![Page 1: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/1.jpg)
Battling eFraud: The Place of Standards
A presentation by Adedoyin Odunfa. (CEO, Digital Jewels)
At the occasion of the Special InformationValueChain Breakfast Forum, hosted by Digital Jewels Ltd. July 2016. Accra, Ghana
![Page 2: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/2.jpg)
Outline
• Setting the Context: Global & Regional Trends
• Cybercrime: a very present danger
• The Cyber Economic Challenge
• Unbundling the standards universe
• Adoption Snapshot: Nigeria as a case study
• Next Steps
![Page 3: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/3.jpg)
![Page 4: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/4.jpg)
![Page 5: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/5.jpg)
![Page 6: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/6.jpg)
![Page 7: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/7.jpg)
![Page 8: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/8.jpg)
![Page 9: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/9.jpg)
9
![Page 10: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/10.jpg)
![Page 11: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/11.jpg)
![Page 12: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/12.jpg)
![Page 13: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/13.jpg)
GHANA
![Page 14: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/14.jpg)
14
# 15
![Page 15: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/15.jpg)
15
![Page 16: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/16.jpg)
![Page 17: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/17.jpg)
![Page 18: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/18.jpg)
![Page 19: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/19.jpg)
![Page 20: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/20.jpg)
![Page 21: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/21.jpg)
![Page 22: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/22.jpg)
![Page 23: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/23.jpg)
![Page 24: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/24.jpg)
Cyber Threat Landscape
87% of iPhone & 97% of Android top 100
apps have been hacked
100% of companies experience virus
attacks & 97% have experienced malware
attacks
156million phishing emails are sent every
day
15million make it through spam filters
The average global cost for each stolen record
is Euro128
![Page 25: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/25.jpg)
Cyber Attacks on Governments
![Page 26: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/26.jpg)
![Page 27: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/27.jpg)
![Page 28: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/28.jpg)
![Page 29: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/29.jpg)
• Over 11 Ghanaian Government Websites attacked in Feb 2015
• INEC website on election day
• Spate of Nigerian Government website attacks in recent times….
![Page 30: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/30.jpg)
The Cyber Economics Challenge
Platform Converg-
enceWeb
Cloud
Social Mobile
IOT
…
Security
Sharing
Global data:
• expanding exponentially
• Volume,
• Velocity,
• Variety and
• Complexity.
+
=
![Page 31: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/31.jpg)
2 sides of the same coin
•Technology is about HOW attacks occur,
•Economics is about WHY attacks occur
EconomicsTechnology
![Page 32: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/32.jpg)
Cyber Economics: the Why?
Ease of Attack
Impact of Attack
Incentive to Attack
Increased Difficulty in Defense
Attack Parameters
![Page 33: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/33.jpg)
Cybercriminals
• If you know yourself but not the enemy for every victory gained, you will also suffer a defeat’. Sun Zu
• Professional, organised, determined, innovative, meticulous in evolving techniques to remain steps ahead of targets.
1,542% estimated ROI for exploit kit & ransomware schemes
![Page 34: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/34.jpg)
Attack: Ease, Impact & Incentive
• 574 data compromises investigated across 15 countries
Weak passwords (28%) & Weak Remote Access Security (28%) - 2 top causes of breaches resulting in 94% of POS breaches
Weak/non-existent input validation or unpatched vulnerabilities led to 75% of e-com. breaches
49% of investigations involved the theft of PII & CHD
81% of victims did not detect the breach themselves but through regulators, card brands & law enforcement
Av: 86 days to detect & 111 from intrusion to containment
1,542% estimated ROI for exploit kit & ransomware schemes
98% of applications tested where vulnerable.
95% of mobile applications where vulnerable
“Password1” still the most common password. 8 character long passwords.
1 day to crack. 10 character passwords took 591 days to crack
![Page 35: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/35.jpg)
Difficulties in Defending against Attacks
![Page 36: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/36.jpg)
Difficulty of detection.
• Perpetrators of cyber crime facing jail time is still the exception.
• Victims of cyber theft may not be aware of the loss (IP, Confidential information, etc.) for years—or ever.
• No one is immune!
81% of victims did not detect the breach themselves but
through regulators, card brands & law enforcement
Av: 86 days to detect & 111 from intrusion to
containment
![Page 37: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/37.jpg)
Cyber Economic Equation: Incentives Favour Attackers
Offence Defense
![Page 38: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/38.jpg)
The Target: Your Digital Crown Jewels?
38
• The most valuable asset of the 21st century company – Data
• Information is an asset which like other important business
assets, has value to an organization and consequently needs
to be suitably protected.
![Page 39: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/39.jpg)
What are your Digital Crown Jewels?
• Intellectual property, Card Holder Data and confidential business information?• One of the most serious, and hardest to quantify, components of cybercrime.
• Threat to IP has grown in transition from tangible to intangible assets in a post-industrial, knowledge-worker society.
• More to gain by stealing intellectual property than several physical assets.• Less effort, more reward
![Page 40: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/40.jpg)
The Cyber Economics Challenge
Platform Convergenc
eWeb
Cloud
Social Mobile
IOT
…
Security
Sharing
Global data:
• expanding exponentially
• Volume,
• Velocity,
• Variety and
• Complexity.
+
=
![Page 41: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/41.jpg)
How do we tip the Economics Equation in our favour?• Enhance your CyberSecurity Posture to
• Increase the effort of the attacker
• Reduce the reward
![Page 42: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/42.jpg)
Tip the Cyber Security Economics Equation in your favor by building a culture of Information Security
National
Institutional/
Corporate
Individual/Professional
People
Process/
Controls
Technology
![Page 43: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/43.jpg)
The challenge
• The need to build an enabling culture.• Culture dictates behavior
People
Process/
Controls
Technology
![Page 44: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/44.jpg)
![Page 45: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/45.jpg)
Defence in Depth: A layered approach to Information Security
People
Process/
Controls
Technology
![Page 46: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/46.jpg)
The challenge is to build an enabling culture
Standards, policies,
procedures, rules,
regulations
• (a framework
of acceptable behavior)
Training & Awareness of
above by employees
• (knowledge of
acceptable behavior)
Total commitment
of ALL employees to
above
• (desire towards
acceptable behavior
Secure Culture
![Page 47: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/47.jpg)
Best Practice: What does it offer?
• Can help address performance targets & conformance requirements in a single vehicle
• A continuous improvement approach: PDCA
• Periodic updates for currency
Myth…A well of collective wisdom
![Page 48: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/48.jpg)
The Framework Forest
![Page 49: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/49.jpg)
![Page 50: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/50.jpg)
Unbundling the Standards & Framework Forest
Standards with Certification
PCIDSS v3
ISO27001: 2013
ISO20000: 2011
ISO22301: 2011
BS OHSAS (18000) -ISO 45001
Data Centre Tier 3/4
ISO 15504: 2013
Standards yet to be Certifiable
ISO8583
ISO20022
ISO38500: 2015
ISO31000
Frameworks/
Methodologies
COBIT 5
PRINCE2
PMBoK
TOGAF
CMMi
SFIA
XBRL
![Page 51: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/51.jpg)
Associated Standards/ Frameworks
• PCIDSS
• ISO27001
• ISO22301
• ISO31000
Information Security
• ISO22301
• BS OHSAS 18000
• ISO27001
• Data Centre Tiers
Business Continuity
• ITIL
• COBIT
• ISO20000
• CMMI
ITSM
• COBIT
• CMMI
• ISO15504
• ISO38500
• TOGAF
IT Governance
• PRINCE2
• PMP
• ISO 21500
• COBIT
• SFIAProject/Change /People Management
![Page 52: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/52.jpg)
![Page 53: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/53.jpg)
![Page 54: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/54.jpg)
ISO2700x family
![Page 55: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/55.jpg)
ISO27001
![Page 56: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/56.jpg)
Mapping ISO27001 with PCIDSS
PCIDSS REQUIREMENTS
ISO 27001 ANNEX A CONTROL OBJECTIVES
A.5
A.6 A.7 A.8 A.9 A.10 A.11 A.12 A.13 A.14 A.15 A.16 A.17 A.18
1 ● ● ● ● ● ●
2 ● ●
3 ● ● ● ● ●
4 ● ●
5 ● ● ● ●
6 ● ● ● ● ● ●
7 ●
8 ●
9 ● ● ● ● ● ●
10 ● ● ● ●
11 ● ● ● ● ● ●
12 ● ● ● ● ● ● ● ● ● ● ●
Most PCIDSS controls are focused around four (4) ISO27001:2013 controls andcontrol objectives highlighted i.e. Access Control, Cryptography, Operations Securityand Communication Security.
![Page 57: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/57.jpg)
Mapping/Overlap of ISO27001 to ISO22301
57
ISO 27001, A.17 Business Continuity Management ISO 22301:2012
A.17.1 Information security aspects of business continuity managementObjective: Information Security shall be embedded in the organization’s business continuity management system.
A.1
7.1
.1
Planning information securitycontinuity
ControlThe organization shall determine its requirements for informationsecurity and the continuity of information security management inadverse situations, e.g. during a crisis or disaster.
A.1
7.1
.2
Implementing informationsecurity continuity
ControlThe organization shall establish, document, implement and maintainprocesses, procedures and controls to ensure the requiredlevel of continuity for information security during an adverse situation.
A.1
7.1
.3
Verify, review and evaluate informationSecuritycontinuity
ControlThe organization shall verify the established and implementedinformation security continuity controls at regular intervals inorder to ensure that they are valid and effective during adversesituations.
6.1 Actions to address risks
and opportunities
8.1 Operational Planning and
Control
9.1 Monitoring,
measurement, analysis and evaluation
![Page 58: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/58.jpg)
Attaining & Sustaining Certification
Annual Recertification
On-going Vigilance
ISO StandardsPCIDSS
Year
0: I
nit
ial C
erti
fica
tio
n
Year
1: S
urv
eilla
nce
Au
dit
Year
2: S
urv
eilla
nce
Au
dit
Year
3: R
ecer
tifi
cati
on
A
ud
it
![Page 59: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/59.jpg)
Compliance: Challenges & Concerns
![Page 60: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/60.jpg)
The Benefits of Best Practices
Avoid re-inventing the
wheel
Reduce dependency on
experts
Increase potential to
utilise trained rookies
Make it easier to leverage ext.
assistance
Overcome vertical silos & nonconforming
behavior
Reduce risks & errors
Improve qualityImprove ability to
manage & monitor
Increase standardisationleading to cost
reduction
Improve trust & confidence from mgt & partners
Create respect from regulators &
other ext. reviewers
Safeguard & prove value
![Page 61: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/61.jpg)
![Page 62: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/62.jpg)
![Page 63: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/63.jpg)
Creating the Human Firewall:Training, Education & Awareness
The methods that will most effectively minimize the ability of intruders to compromise information security are comprehensive user training and education. Enacting policies and procedures simply won't suffice. Even with oversight the policies and procedures may not be effective: my access to Motorola, Nokia, ATT, Sun depended upon the willingness of people to bypass policies and procedures that were in place for years before I compromised them successfully.‘ Kevin Mitnick
People
Process/
Controls
Technology
![Page 64: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/64.jpg)
![Page 65: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/65.jpg)
Information Security Governance
![Page 66: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/66.jpg)
![Page 67: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/67.jpg)
The need for Training, Education & Awareness
Education
• Imparting knowledge e.g. certification training
• Technical staff
Training
• How to e.g. new software application/ methodology
• IT staff, users
Awareness
• “Top of mind”/ Real & relevant
• All: Board, Management, Third parties, users, etc
![Page 68: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/68.jpg)
![Page 69: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/69.jpg)
69
![Page 70: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/70.jpg)
The Nigerian Dimension….
![Page 71: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/71.jpg)
The Nigerian Dimension….
![Page 72: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/72.jpg)
CBN Standards Roadmap (June 2013)
![Page 73: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/73.jpg)
73
Priority 1 Standards:
• Service Management
• Interfaces
• IT Security
• Application Reporting
Priority 2 Standards:
• IT Governance
• Strategic Alignment
• Project Management
• Work and Resource
Management
Priority 3 Standards:
• Data Centre
• Business Continuity
Management
• Enterprise Architecture
• HSE Management
![Page 74: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/74.jpg)
Industry IT Standards Roadmap (June 2013)
Category Standards
PCI-DSS *
ISO 27001 / 27002
XBRL
ISO 8583
TOGAF
COBIT
PMBOK / PRINCE2
CMMI
ITIL
SFIA
DC Tier Standards (Target Maturity: Tier 3)
BCI GPGs / BS25999 / ISO 22301
OHSAS 18001
Service Management &
Operations
Solutions Delivery
Information & Technology
Security
Architecture & Information
ManagementStrategic IT Alignment &
Governance
2017 20182012 2013 2014 2015 2016
Priority 1 Standards
![Page 75: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/75.jpg)
CBN IT Standards Roadmap (April 2015)
![Page 76: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/76.jpg)
0
5
10
15
20
25
30
PCIDSS (PaymentCard Industry DataSecurity Standard)
ISO27001(InformationSecurity Mgt
System)
ISO22301(Business
Continuity MgtSystem)
IS020000 (ITService
Management)
Global Best Practice Standard Certification Status (Nigeria)April 2016
Certified In progress
![Page 77: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/77.jpg)
0
5
10
15
20
25
PCIDSS (PaymentCard Industry DataSecurity Standard)
ISO27001(Information Security
Mgt System)
ISO22301 (BusinessContinuity Mgt
System)
ISO20000 (IT ServiceMgt System)
Global Best Practice Standard Certification Status (Banks Only). April 2016
Certified In progress
![Page 78: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/78.jpg)
![Page 79: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/79.jpg)
Data Centre Tiers
![Page 80: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/80.jpg)
Best Practise:Making it work for you: 6 essential steps
1. Do your homework: Select the right standard/framework/methodology
2. Secure & sustain top management buy in
3. Measure to Manage
4. Tailor & Customise
5. Train to Minimize Culture Shock & Resistance
6. Manage the Change: Communicate, take a participative approach
![Page 81: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/81.jpg)
Nigeria Cyber Crime Bill 2015
Objectives
Provide effective & unified legal
framework to combat cybercrime in Nigeria
Promote cyber security & protect computer systems, electronic
commination's, data, intellectual property &
privacy rights
Ensure protection of Critical National
Information Infrastructure
![Page 82: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/82.jpg)
GHANA
![Page 83: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/83.jpg)
83
![Page 84: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/84.jpg)
![Page 85: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/85.jpg)
![Page 86: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/86.jpg)
In Conclusion: build a secure culture
Standards, policies,
procedures, rules,
regulations
• (a framework
of acceptable behavior)
Training & Awareness of
above by employees
• (knowledge of
acceptable behavior)
Total commitment
of ALL employees to
above
• (desire towards
acceptable behavior
Secure Culture
![Page 87: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/87.jpg)
Take a Holistic View: What works?
![Page 88: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/88.jpg)
Remember:You are only as strong as your weakest link!
![Page 89: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/89.jpg)
References
• 2015 Trustwave Global Security Report
• 2016 Trustwave Global Security Report
• PWC Global State of Information Security Survey 2016
• Norton CyberSecurity Insights Report
• Internet Security Threat Report VOLUME 21, April 2016
• Wearesocial (2016 data)
• CBN Standards Roadmap (2013, 2015)
• Bank of Ghana Publications
![Page 90: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/90.jpg)
Adedoyin Odunfa.
CEO, Digital Jewels
![Page 91: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/91.jpg)
65 sessions of Industry shaping Knowledge Sharing Sessions… still counting
An eclectic platform for knowledge sharing,information exchange & business networking
![Page 92: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/92.jpg)
IVC Breakfast Forum’s...Free Knowledge Sharing, Information Exchange, Business Networking Sessions.
65 sessions & still counting...
Celebrates
![Page 93: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/93.jpg)
Engagement & Publications….
![Page 94: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/94.jpg)
SECURE :: ASSURE :: ENABLE :: EMPOWER :: MANAGE
![Page 95: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/95.jpg)
An innovative approach to Information Security awareness…
![Page 96: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/96.jpg)
IndependentFocused & Specialized
Painstaking & Rigorous
Experienced Professional
• Specialised Independent Information Value Chain Consulting & Capacity Building Firm
• Focused on Governance, Risk & Compliance & Capacity Building along the Information Value Chain.
• Team of professional, experienced and certified consultants
• Strong Local Information Security & Assurance Track record
• Strong international partnerships
• Optimal blend of local expertise and experience
Digital Jewels Ltd
![Page 97: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/97.jpg)
About Digital Jewels:Secure.Assure,Enable.Empower.Manage
Secure
• Information Security
Assure
• Information
Assurance
Enable
• E-business
Empower
• Capacity Building
Manage
• Project Management
![Page 98: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/98.jpg)
SECURE :: ASSURE :: ENABLE :: EMPOWER :: MANAGE
1st & only ISO27001, ISO9001 & PCIDSS QSA Professional Services Firm in Africa
Strengthening IT Governance, Risk & Compliance across Africa…
![Page 99: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/99.jpg)
SECURE :: ASSURE :: ENABLE :: EMPOWER :: MANAGE
![Page 100: Battling eFraud: The Place of Standards - Digital Jewels · 2018-11-28 · Battling eFraud: The Place of Standards A presentation by Adedoyin Odunfa. (CEO, Digital Jewels) At the](https://reader030.vdocuments.site/reader030/viewer/2022041013/5ec38e32ed48170d09636ce8/html5/thumbnails/100.jpg)
SECURE :: ASSURE :: ENABLE :: EMPOWER :: MANAGE
Adedoyin Odunfa.
CEO, Digital Jewels