The Sunday Mail
Engineer Robert Shoniwa
If your organisation uses ICT services in any manner, it is imperative that you have an internal CERT.
Cyber security has become a topical concern, with Government, the private sector and individuals attaching greater importance to the issue today.
While the attention is commendable, it is important to realise that spreading awareness is just the tip of the iceberg when it comes to major cyber security-related activities.
Over the past few months, a number of workshops, seminars and conferences have been hosted by various bodies and organisations to spread awareness on the subject of cyber-security.
I will highlight the recent cyber security conference hosted by the Information Communication Technology and Cyber Security Minister, in partnership with ZICT (the ICT Division of the Zimbabwe Institute of Engineers, ZIE) and Zimbabwe Newspapers (1980) Limited.
The primary goal of this conference was to engage key stakeholders, and obtain input towards development of a National Cyber Security Strategy, which will operationalise the National Cyber-security Policy.
This was a highly successful conference, with solid recommendations which will improve cyber-readiness.
One of the major takeaways was the need for a Computer Emergency Response Team (CERT) which could be implemented at three levels: national, sectorial and organisational.
By definition, a CERT is responsible for responding to cyber security-related incidents such as malware attacks (such as ransomware), denial of service (DoS) attacks on national or organisational infrastructure, among others.
The tasks the team performs for a victim organisation include locating, collecting and gathering digital forensic evidence, analysing it and then sharing Indicators of Compromise (IOCs) with other organisations to ensure that no other company gets infected or compromised in the same manner as the one attacked.
IOCs in general terms can be described as the signs and symptoms of a cyber-attack.
For example, if the source of a Ransomware attack is a malicious email Y from a certain email address X, the email address X and the email Y are treated as IOCs and so other organisations will be advised to be wary of them.
It goes without saying that a CERT requires a group of people, each with a specific skillset in cyber-security, including data recovery, malware analysis and threat intelligence management, to name a few.
The general field of study that can help individuals gain knowledge in this area is actually a specialisation of cyber-security known as Digital Forensics and Incident Response.
This therefore implies that for Zimbabwe to set up an effective CERT, it needs personnel skilled in this area.
It also means that we need a variety of training and academic institutions that specialise in capacity building in this particular area to build the human capital, with this particular set of skills.
The Harare Institute of Technology is the only institution in Zimbabwe offering a cyber security-focused degree.
Through its Information Security and Assurance (ISA) department, HIT offers the Bachelor of Technology Degree in Information Security and Assurance.
Additionally, HIT is also known for producing highly competitive students, armoured with hands-on practical learning.
It is towards promoting this hands-on approach that we have set up our own Digital Forensics Lab so as to provide a practical approach to cyber-security training activities.
We have tailor made short courses and training workshops that are all highly practical, to equip ICT professionals with the requisite skills, knowledge and competencies to deal with the ever-present danger of cyber-attacks.
These programmes are specifically targeted towards capacity building in the field of digital forensics and incident response.
They will each cover a specific facet of incident response including pre-incident preparation and how to set-up protection mechanisms, initial response to any attacks, collection and analysis of digital evidence, recovery of lost data and preparation of reports while maintaining the integrity of the whole process.
If your organisation uses ICT services in any manner, it is imperative that you have an internal CERT. This can be done through the hands-on short courses and training workshops currently being offered by HIT experts in cyber-security, who possess both industrial and academic experience in this key area.
A cyber-attack is an inevitable eventuality, and as organisations it is our duty to stand prepared and ready when it happens.
Engineer Robert Shoniwa is a Certified Ethical Hacker (CEH) and holds a Master of Technology degree in Information Security and Cyber Forensics from SRM University in India. He is the Chair of the Information Security and Assurance Department at HIT and is also the Cyber-security Representative of ZICT, the ICT division of the Zimbabwe Institute of Engineers (ZIE). Feedback: [email protected]/[email protected]
