Cybersecurity Technologies, Standards and Operations

Cybersecurity Technologies,
Standards and Operations
Dr David E. Probert
ITU Centres of Excellence Network for the Caribbean Region
Cybersecurity Technologies, Standards & Operations
16-17 September, Kingston, Jamaica
1
Dr David E. Probert

ITU: High-Level Expert Group –
Global Cybersecurity Agenda
2

The ITU GCA - GlobalThe ITU GCA - Global
Cybersecurity Agenda:
1 – Legal Measures
2 – Technical Measures
3 – Organisational Measures
4 – Capacity Building
5 – International Cooperation
3

ITU GCA – Seven Strategic Goals
4

Securing Jamaica in Cyberspace!
---- (1)(1)(1)(1) ––––
---- (4)(4)(4)(4) –––– CapacityCapacityCapacityCapacity BuildingBuildingBuildingBuilding
---- (1)(1)(1)(1) ––––
Legal MeasuresLegal MeasuresLegal MeasuresLegal Measures ---- (2)(2)(2)(2) ––––
Technical &Technical &Technical &Technical &
ProceduralProceduralProceduralProcedural
MeasuresMeasuresMeasuresMeasures
----(3)(3)(3)(3) ––––
OrganizationalOrganizationalOrganizationalOrganizational
StructuresStructuresStructuresStructures
5
---- (5)(5)(5)(5) –––– International CollaborationInternational CollaborationInternational CollaborationInternational Collaboration

Securing the Caribbean in Cyberspace!
Caribbean Region
- 1830 -
- (4) – Capacity Building
- (1) –
Legal
Measures
- (3) –
Organisational
Structures
- (2) –
Technical
&
Procedural
Measures
6
- (5) – Regional and International Collaboration

* ITU Workshop Overview*
“Cybersecurity Technologies,
Standards & Operations”
S1-Thurs: 9:30-11:00 S2–Thurs:11:30-13:00 S3-Thurs:14:00-15:30 S4-Thurs:16:00-17:30S1-Thurs: 9:30-11:00
“The International
Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
“Integration Cyber-
Technological
Solutions for the
21stC Web2.0 World”
S3-Thurs:14:00-15:30
Group Session:
“Securing Critical
Computing and
Network Facilities”
S4-Thurs:16:00-17:30
Group Session:
“Group Discussion:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
“Designing Practical
S7 – Fri: 16:00-17:30
Group Session”
Workshop PresentationsWorkshop PresentationsWorkshop PresentationsWorkshop Presentations Group Tasks & DiscussionsGroup Tasks & DiscussionsGroup Tasks & DiscussionsGroup Tasks & Discussions
7
“Cybersecurity
Continuity Planning,
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Cybercrime Solutions
– Critical Sectors”
Designing Practical

Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
Technological
Solutions for the
S3-Thurs:14:00-15:30
Group Session:
Computing and
S4-Thurs:16:00-17:30
Group Session:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
S7 – Fri: 16:00-17:30
Group Session”
8
“Cybersecurity
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Designing Practical

* Workshop Session 1 *
“The International Cybercrime
and Cybersecurity Challenge”
1 –Aim: National Cybersecurity 2 – Review Strategy & Plans 3 – Cyber Threats & Crimes1 –Aim: National Cybersecurity 2 – Review Strategy & Plans 3 – Cyber Threats & Crimes
4 – Cyber Technical Threats 5 – Operational Security 6 – Critical Economic Sectors
7 – Case Study: Governments 8 – Case Study: Banks/Finance 9 – Key Jamaican Sectors
9

10

Aim: Jamaican & Caribbean Cybersecurity
Aim: To focus on the ITU Global Cybersecurity Agenda’s “Technical &
Operational Measures” which will help secure the Caribbean in Cyberspace
Agenda: During the 2-Day Workshop we’ll review the cyber threats,
technical standards, architectures, & specific organisational models
Focus: A full in-depth technical course on cybersecurity such as those run
by ITU/IMPACT would take 8 to 12 weeks to cover the complete spectrum
of topics required for professional certification such as CISSP.
Essentials: Hence during these 2 days we’ll work together on the technical
Essentials: Hence during these 2 days we’ll work together on the technical
essentials that will serve as a strong foundation to your future studies &
practical implementations of cybersecurity solutions & operations
11

12

Review Strategy & Cyber Plans
The ITU Cybersecurity Agenda spans 5 Operational Pillars and 7
Strategic Goals. These were presented and comprehensively discussed
during the preceeding 3-day ITU Cybersecurity Workshop at UTECH
The technical & operational measures against cyberattacks,
cyberterrorism and cybercrime are only effective when embeddedcyberterrorism and cybercrime are only effective when embedded
within a total national & enterprise driven management plan including:
National Strategy: Jamaica Government and leading enterprises will need to define and
communicate its top-level strategic cybersecurity objectives
Cybersecurity Agency: Many countries have created a dedicated National Cybersecurity
Agency that is designated with the authority, budget & responsibility for the co-ordination
of all aspects of the cybersecurity agenda across government, institutions & business
Action Plans & RoadMap: During 13th to 15th Sept we worked together as a group on the
Action Plans & RoadMap: During 13 to 15 Sept we worked together as a group on the
develop of outline action plans and roadmaps for both the Jamaican Government as well
as enterprises and institutions that comprise Jamaica’s critical service sectors
Next we shall proceed with our focus on technical threats & solutions…
13

14

“Visualisation of Cyberspace”: Global IP WHOIS Addresses
15

Active Internet Domains – “American IP Registry”
16

Visual IP Cyberspace: Asia-Pacific, Europe & America
17

IP Cyberspace: Asia-Pacific, Latin America and Caribbean
18

Latin America and Caribbean: “LACNIC”
19

“Outer Galaxies of Cyberspace” – Other Registries
20

Densely Populated Regions of IP Cyberspace
21

The Challenging Complexity of IP Cyberspace
22

Cyberspace “Hilbert Map” of Global IP Addresses
23

Global Cyberspace IP Census - 2006
24

Global Malicious Activity in “Hilbert” IP Cyberspace
Key: Hilbert
Space-Filling
Curve Process
25
Link: www.team-cymru.org

Basis for Visualisation of Global IP Cyberspace:
- Hilbert Space Filling Fractal Curve Process -
26

Cyber Threats and Crimes
Wide Spectrum: Cyberthreats & Cybercrimes span a vast spectrum of malicious
and potentially illegal activity in cyberspace with various motivations.
Modes of Attack: The modes of cyberattack will also vary according to the
criminal or terrorist “business plan” and objectives. These modes will becriminal or terrorist “business plan” and objectives. These modes will be
discussed later, and then we’ll summarise the technical & operational solutions
Industrialisation: Cybercrime is now mainstream and the tools and techniques
have now been “industrialised” including “botnets” and mailing lists for hire, and
stolen credit card and banking details available for “on-line sale”
Financial Gain: Criminals hacking into bank accounts, credit cards, stealing personal IDs
Targeted Disruption: Terrorists hiring “botnets” to target critical national infrastructure
Revenge Attacks: Redundant Staff & Others that steal company information & databases
Personal Attacks: On-line attacks using social networking to discredit & smear enemies
Political Attacks: Spread of malicious and false political propaganda through viral
marketing campaigns orchestrated through social networks
27

Financial Services: Personal Data Loss
28

“Cybersecurity Malaysia”
Excellent example of Awareness Campaign targeting End-users with
regards to 10 Major Cybersecurity & Cybercriminal Threats:
1) Phishing Scam
2) Identify Theft
3) Safety of Internet Chat
4) Spam Emails
5) Safe On-Line Shopping
6) Safe On-Line Banking
7) Security Checklists
8) Malware
9) Spyware
10)Password Protection
10)Password Protection
Campaign is promoted by the Malaysian Government Cybersecurity
Agency under MOSTi – Ministry of Science, Technology and Innovation
29

Phishing and Identity Theft
30

Internet Chat and Spam eMail
31

On-Line Shopping and Banking
32

Security Checklist & Malware
33

Spyware & Password Protection
34

35

Global DDOS Cyberattacks - 2007
36

Global IP Connectivity: Real-Time Infection
37

Machbot Botnet Distribution: “Team-Cymru”
38
Link: www.team-cymru.org

Responses to Mitigate DDOS Attacks
39

Phishing Attack: Typical Process
40

Technical Cyber Threats
1) Phishing Scams such as Advance Fee & Lottery Scams
2) Spam eMail with malicious intent
3) DDOS Denial of Service “Botnet” Attacks
4) SQL Database Injection4) SQL Database Injection
5) XSS Cross-Scripting Java Script Attacks
6) Personal Identity Theft (ID Theft)
7) Malware, Spyware, Worms, Viruses & Trojans
8) Embedded Sleeping Software “Zombie Bots”
9) Buffer Overflow Attacks
10)Firewall Port Scanners
11)Social Networking “Malware Apps”
11)Social Networking “Malware Apps”
12) Wi-Fi, Bluetooth & Mobile Network Intrusion
13) Keyloggers – Hardware and Software Variants
41

Attacker Sophistication vs
Intruder Technical Knowledge
42

Top 20 Threats and
Vulnerabilities - 2007
43

Cross-Site Scripting by Proxy : XSS
44

Hierarchy of Hacking Skills
45

Underground Cyber Economy
46

47

Operational Security Threats
1) Access: Campus, Building and ICT Facility Access
2) Staff: Facility Staff, Contractors and Visitors
3) ID: Forged or Stolen Access ID & Biometric Cards3) ID: Forged or Stolen Access ID & Biometric Cards
4) Lost Laptops, Memory Sticks, Smart Phones & Storage Drives
5) Stolen Information & Data Assets, both physical & electronic
6) Wireless: Personal Wireless and Bluetooth Access Points
7) Perimeter Fencing for Critical Facilities: Airports, Power Stations
8) Vehicles: Criminal or Terrorist Vehicles parked with Fake Plates
9) Compliance: Non-Compliance with operational security policies
10)Training: Superficial training for cyber events, alarms & emergencies
……..We’ll be considering the operational security solutions to all these
threats during these 2 days, and their integration with cybersecurity.
48

49

Critical Economic Service Sectors
During our 2-day workshop we shall consider the specific security
requirements for each of the major critical sectors including:
1) Government: Protection against criminal & terrorist threats and attacks1) Government: Protection against criminal & terrorist threats and attacks
2) Banking/Finance: Protection against cybercriminals & money laundering
3) Healthcare: Security of the hospitals, medical records and equipment
4) Telecommunications: Security of comms links, data, servers & facilities
5) National & Civil Defence : Protection of military & police info and assets
6) Energy & Water Utilities: Security of the power grid and water supplies
7) Education: Security of the Universities, Schools and College Campuses
8) Transportation & Ports : Airport & Ports Security against Crime & Terrorists
9) Tourism : Hotel and Resort Security for Guests and Staff
10) Emergency Services: Security of Integrated Communications
10) Emergency Services: Security of Integrated Communications
50

51

Sector Case Study: Governments
Cyber Agencies: Governments such as UK, USA, Malaysia, South Korea
and Australia have all implemented cybersecurity agencies & programmes
eGovernment Services are critically dependant upon strong cybersecurity
for the protection of applications, and citizen data
Compliance Audit: All Government Ministries & Agencies should receive
in-depth ICT security audits, as well as full annual compliance reviews
1) National Defence Forces
2) Parliamentary Resources
3) Land Registry & Planning System
4) Citizen IDs and Passports
5) Laws, Legislations, and Policies
6) Civilian Police, Prisons & National e-Crimes Unit (NCU)
7) National CERT – Computer Emergency Response Team
8) Inter-Government Communications Network
9) eServices for Regional & International Partnerships
10)Establishment of cybersecurity standards & compliance
11)Government Security Training and Certification
52

53

Sector Case Study: Banks & Finance
Banks & Financial Institutions are prime targets for cybercriminals.
Access to Accounts is usually indirect through phishing scams, infected
websites with malicious scripts, and personal ID Theft.
On-Line bank transfers are also commonly used for international moneyOn-Line bank transfers are also commonly used for international money
laundering of funds secured from illegal activities
Instant Money Transfer Services are preferred for crimes such as the
classic “Advanced Fee Scam” as well as Lottery and Auction Scams
An increasing problem is Cyber-Extortion instigated through phishing
National & Commercial Banks have also been targets of DDOS
cyberattacks from politically motivated and terrorist organisations
Penetration Scans: Banks are pivotal to national economies and will
receive penetration scans and attempted hacks on a regular basis.
On-Line Banking networks including ATMs, Business and Personal
On-Line Banking networks including ATMs, Business and Personal
Banking are at the “sharp end” of financial security and require great
efforts towards end-user authentication & transaction network security
54

Cybercriminals Target UK Bank: July 2010
55

Process Flow of the Cybercriminal Attack on
UK Financial Institution: July/August 2010
56
Source: White Paper by M86 Security: Aug 2010

Cybercrime: Top 20 Countries
57

58

Cybersecurity for Key Jamaican Sectors
During the last 5 years, cybercrime has become a major political and
business issue for the Jamaican Government and Enterprises.
The key sectors that we’ll be analysing, as a group, for technical &The key sectors that we’ll be analysing, as a group, for technical &
operational solutions within the Jamaican Economy will be:
Banking/Financial Sector
International Airports & Ports (Kingston & Montego Bay)
Police Force and Cybercrime Unit
Telecomms, ISP & Mobile Sector
Travel/Tourism Sector
Import/Export Trade
Educational Sector
Educational Sector
…..In the next session we’ll explore generic cybersecurity & operational
security solutions, and their practical integration in real-world organisations
59

Typical Cybercrime Threats
(a) – Hardware & Software Keyloggers (b) – Email Phishing
60
(c) – Advance Fee Scam (d) – Denial of Service

Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
Technological
Solutions for the
S3-Thurs:14:00-15:30
Group Session:
Computing and
S4-Thurs:16:00-17:30
Group Session:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
S7 – Fri: 16:00-17:30
Group Session”
61
“Cybersecurity
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Designing Practical

*Workshop Session 2 *
“Integrated Cyber-Technological
Solutions for the 21stC Web2.0 World”
1 – The 21stC Cyber World 2 – ITU Global CyberAgenda 3 – Cyber Technical Solutions:A1 – The 21stC Cyber World 2 – ITU Global CyberAgenda 3 – Cyber Technical Solutions:A
4 – Cyber Technical Solutions:B 5–Physical Security Solutions:A 6–Physical Security Solutions:B
7 – “Cyber to Physical Attacks” 8 – “Physical to Cyber Attacks” 9–Integrated Security Benefits
62

63

“21st Century Cyber World”
Open World: During the last 15 years we’ve evolved from the primitive Internet to
the complex world of Web2.0 applications
Criminals and Hackers seek every opportunity to creatively penetrate wired,Criminals and Hackers seek every opportunity to creatively penetrate wired,
wireless, mobile devices, and social networking applications
The war against cybercriminals requires us to continuously create new
cybersecurity solutions for every conceivable cyberattack
Standards, Architectures and Operational Security Policies all ensure that the
“business case for cybercriminals” is much less attractive
The DMZ Security Firewalls of the 1990s are now only a partial solution to the
protection of critical information infrastructure
protection of critical information infrastructure
…….In this session we explore the 21st World of Cybersecurity Solutions including their
integration with the more traditional physical security & surveillance systems………
64

Cybersecurity for Wireless
Networks & Web2.0 “Apps”
Wireless Networks: The open world of wireless, mobile devices & storage
requires a new 21stC conceptual approach to cybersecurity:
1) Embedded: Security should be embedded at EVERY node of the network and applications
2) End-Users need to be “cybersecurity aware” in order to “drive safely in cyberspace”
3) Operational Policies are required with regards to the transportation of portable storage
4) Training: Every Enterprise & Government Agency should receive regular security training
5) CSO: Dedicated professional personnel such as a business CSO/CISO should be recruited to
set the security policies and manage the training, upgrades, audit and compliance
6) Engineering to International Cybersecurity Standards is essential in order that the
Information, Data and ICT Assets are uniformly secured against cyberattacks
7) Apps: Every month, cybercriminals create new means of attacking & penetrating previously
secure systems, particularly the latest smart mobile devices and end-user “apps”…
8) Policies: There is greater need for rigorously enforced security policies for wireless networks
8) Policies: There is greater need for rigorously enforced security policies for wireless networks
since they are inherently more open to attack when used by “non-security” aware users
65

66

ITU Global Cybersecurity Agenda (GCA) and
other Useful Cybersecurity Programmes
The ITU GCA is used as the primary framework in this workshop with its extensive
archive of strategic frameworks, operational procedures & technical standards
Technical Measures: Various other National and International Agencies have also
evolved and implemented cybersecurity programmes that are of relevant and useful
in the determination of technical solutions & operational measures:
EU/ENISA: Pan-European Cybersecurity Programme including the CERT Network, Identity
Management and active work on the Implementation of the CoE Convention on Cybercrime
USA/NIST: National Institute of Standards and Technology with its “800 Series” of Special
Publications from the Computer Security Division that focus upon all aspects of cybersecurity
USA/ASIS: American Society for Industrial Security which includes many publications such as
guidelines for Business continuity & Disaster Recovery and Job Profile for the Role of CSO
USA/CMU-CERT: Carnegie Mellon University pioneered the concept of the CERT, and now
manage the CERT Co-ordination Resource and Training Centre & a global partnership network
UK/ISF: Information Security Forum that is probably best known for its publication of the “Good
Practice Guidelines for Information Security” that is available for free on-line download
UK/Jericho Forum: International ICT Forum focusing mainly upon the cybersecurity challenges
of security the 21stC world of Web2.0 applications and mobile wireless devices
of security the 21stC world of Web2.0 applications and mobile wireless devices
ISO: International Standards Organisation has defined and published the evolving 27000 Series
of Security which includes “ISMS requirements”, “Codes of Practice” & “Risk Management”
……Next we drill down into the spectrum of practical cybersecurity solutions against cybercrime
67

68

Cyber Technical Solutions (A)
Today we consider the real-world technical response to the most
common forms of cybercrimes, cyberattacks and cyberterrorism:
1) Distributed Denial of Service
2) SQL Database Injection Attacks2) SQL Database Injection Attacks
3) XSS Cross-Site Scripting
4) Firewall Port Scanning
5) Malware, Spyware, Viruses, Worms and Trojans
6) Spam eMail and Phishing Scams
7) Keyloggers: Hardware and Software Variants
8) Transaction Security
9) Device and End-User Authentication
10)Cryptography: PKI and VPNs
….Jamaican Government and Enterprise ICT Facilities will all require professionally trained
….Jamaican Government and Enterprise ICT Facilities will all require professionally trained
staff that are able to implement, manage and regularly upgrade cyber solutions…
69

ITU Cybersecurity Guide for Developing Countries
70

Distributed Denial of Service CyberAttack
71

Typical DDOS BotNet Attack
72

Mitigate Attack: Black-Holing
73

Mitigate Attack: Packet Filter
74

DDOS Reactive Traceback
75

DDOS Traffic Rate Limiting
76

DDOS: Virtual Overlay Network
77

DDOS Mitigation: Cyptographic Puzzles
78

SQL Database Injection Attacks
79

SQL Injection Vulnerability
“Website”
“Website”
“Website”
80
Solution: Ensure all SQL user inputs are inserted into parameterised statements

Impact of XSS Cross-Site Scripting
Solution: Always check rigorously
for data fields that allow user-input.
Ensure that there is no possibility for
User Script input to be executed in
website coded “php” or “asp” pages…
81

“Twitter” Cross-Site Scripting Vulnerability
82

Functional Structure of a DMZ Firewall
83
Ensure that all firewall “ports” are locked down except those that are essential to operations,
And also implement dual firewalls with full DMZ (De-Militarised Zones) for further security

Typical Secure “Single-Hop”
DMZ Firewall Configuration
84

Fully Secure “Double-Hop”
DMZ Firewall Configuration
85

Single-Hop DMZ & Secure Network
86

Malware, Spyware, Viruses, Worms & Trojans
Trojans appear to users as attractive applications or messages such as the following
generic eGreetings Card! Clicking on the card will then result in an “exe” file
downloading malicious code to your PC, which may then open a permanent “back-door”
87

“Worm” Attacks: Defence requires fully
implemented Cybersecurity Policies
Example: Win32 Conicker
Worm – Self-Replicating –
In-Built Self Defence –
Infected more than 7Million
Computers Worldwide
since November 2008
88

Spyware Attack
89

Global Spam Mail Attacks
90

Phishing Attack
91

Keyloggers: Hardware & Software
Easily inserted by cybercriminals into PC wiring
Wireless Versions also available for 802.11 nets
Alternative software keyloggers can be illegally
downloaded into compromised servers & PCs
Logged files can be uploaded to cybercriminals
through email or by FTP through open ports
Examples have also been found inside credit
card terminals, pre-installed by criminals in
production plants with SIM Card and Phone. Log
production plants with SIM Card and Phone. Log
reports, including CC details and PINs are then
regularly dialed through to overseas criminals
92

Digital Signature Transmission
93

Digital Fingerprint Identification
94

Device Authentication with IEEE 802.1X
Extensible Authentication Protocol – EAP over IEEE 802.11 LAN/WLAN
95

Transaction Security
Transaction Security is required at each level of the Network Protocol
Every Device and End-User should be authenticated by the network
Both Public (PKI) and Private Key Encryption Schemes can be used
Most Governments and Enterprises will generally adopt some form ofMost Governments and Enterprises will generally adopt some form of
Public Key Infrastructure to secure eGov and eBusiness Application
Example: SSL Secure Socket
Layer Certificate and Private
Key Encryption for Transactions
96

“Confidentiality, Integrity and Availability”
97

Public Key Encryption Scheme
98

Private Key Encryption Scheme
99

Cryptography: Public Key Infrastructure (PKI)
100

101

Cyber Technical Solutions (B)
Next we consider the more general aspects of 21stC Cybersecurity
needs for evolving Enterprise ICT networks & applications:
Cybersecurity for Cloud ComputingCybersecurity for Cloud Computing
Cybersecurity for System Virtualisation
Web2.0 “Apps” and Social Networking
Cybersecurity for Wireless Networks
Intrusion Detection & Prevention Systems (IDS/IPS)
……The Virtual World of Cyberspace is akin to the “real-world” in that cybercriminals will
continuously develop “new weapons” to attack the national critical infrastructure,
institutions and commercial organisations for financial gain & for political propaganda.
…There is also the concept of “territorial gain” in that the cybercriminals will also infect ICT
…There is also the concept of “territorial gain” in that the cybercriminals will also infect ICT
devices and servers in order to secure control, and thence to use them as “zombie” bots
102

Cybersecurity for Cloud Computing
“Cloud Cube Model” from the “Jericho Forum” which is a useful model for
exploring cybersecurity “within the de-perimeterised world of cloud computing”
Essentially all the same security technologies and operational procedures are
applicable “within the cloud” and is just an extension of Web2.0 & open world ICT
103

Cybersecurity for Virtualisation
104

Fully Virtualised DMZ Firewalls
105

Cybersecurity for Social Networks
Social Sites: During the last 2 years, social networking sites such as
Facebook and Myspace have become the latest targets for
cybercriminals
Cyber Scams include Identify Theft and requests for instant money
transfers from parents to support the “release” of children & friendstransfers from parents to support the “release” of children & friends
overseas
Cybercriminals also sign-up as “friends” in order to infiltrate student
networks, and then to secure personal information & account details
Paedophiles also use these social networks in order to cultivate
relationships with children and teenagers below the “age of consent”
Businesses may be at risk if employees publish confidential company
information on their social network accounts that may easily go public
Facebook now works with child protection authorities in countries such
as a the UK so that those at risk can quickly contact “helplines”
as a the UK so that those at risk can quickly contact “helplines”
………Business and Government should consider ways to exploit the power
of social networking whilst protecting their networks against attack.
106

Cybersecurity for Wireless Networks
Perimeter Sentry Wireless Access Point Network around office/campus
Certificates: End-User Encrypted Logon Certificates – EAP/802.1X
24/7 Scanning: Permanent Wireless Frequency Sentry Scanning
Prohibition of attachment of personal wireless nodes
3G Gadgets: Management of Business PDAs and Smart Mobile Devices
Guests: All guest account access either fully secured or prohibited
3G Mobiles: Sensitive government or business data should always be
encrypted and transmitted using secure VPN tunnel to home servers
107

Sentry Wireless Access Points for
Building Perimeter Security
108

IDS/IPS: Intrusion Detection
and Prevention System
109

SECURITY OBJECTIVE CYBERSECURITY TECHNOLOGY SOLUTION ROLE
Access Control
Boundary Protection Firewalls Aim to prevent unauthorised access to or from a private network.
Content Management Monitor web, messaging and other traffic for inappropriate content such as spam,
banned file types and sensitive or classified information.
Authentication Biometrics Biometric systems rely on human body parts such as fingerprints, iris and voice to
identify authorised users
Smart tokens Devices such as smart cards with integrated circuit chips (ICC) to store and process
authentication details
Authorisation User Rights
and Privileges
Systems that rely on organisational rules and/or roles to manage access
System Integrity
Antivirus and
anti-spyware
A collection of applications that fight malicious software (malware) such as viruses,
worms, Trojan Horses etc
Integrity Checkers Applications such as Tripwire that monitor and/or report on changes to criticalIntegrity Checkers Applications such as Tripwire that monitor and/or report on changes to critical
information assets
Cryptography
Digital Certificates Rely on Public Key Infrastructure (PKI) to deliver services such as confidentiality,
authentication, integrity and non-repudiation
Virtual Private Networks Enable segregation of a physical network in several ‘virtual’ networks
Audit and Monitoring
Intrusion Detection
Systems (IDS)
Detect inappropriate, incorrect or abnormal activity on a network
Intrusion Prevention Systems (IPS) Use IDS data to build intelligence to detect and prevent cyber attacks
Security Events
Correlation Tools
Monitor, record, categorise and alert about abnormal events on network
Computer
Forensics tools
Identify, preserve and disseminate computer-based evidence
Configuration Management and Assurance
Policy Enforcement Applications Systems that allow centralised monitoring and enforcement of an organisation’s
Policy Enforcement Applications Systems that allow centralised monitoring and enforcement of an organisation’s
security policies
Network Management Solutions for the control and monitoring of network issues such as security, capacity
and performance
Continuity of Operations tools Backup systems that helps maintain operations after a failure or disaster
Scanners Tools for identifying, analysing and reporting on security vulnerabilities
Patch Management Tools for acquiring, testing and deploying updates or bug fixes
110

111

Physical Security & Survelliance Solutions
The comprehensive security of electronic information, data and assets
also requires corresponding upgrades in the physical & operational
security for the offices, facilities and ICT server & storage rooms:
Reception, Facility and Office Access for Staff, Contractors and Visitors
Advanced Smart Perimeter Management for Campus Sites, Airports & Bases
Integrated CCTV/ANPR Intelligence Surveillance
Biometrics and RFID Identification for Personnel and Mobile Assets
……Traditionally physical security was managed quite independently from the ICT security.
However, many enterprises and governments now understand that overall security is
improved at lower cost through the integrated management of cyber & physical resources
improved at lower cost through the integrated management of cyber & physical resources
112

Office, Facility and Campus Security
All Facilities with Critical Info
and ICT Infrastructure should
be fully secured for access.
Reception Security may include
scanning devices, and policy for
Mobiles, Laptops, Cameras and
Memory to be left at reception.
Site should be equipped with
smart CCTV surveilliance
All Staff and Guests have Smart
All Staff and Guests have Smart
Chip RFID Cards, and possibly
also BioID Cards for facilities
with higher security ratings.
113

Advanced Perimeter Management
Critical Infrastructure such as Airports, Power Stations, Ports and
Telecommunications Facilities are often sited on large multi-building
campuses with a significant physical perimeter fence.
Modern 21stC Technology can help to secure the perimeter, &
prevent access to the electronic cyber assets within the facility:
Networked CCTV including Smart Video Analytics for Object Identification
Thermal Imaging and Movement Location with HD InfraRed Cameras
Optical Fibres for Real-Time Intrusion Location using EM Field Analysis
Buried Networked Wired or Wireless Motion Detection Sensors
ANPR Vehicle Registration Number Plate Recognition for Perimeter Roads
Professional Security Guards that are fully trained & certified in these Security Applications
…In summary, it is important never to neglect upgrading investment in
physical security in order to boost the security of ICT cyber assets
114

Integrated CCTV/ANPR Surveillance
115

Computer Automated Industrial
Control & Safety Systems
116

Biometrics and RFID
Biometrics techniques may include:
Finger and Palm Prints
Retinal and Iris Scans
3D Vein ID
Voice Scans & RecognitionVoice Scans & Recognition
DNA Database – usually for Criminal Records
3D Facial Recognition
RFID= Radio Frequency ID with applications that include:
Personal ID Cards for Building, Facility and Secure Room Access
Tags for Retail Articles as a deterrence to shopplifting
Powered RFID Tags for Vehicles to open Barriers, Doors, or switch traffic lights
Plans to used RFID Tags for Perishable Products such as vegetables and flowers
Asset Tags to manage the movement of ICT Assets such as Laptops, PDA & Storage
…..Both Biometrics and RFID Technology Solutions can be powerful tools against cybercrime
117

4 – Cyber Technical Solutions:B 5–Physical Security Solutions 6–Physical Security Solutions:B
118

Operational Security Solutions
Securing information and assets in the virtual world of cyberspace
requires the discipline of rigorous operational security solutions and
policies in the real-world according to accepted ITU & ISO Standards:
Integrated Command and Control Operations (including fail-over control rooms)
Business Continuity & Disaster Recovery (for cybercrimes, terrorism & natural disasters)
Implementation of National, and Enterprise Computer Incident Response Teams (CERTs)
Integrated Digital Forensics, eCrime Unit & Cyber Legislation against Cybercrimes
Traditional Physical Security Defences & Deterrents (including security guards & fences!
….Many criminal and terrorist attacks are through penetrating some combination of physical
and cybersecurity systems. Breaking into a physical building may allow a criminal to gain
secure ICT zones, and thence to on-line user accounts, documents & databases.
secure ICT zones, and thence to on-line user accounts, documents & databases.
Information can be downloaded to chips or storage drives & stolen with relative ease.
……We’ll be considering some real-world examples of cybercriminal “integrated cyber-
physical security threats” in the next part of our cyber technology workshop
119

Integrated Command & Control Operations
Security Operations Command Centre for Global Security Software Enterprise
120

TSA National Operations Room: US
Transportation Security Administration
121

Business Continuity and
Disaster Recovery Plans
Spans ALL aspects of
Operations both Physical
And Cyber Operations
122

3D Simulation Modelling for
Security Crisis & Disaster Management
123

Strategic Approach to National e-Crime Unit
124

Implemention of CERT/CSIRT Services
125

“Physical Security” Defences
in the context of “Cybersecurity”
Investments in establishing and upgrading cybersecurity defences against
cybercrime means that all physical security and associated operational staff should
also be reviewed for compliance with policies, and audited to international standards
Ideally, physical and cybersecurity operations should be linked “step-by-step” at the
command and control level in the main facility operations centre.
Physical Security for critical service sectors such as airports, banks, telecomms,
energy, education, healthcare and national defence should be included within the
strategy and policies for Cybersecurity and vice versa
In order to maximise security, Jamaican Government and Businesses need to
upgrade and integrate resources and plans for both physical and cybersecurity during
the next few years.
the next few years.
I would personally suggest developing a focused total security action plan and
roadmap (Physical & Cyber) for each critical sector within the Jamaican Economy
126

Physical Security Defences:
Berlin-Schönefeld Airport
127

Summary of Physical Security
and Operational Solutions
Physical security and the Operational Solutions are increasingly based
upon sophisticated electronic networked solutions, including
biometrics, smart CCTV, intelligent fences, and RFID Access Devicesbiometrics, smart CCTV, intelligent fences, and RFID Access Devices
Operations for “Physical Security” and “Cybersecurity” will need to be
slowly converged & integrated during the next few years both from a
personnel, assets, resources and operational budget perspective
The benefits of integrating cyber and physical security are reduced
running costs, reduced penetration risk, and increased early warning
of potential attack whether from criminals, hackers or terrorists.
…..Next we’ll consider the integration of physical and cybersecurity in
some more detail, including the modes of attack & overall benefits
128

129

“Cyber to Physical Attacks”
The illegal penetration of ICT systems may allow criminals to secure
information or “make deals” that facilities their real-world activities:
“Sleeping Cyber Bots” – These can be secretly implanted by skilled hackers to secure“Sleeping Cyber Bots” – These can be secretly implanted by skilled hackers to secure
on-line systems, and programmed to explore the directories & databases, and & then to
transmit certain information – Account & Credit Card Details, Plans, Projects, Deals
Destructive “Cyber Bots” – If cyber-bots are implanted by terrorist agents within the
operational controls of power plants, airports, ports or telecomms facilities then
considerable physical damage may result. A simple “delete *.*” command for the root
directories would instantly wipe out all files unless the facility has real-time fail-over!
Distributed Denial of Service Attacks – These not only block access to system, but in the
case of a Banking ATM Network, means that the national ATM network has to be closed.
Alternatively in the case of an airline check-in and dispatch system, flights are delayed.
National CyberAttacks – Many international organisations such as NATO & US DOD
forecast that future regional conflicts will begin with massive cyberattacks to disable
their targets’ physical critical communications and information infrastructure. Clearly it
is important for countries to upgrade their national cybersecurity to minimise such risks
130

131

“Physical to Cyber Attacks”
Most “physical to cyber attacks” involve staff, contractors or visitors
performing criminal activities in the “misuse of computer assets”:
Theft & Modification of ICT Assets: It is now almost a daily occurrence for criticalTheft & Modification of ICT Assets: It is now almost a daily occurrence for critical
information & databases to be either deliberately stolen or simply lost on PCs or Chips
Fake Maintenance Staff or Contractors: A relatively easy way for criminals to access
secure facilities, particularly in remote regions or developing countries is to fake their
personnel IDs and CVs as being legitimate ICT maintenance staff or contractors
Compromised Operations Staff: Sometime operational ICT staff may be tempted by
criminal bribes, or possibly blackmailed into providing passwords, IDs & Access Codes.
Facility Guests and Visitors: It is standard procedure for guests & visitors to be
accompanied at all times in secure premises. In the absence of such procedures,
accompanied at all times in secure premises. In the absence of such procedures,
criminals, masquerading as guests or visitors, may install keylogger hardware devices or
possibly extract information, plans and databases to USB memory chips, or steal DVDs!
132

133

Benefits of Integrated Cybersecurity
Some of the key benefits from integrating cybersecurity technology
solutions with rigorous operational processes and policies are:
Reduced Operational Costs, through “Single Security Organisation” under a CSO/CISO
Early Warning of both Physical or Cyber Penetration through comprehensive surveillanceEarly Warning of both Physical or Cyber Penetration through comprehensive surveillance
Extended Protection of ALL Critical Physical and On-Line Assets
Focused Security Policy for Government, Businesses and Citizens
Risks: Reduced “Open World” Security Risks from Smart Mobile Devices ,“Apps” & Web2.0
CyberCrime: Comprehensive Management and Control of National Cybercrime
CNI: Critical Infrastructure such as Banks, Power Stations and Airports are better protected
National Defence: Countries now need to be 100% protected both in physical & cyberspace
….In summary, the 21st approach to cybersecurity is a combination of technological solutions
together with rigorously enforced operational procedures, all implemented to recognised
international standards such as those of the ITU and ISO/IEC
….Tomorrow we consider these ITU cybersecurity standards in more depth, and also discuss
specific organisational models for National CERTs/CSIRTs and Police eCrime Units
134

Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
Technological
Solutions for the
S3-Thurs:14:00-15:30
Group Session:
Computing and
S4-Thurs:16:00-17:30
Group Session:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
S7 – Fri: 16:00-17:30
Group Session”
135
“Cybersecurity
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Designing Practical

Cybersecurity: Director ITU
Telecomms Development Bureau
136

*Group Workshop Session 3*
“Securing Critical Computing & Network Facilities”
Workgroup Team Task:
Task 1 – Choose your critical sector: (1) Government, (2) Banking/Finance,
(3) Telecomms/Mobile, (4) Energy/Power (5) Airport/Transportation(3) Telecomms/Mobile, (4) Energy/Power (5) Airport/Transportation
Task 2 – Imagine that you’re a cybercriminal or hacker and list all the
possible technical & operational cyberthreats that could penetrate the sector
Task 3 – Design your ICT computer facility (servers, databases, access, network)
Task 4 – Check that your facility design can be defended against the list of
potential cyberthreats that you listed under task 2 including both the
technology threats and operational & staff related threats
137
Task 5 – Develop a short presentation and slides to justify your facility design
……Position yourself as the CIO/CSO of your chosen Critical Sector ICT Facility!

* Group Workshop Session 3*
Securing Critical ICT Infrastructure
Suggested Time Allocations for Task Actions: 90mins
1 – Task Assignment: Choose
your Critical Service Sector:
Task 2 – List CyberThreats Task 2 – List Cyberthreats
Government, Banking/Finance
Telecomms, Transport, Energy
Task 3 – Cybersecurity Design Task 3 – Cybersecurity Design Task 3 – Cybersecurity Design
Task 4 – Check Design against
your List of Cyberthreats
Task 5 – Prepare Short 10 Min
Presentation of Design & Plan
Task 5 – Prepare Short 10min
138
Note: Each Task Time Segment = 10Mins

Key to Cybersecurity Workshop Session
Colour-Code Classifications: Interactive Tasks
RED ORANGE YELLOW BLUE GREEN
Monday
-Action (1) Legal (2) Technical (3) Organisation (4) Capacity (5) International
Workshop
Colour Code
-Action
Plans -
(1) Legal (2) Technical (3) Organisation (4) Capacity (5) International
Tuesday
- Laws -
Information
Disclosure
Computer
Misuse
Forgery &
ID Fraud
Information
Interception
Copyright &
Patents Law
Wednesday
- Road
Map -
Q1-2011 Q2-2011 Q3-2011 Q4-2011 FY2012
Thursday
- ICT
Security-
Unauthorised
Info Access
DDoS-
Denial of
Services
MALWARE
Disclosure
&
Misuse
Info Access &
Exploitation
Friday
- Sector
Security -
Cyber Criminal
Threat
Cyber
Terrorist
Threat
Malicious
Hacking &
Exploitation
Internal
Operational
Threat
Natural Disaster
or Other Event
139

Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
Technological
Solutions for the
S3-Thurs:14:00-15:30
Group Session:
Computing and
S4-Thurs:16:00-17:30
Group Session:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
S7 – Fri: 16:00-17:30
Group Session”
140
“Cybersecurity
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Designing Practical

Team Discussion: Securing Critical ICT Infrastructure
Schedule: Task Presentations = 90mins
Group 1 = Government Group 1 = Government Group 2 = Banking/Finance
Group 2 = Banking/Finance Group 3 = Telecomms/Mobile Group 3 = Telecomms/Mobile
Group 4 = Transport or Energy Group 4 = Transport or Energy Group Discussion & Summary
141

Securing the Island of Jamaica!...
….From 17thC Coastline to 21stC Cyberspace
142

Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
Technological
Solutions for the
S3-Thurs:14:00-15:30
Group Session:
Computing and
S4-Thurs:16:00-17:30
Group Session:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
S7 – Fri: 16:00-17:30
Group Session”
143
“Cybersecurity
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Designing Practical

“Cybersecurity Continuity Planning,
Standards and Architectures”
1 – International Standards 2 – ITU Security Standards 3 – ITU: X.805 Architecture1 – International Standards 2 – ITU Security Standards 3 – ITU: X.805 Architecture
4 – ITU: X1205 CyberSecurity 5 – Others: ISO/IEC & NIST 6 – ISF: Info Security Forum
7 – Practical Implementation 8 – Cyber Continuity: BCP/DR 9 – Next Steps for Jamaica
144

145

International Security Standards
Multiple Players: There are multiple international and national organisations that
define and publish standards relating to physical and cyber security. In general
these standards, recommendations and guidelines are complementary
ITU: We shall be focusing in this session of the technical security standards &
recommendations published by the ITU as their X-Series as well as H-Seriesrecommendations published by the ITU as their X-Series as well as H-Series
Partnerships: The ITU works closely in partnership with many other
organisations, particularly for emerging Telecommunications. Multimedia, Mobile
& IP Networking:
ENISA – European Network and Information Security Agency
ISO – International Standards Organisation
IETF – Internet Engineering Task Force
ETSI – European Telecommunications Standards Institute
IEEE – Institute of Electrical and Electronic Engineers
IEEE – Institute of Electrical and Electronic Engineers
ATIS – Alliance for Telecommunications Industry Solutions
3GPP – 3rd Generation Partnership Project
ANSI – American National Standards Institute
NIST – National Institute of Standards and Technology
146

147

ITU Technical Security Standards
The ITU Technical Families of Security Standards (from A to Z Series)
are extremely comprehensive and span practically all technical aspects of
government and enterprise cybersecurity systems and architectures.
The standards are also being continuously developed and upgraded by
professional specialists from the ICT Industry, Government & Academia
X.805 – Security Architecture for End-to-End Communications
X.1121 – Security Technologies for Mobile Data Communications
X1191 – Functional Requirements for IPTV Security Agents
X.1205 – Overview of Cybersecurity and General Guidelines
X.1250 – Security Standards for Identity Management
X.509 – Public Key Infrastructure & Certificate Frameworks
H.323 – Multimedia Communications Systems Security
J.170 – Security Specifications for TV & Multimedia Cable Networks
…….We’ll be focusing primary on the X.800 and X.1200 Series of Standards
The ITU security standards can be freely downloaded from the ITU website
Download Link: www.itu.int/rec/T-REC/
148

Cybersecurity: Director, ITU
Telecommunications Standardisation Bureau
149

ITU-T X-Series – Data Nets, OSI and Security
150

ITU-T X-Series Security
Recommendations
151

ITU Resolutions & Security Standards (1)
152

ITU Resolutions & Security Standards (2)
153

154

ITU – X.805 Security Architecture
155

X.805 – Mapping Security
Dimensions to Threats
156

X.805 : Mapping out the
Eight Security Dimensions
157

X.805: Security Module 4
158

159

160

Security Planes & Network Activities
161

Recommended Book: Security in a Web2.0 World –
- A Standards Based Approach(X.805) – Author: C. Solari -
162
Carlos Solari: Ex CIO
US Govt White House

163

ITU: X.1200 Security Standard Series
X.1205 provides a full definition and overview of most technology
aspects of cybersecurity, building upon the X.805 architecture
X.1240/X.1241 provide technical strategies for countering spam email
X.1242 provides SMS spam filtering system based on user-rules
X.1244 provides ways of countering spam in IP Multimedia Systems
X.1251/X.1252 provide frameworks and technical models for the
secure management of on-line digital identity
….Here we shall provide an overview of X.1205 and X.1251/X.1252
164

Typical Enterprise Networks
165

Secure Authentication and
Authorization Reference Model
166

Reference Model for Securing Management
167

Securing VoIP – IP Telephony – X.1205
168

Cyber Risks for IP Telephony
IP telephony systems can be subjected to a number of cyber attacks. For example:
Router: Attacks on the router can bring down both voice and data services in an organization;
DDoS: Denial of service can overload an IP telephony communications server or client;
Ping: Ping of death can disrupt VoIP operations by sending multiple pings to VoIP devices;
Scanning: Port scanning can find vulnerabilities in VoIP clients and servers;
Sniffing: acket sniffing can record and/or intercept conversations;
Spoofing: IP spoofing can misrepresent the source or destination of the media stream;
Malware: Viruses, worms, Trojan horses, and time-triggered bots can attack servers and clients.
……..In summary, digital voice over IP is susceptible to practically all the same vulnerabilities, threats
and risks as other forms of digital data communications. Hence all VoIP systems, clients, servers
and risks as other forms of digital data communications. Hence all VoIP systems, clients, servers
and comms links should be fully secured in the same manner as all other ICT applications.
169

Securing Remote Offices
170

Generic Wi-Fi Office Network
171

X.1205 Cybersecurity Technologies (1)
172

X.1205 Cybersecurity Technologies (2)
173

Basic Categories for Identity Management – X.1250
174

Identity Management (IdM) is
required at all Network Levels
175

Identity Management Models: ITU-T X.1250
176

Identity Management Model
177

X.1251 - Generic Structure for a Digital Contract
178

Conceptual Model for Digital Identity
Interchange: X.1251
179

Identity Interchange Layer- X.1251
180

Digital Identity Interchange
Framework – X.1251
181

ITU X.1100 Security Standards Series
X.1111 – Provides framework for home network security
X.1143 – Security Architecture for Mobile Messaging Services
X.1151 – Guidelines on Secure Password Authentication
X.1162 – Security Architecture & Operations for P2P Networks
X.1191 – Functional Requirements and Security Architecture for IPTV
……In the following slides we’ll give an overview of the reference models for
some of these ITU standards. A full analysis of the whole spectrum of
some of these ITU standards. A full analysis of the whole spectrum of
ITU cybersecurity standards is beyond the scope of this 2-day workshop
182

Reference Security Model for
Mobile Web Services – X.1143
183

P2P Generic Network Structures – X.1162
184
Note: DHT = distributed hash table

X.1162 - P2P Networks : Security
Requirements & Operations
185

Architectural Model – Peer to Peer Networks
186

X.1191 - IPTV Security Threats Model
187

IPTV Protection Architecture – X.1191
188

Cybersecurity: Director ITU
Radiocommunications Bureau (BR)
189

190

Other Security Standards: ISO, NIST, ENISA
ISO/IEC: These are often adopted as “best practice” for operational
aspects of security including the ISO27001 – Information Security
Management System, and the ISO27002 – ISMS Code of Practice
NIST: The comprehensive publications of the “800 Series” from the
Computer Security Division are complementary to the ITU standards
ENISA: The European Networks Security Agency publishes many detailed
security studies and recommendations, with some useful work and
guidelines for the establishment of national CERTs
IEEE: An important global player in ICT standards, and a key ITU partner
IEEE: An important global player in ICT standards, and a key ITU partner
in the development of new standards for open network cybersecurity
191

ISO27001 Security Standards
192

ISO/IEC 27000-Series
193

Information Security Management System
(ISMS – ISO 27001)
194

Example: ISMS Information Classification Policy
195

Implementation Process: ISO27001/2
196

Flow-Chart: Route to ISO27001 Certification
197

NIST Security Publications: “800 Series”
198

NIST Publications: Security Topics
199
NIST Computer Security Division: csrc.nist.gov

200

ISF: Information Security Forum
201

Info Security Forum Matrix – (1)
SM = Security Management
CB = Critical Business Applications
202
CB = Critical Business Applications
CI = Computer Installations
NW = Networks
SD = Systems Development

203

204

205

206

207

Practical Standards Implementation
Use: Cybersecurity Standards and Technological Solutions are of great
benefit in the establishment of organisations & operational policies
Business Case: The use of security standards, guidelines and ITU
Recommendations should be driven by the organisation’s economicRecommendations should be driven by the organisation’s economic
business case, including a full evaluation of the risks & rewards
Start with Standards: It is always much better to engineer new ICT
systems and operations to standards, rather than to add them later!
The ITU X800/X1200 Series of Recommendations provide excellent ICT
security frameworks for Jamaican Government and Enterprises, whilst
the ISO/IEC 27001/27002 are accepted worldwide for ISMS operations
the ISO/IEC 27001/27002 are accepted worldwide for ISMS operations
…….Engineering and Managing ICT Operations to International Standards
will place a major deterrence upon cybercriminals, hackers & attackers.
208

209

Business Continuity and
Disaster Recovery Plans
Spans ALL aspects of
Operations both Physical
And Cyber Operations
210

Disaster Recovery Planning (DR):
Strategic Analysis Process
211

Cyber Continuity & Recovery
212
Useful General Guidelines on Business Continuity and Disaster Recovery from ASIS

213

Next Action Steps for Jamaica
Phase 1: Define your cybersecurity STRATEGY and OBJECTIVES
Phase 2: Establish, resource & train your cybersecurity ORGANISATION
Phase 3: Agree and communicate technical & operational standards
Phase 4: Review, Audit and Upgrade all ICT Systems during next year
Phase 5: On-Going Operational Management by CSO/CISO, including
regular compliance audits and technical upgrades to new Cyber Threats
……In summary, the adoption of international standards for Jamaican ICT
……In summary, the adoption of international standards for Jamaican ICT
systems and Operational Procedures will have a significant impact on
cybercrime, & reduce the risk of attacks on critical national infrastructure
214

Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
Technological
Solutions for the
S3-Thurs:14:00-15:30
Group Session:
Computing and
S4-Thurs:16:00-17:30
Group Session:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
S7 – Fri: 16:00-17:30
Group Session”
215
“Cybersecurity
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Designing Practical

Organising a National Cybercrime
Unit (NCU) and National CERT/CSIRT
1–Special Cyber Organisations 2 – CERT/CSIRT Organisation 3 – CERT/CSIRT Alert Centre
4 – CERT/CSIRT: Roll-Out Plan 5 – National Cybercrime Unit 6 – National Cybercrime Unit
7 – ITU: IMPACT Programme 8 – ITU: IMPACT Programme 9 –“Best Practice” for Jamaica
216

217

Special Cybersecurity Technical Organisations
Effective national and enterprise cybersecurity requires the
implementation of professionally staffed technical organisations
In this session we’ll consider the cyersecurity organisations and
associated technical skills for:
CERT/CSIRT: Computer Emergency Response Team – We’ll explore the steps required to
establish and manage a National or Enterprise CERT. We will use the CMU (Carnegie
Mellon University), and ENISA (European Network & Information Security Agency)
Guidelines as the foundations for our technical and management analysis
NCU/eCrime Unit: National Cybercrime Unit – We’ll use the UK National eCrime Unit as
an example of “Best Practice” for the organisation, including the process for cybercrime
investigation, evidence collection and the skills for Digital Forensics
Global IMPACT Centre: International Multi-Lateral Partnership against Cyber Threats -
This is a unique organisation is an alliance with several major global players including
This is a unique organisation is an alliance with several major global players including
the ITU and Interpol. We’ll present some of the programmes that may be relevant to the
Jamaican Government, major Institutions and Commercial Enterprises
218

219

CERT/CSIRT Organisations
Benefits: Every national government, and major multi-site enterprise
should consider the economic benefits of establishing a CERT/CSIRT.
Origins: The original CERTs were established in the early 1990sOrigins: The original CERTs were established in the early 1990s
following the arrival of the first computer viruses, worms & trojans.
CERT.org: Carnegie Mellon University formed the 1st National CERT
under contract from the US Government, and now runs
www.CERT.org as a global partnership of national and regional CERTs.
ENISA: Within European, the TERENA organisation (Trans-European
Education and Research Networks Association) works with ENISA to
manage the network of European CERTs, including skills training.
manage the network of European CERTs, including skills training.
220

Caribbean Connectivity
221

Securing the Caribbean in Cyberspace
222

Regional Caribbean Network Organisations
223

Caribbean Telecommunications Union
224

CTU: Caribbean ICT Roadshow (CIRS)
225

CERT/CSIRT Services
226

227

CERT/CSIRT Alert Centre
Alerts: A Fundamental Process within any CERT is the management and
classification of “incidents”, and their routing to provide a response
Triage: Some “incidents” may actually be due to some unusual statistical
traffic patterns rather than an actual alert, “hack” or cybercrime
Risk: Once an incident is classified the CERT will need to assign staff
responsibility to assess the event risk and potential impact & damage
Communicate: The CERT will communicate their analysis with relevant
stakeholders, that may include government agencies, business
stakeholders, and those responsible for critical information infrastructure
Neutralise: CERT will work with partners to minimise the disruptive risk &
Neutralise: CERT will work with partners to minimise the disruptive risk &
damage in order to neutralise the cyber attack and any future threat
…………The following slide shows this incident process flow in more detail…
228

CERT/CSIRT: Incident
Handling Service Functions
229

CSIRT – Information Process Flow
230

Incident Handling Process Flow
231

Cyber-Incident Depth Analysis
232

233

US and Asia-Pacific CERTs
234

ENISA: European CERT Network
235

236

CERT/CSIRT Roll-Out Action Plan
Jamaican Government and Business may upgrade their CERT/CSIRT capability
using the excellent on-line guidebooks from CMU & ENISA
These comprehensive step-by-step guides cover all aspects of the start-up
action plan including:
Business Case: Development of the CERT/CSIRT Business Case
Stakeholders: Recruiting and Partnering with National Stakeholders
Staff Training: Recruitment and training of professional CERT staff
Operations: Establishing the Operational and Technical Procedures
Incident Response: Documented Process for classifying and responding to alerts
Establishing a fully functional national CERT/CSIRT will probably take between
12 to 18 months depending on the scope of initial operations
CERTs will need to continuously evolve, adapt and be trained to respond to new
cyberthreats and potential attacks, and will to undergo annual compliance audits
237

ENISA: CSIRT Guidebook
238

CSIRT: Incident Reporting Form
239

Typical CERT Network Infrastructure
240

CERT Incident Response Centre
241

ENISA: CERT Exercises and Pilots
242
Download: www.enisa.europa.eu/act/cert/

ENISA: CERT Training Video
243
5min Video Highlights ENISA CERT Training Exercises & Pilots in Japan & Moldova

Working with Stakeholders to
create National CERT/CSIRT
244

Networks of Public & Private CERTs
245

246

Annual Growth in Cybercrime
247

Digital Evidence for e-Crimes
248

National Cybercrime Unit – “Skills”
Jamaica already has an established eCrime Unit so this workshop
section will provide some guidelines based upon the UK experience
The UK PCeU – Police Central eCrime Unit has published several
Jamaica : JCF–OCID –“Jamaican Constabulary Force –Organised Crime Investigative Division”
The UK PCeU – Police Central eCrime Unit has published several
excellent documents that will be useful to the Jamaican JCF:
National eCrime Strategy
National eCrime Programme Structure
Good Practice Guide for Computer-Based Evidence
eCrime Manager’s Guide
Download Link: www.met.police.uk/pceu/
eCrime Unit require some rather specific skills including:
eCrime Unit require some rather specific skills including:
Digital Forensics: Analysis of information & data on a diverse range of devices, gadgets
that may have been used by cybercriminals, sometimes in encrypted formats
Evidence Collection and Classification: Electronic evidence on devices such as PDAs, and
Smart Mobiles may be transitory, and easy lost, deleted or corrupted either locally or by
remote radio command. Hence the investigation of cybercrimes requires specialist training
249

Strategic Approach to National e-Crime
250

Scale and Nature of e-Crimes
251

Cybercrime Investigation Methodology
252

E-Crime Personnel Training Matrix
253

UK Guide to Computer-Based Electronic Evidence
254
Download Link: www.met.police.uk/pceu/

255

National Cybercrime Unit – “Admin”
Most National eCrime Units are less than 5 years old and are still
developing their skills, capabilities & reputations. “Learning is real-time!”
Establishing and Managing and eCrime Unit requires consultation with a
range of stakeholders both inside and outside the civil police forces.range of stakeholders both inside and outside the civil police forces.
eCrime Units can only effectively tackle crime if the Government has
already put in place relevant cybercrime legislation spanning the spectrum
of cybercrimes and attacks that we’ve already discussed in the workshop
Key priorities will be the integration within the traditional Civil Police
Force, and the wider communication of the eCrime Unit’s Role and
Responsibilities both within the Police Force and also Business & Citizens
….In the next few slides we’ll explore some of the top management
topics & themes from the UK Manager’s Guide to eCrime Investigations
256

Manager’s Guide to e-Crime
Investigations: UK e-Crime Unit
257

Organisation of the UK
e-Crime Programme Board
258
Jamaica : JCF – OCID – “Jamaican Constabulary Force – Organised Crime Investigative Division”

259

“Harm” Impact Framework: UK e-Crime (1)
260

“Harm” Impact Framework: UK e-Crime (2)
261
Impacts: (1) Physical; (2) Social; (3) Environmental; (4) Economic; (5) Structural; (6) Reputation;

262

ITU : IMPACT Programme (A)
The ITU is one of the key international players in the global alliance
with IMPACT with its worldwide headquarters at Cyberjaya, Malaysia
IMPACT runs 4 major service programmes that are defined as:
The Global Response Centre (GRC): Modelled on the CDC in Atlanta, USA, the GRC is
designed to be the foremost cyber threats resource centre in the world
Centre for Policy and International Co-Operation: IMPACT partnership with the ITU
brings a potential memebership of 191 member states. Other International Partners
include the United Nations, Interpol, and the Council of Europe (CoE)
Centre for Training and Skills Development: IMPACT works on cybersecurity training and
certification with many of the world leading companies and organisations.
Centre for Security Assurance and Research: In-Depth Research into Data Mining and
Centre for Security Assurance and Research: In-Depth Research into Data Mining and
Threats, Botnets and the development of the IMPACT Research Online Network (IRON).
Also the development of the global “CIRT-LITE” Service and the IGSS DashBoard.
…….Next we’ll briefly explore some of the GRC Programmes as well as the Training RoadMap
263

Features of the Global Resource Centre
Key Features of the GRC include:
1) Network Early Warning System
2) Automated Threat Analysis System (ATAS)
3) Global Visualisation of Threats3) Global Visualisation of Threats
4) Remediation Facility
5) Trend Management and Knowledge base
6) Country Specific Cyber Threat
7) Incident and Case Management
8) Trend Monitoring and Analysis
9) IMPACT Honeypot
10)Cyber Threat Route Plotter
264

IMPACT: Global Response Centre
265

IMPACT Global Headquarters:
Cyberjaya, Malaysia
266
IMPACT = International Multilateral Partnerships Against Cyber Threats

Worldwide IMPACT Alliance: Organisation
267

IMPACT : Worldwide Alliance
IMPACT International Partners: ITU, UN, INTERPOL and CTO
268
Industry Partners include: Symantec, Kaspersky Labs, Cisco, Microsoft, (ISC)²,
F-Secure, EC-Council, Iris, GuardTime, Trend Micro and the SANS Institute

Video: “IMPACT Programmes for
AFRICA’s Cyber Territories”
269
Link : www.impact-alliance.org/resource_centre_multimedia.html

270

ITU : IMPACT Programme (B)
IMPACT is an outstanding example of the 1st New Generation 21stCentury
Worldwide PPP Organisation that is dedicated to the challenge of tackling
global Cyberthreats, Cybercrimes, Cyberattacks and Cyberterrorism
The ITU is promoting the IMPACT Programmes which allow smaller
developing countries access to scarce cyber skills and resources
especially in areas such as the establishment of CERT/CSIRTs
The IMPACT – NEWS Service: Network Early Warning System – allows
countries to gain real-time access to the latest cyber developments
malware, threats, attacks, and hence to anticipate and take action with
regards to their own national critical information infrastructure
The IMPACT – ESCAPE Service: Electronically Secure Collaboration
Platform for Experts – allows real-time collaboration and consultation
between experts during the time of massive cyberthreats & crises
271

IMPACT: CERT/CIRT-LITE Programme
272

IGSS–Government Security Scorecard Project
IGSS is currently under development and Malaysia
273
IGSS is currently under development and Malaysia
is the first country to adopt this pioneering system

IMPACT GRC: NEWS & ESCAPE Programmes
274

Network Early Warning System(NEWS)
275

Electronically Secure Collaboration
Platform for Experts (ESCAPE)
276

IMPACT: Cyber Training Roadmap
277

IMPACT: Cybersecurity Technical Training
278
CyberSecurity Technical Courses
Total Student Days = 41 (8+ Weeks)

IMPACT: Cyber Management Training
CyberSecurity Management Courses
Total Student Days = 16 (3+ weeks)Total Student Days = 16 (3+ weeks)
279

280

“Best Practice” for Jamaica
The challenge of “Securing Jamaica” will be a multi-year project as a
partnership between Government and Business. Basic principles are:
ITU-GCA: Structure the programmes using the ITU Global Cybersecurity Agenda
NCA: Implement Co-ordinating National Cybersecurity Agency with Budget & Authority
Standards: Adopt and Build to International ITU/ISO Security Standards & Guidelines
Laws: Check the Jamaican Cybercrimes Act (2009) covers the full spectrum of threats
CERTs: Establish National Jamaican & Critical Sector Specific CERTs/CSIRTs
eCrimes: Upgrade and Enhance the Skills and Scope of the JCF-OCID eCrimes Unit
Training: Organise professional cybersecurity training with certifications
……In-Depth Professional Skills in Cybersecurity Technologies, Standards and Architectures will
be mission critical for Jamaican Government & Business to be fully secure in cyberspace!
281

Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
Technological
Solutions for the
S3-Thurs:14:00-15:30
Group Session:
Computing and
S4-Thurs:16:00-17:30
Group Session:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
S7 – Fri: 16:00-17:30
Group Session”
282
“Cybersecurity
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Designing Practical

“Designing Practical Cybercrime Operation Solutions”
Task Objective: To select a critical service sector of importance to Jamaica and then
to develop a top-level strategy & design is secure against all cybercrime,
cyberthreats, cyberterrorism and any other forms of hacking or malicious attack.
Task 1 – Choose your critical sector such as government, banking/finance, telecomms,Task 1 – Choose your critical sector such as government, banking/finance, telecomms,
airports, energy/power, and preferably different from your previous choice in session 3
Task 2 – Consider the scope of your enterprise or agency which may well be multi-site, with
national & regional offices, and corresponding ICT networks, databases, facilities and staff
Task 3 – As in session 3, list all the potential cybercrimes, natural disasters and attacks that
may threaten your critical sector at either at technical or operational level
Task 4 – Structure your list according to the impact of each potential threat or disaster
Task 5 – Develop a top-level strategy and outline design of your critical sector cybersecurity
283
Task 5 – Develop a top-level strategy and outline design of your critical sector cybersecurity
programme, checking that it provides defence against all the threats you listed in Task 3
Task 6 – Work on a presentation that justifies your critical sector security strategy & design
…..You are the National CIO/CSO for your chosen sector with authority, budget & staff!

Designing Practical Cybercrime Sector Solutions
Suggested Time Allocations for Task Actions: 90mins
1 – Task Assignment: Choose
your Critical Service Sector:
Task 2 – Consider the Scope of
your Critical Sector, its multi-
site ICT operations & staffing
Task 3 – List the Potential
Cybercrimes, Cyberthreats,
Natural Disasters & Attacks
Government, Banking/Finance
Telecomms, Transport, Energy
site ICT operations & staffing Natural Disasters & Attacks
that may threaten the sector
Task 4 – Structure & Prioritise
your list of Cyberthreats
Task 5 – Develop Top-Level
CyberStrategy, Outline
Technical & Operational Plan
Task 5 – Develop Top-Level
CyberStrategy, Outline
Technical & Operational Plan
Task 5 – Check Design against
your full List of Cyberthreats
Task 5 – Prepare Short 10 Min
Task 5 – Prepare Short 10min
284

Task Description: Government Sector
1) You have just been appointed as the new CSO (Chief Security Officer) for the
Government working within the Prime Minister’s Cabinet Office with top-level
responsibility for cybersecurity across all aspects of Government.
2) Your task is to prepare a report & short presentation to the Cabinet regarding
the technical and operational actions that should be taken across Government inthe technical and operational actions that should be taken across Government in
order to provide an adequate defence against cyberthreats & potential attacks.
3) Assume that the Government comprises around 20 Ministries including Foreign
Office, Home Office, Security, Defence, Transportation, Finance, Justice, Energy,
Environment, Healthcare and Industry, as well as Regional Administrations
4) There is already a Government Data Network and various ICT computer centres
and databases that are not yet secured against cyber threats & attacks
…..Plan your security priorities, and prepare a practical cybersecurity action plan
285

Task Description: Banking/Finance Sector
1) You have just been appointed as the CSO (Chief Security Officer) for a major
National Financial Institution with both retail & investment operations
2) Your task is to prepare a report and presentation for the Board of Management with
recommendations on the technical and operational actions that should be takenrecommendations on the technical and operational actions that should be taken
across the Financial Group to provide security against cybercriminal attacks
3) Assume that the Bank includes a large national retail network of local branches and
ATM machines, as well as on-line banking operations. Also assume that the
investment banking operations are networked with several other major global
banking networks and that stocks, bonds & commodities are traded in real-time
4) There have already been cybercriminal attacks on bank accounts & transactions in
the past year and you are asked by the CEO to ensure that any future attacks are
immediately detected, maybe with an in-house CERT, and any losses minimised
immediately detected, maybe with an in-house CERT, and any losses minimised
……Consider all the potential cyber threats and prioritise your action plan for the Board
286

Task Description: Telecomms/Mobile Sector
You have just been appointed as the CSO (Chief Security Officer) for the
National Telecommunications or Mobile Networking Carrier in Jamaica
Your task is to prepare a full report and presentation to your Board of
Management with recommendations for upgrading all aspects of cybersecurity,Management with recommendations for upgrading all aspects of cybersecurity,
specifically focusing upon the technical and operational procedures & measures
Assume that the National Telecomms and/or Mobile Operations comprises a
national distributed radio and landline network with a range of traditional
telecomms and broadband “new generation” IP technology switches & servers.
You are responsible for ALL aspects of network security including the private
leased line (VPN) networks for the government & large enterprises, as well as
the telecomms ISP operations which includes Hosted eCommerce WebSites,
VoIP & Gateways & Routers to other Regional and International Networks
VoIP & Gateways & Routers to other Regional and International Networks
…Consider all the threats and prioritise your actions in order to minimise the risks
and potential damage from future cyber attacks on the national telco network
287

Task Description: Transport/Airports Sector
You have just been appointed the CSO (Chief Security Officer) for the country’s
largest international airport (Kingston), including both passenger and cargo
operations, as well as associated regional airports (Montego Bay)
Your task is to prepare a report and presentation to the Board of Management
for the Airport with recommendations and action plan for the upgrading of allfor the Airport with recommendations and action plan for the upgrading of all
aspects of security across the airport/port operational and ICT facilities.
Assume that the Airport has both airside and landside operations, with multiple
domestic and international airlines flying routes to an intensive schedule. The
ICT assets include the real-time air traffic control, passenger & cargo screening
systems, staff and vehicle access, and the computerised dispatching network
and baggage handling network.
You are responsible as CSO for both the operational security and associated
security staff as well as all the cybersecurity aspects of the airport operation.
security staff as well as all the cybersecurity aspects of the airport operation.
…Consider all the possible cybercriminal and cyberterrorist threats to the airport
facilities and prioritise your action plan to minimise risks from potential attacks
288

Task Description: Energy/Utilities Sector
You have recently been appointed as the CSO (Chief Security Officer) for the
National Energy and Power Grid which provides most of the nation’s energy
Your task is to prepare a report and presentation for the Board of Management
with recommendations and action plan for upgrading all aspects of security withwith recommendations and action plan for upgrading all aspects of security with
respect to the National Power Grid and its regional centres and operations
Assume that the National Power Grid and Company has several large power
stations (non-nuclear) and distribution network across cities, towns & villages.
The ICT computer facilities include all the power station process control
networks & applications, as well as the 24/7 real-time management of energy
(electricity & gas flow) through the national power grid to business & end-users
You are responsible as CSO for both the technical aspects of ICT cybersecurity
as well as operational security for the power stations, offices and other facilities
as well as operational security for the power stations, offices and other facilities
….Consider all the possible cyberthreats and cyberterrorism that could impact the
national grid and prioritise a practical plan that minimises the risk of attack, and
reduces the collateral damage and disruption following any major power failure
289

Key to Cybersecurity Workshop Session
Colour-Code Classifications: Interactive Tasks
RED ORANGE YELLOW BLUE GREEN
Monday
-Action (1) Legal (2) Technical (3) Organisation (4) Capacity (5) International
Workshop
Colour Code
-Action
Plans -
(1) Legal (2) Technical (3) Organisation (4) Capacity (5) International
Tuesday
- Laws -
Information
Disclosure
Computer
Misuse
Forgery &
ID Fraud
Information
Interception
Copyright &
Patents Law
Wednesday
- Road
Map -
Q1-2011 Q2-2011 Q3-2011 Q4-2011 FY2012
Thursday
- ICT
Security-
Unauthorised
Info Access
DDoS-Denial
of Services MALWARE
Disclosure &
Misuse
Info Access &
Exploitation
Friday Cyber Cyber Malicious Internal Natural
Friday
- Sector
Security -
Cyber
Criminal
Threat
Cyber
Terrorist
Threat
Malicious
Hacking &
Exploitation
Internal
Operational
Threat
Natural
Disaster or
Other Event
290

Cybercrime and
Cybersecurity
Challenge”
S2–Thurs:11:30-13:00
Technological
Solutions for the
S3-Thurs:14:00-15:30
Group Session:
Computing and
S4-Thurs:16:00-17:30
Group Session:
Securing Critical
Computing and
S5 - Fri: 9:30–11:00
“Cybersecurity
S6 – Fri: 11:30–13:00
“Organising a
S7 – Fri: 14:00-15:30
Group Session:
S7 – Fri: 16:00-17:30
Group Session”
291
“Cybersecurity
Standards and
Architectures”
“Organising a
National Crime Unit
and CERT/CSIRT”
Designing Practical

292

Securing the Island of Jamaica for 260 Years: 1750 to 2010
293

From 18thC Coastal Forts in 1750
to 21stC Cybersecurity in 2010
294

18thC Coastal Jamaican Ports required
Protected Bays for Physical Defence
295

Securing Jamaica in Cyberspace!...
….The Next BIG Strategic Challenge
---- (1)(1)(1)(1) ––––
---- (4)(4)(4)(4) –––– CapacityCapacityCapacityCapacity BuildingBuildingBuildingBuilding
---- (1)(1)(1)(1) ––––
Legal MeasuresLegal MeasuresLegal MeasuresLegal Measures ---- (2)(2)(2)(2) ––––
Technical &Technical &Technical &Technical &
ProceduralProceduralProceduralProcedural
MeasuresMeasuresMeasuresMeasures
----(3)(3)(3)(3) ––––
OrganizationalOrganizationalOrganizationalOrganizational
StructuresStructuresStructuresStructures
296
---- (5)(5)(5)(5) –––– International CollaborationInternational CollaborationInternational CollaborationInternational Collaboration

Securing the Caribbean in Cyberspace!
Caribbean Region
- 1830 -
- (4) – Capacity Building
- (1) –
Legal
Measures
- (3) –
Organisational
Structures
- (2) –
Technical
&
Procedural
Measures
297
- (5) – Regional and International Collaboration

Team Discussion: Cybercrime Security Operations
Schedule: Task Presentations = 90mins
Group 1 = Government (15mins) Group 2 = Banking/Finance (15Mins)
Group 3 = Telecomms/Mobile (15Mins) Group 4 = Transport or Energy (15Mins)
Group Task Discussion (10Mins) Review On-Line Resources and
Next Steps for Personal Study &
Research on Cybersecurity
Final Discussion & Wrap-Up
298
Research on Cybersecurity

On-Line Cybersecurity Resources
ITU Cybersecurity Toolkits, Reports and Standards
ITU Cybercrime Toolkit & Cybercrime Guidelines for Developing Countries
ITU Toolkit on “Botnet” Mitigation – Protection against Denial of Service Attacks
ITU Self-Assessment Toolkit for CIIP – Critical Information Infrastructure Protection
ITU Technical Security Standards such as X.800 Series and the X.1200 SeriesITU Technical Security Standards such as X.800 Series and the X.1200 Series
Technical Publications on Cybersecurity from NIST, ISF, ISO, ENISA well
as the Cybersecurity Organisations from national Governments
NIST – National Institute of Standards and Technology (“800” Security Series)
ENISA – European Network & Information Security Agency
ISF – Information Security Forum
ISO – International Standards Organisation
Industry White Papers and Reports from the major ICT Cybersecurity
Companies such as Symantec, Sophos, Kaspersky Labs and McAfee
Companies such as Symantec, Sophos, Kaspersky Labs and McAfee
On-Line “Google” Searches generate 15Mil+ “hits” from “cybersecurity”,
whilst a refined search will provide daily news updates & latest reports
299

On-Line Cybersecurity Resources: ITU
All the ITU Publications can be found & downloaded from: www.itu.int
(use the titles below as search terms on the ITU Website Home Page)
1) ITU – Global Cybersecurity Agenda – HLEG Strategic Report – 20081) ITU – Global Cybersecurity Agenda – HLEG Strategic Report – 2008
2) ITU – Cybersecurity Guide for Developing Countries – 2009
3) ITU – “BotNet” Mitigation Toolkit Guide – 2008
4) ITU – National Cybersecurity/CIIP Self-Assessment Tool – 2009
5) ITU – Toolkit for Cybersecurity Legislation – 2010
6) ITU – Understanding Cybercrime: A Guide for Developing Countries-2009
7) ITU – Technical Security Standards & Recommendations – “X-Series” –
including X.509 (PKI), X.805 (Architecture), X.1205 (Threats & Solutions)
8) ITU – GCA: Global Cybersecurity Agenda: Summary Brochure – 2010
8) ITU – GCA: Global Cybersecurity Agenda: Summary Brochure – 2010
……..ITU GCA Home Page: www.itu.int/osg/csd/cybersecurity/gca/
300

ITU: On-Line Video Channel –
Interviews & Updates
301

On-Line Cybersecurity Resources: Other
1) UK ACPO Manager’s Guide to e-Crime Investigation V1.4 – 2009
2) UK ACPO National e-Crime Strategy – Report 2009
3) UK ACPO Good Practice Guide for Computer-Based Electronic Evidence-2009
………UK eCrime Unit WebLink: www.met.police.uk/pceu
4) Cybersecurity Strategy of the United Kingdom: Cabinet Office – 2009- cabinetoffice.gov.uk
5) Guide to NIST Security Documents: US Dept of Commerce – 2009 - www.csrc.nist.gov
6) ISF (Information Security Forum): Standard of Good Practice for InfoSec – 2007
…….ISF WebLink: www.securityforum.org
7) CMU: Steps for Creating National CSIRTs – Carnegie Mellon Uni – 2004 – www.cert.org
8) ENISA: Step-by-Step Approach on How to Set up a CSIRT – 2006
9) ENISA: CERT Exercise Handbook and Training Handbook – 2008
…….ENISA WebLink: www.enisa.europa.eu/act/cert/
…….ENISA WebLink: www.enisa.europa.eu/act/cert/
…….Most documents referenced during this ITU Cybersecurity Workshop will be found
with a focused Google Search for the Publication Title & Responsible Organisation
302

Discussion: Designing Practical
Cybercrime Operational Solutions
1) Workgroup Task Cybercrime Presentations
2) Feedback on the Workshop, Content and Tasks
3) Final Questions, Discussion and Wrap-Up!
…Thank-You!
303
…Thank-You!

Cybersecurity Workshop: Technologies,
Standards & Operations – Back-Up
BACK-UP SLIDES
304

Global IP Map of BGP RouteViews
305

Cybersecurity Technologies, Standards and Operations

More Related Content

What's hot (20)

Viewers also liked (19)

Similar to Cybersecurity Technologies, Standards and Operations (20)

More from Dr David Probert (7)

Recently uploaded (20)

Cybersecurity Technologies, Standards and Operations