From: Saudi Gazette

Saeed Al-Khotani

RIYADH — The two-day Digital Security Summit concluded here Sunday, calling for increased emphasis on legislative measures that will lead to information security audit.
The call came as part of the closing remarks announced by the chairperson of the Summit, and regional IT manager at Schlumberger KSA Maged Elmenshawy.

“For instance, publicly-listed companies should have information security audits to ensure their compliance is met, exactly in the same way financial services providers comply with the Saudi Arabian Monetary Agency’s requirements on financial audits,” he said.

Also the summit expressed the need to more transparency.

“We need people to be honest about what is happening, to communicate better about kinds of things that we can do to protect ourselves on the various different fronts,” he noted.
As the first day, rich panel discussions and presentations were the characteristics of the second day.

A panel on data security in bringing your own device workforce discussed the risks of these days’ employee practices of bringing their personal smart-phones and mobile devices and using them at work.

Dr Mohammed Al Kahtani, technical advisor for the director general of Military Industry Corporation in the Kingdom, said the panel  concluded that these employees practices are inevitable.

“So, we have to adapt by firs having clear security policies for using these devices at workplace, in a sense that every employee should know what “ the do’s and the don’ts”, what is permissible and what is not, in this regard. Also, (they) should understand and bear the consequences of  using them,” he said.

A another panel discussion on the cyber security standards, policies, and procedures, stressed that defining and implementing appropriate security levels requires a continual process of confirming that the defined policies and procedures are not only adequate for the work, but properly communicated and carried out by the staff in the organization.

Dr Solahuddin Shamsuddin, vice president for cyber security research at CyberSecurity, MOSTI, Malaysia, highlighted the Malaysian government initiative to standardize the field in 2010 and starting with  ISO, and that it is about to within few months to test the initiative and evaluate the ability of the system to accomplish its goals.

The moderator of the panel Raoul Chiesa, the cyber security advisor at Ministry of Defense and ENISA in Italy, mentioned that he does not like to use the term cyber war because it denotes that there is a war that nobody likes, besides that “we do not know who is waging this war, so it should be taken with high attention and precaution.”

“In the past we may blindly have the idea that we know who is our enemy, but nowadays after Aramco attacks and so on, we really don’t know who is attacking us. Is he anonymous, activist, organized crime or industrial espionage, or a teenager in bedroom?,” he said.

“So, it emerged that in this age, we should collaborate and share information despite competitionto face this cyber grand,” he added.

In third panel discussion entitled “ From Shamoon to Stuxnet to Gauss (attacks): How to Approach the Next Threat to your Network”, Ayman Al Issa, cyber security expert from United Arab Emirates, said that when we talk, in general, about these attacks, we talk about the emerging cyber security threat that we are seeing these days.”

“These threats are going to change and increase day by day. However, in order to protect our critical infrastructures, we have to device in-depth models or even to switch to more techniques that can provide us with more insight about what is happening within our control systems or even business networks,” he said.

“Hopefully, this will help us in early detection of these threats and deal with them at proper time. In general, the technique of building multiple-layer system for security my help in the defense in such attacks,” he added.