Cyber security best practices for the 2030 SDGs
WSIS Forum 2018
19 Mar 2018 09:00h - 23 Mar 2018 18:00h
19 Mar 2018 13:15h - 14:00h
[Read more session reports from the WSIS Forum 2018]
The session, organised by the United Nations International Computing Centre (ICC) and moderated by Ms Prado Nieto, chief customer relationship manager, ICC, addressed best cybersecurity practices for achieving sustainable development goals (SDGs).
Eng. Badar Ali Al-Salehi, director general, Oman National CERT, presented cybersecurity best practice examples from Oman, that led to the country being ranked first in its region and fourth in the world by the Global Cybersecurity Index compiled by the International Telecommunication Union (ITU). This includes the organisational structure and legislative framework that the country’s national computer emergency response team (CERT) operates within, alongside existing capacities and capacity-building efforts, and forms of regional and international cooperation it engages in.
Al-Salehi highlighted the importance of drills and exercises, as well as bilateral cooperation on strategic issues, and regional cooperation on development of cybersecurity frameworks, providing the example of the ITU’s regional cybersecurity centre hosted in Oman. Stressing the need for public-private partnerships, the country’s Partnership Development Programme was highlighted, bringing together computer network infrastructures (CNIs), private enterprise, and academia, as well as individual professionals. A brief overview of planned programmes for the Arab region in 2018 was also provided.
Ms Tima Soni, head of information security services at ICC, provided an overview of the history, role and activities of the UN ICC. Specifically, she highlighted the need for awareness raising among senior management in organisations, to ensure that the resources necessary for maintaining security are provided. Outlining the complexity of security risks faced by UN agencies, Soni provided an overview of the roles of Computer Information Security Officers (CISOs) and why these are needed, presenting the work of the ICC’s CISO, including services offered in terms of incident response and recovery, governance, prevention and detection, complemented with examples of programmes run within different UN agencies. The official commencement of operations of the established Security Operations Centre was also announced as taking place later this year.
Mr Bojan Simetic, information security specialist at ICC, continuing from the previous presentation, introduced Common Secure, a threat intelligence sharing platform providing core and premium services suited to the needs of the specific agency using it. The main idea behind the platform is to bring the security posture of all UN security entities to an adequate level of maturity. Elaborating on the benefits of this platform, Simetic highlighted the advantages which the geographical spread of the UN brings to the table – providing insight into different behaviours of actors across the globe, and enabling proper risk assessment.
Mr Fabio Maggiore, information security officer at ICC, and chief information security officer for the World Meteorological Organization and the World Health Organization, stressed the shared model employed by ICC. To this end, the information security awareness programme, developed internally and shared across different agencies, provides the benefits of sharing across the UN family, Maggiore concluded.
By Irina Rizmal