Transcription
CIPCCYBER SECURITYLANDSCAPEPamela MkosanaNovember 2017
CIPC CYBER SECURITY AND ATTACK DEFINITION Cyber security is the state of being protected against the criminal orunauthorized use of electronic data, or the measures taken to achievethis. Cyber security consists of technologies, processes and measures thatare designed to protect systems, networks and data from cybercrimes. Effective cyber security reduces the risk of a cyber attack and protectsCIPC from the deliberate exploitation of systems, networks andtechnologies. Cyber attacks come in various forms and are designed to not onlytarget technological weaknesses (for instance, outdated software) butalso exploit people (for instance, uninformed employees who click onmalicious links) and a lack of effective organisational processes andprocedures.
CIPC INFORMATION SECURITY FUNCTION – ent andControlsPeopleDefine SecurityPolicies,Proceduresand SecurityStandardDoCheckProcessImplement andManage securitycontrols/processTechnology
CIPC INFORMATION SECURITY STRATEGYStrategic GoalRisk Mitigation and AssetProtectionCIPC Information Security Objectives To implement state-of-the-art security technologies in CIPC To provide confidence to leadership in the effective and efficient execution of informationsecurity responsibilities Keep up with new ever-emerging security threats and speed up the response time Information security risk mitigation and asset protectiono To meet the computing needs of the organization in a secure mannero Safeguarding patient information at rest, in transit, and in use Safeguarding the confidentiality, integrity, and availability of the network, systems, andapplications To move from a reactive to a more proactive response model To provide secure computing training and education to the organizationCompliance Obligation Meet legislative and regulatory requirements, and audit recommendations, for health informationcustodians Monitor and validate regulatory compliance
CIPC INFORMATION SECURITY ROADMAP2017RoadmapQ1Anti-Virus ePolicyOrchestrator (ePO)TechnologyQ2Drive Encryption(DE)2018Q3McAfee WebGateway (MWG)Q4McAfee Virus Scan Enterprise Network Security(VSE/HIPS)Platform (NSP)Network ThreatMcAfee SIEMBehavior Analysis - 1 Year Trial(NTBA)DB Security Suite (DAM)Network SecurityManager (NSM)Network DataLoss Protection(NDLP)Data ExchangeLayer (DXL)McAfee ActiveResponse henticationAcquire NewFirewallsPasswordVaultManagementThreat Intelligence Exchange(TIE),Advance ThreatDefense (ATD)24/7 SOCCyberIntelligenceQ4
CIPC INFORMATION SECURITY ROADMAPRoadmap2017Q3Activate ExchangeDisclaimer and ADPolicy AgreementIssue NoticeQ1ProactiveMonitoringQ2User AccountManagementReview ofSegregation ofInformation Security Duties (IT)PoliciesMeasurementFrameworkQ4Enforce SecurityRequirementServicesManagement i.e.Enteprise ProjectManagement orProcess agementeDiscovery and Problem KPI'sForensicsImplement andSecurity Risk ationTestExternalAssessment forInformationSecurityMaturityProcessInformation SecurityManagementSystems (ISMS)Black Box WebApplication testingROI AnalysisKey rity Compliance SecurityProgramsProblemManagementInformation Security Security 'sInformationSecurity SOP's
CIPC INFORMATION SECURITY ROADMAP2017RoadmapQ1Q2Q32018Q4Roles ntprotection.BenefitsManagementcorrelations, andresponsiveness toevents. Startedbuilding the formalSIF Team.Streamline UAMprocesses andadding auditability,Kick start userawareness.Q1Q2IntroducingPerformanceAppraisal Pointsfor RiskChampionsDevelopPlatforms forExternalStakeholdersto reportPrivacy issuesSimplify forensic ImprovesAdditionalefforts.Procedural Rigor. data leakageprotection.Management andorganisationalawarenessenhancement.Continue to buildFormaliseSIF team capabilities problemmanagementanddemonstratevalue to CIPC.ISMS Projectteam capabilitiesEnhance protectionof edIncidentManagementMetrics forreporting tomanagement.Staff genceand processmaturity toleverage tomateIncident andproblemManagementProcess
CIPC INFORMATION SECURITY RESILIENCE STATUSHIGHLIGHTSIT Security Projects 2017/2018Implementation of McAfee Security SolutionInformation Security Management Systems (ISMS) ProjectInformation Security Awareness ProgramSeparation of CIPC from DTI networkComponentsIntegrated Security Components: Anti-Virus ePolicy Orchestrator (ePO) McAfee VirusScan Enterprise (VSE) Network Security Platform (NSP) Network Security Manager (NSM) Network Threat Behavior Analysis (NTBA) Drive Encryption (DE) Intrusion Prevention System (IPS) Advance Threat Defense (ATD) McAfee Web Gateway (MWG) Network Data Loss Protection (NDLP) Network Data Loss Protection Endpoint (NDLPe) Threat Intelligence Exchange (TIE), Data Exchange Layer(DXL), McAfee Active Response (MAR) Database Security Suite (DAM) Information Security Policy Reviews Security Domain StandardsProject %100%60% Information Security Awareness Workshops50% “To Be” CIPC Network Topology and Implementation20% Readiness Assessment Results and Implementation.
CIPC INFORMATION SECURITY RESILIENCE STATUSHIGHLIGHTSThe following statistics depicts threat events that have been containedin various information resources.Quaterly Threats Events Detected and 000040000200000
CIPC Information Security Resilience Status HighlightsThe following statistics depicts the IPS have successfully detected andblocked 2112958 hacking attempts.
SECURITY ITS NOT AN OPTIONITS OUR PASSION
McAfee Virus Scan Enterprise (VSE/HIPS) Network Security Platform (NSP) Network Threat Behavior Analysis (NTBA) McAfee SIEM - 1 Year Trial Acquire New Firewalls DB Security Suite (DAM) Network Security Manager (NSM) Network Data Loss Protection (NDLP) Password Vault Manageme nt Threat Intelligence Exchange (TIE), Data Exchange Layer (DXL .
