International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Wednesday, April 29, 2009

The ITU Regional Cybersecurity Forum for Africa and Arab States, dedicated to “Connecting the World Responsibly”, aims to identify some of the main challenges faced by countries in Africa and Arab States in enhancing cybersecurity and securing critical information infrastructures.

It will consider best practices, information sharing mechanisms and concrete actions for cybersecurity development, taking into consideration the key principles of matching the borderless, transnational nature of cyber-threats with meeting specific national and regional requirements. The Forum will consider initiatives at the regional and international levels to increase cooperation and coordination amongst different stakeholders. The forum programme will include interactive sessions on the projects and related tools that ITU is working on to assist Member States in developing and implementing cybersecurity capabilities.

Capacity building activities will be undertaken in the following main areas:

  • Development of a legal framework;
  • Development of watch and warning and incident management capabilities, including the establishment of a national computer incident response team (CIRT); and,
  • Actions to be considered when developing a national cybersecurity strategy and harmonization within the key principles of international cooperation.

    The event is expected to bring together government representatives, industry actors, and other stakeholder groups from countries on the African continent and the Arab States to discuss, share information, and collaborate on the elaboration and implementation of national policy, regulatory and enforcement frameworks for cybersecurity. It will benefit information and communication policy makers from ministries and government departments; institutions and departments dealing with cybersecurity policies, legislation and enforcement; and representatives from operators, manufacturers, service providers, industry and consumer associations involved in promoting a culture of cybersecurity.

    The forum will be conducted in English, Arabic and French with simultaneous interpretation. Participation in the Forum is open to all ITU Member States, Sector Members, Associates, and other interested stakeholders, including representatives from regional and international organizations.

    More detailed information about the event (including the draft forum agenda, online pre-registration, fellowship requests (for eligible LDCs) can be found on the ITU Regional Cybersecurity Forum for Africa and Arab States website at www.itu.int/ITU-D/cyb/events/2009/tunis/.

    Register for the ITU Regional Cybersecurity Forum for Africa and Arab States here.

    We look forward to seeing you at the event!

  • Wednesday, April 29, 2009 10:03:35 AM (W. Europe Standard Time, UTC+01:00)  #     | 
     Friday, April 17, 2009

    The British Computer Society (BCS)'s website shares information and advice on how to stay safe while shopping online in a set of "Golden Rules" compiled by Global Secure Systems (GSS).

    The twelve golden rules to safely shopping online include the below (detailed information available on the BCS website):

    1. Most malware exploits are known problems with software and operating systems. The hacker, or code writer, is relying upon people being lazy and not keeping systems up to date. For this reason it is very important to keep your anti-virus product up to date with the latest signature files and operating system updates from Microsoft.
    2. Never go online without ensuring you have your personal firewall enabled.
    3. Don't ever select the remember my password option when registering online as your passwords are then stored on the PC, often in plain text, and are the first thing that a fraudster will target. Some
    4. Ensure that your credit cards are registered with your card provider's online security services such as Verified by Visa and MasterCard SecureCode.
    5. Use only one card for online shopping, maintaining a limit on the card as low as possible or even using a top-up card for your online purchasing.
    6. Be sure to use a credit card and not a debit card.
    7. Be sure to check your statements regularly, and if there is any sign of irregular activity, report it straight away.
    8. Always check for the little padlock at the bottom right hand corner of the browser (when using Internet Explorer) before entering your card details. 
    9. Make a habit of checking the site's privacy policy for details of how your personal information will be used and only provide the minimum of personal information, especially in online forms.
    10. Never shop from sites that you arrive at from clicking links in unsolicited marketing emails (spam). 
    11. It is important to remember that you could be doing everything right, but that the vendor may do something wrong. A vendor may well be storing all your credit card data on a single server.
    12. Finally, don't rely on previous customer's testimonials - they are part of the organisation's marketing and not necessarily factual. The golden rule of commerce is still the same as it ever was - if the offer looks too good to be true, it probably is!

    The full set of "Golden Rules to Safe Internet Shopping" can be found here.

    For more information see the British Computer Society (BCS) and Global Secure Systems (GSS) websites.

    Friday, April 17, 2009 2:03:05 PM (W. Europe Standard Time, UTC+01:00)  #     | 
     Tuesday, November 27, 2007

    USA Today reports on the current spam statistics, and reiterates how spam continues to exponentially increase despite anti-spam softwares, filters and legislations. According to market researcher IDC, "the total number of spam e-mail messages sent worldwide, 10.8 trillion, will surpass the number of person-to-person e-mails sent, 10.5 trillion." Spam sent is also said to have reached 60 billion to 150 billion messages a day. As for phishing, the Anti-Phishing Working Group said new phishing sites soared to 30,999 as of July 2007, from 14,191 in July 2006. MessageLabs adds that one in 87 e-mails is tagged as phishing scams now, compared with one in 500 a year ago.

    The fight against spam has nonetheless expanded and grown too. Built-in spam defenses of Google's Gmail, social-networking sites such as Facebook and MySpace which enable users to control who has access to their personal profile, to exchange e-mail with friends, family and business associates, and phishing filters provided by Microsoft on its Internet Explorer browser are some of the common filters made available to users. In the same effort to stop spam, Yahoo, eBay and PayPal recently announced their use of DomainKeys, an e-mail-authentication technology. Other anti-spam technologies include CertifiedEmail from Goodmail Systems, a new breed of e-mail services, and Boxbe. "The multilayered-defense approach has worked to stop such scourges as image spam, which varied the content of individual messages — through colors, backgrounds, picture sizes or font types — to slip through spam filters. Image spam made up half of all spam in January. Since software makers came up with a solution, image spam has dropped to 8% of all spam, Symantec says."

    Read the full article here.

    Tuesday, November 27, 2007 2:23:14 PM (W. Europe Standard Time, UTC+01:00)  #     | 
     Friday, October 05, 2007

    Yesterday, Microsoft announced to launch HealthVault, an online platform to securely store personal health-related information online. The business model relies on performing vertical internet search tailored for health queries. Several organizations signed up to participate in the project including hospitals, disease prevention organizations, and health care companies.

    For more information, see articles online of the New York Times, the Economist, discussions in several blogs and the company's press information.

    Friday, October 05, 2007 5:08:45 PM (W. Europe Standard Time, UTC+01:00)  #     | 
     Monday, September 17, 2007

    The Wall Street Journal Online reports on the five-year sentence given to Irving Escobar, a ring leader in a TJX Cos. linked credit-card fraud. He "was sentenced to five years in prison and has been ordered to pay nearly $600,000 in restitution for damages resulting from stolen financial information, Florida officials said. The sentencing follows a guilty plea by Mr. Escobar, 19 years old, of Miami, to charges that he participated in a 10-person operation that used counterfeit cards bearing the stolen credit-card data of hundreds of TJX customers to purchase approximately $3 million in goods and gift cards."

    Read more on this news article here.

    Monday, September 17, 2007 11:22:03 AM (W. Europe Standard Time, UTC+01:00)  #     | 
     Tuesday, September 11, 2007

    Bill St. Arnaud's blog passes on information on the upcoming OECD-Canada Technology Foresight Forum on the Participative Web: Strategies and Policies for the Future to be held 3 October 2007 in Ottawa, Canada.

    Tuesday, September 11, 2007 9:05:04 PM (W. Europe Standard Time, UTC+01:00)  #     | 
     Friday, July 20, 2007

    The OECD Committee for Information, Computer and Communications Policy (ICCP), through its Working Party on Information Security and Privacy (WPISP) has developed the Recommendation on Electronic Authentication and the Guidance for Electronic Authentication. The project was made possible with the participation of Jane Hamilton from Industry Canada and with the support of delegates from Australia, France, Hungary, Korea, Norway, the United States, the OECD Secretariat and the Business and Industry Advisory Committee (BIAC) to the OECD. On 12 June 2007, the OECD Council adopted the Recommendation, and the Guidance for Electronic Authentication, was adopted by the ICCP Committee in April and declassified on 12 June 2007 by the OECD Council.

    The Recommendation encourages efforts by OECD member countries to establish compatible, technology-neutral approaches for effective domestic and cross-border electronic authentication of persons and entities. It also reaffirms the important role of electronic authentication in fostering trust online and the continued development of the digital economy.

    The OECD Guidance on Electronic Authentication aims to assist OECD member countries and non-member economies in establishing or amend their approaches to electronic authentication with a view to facilitate cross-border authentication. The Guidance sets out the context and importance of electronic authentication for electronic commerce, electronic government and many other social interactions. It provides a number of foundation and operational principles that constitute a common denominator for cross-jurisdictional interoperability.

    Both the Recommendation and the Guidance conclude a work stream initiated in response to the "Declaration on Authentication for Electronic Commerce" adopted by Ministers at the Ottawa Ministerial Conference held on 7-9 October 1998 and serve as a bridge to future OECD work on identity management.

    The ITU Telecommunication Standardization Sector with its Focus Group on Identity Management (FG IdM) works to facilitate the development of a generic Identity Management framework, by fostering participation of all telecommunications and ICT experts on Identity Management. To read more about the ITU-T FG IdM activities, go here.

    Read the full article on the OECD Recommendation on Electronic Authentication and the Guidance for Electronic Authentication here.

    Friday, July 20, 2007 9:58:44 AM (W. Europe Standard Time, UTC+01:00)  #     | 
     Friday, October 27, 2006

    "Authentication processes can contribute to the protection of privacy by reducing the risk of unauthorized disclosures, but only if they are appropriately designed given the sensitivity of the information and the risks associated with the information. Overly rigorous authentication process, or requiring individuals to authenticate themselves unnecessarily, can be privacy intrusive."

    The Office of the Privacy Commissioner of Canada's recently released new Guidelines for Identification and Authentication. The Guidelines are intended to help organizations develop appropriate identification and authentication processes in ways that respect the fair information practices in the Personal Information Protection and Electronic Documents Act (PIPEDA) and ensure compliance with its security provisions by providing the strongest protection for customers’ personal information. The scope of the document is limited to identification and authentication techniques between organizations and individuals.

    These guidelines were released by the Canadian Privacy Comissioner, is a good document discussing both privacy risks and security threats:

    See also a more detailed document published by Industry Canada in 2004 named "Principles for Electronic Authentication".

    This article was accessed through Schneier's blog: Schneier on Security.

    Friday, October 27, 2006 4:02:05 PM (W. Europe Standard Time, UTC+01:00)  #     | 
     Wednesday, January 25, 2006
    Wednesday, January 25, 2006 3:11:25 PM (W. Europe Standard Time, UTC+01:00)  #     |