![Page 1: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/1.jpg)
ITU-ATU CyberSecurity workshop in
African Countries
Khartoum, Sudan
CyberSecurity:
A practical overview Zain-SD Experience
24-25 July 2016
![Page 2: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/2.jpg)
- People (training and awareness, management ,,,)
-Technology (Firewall, encryption, IPS, IDS DLP, Endpoint,
- Environmental (other security issues)
- Monitoring
- Revision and update
InfoSec Journey – Road map
13/07/2016Zain Limited2
![Page 3: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/3.jpg)
Effective InfoSec Standards
3
Ron Rivest, Adi
Shamir, Len Adleman
S&P (Oakland)
IEEE Symposium on Security and Privacy
CCSACM Conference on Computer a
nd Communications Security
Crypto International Cryptology Conference
EurocryptEuropean Cryptology Conference
Security Usenix Security Symposium
![Page 4: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/4.jpg)
Zain Sudan is ISO Certified for Quality
and Security since 2008
13/07/2016Zain Limited4
![Page 5: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/5.jpg)
How to start and effective successful InfoSec program
- Selling InfoSec Plan to the Board – Huge work to do and then we should follow these points
InfoSec Story
13/07/2016Zain Limited5
- People (training and awareness, management ,,,)
-Technology (Firewall, encryption, IPS, IDS DLP, Endpoint,
- Environmental (other security issues)
- Monitoring
- Revision and update
![Page 6: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/6.jpg)
People (training and awareness, ,,,)
Top IS Expert , author of Corporate Espionage
And Spies Among us and more other books
What is his advice ………
Let us see what the BIG-Brothers
saying
Ira Winkler Stole a billion Dollars’ worth of
information from a leading corporation ?
![Page 7: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/7.jpg)
Starting ….
LACK of
AWARENES
![Page 8: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/8.jpg)
Build up InfoSec Awareness Program
13/07/2016Zain Limited8
![Page 9: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/9.jpg)
InfoSec Week for all the Staff.
Continue the InfoSec Awarenss
13/07/2016Zain Limited9
![Page 10: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/10.jpg)
Baseline Security
If you are ISO certified you will Know
exactly what is Baseline Security
This is a must
Security Strategies, Policies
and Compliance Antivirus-
Firewall, Threat Management
Technology (Firewall, encryption, IPS, IDS
13/07/2016Zain Limited10
![Page 11: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/11.jpg)
Putting all these InfoSec Tech is not
enough!!
Adding more security system??
Get the best of the best.???
That will not make it better……
We must consider the whole
journey
What is enough…..
13/07/2016Zain Limited11
![Page 12: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/12.jpg)
The weakest Link:
Social Engineering (David Mitnick)
Management and followup
Budget and ROI issue
Human Factor
13/07/2016Zain Limited12
![Page 13: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/13.jpg)
-Healthy Check and Audit
- iSOC for NW and Databases Activities
Monitoring and action
13/07/2016Zain Limited13
![Page 14: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/14.jpg)
We are trying to keep everything
up-to-date
Review our security and enhance what
is need
We shifted from InfoSec to Risk Based
InfoSec.
Keep it up and keep it updated
13/07/2016Zain Limited14
![Page 15: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/15.jpg)
• Buy a computer that is by default
secured,,,
• UTM that has no back doors
• An operating system that with
everything needed to operate securely
• an application that is not stealing my
information
Thoughts ….. Vendor and regulations
13/07/2016Zain Limited15
![Page 16: A practical overview Zain-SD Experience - TT · A practical overview Zain-SD Experience 24-25 July 2016 ... Technology (Firewall, encryption, IPS, IDS 10 Zain Limited 13/07/2016](https://reader036.vdocuments.us/reader036/viewer/2022070615/5c86bc3309d3f29b298cd22b/html5/thumbnails/16.jpg)
Thank you