CYBERSECURITY SPECIAL INTEREST GROUP 2ND MEETING

APRIL 22, 2021 4:30 PM – 5:30 PM

WWW.SPSNET.COM WWW.SPSNET.COM/SPINNLABS [email protected] OBJECTIVE:

• Provide a forum in Cybersecurity Technologies to learn, discuss ideas and share opportunities for consulting, entrepreneurship and professional growth.

• Build resume with Cybersecurity skills and make money.

• Make Pakistan visible on Global map for Cybersecurity skills destination.

WWW.SPSNET.COM WWW.SPSNET.COM/SPINNLABS [email protected] AGENDA

1. Opening Remarks – Dr. Arshad Ali – 10 Min 2. Security Management at University – Nouman Abbasi – 15 Min 3. Security Management at Higher Education Institute – Dr. Saad Malik – 20 Min 4. General Discussion – 15 Min

WWW.SPSNET.COM WWW.SPSNET.COM/SPINNLABS [email protected] SPINNLAB Motto

Helping Prepare Students for Job Market

Dr Arshad Ali Pride of Performance, Sitara-i-imtiaz Pakistan Youth Potential

• Total University Graduates 760,000 • IT Graduates 30,000 only 3000 employable by IT companies • Majority graduates get hired less than their potential/qualifications • Lack of awareness about opportunities Pakistan hit 100 million broadband users & 180 million cellular subs.

. 2012 - 2 mn . 2014 - 14 mn (3G Launched) . 2020 - 100 mn (95% mobile) For context, 100 million subscribers is equal to the combined populations of these countries: Canada 🇨🇨🇨🇨 Netherlands 🇳🇳🇳🇳 Switzerland 🇨🇨🇨🇨 Singapore 🇸🇸🇸🇸 Sweden 🇸🇸🇸🇸 Denmark 🇩🇩🇩🇩 Ireland 🇮🇮🇮🇮 Greece 🇬🇬🇬🇬 Puerto Rico 🇵🇵🇵🇵

87% coverage - one of the lowest regional rates🏆🏆 #EmergingPakistan

https://www.dawn.com/news/1616070/broadband-subscriptions-reach-100m-in- pakistan?fbclid=IwAR1sGCniACJ0mNVeEw7ySoptmyKrjBo5_Fdz2F1fttHGQNukWiC9hO2T2jw Israeli startups raised record $2.8b in March 2021 : Population 9 Million

. Raised $5.3 billion in First Quarter 2021

. Raised $10 Billion in 2020

. Cyber Security Snyx $300 Mil, Orca Security $210, Aqua Security &135, Fireblocks $ 133 Mil, Axis security $50 Mil, Identiq $ 47 Mil

. IOT Companies Xsight Systems $100 Mil,

. AI Stroke care Viz.ai $52 Mil

. Cloud Security Wiz $130 Mil, Fintech Capitolis, Next Insurance $250, ecommerce marketing Yotpo $ 230 Mil Pakistan total Budget $47 Billion for 221 Mil people SECP Pakistan Guidelines for Cybersecurity Framework for Insurance Sector 2020 • CISO and Risk Management Department will:

• Identify Risk

• Assess the Risk/Attack and its impact

• Quantify the damages/extent of breach

• Continuously Monitor

• Control the nature, Significance and interdependence of cyber risks

• Develop Strategy and Framework to mitigate cyber risk Developing Cybersecurity Framework

• Technical Standards Defined by National Institute of Standards and Technology (NIST) • ISO 27000 • Information Systems Audit and Control Association (ISACA) • Control Objectives for Information and Related technologies (COBIT) • Cyber Risk Insurance Coverage University Network/Data Security Vulnerability Assessment

. Understand NIST Standard and Framework . Carryout Vulnerability assessment . Monitor Intruders . Develop risk Management Framework and continuous Monitoring plan World Job Market

 AI Jobs 5.0 Mil by 2022

 Cloud Computing Jobs 1.4 Mil

 Cyber Security Jobs 8.5 Mil by 2023, US alone current vacant jobs are 3,10,000

 IoT Jobs 4.5 Mil

Microsoft Global Skills Initiative Plan to train 25 Million in one Year Our Objective  Help Faculty Build industry Skills and Engage in Industry Projects

 Guide and Support Student Final Year Projects

 Help Develop Cybersecurity Program in the University

 Help Establish and Promote SPINNLAB Sponsored Projects in University EU Cybersecurity Challenge

Challenge Video https://www.youtube.com/watch?v=yoFPi GtId2w

Ability to Think Creatively Four Step Process 1. Understanding a Given Skill

2. Practicing

1. Experimenting

2. Gaining confidence in one’s capacity to create SPS Vision

I OT,

Thank You AGENDA

1. Opening Remarks – Dr. Arshad Ali – 10 Min 2. Security Management at University – Nouman Abbasi – 15 Min 3. Security Management at Higher Education Institute – Dr. Saad Malik – 20 Min 4. General Discussion – 15 Min

WWW.SPSNET.COM WWW.SPSNET.COM/SPINNLABS [email protected] Security Management at a Universityby

Saad A. Malik*

SPS/SPINN Lab Special Interest Group on Cyber Security Weekly Talks

*Saad A. Malik (Ph.D., Engr.) Asst. Prof. CS Department, Dated: 22 April 2021 Head ITSC & SDC, Namal Institute Mianwali, Pakistan. Email: [email protected] Mob: +92 (0) 332 860 7168 Outline of the talk

●Share experience of managing IT network in Higher Education Institute (HEI)

–Of-course management also requires securing the network

●Use of CSM to stream line IT operations and management strategy

–CSM stands for Cognitive Security Management Tool developed by SPS Net Who we are?

●Namal Institute Mianwali –Previously : Namal College, an associate college of Bradford University –Currently an autonomous degree awarding institute –4 Degree Programmes

●Computer Science, Electrical Engineering,

What we do?

●Vision: –Quality education in a rural area, as part of a rural uplift dream by Mr. Imran Khan (currently PM of Pakistan) How we uphold the vision?

●Namal Family

–45+ PhD Faculty Members (local as well as foreign qualified) –450+ students (diverse intake; mostly from rural background)

●Facilities –5 EE labs Fihd Lib Diitl A t Jl Where are we located?

Islamabad

Talagang Front View of the main Campus

Mianwali

Namal Valley, 30 km of Mianwali- Talagang Road Mianwali, Punjab, Pakistan. Courtesy of GoogleMaps. Where does IT fit in HEI?

IT plays an important role in

●Learning Management

●Campus Management

●First review the Student’s Lifecycle

●To comprehend the role of IT Student Life Cycle Student Life Cycle Start of Life at Uni

●A student’s life at uni in a nutshell –Admissions –Enrollment –Course Registration

Student Life Cycle

Admissions process - Online application - Merit - Call for confirmation - Submission of Admission Fee

IT Involvement: + Local Record (data base) + Web Server + Client generally a browser Student Life Cycle

Course Registration process - Records of fee, academic records - Pre-Requisites

IT Involvement: + Local Record (data base) + Web Server + Client generally a browser Student Life Cycle

Learning Process - Academic records - Online Lectures - Online Exams - Proctoring

IT Involvement: + Learning Management System + Inventory Management System + Staff / Faculty Management System Student Life Cycle Management

Campus Management system

●Student records stored in a data base

●Records accessible to users with certain privileges Where does IT fit in HEI?

Scenario: A user wants access to data base to use desired information. How would the user access the information, is the part technology play?

User Indicates flow Database of (Records of information student,faculty) Where does IT fit in HEI?

Scenario: WiFi User is on campus network (Wireless Access)

Ethernet (cable access) Where does IT fit in HEI?

Scenario: User is not on campus, but has access via the internet.

Internet Where does IT fit in HEI?

Pc, Smartphones, Ethernet, Wifi, internet, servers, switches, Routers all are devices assisting us to access information. Internet Where does IT fit in HEI?

Software such as OS, database managers, Internetworking are also part and parcel.

Internet Where does IT fit in HEI?

Placing content on youtube, using MS teams Zoom for video/audio streaming are all Applications helping us in learning. Internet Where does IT fit in HEI?

Placing content on youtube, using MS teams Zoom for video/audio streaming are all Applications helping us in learning. Internet What needs to be secured?

Internet What needs to be secured?

The Information residing in

Server Internet What needs to be secured?

The Information residing in:

Smart phones, Laptops, Desktops Internet What needs to be secured?

The Information residing in:

Smart phones, Laptops, Desktops Internet What needs to be secured?

So how critical is the information that is being secured? - critical - not critical - okay Internet How to secure?

Additional monitoring of the assets on network. e.g. - Access behavior - etc. Internet How to secure?

e.g. use of Q-Radar an IBM product to monitor Network devices.

Internet Secured Campus Networks

Its the people, process and technologies together! Internet Summarize

●Campus network allows access to faculty, students to keep a record of learning process. –Technology is there to provide, monitor and control access to the information

●The asset is the student/faculty records which should not be manipulated –e.g. grades of a student, financial records etc

Secured Campus Networks

Its the people, process and technologies together! Internet Thank you !

●Questions, queries etc. AGENDA

1. Opening Remarks – Dr. Arshad Ali – 10 Min 2. Security Management at University – Nouman Abbasi – 15 Min 3. Security Management at Higher Education Institute – Dr. Saad Malik – 20 Min 4. General Discussion – 15 Min

WWW.SPSNET.COM WWW.SPSNET.COM/SPINNLABS [email protected] AGENDA

1. Opening Remarks – Dr. Arshad Ali – 10 Min 2. Security Management at University – Nouman Abbasi – 15 Min 3. Security Management at Higher Education Institute – Dr. Saad Malik – 20 Min 4. General Discussion – 15 Min

WWW.SPSNET.COM WWW.SPSNET.COM/SPINNLABS [email protected] GENERAL DISCUSSION ([email protected])

• • • • • • • • THANK YOU!

[email protected] BACK UP SLIDES