Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Published byDeirdre Dalton Modified over 9 years ago

Similar presentations

Presentation on theme: "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."— Presentation transcript:

1 Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation OWASP http://www.owasp.org Eg-CERT Cyber security Awareness Team Ahmed Mashaly Senior IT Security Engineer Egyptian Computer Emergency Response Team EgyCERT a.mashaly@egycert.eg 12/4/2014

2 OWASP Roadmap Eg-CERT. Eg-CERT 2013 incident report. Cyber security awareness plan. Application security awareness program.

3 OWASP EG-CERT is charged with providing computer and information security incident response, support, defence and analysis against cyber attacks and collaboration with government, financial entities and any other critical information infrastructure sectors scoped to Egypt.

4 OWASP Established 0n April 2009. Under Egyptian National Telecom Regulatory Authority (NTRA)

5 OWASP July 2009, 24/7 Monitoring & Incident Response. September 2009, Forensics Analysis Service..

6 OWASP April 2011, Malware analysis & Reverse Engineering.

7 OWASP March 2012, Full member in FIRST (Forum of Incident Response and Security Teams). September 2013, EG-CERT has it’s own premises.

8 OWASP

9 Cyber Security Awareness Started operations in 2014. Small scale operations. Preparation for launching a full scale awareness campaign.

10 OWASP Why do we need awareness The target is simply providing the most possible level of protection to both the Egyptian critical information infrastructure and the Egyptian ordinary computer users.

11 OWASP Why do we need awareness It is fairly known for cyber security professional that humans are the weakest link in the whole ecosystem of cyber security.

12 OWASP Why does Egypt need awareness Percentage of computers running Microsoft software reporting malware infections in Egypt.

13 OWASP Why does Egypt need awareness

14 OWASP Infection rates Many elements can affect the infection rates:- - OS type(It takes a relatively long time to switch to open source, or to develop domestic operating systems ).

15 OWASP Infection rates Many elements can affect the infection rates:- - Lack of antimalware software - Pirated software - Lack of awareness.

16 OWASP What’s the Plan

17 OWASP Fresh ideas How to Spread awareness of online threats and making it a culture ? Looking for more creative ways to make it happen.

18 OWASP Awareness targets The targets for the awareness campaign can be categorized into three categories each has its proper communication channels and method:- -Organizations. - Public. -Technical

19 OWASP Organizations : Which is the most critical We should start by trying to define what is critical. We define the proper communication channels and methods. We handle the critical targets.

20 OWASP Organizations : Which is the most critical Examples for most critical assets :- - Ministries and governmental entities. - Banking sector. -Telecom infrastructure.

21 OWASP Organizations : Which is the most critical Examples for less critical assets :- - Universities. - Private sector organizations.

22 OWASP Public scope The main issue regarding the public scope of the campaign is communication channels and methods.

23 OWASP Communication channels - Printed media. - Radio. -Television. -Social media.

24 OWASP Technical IT professionals. An important part of any national awareness campaign is awareness for IT professionals.

25 OWASP Application Security Awareness Program (ASAP) Program duration: July - November 50 Developer 5 groups (each 10 trainees)

26 OWASP Application Security Awareness Program (ASAP)

27 OWASP Course duration: Three full day sessions (24 hours) Program total number of session: 15 session 4 days per month Application Security Awareness Program (ASAP)

28 OWASP OWASP participants: 3 Application security experts 3 Lab Assistants Application Security Awareness Program (ASAP)

29 OWASP Application Security Awareness Program (ASAP) Program target Audience (Stage 1): -Governmental applications developers -Banking Sector -Ministries websites and applications

30 OWASP Application Security Awareness Program (ASAP) Program partners: Central bank of Egypt (CBE) Information and Decision Support Center (IDSC) Egyptian Banking Institute (EBI)

31 OWASP Questions

32 OWASP Awareness@egcert.eg a.mashaly@egcert.eg

Download ppt "Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP."

Similar presentations

ITU E-Commerce Conference for the Arab Region - May 2001 A Digital Signature Act for Egypt: Understanding the Challenges! Dr. Sherif Hashem Head, Electronic.

ITU E-Commerce Conference for the Arab Region - May 2001 A Digital Signature Act for Egypt: Understanding the Challenges! Dr. Sherif Hashem Head, Electronic.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.

 Cyber Ecosystem & Data Security Subhro Kar CSCE 824, Spring 2013 University of South Carolina, Columbia.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.

WebCast 5 May 2003 NERC Cyber Security Standard Overview of Proposed Cyber Security Standard.
National Cybersecurity Awareness Campaign 11 www.DHS.gov/StopThinkConnect.

National Cybersecurity Awareness Campaign 11
1 July 08, 2010 Information Security Officer Meeting.

1 July 08, 2010 Information Security Officer Meeting.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.

National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.

1 Regulatory Challenges During and Following a Major Safety or Security Event Muhammad Iqbal Pakistan Nuclear Regulatory Authority Presentation at General.
Strengthening Public Finance Management Through Computerization of Procurement Management System High Level Forum on Procurement Reforms in Africa Tunisia.

Strengthening Public Finance Management Through Computerization of Procurement Management System High Level Forum on Procurement Reforms in Africa Tunisia.
June 2003 © S.Hashem Empowering E-Business in Egypt: Facing the Challenges! Dr. Sherif Hashem Director, Information Society Development Office Ministry.

June 2003 © S.Hashem Empowering E-Business in Egypt: Facing the Challenges! Dr. Sherif Hashem Director, Information Society Development Office Ministry.
1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.

1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.
Information and Communication Technologies in the field of general education in Armenia 2011 2011 NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.

Information and Communication Technologies in the field of general education in Armenia NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.
National Public Health Performance Standards Local Assessment Instrument Essential Service:3 Inform, Educate, and Empower People about Health Issues.

National Public Health Performance Standards Local Assessment Instrument Essential Service:3 Inform, Educate, and Empower People about Health Issues.
Copyright © 2006 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the Creative Commons Attribution-ShareAlike.
1 2003-05-19 Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &

Experiences from establishing a national Centre for Information Security in Norway TERENA Networking Conference 2003 Maria Bartnes Dahl &
Communication strategy and techniques to launch InnovMed Dr. Fatma H. Sayed Vienna meeting 25 June 2007.

Communication strategy and techniques to launch InnovMed Dr. Fatma H. Sayed Vienna meeting 25 June 2007.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,

 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
National Telecom Regulatory Authority EGYPT Eng. Aly Anis Livingstone, Zambia 10-12 September 2013 The Fifth Annual African Consumer Protection Dialogue.

National Telecom Regulatory Authority EGYPT Eng. Aly Anis Livingstone, Zambia September 2013 The Fifth Annual African Consumer Protection Dialogue.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Similar presentations

Ads by Google