Security!
Does App Breach cause data breach?
Data maybe handled independently of App as well
Cloud Computing Broadens the Data Security puzzle.
Appreciation and use of applied Crypto
Security assurances from your CSP
Is Your CSP relying on other CSPs?
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
Data Security Goals
Confidentiality
Authentication
Non-Repudiation
Access controls / Firewalls.
Integrity
Backups
Checksums
Data correction codes
Availability
SLA’s
Retrieval
DR & networks.
Encryption / Decryption• Encryption: Clear-text message to Cipher text
• Decryption: Cipher text back to Clear-text
8
[Digital Transformation]
DXis the integration of digital technology into all
areas of a business, resulting in fundamental
changes to how businesses operate and how
they deliver value to customers.
9
[Security Transformation]
SXis the integration of security into all
areas of digital technology, resulting in
a Security Architecture that provides aContinuous Trust Assessment.
10
VirusMalware
1980’s
NetworkWorm
2000
SpamPhishing
2000 2004 2018
The Cyber Threat Landscape is Continually Evolving…
Antivirus IDS/IPSSecureEmail
Gateway
RansomwareWebThreats
DDoS
Attacks
Response
Reputation
Botnet
2001
Sandbox
2008 2015
SecureWeb
Gateway
2016 2019
AdvancedThreats
Anti-
DDoS
ATP
Insider M2M
ArtificialIntelligence
UEBA
2017
IoT
NAC
Deception
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
More than1 hour for
85%
Minutes Hours Days
Weeks Months Years
15%50%
27%
5%
2%2%
Minutes Hours Days
Weeks Months Years
Dealing with today’s issues…
Areas of Greatest
Concern for Security*
• Time toDetect Breach*
Cloud
Vulnerabilityin IT systems
Inside Threats
BYOD
IoT
1
2
3
45
* Source: Fortinet-sponsored Lightspeed GMI survey
51%OF ENTERPRISES
BREACHEDIN THE LAST 12 MONTHS*
3bnNEW DEVICES PER YEAR
THROUGH 2020
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
End-to-End Cyber Security Solution
NetworkSecurity
Multi-CloudSecurity
EndpointSecurity
EmailSecurity
Web ApplicationSecurity
SecureUnified Access
AdvancedThreat Protection
Management& Analytics
Enterprise
Firewall
Cloud Firewall
Network Security
EPPWeb Application
Firewall
Secure Email
Gateway
Sandbox
Advanced Threat
Protection
Central Logging
/Reporting
Central Security
Management
Security
Information &
Event
Management
Virtual Firewall
Network Security
Wireless
Infrastructure
Switching
Infrastructure
Endpoint
IoTMulti
Cloud Applications
Web Unified
AccessEmail ThreatProtection
Advanced Management
Analytics
IPS
SWG
SD-WAN
VPN
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
Summary..
Ask from Service Providers.
Connectivity. Clean Internet Pipe.
DIDOs Protection.
Firewalls
Enterprise Applications. Application firewalls.
Database security.
Security patching.
Open source security.
Secure SaaS
Cloud Computing. Perimeter Firewall.
Intrusion Detection Systems with Event Logging.
Internal Firewalls for Individual Applications & DBs
Data-at-Rest Encryption.
Strong Physical Security.
Databases. Access control.
Auditing.
Authentication.
Encryption.
Integrity controls.
Backups.
Application security.
www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke
Thank You