Getting ready for the security implications of Somalia's internet by Eng. Mohamed Haji

Transcript

1. Mohamed Haji Getting Ready for the Security Implications of the

   Anticipated Growth of Somalia’s Internet Industry

2. Introduction • Somalia’s telecom companies had managed to keep going

   despite the lack of guidance from a central government or sector regulatory. • As well as, Internet Service Providers (ISPs) have been able to provide much improved services. • For the last five years, there were very high development of Internet growth in Somalia.

3. Key developments of Internet in Somalia • Dalkom providing connectivity

   via the EASSy cable. • SOMNET launched 4G LTE service. • Somtel launched 4G LTE with cooperation with Alcatel-Lucent • Contracts signed to build the DARE and G2A submarine cable systems. • Rapid development of Mobile Money • Federal Government approved National Communications Bill. Source: “https://www.budde.com.au/Research/Somalia- Telecoms-Mobile-and-Broadband-Statistics-and-Analyses”
4. None

5. Why Security ? • The Internet was initially designed for

   connectivity. – Trust is assumed, no security • The Internet has become fundamental to our daily activities (business, work, and personal) NO ONE IS SAFE !!!

6. Security Goals  Controlling Data Access  Controlling Network Access

    Protecting Information in Transit  Ensuring Network Availability  Preventing Intrusions  Responding To Incidences Goals must be communicated to all users, staff, managers, through a set of security rules called “security policy”

7. Business Needs Security First • Security performs four important functions

   for an organization:  Protecting the organization’s ability to function  Enabling the safe operation of applications running on the organization’s IT systems  Protecting the data the organization collects and uses  Safeguarding the organization’s technology assets

8. A successful organization should have multiple layers of security Organization

   Physical security Personal security Operation security Communication security Network security Information / Cyber security

9. Most Common Internet Threats • Malicious Code / software (

   Malware) • Hacking • Credit Card Theft (Master / Visa Card ) • Spoofing (Fake emails) • Sniffing ( monitoring programs) • Denial of Service Attack (DOS) & (DDOS) • Insider Threats

10. WannaCry Ransonware Attack, May 2017

11. Technology Solutions

12. Cyber Security The Meaning of Cyber is a combining form

    relating to information technology, the Internet, and virtual reality. The term Cyber Security is used to refer to the security offered through online services to protect your online information.

13. Identify Protect Detect Respond Recover Asset Management Business Environment Governance

    Risk Assessment Access Control Awareness & Training Data Security Maintenance Security Continuous Monitoring Detection Processes Response Planning Communication Analysis Mitigations Recovery Planning Improvements Communications Cyber Security Framework

14. Cyber Security Event Management Process Detection & Assessment Mitigation &

    Recovery Post-Event Activity CYBEY SECURITY Reporting & Communication

15. CYBER CRIME Cyber Crime Crime against person Email Spoofing Crime

    against Individual property Computer Vandalism, Malware, Virus Crime against Government Cyber Terrorism

16. Risk Control Strategies 1. DEFEND 2. TRANSFER 3. MITIGATE 4.

    ACCEPT 5. TERMINATE

17. Computer Emergency Response Team (CERT) • The name "Computer Emergency

    Response Team” was found in 1988. • A CERT is an expert group that handles computer security / Cyber Security incidents. • Alternative names: • Computer Emergency Readiness Team • Computer Security Incident Response Team (CSIRT)

18. CERTs in the World & Islamic Countries

19. TYPES OF CERT There could be some of the following

    CERTs: Government CERT Military CERT Police CERT Finance CERT Health CERT Academic CERT ISP CERT Bank CERT Industry CERT

20. CERT ORGANIZATIONAL MODEL

21. Network Security • Firewalls (including next generation firewalls) • IDS/IPS

    (network-based) • Web application firewalls (WAFs) • Cloud access security brokers (CASB) • Malware detection • Secure email gateways • IDS/IPS (host-based)

22. If you think technology can solve your security problems, then

    you don’t understand the problems and you don’t understand the technology.
23. None
24. None