Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

1_OWASP_Egypt_12_4_2014_Ahmed_Mashaly

advertisement 
Eg-CERT Cyber security
Awareness Team
OWASP
Ahmed Mashaly
Senior IT Security Engineer
Egyptian Computer Emergency Response Team EgyCERT
a.mashaly@egycert.eg
12/4/2014
Copyright © The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document
under the terms of the OWASP License.
The OWASP Foundation
http://www.owasp.org
Roadmap
•
•
•
•
Eg-CERT.
Eg-CERT 2013 incident report.
Cyber security awareness plan.
Application security awareness program.
OWASP
• EG-CERT is charged with providing computer and
information security incident response, support,
defence and analysis against cyber attacks and
collaboration
with government,
financial entities
and any other critical
information
infrastructure sectors
scoped to Egypt.
OWASP
• Established 0n April 2009 .
• Under Egyptian National Telecom Regulatory
Authority (NTRA)
OWASP
• July 2009 , 24/7 Monitoring & Incident Response.
• September 2009 ,
Forensics Analysis
Service..
OWASP
• April 2011 , Malware analysis & Reverse
Engineering.
OWASP
• March 2012 , Full member in FIRST (Forum of Incident
Response and Security Teams).
• September 2013 , EG-CERT has it’s own premises.
OWASP
OWASP
Cyber Security Awareness
• Started operations in 2014.
• Small scale operations.
• Preparation for launching a full scale awareness
campaign.
OWASP
Why do we need awareness
The target is simply providing the most possible
level of protection to both the Egyptian critical
information infrastructure and the Egyptian
ordinary computer
users.
OWASP
Why do we need awareness
It is fairly known for cyber security professional
that humans are
the weakest link
in the whole
ecosystem of
cyber security.
OWASP
Why does Egypt need awareness
Percentage of computers running Microsoft
software reporting malware infections
in Egypt.
OWASP
Why does Egypt need awareness
OWASP
Infection rates
Many elements can affect the infection rates:- OS type(It takes a relatively long time to switch
to open source, or to develop domestic operating
systems ).
OWASP
Infection rates
Many elements can affect the infection rates:- Lack of antimalware software
- Pirated software
- Lack of awareness.
OWASP
What’s the Plan
OWASP
Fresh ideas
How to Spread awareness of online threats and
making it a culture ?
Looking for more creative ways to make it happen.
OWASP
Awareness targets
• The targets for the awareness campaign can be
categorized into three categories each has its
proper communication channels and method:- Organizations .
- Public .
-Technical
OWASP
Organizations : Which is the most critical
• We should start by trying to define what is
critical.
• We define the proper communication channels
and methods.
• We handle the critical
targets.
OWASP
Organizations : Which is the most critical
Examples for most critical assets :- Ministries and governmental entities.
- Banking sector.
- Telecom
infrastructure.
OWASP
Organizations : Which is the most critical
Examples for less critical assets :- Universities.
- Private sector organizations.
OWASP
Public scope
The main issue regarding the public scope of the
campaign is communication channels and
methods.
OWASP
Communication channels
- Printed media.
- Television.
- Social media.
- Radio.
OWASP
Technical
IT professionals.
An important part of any national awareness
campaign is awareness for IT professionals.
OWASP
Application Security Awareness Program (ASAP)
Program duration:
July - November
50 Developer
5 groups (each 10 trainees)
OWASP
Application Security Awareness Program (ASAP)
OWASP
Application Security Awareness Program (ASAP)
Course duration:
Three full day sessions (24 hours)
Program total number of session: 15 session
4 days per month
OWASP
Application Security Awareness Program (ASAP)
OWASP participants:
3 Application security experts
3 Lab Assistants
OWASP
Application Security Awareness Program (ASAP)
Program target Audience (Stage 1):
- Governmental applications developers
-
Banking Sector
Ministries websites and applications
OWASP
Application Security Awareness Program (ASAP)
Program partners:
Central bank of Egypt (CBE)
Information and Decision Support Center (IDSC)
Egyptian Banking Institute (EBI)
OWASP
Questions
OWASP
Awareness@egcert.eg
a.mashaly@egcert.eg
OWASP
Related documents
Dangerous Wi-Fi Access Point: Attacks to Benign Smartphone
Dangerous Wi-Fi Access Point: Attacks to Benign Smartphone
Common Web Vulnerabilities
Common Web Vulnerabilities
Origins, Cookies and Security * Oh My!
Origins, Cookies and Security * Oh My!
PROPOSED ADVERTISEMENT
PROPOSED ADVERTISEMENT
Application Security 101
Application Security 101
IUTGetRoot
IUTGetRoot
Training_Instructor_Agreement
Training_Instructor_Agreement
Presentation Tagline - OWASP AppSec USA 2011
Presentation Tagline - OWASP AppSec USA 2011
Download
advertisement