Overview
In today’s ever connected digital world, we are no longer immune to cyberattacks; recent reports highlight that a cyberattack occurs every 39 seconds in the United States! Once a cyberattack happens, millions of people could be harmed, and billions of dollars will be lost; Government-run organizations can be shut down and services can’t be provided to citizens. The need for establishing effective and comprehensive business continuity management is evident and is becoming more complex due to the dependencies on global supply chains and third party.
The InfoSec Summit is an annual event organized by Kuwait University. Inaugurated by the Information Science Department at the College of Life Sciences, InfoSec Summit focuses on both theoretical and practical issues related to cybersecurity and resilience. This year, the InfoSec Summit 2022 will be held in collaboration with the Computer Engineering Department at the College of Engineering and Petroleum at the new Kuwait University Campus in Sabah Alsalem University City.
Organizing committee
- Prof. Kassem Saleh
- Dr. Ameer Mohammed
- Dr. Dari Alhuwail
Scientific Committee
- Prof. Kassem Saleh
- Dr. Ameer Mohammed
- Dr. Dari Alhuwail
- Prof. Paul Manuel
- Dr. Eiman Alshammari
Webmaster
Schedule
Eng. Mohammed Aldoub
Cybersecurity Consultant and Global Trainer
Dr. Fawaz Alkhateeb
Taher Group Law Firm and KILAW, Kuwait
Mr. Kyle Brundage
System Administrator, Office of Military Cooperation-Kuwait
Moderated by:
Dr. Ameer Mohammed
Kuwait University
Dr. Reem AlShammari
Corporate Solutions DTx Leader in Kuwait Oil Company & Founding Partner of Women in Cyber Security Middle East (WiCSME)
Transforming Business in a Resilient, Secure and Safe Business Environment
Abstract:
Questions covering:
- Business Transformation and Cyber Security Partnership?
- How to become Business Resilient with proper Cyber Security posture?
- Success Stories to share.
- Golden Nuggets and Take sways.
Mr. Osama Abduo
Fortinet, Middle East
Protecting Smart Cities with Smart Security
Abstract:
Attackers never sleep! They are always targeting our assets. The more our cities become smart, the broader the attack surface will be. This cyber-exposure encourages the attackers to target our networks, jump inside, and cause the damage. In this session, we will take a look at the latest attacks trends, and how attackers can take over control and exfilterate data causing an impact on multiple aspects including financial, reputation, time, and more. The second part of this session will show how our networks can be intelligent enough to provide the maximum level of security. Security which understands who, what, where and when, to contain and counter the various types of attacks.
Mr. Patrick Nicely
Chief Warrant Officer Two, DoD - US Army
Mr. Bradley Jumper
Chief Warrant Officer Two, DoD - US Army
Risk Management
Abstract:
In our presentation, we will conduct a brief overview of risk management as it pertains to cybersecurity. We will cover what risk management is to include some key terminology and concepts such as assets, threats, vulnerabilities, etc. We will discuss some of the items covered during a risk assessment/analysis. Additionally, we will go over the risk response options including mitigation, transference, avoidance and acceptance. We will review physical, logical and administrative control categories. Further discussion of controls will include a discussion on the following control types: preventive, deterrent, detective, compensating, corrective, and directive. We will close with a listing of industry best practice risk frameworks currently in use.
Eng. Ali AlEnezi
Public Institution for Social Security
Building the Cybersecyrity Foundations: Basic Hygiene
Abstract:
A number of frameworks and standards provides guidance on what cybersecurity controls basic or otherwise should be in place to protect the organisations. Examples of these frameworks include National Institute of Standards and Technology (NIST) Cybersecurity Framework, International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27001 the Center for Internet Security (CIS). During this session, we will provide a starting point for an effective cybersecurity program by showing a list of basic controls from ISO/IEC 27001 the CIS including a few additional control practices that may not be truly basic today.
Eng. Ali Alkhaled
Central Bank of Kuwait
Mr. Belal AlSheikh
Palo Alto Networks, Kuwait
Mr. Mohammed B. AlJouan
Board Member - Kuwait Economic Society
Mrs. Wafaa AlSarraf
Ministry of Higher Education
Officer Shambrella McLendon
Chief Warrant Officer Two, DoD-US Army
Moderated by:
Dr. Dari Alhuwail
Kuwait University
Eng. Ali AlKhaled
Central Bank of Kuwait
Achieving Cyber Resilience in Kuwait Banking Sector: Context – Approach – Challenges
Abstract:
This talk will highlight the key role of the Central Bank of Kuwait (CBK) in addressing Cybersecurity/Cyber Resilience in the State of Kuwait. A role that is multi-contextual and multi-dimensional. The following will be the two major pillars of the talk:
- Managing Cybersecurity at the Central Bank of Kuwait – CBK as an “Organization” within the context of: Government Sector, Regional Central Banking Community, and International Central Banking Community.
- Managing Cybersecurity in Kuwait Banking Sector – CBK as a “Regulator” of the Banking Sector within the context of the State of Kuwait and Internationally.
The talk will also highlight the following key areas:
- CBK’s journey towards “Cyber Resilience” on an organizational-level and on s Sector-level.
- CBK’s key initiatives, as a leading organization, in establishing and nurturing the culture of Cybersecurity in Kuwait, through: Awareness campaigns, Training programs, Engagement with community, ..etc.
Mr. Belal AlSheikh
Palo Alto Networks, Kuwait
Uplift Your Security Resilience With Zero Trust Enterprise Strategy
Abstract:
Palo Alto Networks advocates for the Zero-Trust Enterprise strategy as a more efficient way for enterprise customers to combat today’s increasingly sophisticated attacks and threats. Disruption is the hallmark of 2022. Combining the digital transformation and sudden outbreak of the COVID-19 pandemic has created ‘chaos with no control’, not necessarily because organisations have more employees but because they are all in different geolocations, operating from various networks, on multiple devices, which cybercriminals exploit and subsequently has led to tremendous growth in cyberattacks worldwide.
Relying on a conventional security approach is no longer a practical option for securing high-value assets. Adversaries will always be one or more steps ahead. Attacks are increasingly sophisticated, and the need for a multi-layered E2E cybersecurity strategy is more compulsory than ever, aiming to enforce the defense-in-depth principle across the digital ecosystem.
Dr. Waheeda Almayyan
PAAET, Kuwait
A Data Mining Approach for Filtering Out Social Spammers in Large-Scale Twitter Data Collections
Abstract:
Social networking services – such as Facebook.com and Twitter.com – are fast-growing enterprise platform that has become a prevalent and essential component of daily life. Due to its popularity, Twitter draws many spammers or other fake accounts to post malicious links and infiltrate legitimate users' accounts with many spam messages. Therefore, it is crucial to recognize and screen spam tweets and spam accounts. As a result, spam detection is highly needed but still a difficult challenge. This article applied several Bio-inspired optimization algorithms to reduce the features' dimensions in the first stage. Then we used several classification schemes in the second stage to enhance the spam detection rate in three real Twitter data collections.
Dr. Mohamed Torky
Higher Institute of Computer Science and Information Systems, Egypt
Authenticating and Verifying Drone Charging Transactions: A Novel Blockchain Protocol
Abstract:
Unmanned Aerial Vehicles (UAVs) (or Drones) is fast becoming an important technology that will play pivotal roles in many non-military fields and industrial applications in the next few years. However, the biggest challenge is that drones are not sufficiently regulated and authenticated, which raises a significant concern in drones cybersecurity and internet of energy (IoE). One of these authentication challenges is verifying drone charging transactions with ground charging stations. Malicious operators of energy within IoE network will heavily threaten security and privacy of both of UAVs and charging stations through various malicious attacks, such as, privacy leakage, falsification, node impersonation, and fake charging transactions, etc. Blockchains are an emerging technology that has drawn considerable interest for managing and securing transactions in IoE networks. Blockchains promise transparent, tamper-proof, and secure protocols that can enable untraditional solutions for securing and authenticating real time transactions especially when combined with smart contracts. In this work, a Blockchain protocol is proposed for authenticating and verifying drone charging transactions with ground charging stations. The proposed protocol is based on ED25519, a highly secure public-key signature system, which is based on Edwards-curve Digital Signature Algorithm (edDSA) for generating ED25519-based keys (private and public) used to authenticate the identities of drones and charging station points in Blockchain-based IoE networks.
Dr. Mohamed Elsersy
Lecturer, Computer Information Science, Faculty of Computer Information Systems, Higher Colleges of Technology, UAE
Privacy-Preserving Data Sharing Scheme for Healthcare Systems
Abstract:
The extensive use of electronic medical records (EMRs) has become extremely helpful for professionals in the medical industry for efficient diagnosis and treatment. It is beneficial for medical professionals to see the notes from other professionals as it is almost impractical to get the patient medical history verbally. Utilizing ongoing advances in healthcare, many institutions are transitioning from paper-based records to electronic medical records. A cloud is an excellent option for hosting large amounts of data like all the EMRs from a hospital. There is a pressing need to safeguard the shared information with a scheme that ensures secure data sharing. We propose a privacy-preserving data sharing scheme for healthcare systems. Our proposed scheme provides patient records only accessible to authorized personnel. Because patient privacy and data protection are critical, all patients' data must be encrypted before sending it to the cloud provider. This data encryption creates a need for a doctor, nurse, or even the patient themselves to find which file is there to access it. To do this, we will need to use a method for searching over encrypted data. However, with homomorphic encryption, you can update encrypted data in the cloud environment without ever having to decrypt it. Our proposed scheme will use a kNN encryption scheme to employ a trusted key distribution center (KDC). That will enable multiple doctors to search over encrypted data while ensuring that our cloud server is the only service that allows such searching. Patient data will be encrypted utilizing the KDC services and uploaded to the cloud server that holds a KDC session key. The proposed method shows an efficient performance compared to the existing schemes.
Mr. Osama Abduo
Fortinet, Middle East
Security Fabric Workshop
Location
S-3D-1019
Abstract:
Today’s networks are highly complex environments with borders that are constantly changing. In response to this highly complex environment, an integrated security approach has become a necessity, with firewalls being the center of this security fabric, and multi-functional devices that counter an array of threats to your network.
In this workshop, participants learn the basics of how to install a FortiGate and use it to protect a network. FortiGate enables security-driven networking and consolidates industry-leading security capabilities, such as SSL inspection, antivirus, web filtering, and application control. By doing this, FortiGate meets the performance needs of highly scalable, hybrid IT architectures, enabling organizations to reduce complexity and manage security risks. FortiGate simplifies security complexity and provides visibility into applications, users, and networks. FortiGate utilizes purpose-built security processing units (SPUs) and threat intelligence services from FortiGuard Labs to deliver top-rated security and high performance threat protection.
Participants who attend this workshopwill learn how to:
- Install a FortiGate device in a network
- Configure basic routing
- Create security policies
- Apply security scanning
- Configure local user authentication
- Use the CLI
- Configure the Fortinet Security Fabric
Venue
Sabah Al-Salem Kuwait University City (Alshadadiya), College of Life Sciences, 2nd Floor, Roman Theater.
Sabah Alsalem University City
College of Life Sciences
College of Life Sciences
Sabah Alsalem University City
Live Stream
Recommendations
- Invest in building the next generation of cybersecurity leaders through skills development and expansion of effective pathways to well-paying jobs and job titles.
- Facilitate and support periodic comprehensive assessments of the level of cybersecurity maturity and resilience for all public and private organizations, irrespective of their size.
- Promote societal awareness on ethical and professional conduct in the cyber world.
- Promote a culture in which cybersecurity is seen as a continuous and iterative process, built into services and products from the start and continuing throughout their lifecycle; this culture must be easily accessible and understandable for all.
- Continue enhancing the capabilities and flexibility necessary for cyber resilience in various sectors (public, private, civil) at the national level by investing in infrastructure, software tools, and human capital in the field of cybersecurity.
- Foster synergy of local, regional, and international efforts in cyber-resilience through mutually beneficial cooperation and exchange of tactical and scholarly information and experiences at various levels and in all sectors.
- Strengthen cybersecurity research though ambitious, challenge-led research funding and scholarly activities to investigate and develop best practices in the field of cybersecurity and resilience; Specific focus should be on expanding the engagement of SMEs and academic researchers with industrial partners.
- Establish a rigorous cybersecurity framework that can act as a standard for enacting guidelines and policies that organizations can follow to mitigate risks and protect against catastrophic attacks.
- Ensure that legislators are up to date with any new cybersecurity issues associated with new technological developments and understand them well enough to propose effective laws and regulations.