IMPROVING CYBERSECURITY COMPETENCY AND READINESS: … · LABORATORY ACCREDITATION Security...
Transcript of IMPROVING CYBERSECURITY COMPETENCY AND READINESS: … · LABORATORY ACCREDITATION Security...
IMPROVING CYBERSECURITYCOMPETENCY AND READINESS:
MALAYSIA EXPERIENCE
Copyright © 2015 CyberSecurity MalaysiaCopyright © 2015 CyberSecurity Malaysia
Mohd Zabri Adil Talib
Head of Digital Forensics Department
CyberSecurity [email protected] @ 0123249259
Agenda
i. CyberSecurity Malaysia background as expert organization
ii. Malaysia National Cyber Security Policy
iii.The importance of information security certification
Copyright © 2015 CyberSecurity Malaysia
certification
iv. Definition of security, cyber security, competency and readiness
v. Information security guidelines as improvisation checklist
vi. Forensic readiness to response to cyber security incident
vii.The way forward: CSM CyberDEF approach2
CyberSecurity Malaysia:Our history 30 Mar ’07
NISER officially registered as
National ICT Security and
Emergency Response Centre
1997 1998 2006 2007March
Copyright © 2015 CyberSecurity Malaysia 33
Core functions1997
MyCERT2001
NISER
2007CyberSecurity
Malaysia
1. National Cyber Security Policy Implementer ✔✔✔✔
2.National Technical Coordination Centre ✔✔✔✔
3.Cyber Threat Research & Risk Centre ✔✔✔✔
4.Security Quality Management Services Provider ✔✔✔✔ ✔✔✔✔
5. Information Security Professional Devt & Outreach ✔✔✔✔ ✔✔✔✔
6.Cyber Emergency Services Provider ✔✔✔✔ ✔✔✔✔
7.Malaysia’s Computer Emergency Response Team ✔✔✔✔ ✔✔✔✔ ✔✔✔✔
(Malaysia's national R&D centre in ICT)
MIMOS Berhad
Jaring
Communications
Sdn Bhd
(First Internet
service provider in
the country)
(Ministry of Science, Technology & Innovation)
A NATIONAL CYBER SECURITY SPECIALIST AGENCY A NATIONAL CYBER SECURITY SPECIALIST AGENCY A NATIONAL CYBER SECURITY SPECIALIST AGENCY A NATIONAL CYBER SECURITY SPECIALIST AGENCY UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (MOSTI)UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (MOSTI)UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (MOSTI)UNDER THE MINISTRY OF SCIENCE, TECHNOLOGY AND INNOVATION (MOSTI)
VisionVisionVisionVisionTo be a globally
recognized National Cyber
Security
MANDATEMANDATEMANDATEMANDATE
CyberSecurity Malaysia:Our objectives and mandates
Copyright © 2015 CyberSecurity Malaysia 4
Security Reference and
Specialist Centre by 2020
MissionMissionMissionMissionCreating and Sustaining a
Safer Cyberspace to Promote
National Sustainability,
Social Well-Being and Wealth
Creation
Cabinet Notes 2005Ministry of Finance and
Ministry of Science, Technology & Innovation
CyberSecurity Malaysia as a National Body to monitor aspects of the National e-
Security
Ministerial Function Act1969, Amendment 2013
Provides specialised ICT security services and continuously identifies
possible areas that may be detrimental to national security
National Security Council’s Directive No. 24: Policy and Mechanism of the National Cyber Crisis Management
2011
CyberSecurity Malaysia as expert agency to provide
technical training, assistance and support in the national cyber crisis management
CyberSecurity Malaysia:Core services
CYBER SECURITY EMERGENCY SERVICES
• Security Incident Handling
• Digital Forensics
CYBER SECURITY STRATEGIC ENGAGEMENT & RESEARCH
• Strategic Engagement• Research
Copyright © 2015 CyberSecurity Malaysia 5
SECURITY QUALITY MANAGEMENT SERVICES
• Security Assurance• Information Security
Certification Body• Security Management &
Best Practices
INFO SECURITY PROFESSIONAL DEVELOPMENT & OUTREACH
• Info Security Professional Development
• Outreach
Malaysia success story• The Global Cybersecurity Index and
Cyberwellness profile Report presents
the 2014 results of the GCI and the
Cyberwellness country profiles for
Member states
• It includes regional rankings, a selected
set of good practices and the way
forward for the next iteration
• Malaysia ranked at no 3, together with
Copyright © 2015 CyberSecurity Malaysia 6
* The report can be downloaded at http://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI.aspx
• Malaysia ranked at no 3, together with
Australia and Oman with index score of
0.765
CyberSecurity Malaysia:International recognition
ISO/IEC 15408 COMMON CRITERIA RECOGNITION ARRANGEME NT (CCRA)Certificate Consuming Country
2009 - 1st organization in Malaysia and ASEAN to be recognized and accepted by CCRA.Certificate Authorizing Country
2011 - Sole organization in Malaysia to become Certification Body for ISO/IEC 15408.
ISO/IEC 27001 INFORMATION SECURITY MANAGEMENT SYSTE M2008 - Organization Certified2011 - Established Information Security Management System Audit and certification Scheme
(CSM27001)
Organisation of Islamic Cooperation – Computer Emerg ency Response Team (OIC-CERT) Secretariat for 2013 – 2015During the OIC-CERT 4th Annual General Meeting (AGM) the members elected Malaysia (through CyberSecurity Malaysia) as the Organisation of Islamic Cooperation – Computer Emergency
Copyright © 2015 CyberSecurity Malaysia 7
CyberSecurity Malaysia) as the Organisation of Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) Secretariat for 2013 – 2015 term , in addition to being the Chair of the OIC-CERT .
PEOPLE / PRODUCT RECOGNITIONThe ratio of total Certification to total Employees is about 1:1 with the highest number of Honorees for Information Security International Awards in Malaysia.ASEAN Chief Security Officer 2014.CyberSecurity Malaysia's CyberSAFE portal www.cybersafe.my won the Saramad GoldenAward for "The Best Initiative in Child Online Protection“
LABORATORY ACCREDITATIONSecurity Assurance Lab obtained MS ISO/ IEC 17025:2005 accreditationASCLD/LAB Accreditation - CyberSecurity Malaysia’s Digital Forensic laboratory is the1st forensic laboratory the Asia Pacific and Malaysia that is accredited by ASCLD/LABfor ‘Digital & Multimedia Evidence’ field, based on ISO/ IEC 17025: 2005 and theASCLD/LAB International 2011’
7
Malaysia cyber security landscape:How we nurture it?
Copyright © 2015 CyberSecurity Malaysia 8
Malaysia National Cyber Security Policy
Copyright © 2015 CyberSecurity Malaysia 9
• National Cyber Security Policy has been designed to facilitateMalaysia's move towards a knowledge based economy (K-economy)
• The Policy was formulated based on a National Cyber SecurityFramework that comprises legislation and regulatory, technology,public-private cooperation, institutional, and internationalaspects
Malaysia National Cyber Security Policy
Copyright © 2015 CyberSecurity Malaysia 10
* The policy brochure can be downloaded at http://cnii.cybersecurity.org.my/main/ncsp/NCSP-
Policy2.pdf
Information security certification:MyCC, CSM27001, MTPS
Copyright © 2015 CyberSecurity Malaysia 11
*Please refer to http://www.cybersecurity.my/en/our_services/iscb/main/detail/2327/index.html
Cybersecurity Malaysia:Information Security Management System Audit and Certification (CSM27001) Scheme
Copyright © 2015 CyberSecurity Malaysia 12
• CSM27001 certification established in 2011• To support the pillar of 'National'National'National'National SecuritySecuritySecuritySecurity andandandand PublicPublicPublicPublic
Safety'Safety'Safety'Safety' under the Economic Transformation Program by wayof building resiliency in both the Critical NationalInformation Infrastructure (CNII) and the industry
• To support the pillar of 'Catalyst'Catalyst'Catalyst'Catalyst ofofofof growthgrowthgrowthgrowth forforforforIndustry'Industry'Industry'Industry' by providing MS ISO/IEC 27001 certifiedorganization a benchmark to compete effectively againstsimilar organizations on a global scale
How did we improve Malaysia cyber security competency and readiness?
Copyright © 2015 CyberSecurity Malaysia 13
Definition:
SecuritySecuritySecuritySecurity
Copyright © 2015 CyberSecurity Malaysia 14
• “ SecuritySecuritySecuritySecurity is the degree of resistance
to, or protection from, harm. It appliesto any vulnerable and valuable asset,such as a person, dwelling, community,nation, or organization.”
– https://en.wikipedia.org/wiki/Security
Definition:
Cyber security, competency and readinessCyber security, competency and readinessCyber security, competency and readinessCyber security, competency and readiness
• A competency is defined as a group of related skills and abilities that
• Security (including physical security) applied to computing
Copyright © 2015 CyberSecurity Malaysia
influence a major job function, indicate successful job performance, are measurable against standards, and are subject to improvement through training and experience.
– http://www.careeronestop.org/ COMPETENCYMODEL/userguide_competency.aspx.
15
security) applied to computing devices such as computers, smartphones as well as to both private and public computer networks including the whole Internet
– https://en.wikipedia.org/wiki/Computer_security
• The condition of being ready– http://dictionary.reference.com/browse/r
eadiness
CyberSecurity Malaysia: Information Security Guidelines for SMEsInformation Security Guidelines for SMEsInformation Security Guidelines for SMEsInformation Security Guidelines for SMEs
• This guideline serves toinculcate awareness, theunderstanding and guidancefor target audience (SMEs)in relation to informationsecurity and the way
Copyright © 2015 CyberSecurity Malaysia 16
security and the wayforward in managing it
* The guideline can be downloaded at http://www.cybersecurity.my/properties_v3/images/guidelines/03%20SMEs.pdf
Information Security Guidelines for SMEs:Practicing information security
1)1)1)1) Practicing information securityPracticing information securityPracticing information securityPracticing information security
i. Exercise due care due care due care due care and due due due due diligence diligence diligence diligence on protecting assets (information)
– Protect your computers
Copyright © 2015 CyberSecurity Malaysia 17
– Protect your computers (Desktops and laptops)
– Keep your data safe
– Use Internet safely
– Protect your network
– Protect your server
– Secure line of business application
– Manage computer from servers
ii. Invest in IT security tool suchas Firewall, IntrusionPrevention System (IPS) andIntrusion Detection System(IDS), in order to monitor any
Information Security Guidelines for SMEs:Practicing information security
Copyright © 2015 CyberSecurity Malaysia
intrusions and breachesattempts
iii.Establish incident responseteam to coordinate incidenthandling process includingrepresentatives from themanagement team
iv. Document appropriate processes(follow policy, procedure and18
2)2)2)2) Information security Information security Information security Information security governance and processesgovernance and processesgovernance and processesgovernance and processes
i. Information security is notonly about technicalmatters but it is also
Information Security Guidelines for SMEs:Information security governance and processes
Copyright © 2015 CyberSecurity Malaysia
matters but it is alsoabout encompass businessand operational aspects aswell
ii. It is crucial to enhancethe technologicalcapabilities andcommercialization tocompete in globaltechnology environment 19
3)3)3)3) Integrating People, Process and Integrating People, Process and Integrating People, Process and Integrating People, Process and TechnologyTechnologyTechnologyTechnology
– Understand the existing resources, processes and technologies
Information Security Guidelines for SMEs:Integrating People, Process and Technology
Copyright © 2015 CyberSecurity Malaysia
technologiesi. Understand the type of people in
terms of their knowledge(educational background),experiences and skills
ii. Adopt international industrystandards like CMMI level, 6 sigmaand ISO to ensure quality resultin service delivery
iii.Perform preliminary studies anddue diligence to customizespecific needs prior to technology
20
Information Security Guidelines for SMEs:Implement information security based on the identified risks
4)4)4)4) Implement information security Implement information security Implement information security Implement information security based on the identified risksbased on the identified risksbased on the identified risksbased on the identified risks
i. Protecting information mustcome from the riskperspective by implementing
Copyright © 2015 CyberSecurity Malaysia
perspective by implementinginformation security based onrisk identification
ii. Learn how to implement thephases of risk assessment
iii.Without careful and properrisk assessment, effort todeploy or mitigate risks thatare unlikely to occur iswastefully
21
Information Security Guidelines for SMEs:Appoint a dedicated team of staff
5)5)5)5) Appoint a dedicated team of Appoint a dedicated team of Appoint a dedicated team of Appoint a dedicated team of staffstaffstaffstaff
i. It is crucial to appointdedicated staff to beresponsible in related
Copyright © 2015 CyberSecurity Malaysia 22
responsible in relatedareas of informationsecurity
ii. If not, no one will takethe initiative to manageincidents and be the‘ champions’ on the
subject matter
Information Security Guidelines for SMEs:Continuous awareness on information security
6)6)6)6) Continuous awareness on information Continuous awareness on information Continuous awareness on information Continuous awareness on information securitysecuritysecuritysecurity
i. Awareness like security acculturation programmes for the staff and management can inculcate the knowledge
Copyright © 2015 CyberSecurity Malaysia 23
management can inculcate the knowledge and practice related to information security
ii. Efforts like produce awareness posters, regular awareness emails to staff and management, and briefings from invited subject matter speakers
iii.Staff should be reminded on related information security practices in order to minimize the risks of
Achieving cyber security readiness
• Cyber security readinesscan be measured / achievedthrough testing eg. cyberdrill
• Testing techniques need toemulate attacks that
Copyright © 2015 CyberSecurity Malaysia 24
emulate attacks thataddress all aspects ofcyber security
• Test tools must havesufficient capacity todetermine network behaviorunder an avalanche ofattempted breaches
• Testing methodology needsto get more sophisticated
* Watch X-Maya 5 promo video at
https://www.youtube.com/watch?v=mT1NeIeDY4g
Definition:Forensic readiness
• “ The ability of an organization to maximize its potential to use digital evidence whilst minimizing the costs of an investigation”-A Ten Step Process for Forensic Readiness, International Journal of Digital Forensics, Volume 2, Issue 3, Winter 2004
Copyright © 2015 CyberSecurity Malaysia 25
Forensic readiness:The importance of digital evidence
• Information securityprogrammes often focuson the measures of‘ prevention & detection’perspective and there isonly a little need for
Copyright © 2015 CyberSecurity Malaysia 26
only a little need fordigital evidence
• But from the businessperspective, there is arequirement for digitalevidence to be availablebefore an incidentoccurs
Information security and forensic readinesssymbiosis relation
Incident anticipationIncident anticipationIncident anticipationIncident anticipationIncident responseIncident responseIncident responseIncident response
Copyright © 2015 CyberSecurity Malaysia 27
Incident anticipationIncident anticipationIncident anticipationIncident anticipation
- Concerns itself withenabling the businessrequirement to usedigital evidence
Incident responseIncident responseIncident responseIncident response
- Concerns itself withensuring that thebusiness utility ofinformation systems ismaintained
Forensic readiness:The importance of digital evidence
• Being prepared to gatherand use evidence isbeneficial to theorganization especiallyas deterrent to the
Copyright © 2015 CyberSecurity Malaysia 28
as deterrent to theinsider threat
Source:
http://www.bangkokpost.com/news/general/601584/swi
ss-man-accused-of-najib-smear-plan
Forensic readiness:The importance of digital evidence
• Digital evidence can:– Help manage impact of some important
business risks
– Support a legal process / defence
– Verify the terms of commercial transaction
Copyright © 2015 CyberSecurity Malaysia 29
transaction
– Lend support to internal disciplinary actions
Forensic readiness:The importance of digital evidence
• Any computer data may be used in a formal processand may need to be subject to forensic practices
• The ability of an organization to exploit thisdata is the focus of forensic readiness
• To collect admissible evidence, the organization
Copyright © 2015 CyberSecurity Malaysia 30
• To collect admissible evidence, the organizationneeds to review the legality of its monitoringactivity, as the digital evidence must beobtained in a lawful manner
• Forensic readiness can extend the target ofinformation security to the wider threat fromcyber crime such as intellectual propertyprotection, fraud or extortion, violation oforganization policy and etc
The way forward:CSM CyberDEF services launched on May 2015
Copyright © 2015 CyberSecurity Malaysia 31
• A comprehensive solution for cyber threats detection, eradication and forensic by CyberSecurity Malaysia
The way forward:CSM CyberDEF services
Copyright © 2015 CyberSecurity Malaysia 32
Step 1: DETECTIONDETECTIONDETECTIONDETECTION• Identify security loopholes,
vulnerabilities, existingthreats, infections andreinfections of malware(C&Cs, botnets and APTs)
The way forward:CSM CyberDEF services
Copyright © 2015 CyberSecurity Malaysia 33
Step 2: ERADICATIONERADICATIONERADICATIONERADICATION• Close loopholes, patch
vulnerabilities, fix bugs,improve system andneutralize existing threats
• Perform cyber threatsexercise or drill to testthe feasibility andresiliency of the new
Step 3: FORENSICFORENSICFORENSICFORENSIC• Recover loss data,
repair and restore them• Analyze system
weaknesses andstrengthen them
The way forward:CSM CyberDEF services
Copyright © 2015 CyberSecurity Malaysia 34
strengthen them• Set up a resilient
defense system toprevent futureincidents / attacks
• Facilitate legal actionwith the authorities
Special invitation to csm-ace 2015
Copyright © 2015 CyberSecurity Malaysia 35
Overview CSM-ACE 2015
Cyber Security Malaysia - Awards, Conference & Exhibition (CSM-ACE) is a public-
private-partnership driven event and a knowledge sharing platform that recognizes
contribution of individuals and organizations in the field of cyber security
* To register please visit http://www.csm-ace.my
Reference
• Cybersecurity Workforce Competencies: Preparing Tomorrow’s Risk-Ready
Professionals https://www.isc2cares.org/uploadedFiles/University-of-Phoenix-ISC2-
cybersecurity-report.pdf
• A Ten Step Process for Forensic
Readinesshttp://www.digital4nzics.com/Student%20Library/A%20Ten%20Step%20
Process%20for%20Forensic%20Readiness.pdf
• Information security guidelines for Small Medium Enterprise (SMEs)
Copyright © 2015 CyberSecurity Malaysia
• Information security guidelines for Small Medium Enterprise (SMEs)
http://www.cybersecurity.my/properties_v3/images/guidelines/03%20SMEs.pdf
• X-Maya 5 Cyber Drill Promo video
https://www.youtube.com/watch?v=mT1NeIeDY4g
• The Global Cybersecurity Index and Cyberwellness profile Report
http://www.itu.int/en/ITU-D/Cybersecurity/Pages/GCI.aspx
• Malaysia National Cyber Security Policyhttp://cnii.cybersecurity.org.my/main/ncsp/NCSP-Policy2.pdf
36
Copyright © 2015 CyberSecurity MalaysiaCopyright © 2015 CyberSecurity Malaysia 37