Information SecurityDigital & Security Transformation

8/19/20191

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

Introduction

Presenter Elly Kabaji,

MTN Business Kenya Ltd

Area Manager, Coastal Region.

Mombasa Office-Tea House 1st Floor

Nyerere Avenue.

Our Journey To study Information Security

in the pension industry.

There are No Strict Cyber Security Laws.

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

Are you secure?

Data Security is Vital Cyber security Basics.

Data Security Basics Protect: Confidentiality, Integrity and Availability of information

Pension Schemes have a duty to protect their client’s information

The Key to compliance is taking "reasonable" measures to secure data and manage risks.

It is important to seek help from security experts.

Expectations:

Cyber security Basics.

Risks of in-adequate cyber security.

What to ask from Service Providers.

Best Practices.

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

What do you Secure?

• Date of birth.

• Beneficiaries.

• Previous employer records.

• Interest rates

• Scheme Tenure.

• Data Transfers

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

Information & Data

• Raw & unorganized facts

• Simple and seemingly random

• Useless until it is organized.

• Transmission & Storage

• Processed & organized data,

• Structured in presentation,

• Context that make it useful.

• Transmission & Storage

• Organizing & Assigning meaning.

• Improves the reliability

• Ensuring understandability

• Reduces uncertainty.

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

How safe are your members’ records?

Reputation and Trust + Business Competitiveness.

Data Security ≠ Applications Security!

Does App Breach cause data breach?

Data maybe handled independently of App as well

Cloud Computing Broadens the Data Security puzzle.

Appreciation and use of applied Crypto

Security assurances from your CSP

Is Your CSP relying on other CSPs?

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

Data Security Goals

Confidentiality

Authentication

Non-Repudiation

Access controls / Firewalls.

Integrity

Backups

Checksums

Data correction codes

Availability

SLA’s

Retrieval

DR & networks.

Encryption / Decryption• Encryption: Clear-text message to Cipher text

• Decryption: Cipher text back to Clear-text

8

[Digital Transformation]

DXis the integration of digital technology into all

areas of a business, resulting in fundamental

changes to how businesses operate and how

they deliver value to customers.

9

[Security Transformation]

SXis the integration of security into all

areas of digital technology, resulting in

a Security Architecture that provides aContinuous Trust Assessment.

10

VirusMalware

1980’s

NetworkWorm

2000

SpamPhishing

2000 2004 2018

The Cyber Threat Landscape is Continually Evolving…

Antivirus IDS/IPSSecureEmail

Gateway

RansomwareWebThreats

DDoS

Attacks

Response

Reputation

Botnet

2001

Sandbox

2008 2015

SecureWeb

Gateway

2016 2019

AdvancedThreats

Anti-

DDoS

ATP

Insider M2M

ArtificialIntelligence

UEBA

2017

IoT

NAC

Deception

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

More than1 hour for

85%

Minutes Hours Days

Weeks Months Years

15%50%

27%

5%

2%2%

Minutes Hours Days

Weeks Months Years

Dealing with today’s issues…

Areas of Greatest

Concern for Security*

• Time toDetect Breach*

Cloud

Vulnerabilityin IT systems

Inside Threats

BYOD

IoT

1

2

3

45

* Source: Fortinet-sponsored Lightspeed GMI survey

51%OF ENTERPRISES

BREACHEDIN THE LAST 12 MONTHS*

3bnNEW DEVICES PER YEAR

THROUGH 2020

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

End-to-End Cyber Security Solution

NetworkSecurity

Multi-CloudSecurity

EndpointSecurity

EmailSecurity

Web ApplicationSecurity

SecureUnified Access

AdvancedThreat Protection

Management& Analytics

Enterprise

Firewall

Cloud Firewall

Network Security

EPPWeb Application

Firewall

Secure Email

Gateway

Sandbox

Advanced Threat

Protection

Central Logging

/Reporting

Central Security

Management

Security

Information &

Event

Management

Virtual Firewall

Network Security

Wireless

Infrastructure

Switching

Infrastructure

Endpoint

IoTMulti

Cloud Applications

Web Unified

AccessEmail ThreatProtection

Advanced Management

Analytics

IPS

SWG

SD-WAN

VPN

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

Summary..

Ask from Service Providers.

Connectivity. Clean Internet Pipe.

DIDOs Protection.

Firewalls

Enterprise Applications. Application firewalls.

Database security.

Security patching.

Open source security.

Secure SaaS

Cloud Computing. Perimeter Firewall.

Intrusion Detection Systems with Event Logging.

Internal Firewalls for Individual Applications & DBs

Data-at-Rest Encryption.

Strong Physical Security.

Databases. Access control.

Auditing.

Authentication.

Encryption.

Integrity controls.

Backups.

Application security.

www.enwealth.co.kewww.enwealth.co.kewww.enwealth.co.ke

Thank You