Announcement

  • IS Risk Management Framework Workshop Outline
    Body:

     

    Date: Thursday, November 24th, 2016

    Location: MoTC Building, Al Nasr Tower B, 3rd Floor Training Room

    Time: 9:00 AM – 12:00 PM (3 Hours)

    Workshop Facilitators:

    Mr. Ashraf Ismael - CS Information Assurance Section Head

    Mr. Zouheir Abdallah - CS Sr. Risk Specialist

    Languages:

    Arabic & English

     

     

    Who Should attend:

     

    ·    IS/IT Security Managers and Auditors

    ·    Governance Risk & Compliance Managers

    ·    CIO/IT Managers

    ·    Business Managers (Process Owners)

    ·    System and Information Owners

     

    Objectives

     

    · Learn the detailed steps for the activities to be followed to implement the Information Security Risk Management framework and procedure

    ·  Understand your role and responsibilities with regard to information security risk management

    ·  Practice concepts and tools

     

    Course Contents

     

    ·    Risk Management & Information Security (IS) Risk Management

    ·    Why and How to manage IS Risk

    ·    Information Security Risk Management (ISRM) Framework

    ·    IS Risk Governance

    ·    Roles & Responsibilities

    ·    Definitions

    ·    Approach & Worked Example

     

    Participants will gain knowledge in the following

     

    ·    Visibility to IS risks / opportunities

    ·    Compliance with regulatory requirements

    ·    Identify critical information assets

    ·    Reduces frequency & magnitude of IS incidents

    ·    Raise awareness about information security risks & make more informed decisions

    ·    Increase the level of trust from customers and shareholders

    ·    Drive business continuity planning & Demonstrate good corporate governance

     

    Download File:-

    MoTC ISRMF v1.1

     

     

  • Application Security for Managers by SecureNinja
    Body:

    As an initiative to equip organizations to keep their technology infrastructure secure, The Ministry of Transport and Communications cordially invites IT professionals in Qatar to register for the upcoming Application Security for Managers course to be conducted by SecureNinja.  The 2 days course arms managers with the knowledge necessary to make effective, risk-based decisions about application projects that balance business needs with security requirements..

     

    http://www.qcert.org/events/application-security-managers-secureninja

  • Shadow Brokers and Cisco Systems [Advisory]
    Body:
    A mysterious group named "The Shadow Brokers" compromised a group named "Equation Group", a hacking group believed to be a NSA offshoot for a long time. They have publicly released exploits developed by them. Some of the exploits have been made available free as a Proof and the others believed to be of high value are available on an auction. One of the multiple vendors that has been impacted by this disclosure is Cisco, which is globally deployed on a large scale. 1 The following advisory is aimed to study how Cisco was affected by "The Shadow Brokers". Two main products were targeted, Cisco ASA and legacy Cisco PIX firewalls.

    http://www.qcert.org/alerts/shadow-brokers-cisco-systems
  • OpenSSL Security Advisory [DROWN]
    Body:
    DROWN is a vulnerability that affects HTTPS, and associated services like browsing the internet, mail, Instant messages that rely on SSL/TLS.
     
    DROWN allows attackers to decrypt the communication and steal sensitive information like passwords, financial data, emails, Instant messages, and credit card numbers.

    http://www.qcert.org/alerts/openssl-security-advisory-drown
  • Guidelines for Securing Social Media Accounts v1.0
    Body:

    Social networks / media is an organization’s identity in the virtual world. This social identity is very much linked to its corporate public image and needs to be protected as much in the virtual world as in the real world. The social media account if not secured may open a floodgate to compromising and maligning your corporate public image. This document provides mitigation advice and security controls to help reduce threats such as unauthorized access as well as steps to follow in order to retrieve a stolen account.

Opinion Poll

How do you rate the new Q-CERT Website?
Excellent
78%
Good
12%
Fair
4%
Poor
7%
Total votes: 138

National Information Assurance

Members of