Comments for The Security Sangoma

Comment on International CSIRT / Incident Response training in South Africa by Ramiah

Ramiah — Thu, 08 Apr 2010 12:04:35 +0000

Why the name; Computer Security Incident Response Team? as I see this bigger than identifying and reacting to a “computer security incident”. It again creates a perception to organisations of ot being IT driven initiative – Which it is not!

Comment on UK Government details its Cyber Crime Strategy by Security_Sangoma

Security_Sangoma — Wed, 07 Apr 2010 20:00:57 +0000

It seems the governments of the world are putting serious resources into fighting cybercrime. SA’s reponse – we now have a draft cybersecurity policy! oh well – at least its a start!

Comment on Draft SA CyberSecurity Policy released for comment by Joey Hernandez

Joey Hernandez — Thu, 25 Mar 2010 14:20:02 +0000

The International Society of Cyber Security Professionals provided their input, and we look forward to working with the leadership to institutionalize the framework.

Joey Hernandez
iSCSP.org

Comment on 2 new positions available in Gauteng, South Africa by Mike Danker

Mike Danker — Wed, 24 Mar 2010 10:07:22 +0000

I conduct Professional SEARCH for candidates

I sent the HR Manager a mail

Kindly contact me on 0836809222 anytime

Regards Mike Danker

SEARCHWORX

Comment on Draft SA CyberSecurity Policy released for comment by Security_Sangoma

Security_Sangoma — Fri, 26 Feb 2010 12:38:53 +0000

Quotable mentions:

(Iain Campbell – ISG CSIRT lead)
A good analogy would be along the lines of road safety. How many people would drive at 60 if there was no speed limit?
In SA there is currently no “speed limit” for cybersecurity. More importantly, because there are no standards/regulations many people who are aware that they have a problem do not know how to address it aka “who you gonna call?”. This policy goes a long way to address these issues by making it crystal clear who is ultimately responsible (i.e. the DoC), and by enabling the private sector to assist in setting relevant standards.
Ultimately you want to avoid a situation where a bank is getting their “exhaust repaired at the side of the road”
At the end of the day policy needs to have two elements in order to be successful:
1. Legal teeth to ensure compliance (it can be argued whether the likes of King 3 goes far enough)
2. Ability to execute, which should be possible via PPP as recommended
Dominic White – Sensepost Security consultant)
This will hopefully not only become a paper based exercise (similar to the FISMA exercise in the USA) but allow use to track a “scoreboard” of tangible actions / deliverables. It is also vital to ensure that breach disclosures are covered.

Comment on Draft SA CyberSecurity Policy released for comment by Security_Sangoma

Security_Sangoma — Fri, 26 Feb 2010 12:38:24 +0000

Anon feedback received from security folk at banks / gov depts:

Main Concern – that it be implemented speedily and given high enough mandate in government to make it effective in implementation. Most developed countries in the world have given this serious attention recently, and they are already miles ahead of us.
Second Concern – that we will first have to face a major cyber attack before the urgent need for a coordinated, national response and structures are agreed and implemented.
I support the initiative, and can only add that the focus will also be to identify, assess and protect Critical Communication Infrastructures – which are not only held by public entities (which will be covered by Government CSIRT ito assessment and monitoring), but the private sector as well (specifically banking). Hence the focus in the cyber security policy on public-private sectors working together and the focus on a national CISRT to oversee public and private sector incidents relating to critical communication infrastructures and cyber incidents.
I believe ISGA is perfectly positioned to play a major role in the DOCs vision, thanks to the CSIRT training and eCrime initiatives. We should put in every effort to ensure that it succeeds.
Moreover, groups such as the ISG should be recognised for its efforts with this and could be engaged by the minister for its in depth knowledge, passion for IT security and willingness to commit time and resources to this mission.
Frankly, it would be ideal if the big corporates would participate through membership of ISG Africa, rather than independently.

Comment on International CSIRT / Incident Response training in South Africa by Mlandeli Zweni

Mlandeli Zweni — Wed, 24 Feb 2010 15:29:21 +0000

PLZ send Dates & Fees for the Course.

Comment on Information Security positions available in Australia by Eric

Eric — Wed, 24 Feb 2010 14:23:14 +0000

Sorry to have to post this here, but your registration form does not work. It asks for ‘country’ but no drop-down list comes through.

Pls investigate & let me know so that I can register?

Regards
Eric

Comment on Gauteng February 2010 chapter meeting by Security_Sangoma

Security_Sangoma — Sun, 31 Jan 2010 20:33:00 +0000

What questions would you like asked to the panel of 4 experts?

For now we have the following:

-How IT Governance & Information Security are structured?
- Frameworks they are adopting?
- Challenges faced?
- Key focus projects for 2010?

What else?

Craig

Comment on Information Security positions available in Australia by Security_Sangoma

Security_Sangoma — Sun, 31 Jan 2010 20:30:41 +0000

Please contact me if you have any queries:

craig@isgafrica.org

Thanks

Craig