Home

  Microsoft PowerPoint - dowdeswell-incident-management-qcert-doha-feb-08.ppt

Microsoft PowerPoint - dowdeswell-incident-management-qcert-doha-feb-08.ppt Presentation to the ITU on the Q-CERT Incident Management Team Ian M Dowdeswell Incident Manager, Q-CERT 2 Q-CERT Mission The Mission of Q-CERT is to be a world-class center of excellence providing expert assistance and support to improve information security in Qatar and the region. 3 Q-CERT will: • provide accurate and timely information about current and emerging cyber threats and vulnerabilities • respond to significant threats and vulnerabilities in critical infrastructures by conducting and coordinating activities needed to resolve the threats • serve as a central, trusted partner in security incident reporting and analysis • promote and facilitate the adoption of standards, processes, methods, and tools that are most effective at mitigating the evolving risks • provide unbiased information and training to build the management and technical skills needed for organizations to effectively manage their cyber risk 4 Q-CERT Range of Activities Proactive Reactive Outreach, Awareness, & Training • Tailored workshops based on needs analysis • Public workshops based on recognized needs • Outreach to region 5 Q-CERT Range of Activities Proactive Reactive Outreach, Awareness, & Training • Tailored workshops based on needs analysis • Public workshops based on recognized needs • Outreach to region Critical Infrastructure Protection • Assist key national resources in addressing information security vulnerabilities and threats • Assist in creating an Information Security management framework • Develop and provide approaches for risk assessments and risk mitigation 6 Q-CERT Range of Activities Proactive Reactive Outreach, Awareness, & Training • Tailored workshops based on needs analysis • Public workshops based on recognized needs • Outreach to region Critical Infrastructure Protection • Assist key national resources in addressing information security vulnerabilities and threats • Assist in creating an Information Security management framework • Develop and provide approaches for risk assessments and risk mitigation Incident Management • Establish a national and regional center for threat, vulnerability, and security event data. • Establish and operate mechanisms for responding to cyber threats and vulnerabilities • Assist law enforcement and other responders organizations. 7 Q-CERT Potential Range of Activities 8 Q-CERT Constituency - National QQ--CERTCERT GeneralGeneral PublicPublic IndustryIndustry GovernmentGovernment Qatar Constituents 9 Q-CERT Constituency - Regional QQ--CERTCERT GeneralGeneral PublicPublic IndustryIndustry GovernmentGovernment Regional Security Teams KuwaitKuwait BahrainBahrain KSAKSA OmanOman UAEUAE Qatar Constituents 10 Q-CERT Constituency - Global QQ--CERTCERT GeneralGeneral PublicPublic IndustryIndustry GovernmentGovernment Regional Security Teams GlobalGlobal LawLaw EnforcementEnforcement Global Security Teams KuwaitKuwait BahrainBahrain KSAKSA OmanOman UAEUAE Qatar Constituents 11 Incident Management Mission The mission of Q-CERT Incident Management is to enable our constituents to reduce the risk to their information (processed on computers and networks), through timely and effective provision of advice about threats and vulnerabilities and in response to incidents (where a compromise of information has occurred). 12 Components of Risk RISK Asset Threat Vulnerability 13 Incident Management Activities WATCH AND WARNING (WAW) Mission.The mission of WAW is proactive to reduce the risk of compromise of constituent information by timely, accurate and relevant advance, guidance or best practice information to the constituent about vulnerabilities and threats to their information and networks. 14 WATCH AND WARNING (WAW) ACTIVITIES Vulnerabilities Role – identifies critical vulnerabilities relevant to Qatar and Region and disseminates to CSOs (primary) and citizens (secondary) Generates vulnerability reports from all available existing vulnerability information. (...) SMS/website to mailing lists for focused output to constituents 15 WATCH AND WARNING (WAW) ACTIVITIES Threats Role – identifies ‘serious’ generic and specific threats to Qatar CSO and Region and informs selected recipients. Looks at open-source threat information Scours websites / hacker-sites / chatrooms Links to SSB Arabic capability Generates threat reports to tailored community.

Score: 862786.9 - https://www.itu.int/ITU-D/cyb/...nagement-qcert-doha-feb-08.pdf

  Slide 1

Imad Hoballah Acting Chairman and CEO Head of Telecommunications Technologies Unit Telecommunications Regulatory Authority (TRA), Lebanon imad.hoballah@tra.gov.lb GSR12, Colombo, 2-4 October, 2012 mailto:imad.hoballah@tra.gov.lb Agenda • Introducing the subject • Introducing the panelists • Introducing the presenter • Online Threats from User’s Prospective: Data Protection and Privacy Issues • A couple of questions from the audience • Few questions form the panel • Back to the audience 2 10/4/2012 TRA proprietary / TRA – IYH – Cloud Computing 3 TRA proprietary / TRA – IYH – Cloud Computing 10/4/2012 Cloud Computing Wheels of Development Normal Governance with no Risks or Threats Technology Investments Risks and Threats Socio-economic Benefits Infrastructure Governance Infrastructure 4 TRA proprietary / TRA – IYH – Cloud Computing 10/4/2012 Cloud Computing Wheels of Development Normal Governance without Risks or Threats • Training acceleration using cloud • Focus on e-Education’s benefits • Promote economic growth by involving SMEs • Efficient tool to achieve Country’s objectives (Remote health, microfinance, reduce poverty, etc.) • Economic growth and social benefits, job creation and increase in GDP • Freedom of speech and expression Investments Risks and Threats Socio- economic Benefits Infrastructure Governance Infrastructure Technology 5 TRA proprietary / TRA – IYH – Cloud Computing 10/4/2012 Cloud Computing Wheels of Development Normal Governance without Risks or Threats Governance • Local investors • Regional investors • International investors • Cloud models secure a quick ROI • Investment environment (laws, lower taxes, ease of doing business) • Investment needed for fixed BB Investm ents Risks and Threats Socio- economic Benefits Infrastru cture Governance Infrastru cture Techn ology 10/4/2012 Cloud Computing Wheels of Development Normal Governance with Risks and Threats Technology Risks and Threats Infrastructure Governance Investments Socio-economic Benefits 10/4/2012 Cloud Computing Wheels of Development Normal Governance with Risks and Threats • Data location and control? (...) Investments Risks and Threats Socio- economic Benefits Infrastructure Governance Infrastructure Technology 10/4/2012 Cloud Computing Wheels of Development Heavy handed Governance with Risks and Threats Risks and Threats Heavy handed Slowing down economic growth due to: • Threats to establishment of new businesses • Threats to investments • Threats to cooperation • Potential oppression and repression Governance Governance 10/4/2012 Wheels of Cloud Computing – Normal Governance with Risks and Threats • “Do no harm”, close to “hands off”? (...) • Encourage Small to Medium Businesses • Look for Safe and Secure Cloud/Communication Investments Risks and Threats Socio- economic Benefits Infrastructure Governance Infrastructure Technology 1 0 Overview of the Session and its Theme (1/3) 10/4/2012 • Traditional online threats are increasing • Users are unable to exercise any meaningful control over personal information online • CC represents one of the most significant shifts in IT • Users are both excited & nervous at the prospects of CC • Excited about  The opportunities to reduce capital costs  A chance to divest of infrastructure management  Focus on core competencies  The agility offered by the on-demand provisioning of computing and the ability to align information technology with business strategies and needs more readily TRA proprietary 1 1 Overview of the Session and its Theme (2/3) 10/4/2012 User Concerns: • The risks of CC not properly secured • The loss of direct control over systems for which they are nonetheless accountable The online threats posed by CC services • Start with the “Loss of Governance” on user's data which could result in reduced freedom when it comes to replacing a cloud provider • The lack of physical control over data storage, reliability of data backup, and countermeasures for Disaster Recovery Commercial and operationally, the clouds introduces: • A cost efficient security solution with some critical features such as Resource Concentration with ability to rapid scaling • Easy security service administration • Effective and Efficient Check, Update, Audit and Sample-gathering TRA proprietary 1 2 Overview of the Session and its Theme (3/3) 10/4/2012 • There must be a balance between free flow of information and security concerns • The society cannot move ahead with technology advances that rely upon individual or personal data without addressing user privacy • Regulators have a critical role to ensure such balance by promoting policies that raise confidence and trust in cloud services • Avoiding restrictive regulations that create barriers to market entry • Ensuring data privacy and security • Handling dispute resolution at national and international levels TRA proprietary

Score: 861919.1 - https://www.itu.int/ITU-D/treg...on_6_Hoballah_OnlineSafety.pdf

  THE SECRETARY-GENERA

And we all bear a heavy responsibility to build an efficient, effective, and equitable system that reduces nuclear threats. Thirty five years ago, our forebears found the wisdom to agree to the Nuclear Non-Proliferation Treaty to prevent proliferation and advance disarmament while assuring the right to peaceful uses of nuclear energy. (...) Third, you must act to reduce the threat of proliferation not only to States, but to non-state actors. (...) At the same time, the promise of success is plain for all to see: a world of reduced nuclear threat, and, ultimately, a world free of nuclear weapons.

Score: 845588.1 - https://www.un.org/en/conf/npt/2005/statements/npt02sg.pdf

  Strengthened early warning systems are urgently needed to reduce the risk of global health crises :

21/01/2022 Strengthened early warning systems are urgently needed to reduce the risk of global health crises 21/01/2022 Strengthened early warning systems are urgently needed to reduce the risk of global health crises Tags : ONE HEALTH , EMERGING AND PANDEMIC THREATS , EARLY WARNING , VULNERABLE COMMUNITIES , FOOD SECURITY , LIVELIHOODS 21/01/2022 World experts met to identify essential components of a One Health Intelligence System for early warning and risk assessment. (...) This rapid alert system will allow the capture of real-time data and better protect global health security against emerging threats.   A One Health approach Zoonotic pathogens can emerge at any time, threatening all societies' health and well-being, including economies. (...) A One Health approach can improve early detection and rapid response to potential threats at the human-animal-environment interface while protecting biodiversity.

Score: 840678 - https://www.fao.org/emergencie...s/stories-detail/en/c/1469770/

  1 Alexander Botting

Why is this a trade issue? 4 1. Threats to cybersecurity undermine confidence in digital trade. • Trust is foundational to consumer use of digital ecosystems. • Failure to protect consumers and maintain network availability reduces consumer trust. • Policies that prevent companies from taking an integrated, risk-based approach undermine the ability of companies to implement cyber best practices globally. • Prescriptive policies can (and typically do) prevent companies from taking a risk-based approach Why is this a trade issue? (...) Consistent use of standards reduces complexity and eliminates compliance costs for SMEs. • The incorporation of cyber principles into a trade agreement helps to highlight best practices to non-governmental stakeholders. • Avoiding the need to comply with multiple divergent regimes reduces operational complexity for smaller companies, which can be critically important when addressing cyber threats.’ • Conform once, comply many' eliminates significant compliance costs for businesses. • While all companies benefit, this is particularly true for SMEs, which can seldom afford to bear the costs of compliance with multiple regulatory regimes. (...) Alignment with international best practices improves security outcomes, reducing the impact of security incidents on SMEs. • Purchasers can set expectations among their suppliers regarding the international standards and best practices that are most effective. • Requiring alignment with certain best practices drives investment in those areas, such as staff training or penetration testing. • Once in the supply chain, vendors are more likely to be privy to threat intelligence and ongoing support from more sophisticated actors.

Score: 840497.9 - https://www.wto.org/english/tratop_e/msmes_e/cr2_sept21.pdf

  New tool helps withstand hybrid and cascading risk scenarios | UNDRR

Hybrid risks can occur in combination with many man-made threats, including chemical, biological, radiological and nuclear, interacting in an environment of extreme weather and climate events.     The stress test tool being developed by UNDRR in collaboration with Finland and Hybrid CoE would aim to measure the current capability of disaster risk reduction systems to reduce complex risk scenarios and recommend improvements and risk reduction approaches that could counteract these interacting threats. (...) According to the European Council conclusions of 20 June, increasing focus on hybrid threats need to “ensure a coordinated response to hybrid and cyber threats and strengthen its cooperation with relevant international actors”. 

Score: 837480.4 - https://www.undrr.org/news/new...d-and-cascading-risk-scenarios

  Microsoft PowerPoint - Presentation2

IMPROVE PASSENGER EXPERIENCE Reduce waiting time; less intrusive methods. INCREASE OPERATIONAL EFFICIENCY Increase flow: optimise asset and space utilisation; reduce cost per passenger. Smart Security objectives at Heathrow Search Efforts out of alignment with the seriousness of the threat Expolsives Metallics Others Threat Search Effort Aim to align screening attention on the most serious threats Expolsives Metallics Others Threat Search Effort Risk of focusing on the wrong passengers Passenger Passenger Passenger with coins Passenger Passenger Passenger Random Selectee Suspect Passenger Try to reduce the odds, focus on the right passengers and cut the hassle factor for most passengers Passenger Passenger Passenger with coins Passenger Passenger Passenger Random Selectee Suspect Passenger Looking at all angles to make security smarter  Risk-Based approaches to focus security: Trials of behavioural detection; background checking; journey based screening.  Process – match the Technology with systems to help passenger flow and staff efficiency: Next gen Tray Return; Parallel Loading; advanced compliance information; staff performance monitoring  Technology – install advanced equipment with best detection capability – dual-view Xray, AIT, liquids screening, ETD Focus Process Technology Focused Security Trials 1.

Score: 835821.3 - https://www.icao.int/Meetings/...entations/Francis%20Morgan.pdf

  Strengthened early warning systems are urgently needed to reduce the risk of global health crises | 

Strengthened early warning systems are urgently needed to reduce the risk of global health crises | FAO | Food and Agriculture Organization of the United Nations; FAO.org 中文 english français Español 抵御能力 背景 工作领域 区域方法 Global Network 新闻与活动 多媒体 资源 News From the field Highlights Strengthened early warning systems are urgently needed to reduce the risk of global health crises Tags : ONE HEALTH , EMERGING AND PANDEMIC THREATS , EARLY WARNING , VULNERABLE COMMUNITIES , FOOD SECURITY , LIVELIHOODS 21/01/2022 World experts met to identify essential components of a One Health Intelligence System for early warning and risk assessment. (...) This rapid alert system will allow the capture of real-time data and better protect global health security against emerging threats.   A One Health approach Zoonotic pathogens can emerge at any time, threatening all societies' health and well-being, including economies. (...) A One Health approach can improve early detection and rapid response to potential threats at the human-animal-environment interface while protecting biodiversity.

Score: 834483.6 - https://www.fao.org/resilience...ws-events/detail/zh/c/1469770/

  Strengthened early warning systems are urgently needed to reduce the risk of global health crises | 

Strengthened early warning systems are urgently needed to reduce the risk of global health crises | FAO | Food and Agriculture Organization of the United Nations; FAO.org العربية english français Español القدرة على الصمود الخلفية مجالات العمل النهج الإقليمي Global Network أخبار وفعاليات الوسائط المتعددة الموارد News From the field Highlights Strengthened early warning systems are urgently needed to reduce the risk of global health crises Tags : ONE HEALTH , EMERGING AND PANDEMIC THREATS , EARLY WARNING , VULNERABLE COMMUNITIES , FOOD SECURITY , LIVELIHOODS 21/01/2022 World experts met to identify essential components of a One Health Intelligence System for early warning and risk assessment. (...) This rapid alert system will allow the capture of real-time data and better protect global health security against emerging threats.   A One Health approach Zoonotic pathogens can emerge at any time, threatening all societies' health and well-being, including economies. (...) A One Health approach can improve early detection and rapid response to potential threats at the human-animal-environment interface while protecting biodiversity.

Score: 834483.6 - https://www.fao.org/resilience...ws-events/detail/ar/c/1469770/

  Strengthened early warning systems are urgently needed to reduce the risk of global health crises | 

Strengthened early warning systems are urgently needed to reduce the risk of global health crises | FAO | Food and Agriculture Organization of the United Nations; FAO.org english français Русский Español Устойчивость к внешним воздействиям Обзор Направления работы Региональный подход Global Network Новости и мероприятия Мультимедиа Ресурсы News From the field Highlights Strengthened early warning systems are urgently needed to reduce the risk of global health crises Tags : ONE HEALTH , EMERGING AND PANDEMIC THREATS , EARLY WARNING , VULNERABLE COMMUNITIES , FOOD SECURITY , LIVELIHOODS 21/01/2022 World experts met to identify essential components of a One Health Intelligence System for early warning and risk assessment. (...) This rapid alert system will allow the capture of real-time data and better protect global health security against emerging threats.   A One Health approach Zoonotic pathogens can emerge at any time, threatening all societies' health and well-being, including economies. (...) A One Health approach can improve early detection and rapid response to potential threats at the human-animal-environment interface while protecting biodiversity.

Score: 834483.6 - https://www.fao.org/resilience...ws-events/detail/ru/c/1469770/