Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ali Alhamdan, PhD National Information Center Ministry of Interior

Published byMervin Evans Modified over 9 years ago

Similar presentations

Presentation on theme: "Ali Alhamdan, PhD National Information Center Ministry of Interior"— Presentation transcript:

1 Ali Alhamdan, PhD National Information Center Ministry of Interior
Secure C2 Systems Ali Alhamdan, PhD National Information Center Ministry of Interior April 28th, 2015

2 Command and Control Systems
Collection of technology, people, information and business All military functions and operations War is a complex phenomenon and interact with enemy’s complex system in a competitive way A process of continuous adaptation Technology People Information Business Alhamdan

3 Command and Control Systems
Trusted and secure C2 systems High availability C2 systems Right access from right people or systems Consider security methodology, standard and technology Vulnerabilities can be exploited anywhere and anytime Threats and APT C2 is targeted Alhamdan

4 Commanders rely HEAVILY on trusted and available systems
C2 and Security Commanders rely HEAVILY on trusted and available systems Alhamdan

5 Security Statistics Estimated annual cost globally around 100 Billion and expected to be Billion by 20171 556 Million victims per year1 10% of social network users are fallen victim1 59% of ex-employees admitted to steal company data after leaving job1 92% of 100,000 security incidents are covered by 9 attack patterns2 Sources: 1) Go-Gulf ( 2) Verizon Data breach investigations report 3) Symantec, 2014 Internet Security Threat Report, Volume 19 Alhamdan

6 Motivations of Cyber Attacks
Percentage (%) Cyber Crime 40% Hacktivism 50% Cyber Warfare 3% Cyber Espionage 7% Source: Go-Gulf ( Alhamdan

7 Characteristics of New Threats
Open Hidden Known & Patchable Unknown & Zero Day TRADITIONAL THREATS ADVANCED THREATS Broad Targeted One Time Persistent Alhamdan

8 Security Statistics 10 years of threat actions leading to data breaches Number of breaches per threat action category over time Source: Verizon Data breach investigations report Alhamdan

9 Widening Security Gap Sources: IDC Alhamdan

10 Security and C2 Implementation attacks Insecure channels
Use cryptograph: Confidentiality: preventing unauthorized disclosure of information Integrity: maintaining and assuring the accuracy and consistency of data over its entire life-cycle and ensuring the information originality Availability: ensuring resources are accessible when required by an authorized user Access control Identification Authentication (multi factors) Authorization (level privileges) Alhamdan

11 Security Defense Security culture (awareness)
Security operation center (SOC) Analytic methods Investigation and forensics Defines of depth Challenge: most tools discover around 90% of the total attacks, APT!! Alhamdan

12 Security Baseline Apply and comply with the international standards e.g. ISO and 27002 NIST (e.g , , ,... etc.) Business Continuity Management Alhamdan Ali

13 To be Should build required capabilities (Human & Tech)
Enhance security culture Adapt automated and sophisticated tools and methods of cyber security Share knowledge and information about attacks with others Adopt intelligent systems (monitoring, analyzing, detecting and preventing) Alhamdan

14 Should Be Predictive Proactive Reactive
Privileged access management Multi factor authentication VA/PT & DLP Real time policy enforcement Analytics based on live feeds from multiple sources integrated with management consoles Reactive Proactive Predictive Single sign on Encryption Mobile device management Logging and monitoring Network management SIEM solutions Access control One factor authentication Device password Acceptable use policy Alhamdan

15 Alhamdan

Download ppt "Ali Alhamdan, PhD National Information Center Ministry of Interior"

Similar presentations

Security Life Cycle for Advanced Threats

Security Life Cycle for Advanced Threats
Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.

Security intelligence: solving the puzzle for actionable insight Fran Howarth Senior analyst, security Bloor Research.
1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC

1© Copyright 2014 EMC Corporation. All rights reserved. Securing the Cloud Gintaras Pelenis Field Technologist RSA, the Security Division of EMC
Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –

Introducing WatchGuard Dimension. Oceans of Log Data The 3 Dimensions of Big Data Volume –“Log Everything - Storage is Cheap” –Becomes too much data –
Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.

Confidential and proprietary materials for authorized Verizon personnel and outside agencies only. Use, disclosure or distribution of this material is.
Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.

Preventing Good People From Doing Bad Things Best Practices for Cloud Security Brian Anderson Chief Marketing Officer & Author of “Preventing Good People.
The Business Value of CA Solutions Ovidiu VALEANU Senior Consultant DNA Software – CA Regional Representative.

The Business Value of CA Solutions Ovidiu VALEANU Senior Consultant DNA Software – CA Regional Representative.
© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.

© 2015 Cisco and/or its affiliates. All rights reserved. 1 The Importance of Threat-Centric Security William Young Security Solutions Architect It’s Our.
Security Controls – What Works

Security Controls – What Works
The State of Security Management By Jim Reavis January 2003.

The State of Security Management By Jim Reavis January 2003.
© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.

© 2014 Level 3 Communications, LLC. All Rights Reserved. Proprietary and Confidential. Polycom event Security Briefing 12/03/14 Level 3 Managed Security.
The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions 631-692-5175 Steve Katz, CISSP Security.

The Difficult Road To Cybersecurity Steve Katz, CISSP Security Risk Solutions Steve Katz, CISSP Security.
Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.
NoVA ARMA February 2015 Tony Sager The Future of Cyberdefense is… Information Management.

NoVA ARMA February 2015 Tony Sager The Future of Cyberdefense is… Information Management.
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
SEC835 Database and Web application security Information Security Architecture.

SEC835 Database and Web application security Information Security Architecture.
Information Security Update CTC 18 March 2015 Julianne Tolson.

Information Security Update CTC 18 March 2015 Julianne Tolson.
What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.

What Keeps You Awake at Night Compliance Corporate Governance Critical Infrastructure Are there regulatory risks? Do employees respect and adhere to internal.
Dell Connected Security Solutions Simplify & unify.

Dell Connected Security Solutions Simplify & unify.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.

Similar presentations

Ads by Google