Home Case Studies

Cyber Defence Capacity…

Cyber Defence Capacity Building

About the client

East African IT professionals

Challenge

Even though major data breaches have hit the headlines worldwide, highlighting increased need for skilled security professionals and service providers, many organisations still rely on ad hoc, manual processes. Popular excuses are: “my organisation/business is not a target”, “the bad guys are too effective and cannot be stopped”, “someone else (e. g. national CERT) should take care of this”, “cybersecurity is too expensive”, etc.

Information security managers are confused about what to do, executive management often fails to recognise the impact of cyber security on business processes, and therefore risk damaging organisations’ data, assets and reputation.

Solution

In order to assist East African organisations in overcoming these burdens and developing practical cyber security skills, NRD companies have been organising annual Cyber Defence East Africa conferences for the last four years.

Cyber Defence East Africa is annual cyber security conference organised by NRD Companies together with NRD Cyber Security (NRD CS). It serves as a knowledge sharing, networking and capacity building platform, aimed to address cyber security issues and bring together the Government, the ICT Industry and Academia in efforts to create a better and more secure digital environment for the states, governments, businesses and citizens in East Africa.

Participants at FIRST workshop

Services provided

The first three conferences took place in Tanzania and were organised together with ISACA Tanzania Chapter in years 2013 and 2014, and in cooperation with Tanzania Communications Regulatory Authority (TCRA) in 2015. In 2016, in order to widen the reach of this initiative and recognising Uganda’s commitment to increasing cyber security in the country, it was decided to organise Cyber Defence East Africa 2016 in Kampala, in cooperation with NITA-U.

On 27-29th September 2016 over 70 participants from various Ugandan institutions such as the President’s Office, Ministry of Finance, Uganda Police Force, Uganda Revenue Authority, National Identification and Registrations Authority, Ministry of Internal Affairs, Makerere University and many others, spent three days listening to cyber security policy keynotes and practicing to defend against the most pervasive cyber-attacks.

The conference was opened by Hon. Tumwebaze Frank – the Minister of ICT and National Guidance. The Hon. Minister invited the participants to applaud NRD Companies for selecting Uganda as the 2016 host and being “consistent in delivering cyber security training within East Africa over the last three years and ensuring presence of skills, critical in order to build on our achievements and enhance our successes”.

Main focus of the 2016 conference were 2 parallel training tracks: Track 1. Practicing CIS Critical Security Controls V 6.0 for cybersecurity and Track 2. FIRST Trainings for Incident Response and Security Teams.

Both trainings were delivered by corresponding theme leaders at NRD CS that have immense first-hand experience in the topics they presented – CEO Dr Vilius Benetis and Head of NRD CIRT Mr Marius Urkis. Dr Benetis is a contributor to the CIS Critical Security Controls and other frameworks, and Mr Urkis has assisted in setting up several national CERT teams as well as successful FIRST certification process of 4 CERT organisations.

The participants also had a chance to learn about Critical infrastructure protection from Dr Vilius Benetis, CEO NRD CS as well as IT governance policies, frameworks and standards, such as COBIT 5, presented by Mr Sebastian Marondo, CEO NRD East Africa.

In previous years, the topics that were covered at Cyber Defence East Africa conferences also included highly concentrated Critical Security Controls and Penetration Testing trainings, IT forensic investigations, cyber defence, incident response, IT governance and compliance, among others.

Impact

The course evaluation questionnaires revealed that the participants appreciated the practical nature of the trainings, thought that the presentations and discussions were relevant to their organisations and that the knowledge gained will be used in their work. All participants noted they would like to attend again next year, and requested for more regular workshops, and more time to be allocated for such initiatives.

“I plan to start implementing some of the basic critical security controls in my organization. For example taking an inventory of all hardware and software used and make sure proper configuration procedures are in place”, said one of the attendees.

The results

4

Annual conferences held in East Africa

400

Participants trained in total