Knowledge and tools that enable human progress, economic development and nature conservation to take place together.
ICC has formally accepted the International Union for Conservation of Nature (IUCN) as an ICC User Organization.
The International Union for Conservation of Nature (IUCN) is a membership union uniquely composed of both government and civil society organisations. It provides public, private and non-governmental organisations with the knowledge and tools that enable human progress, economic development and nature conservation to take place together.
Created in 1948, IUCN has evolved into the world’s largest and most diverse environmental network. It harnesses the experience, resources and reach of its 1,300 Member organisations and the input of some 13,000 experts. IUCN is the global authority on the status of the natural world and the measures needed to safeguard it. Their experts are organised into six commissions dedicated to species survival, environmental law, protected areas, social and economic policy, ecosystem management, and education and communication.
Emmanuelle Ganne, International Trade Expert and Senior Analyst, Economic Research Department at WTO thanks Shashank especially in her study for his sound technical advice. One snippet from her text:
Blockchain is much more than Bitcoin. Blockchain’s first implementation as the technology underpinning Bitcoin has led many to associate Blockchain with Bitcoin. However, the potential use of Blockchain goes well beyond the world of cryptocurrencies. For some, it is a technology that will change our lives, while for others it is a pipe dream; no technology has stirred up so much debate since the advent of the internet. However, despite the numerous headlines on Blockchain, the technology remains difficult to apprehend for many. Blockchain: a tamper-proof, decentralized and distributed digital record of transactions that creates trust and is said to be highly resilient. A blockchain is a decentralized, distributed record or “ledger” of transactions in which the transactions are stored in a permanent and near inalterable way using cryptographic techniques. Unlike traditional databases, which are administered by a central entity, blockchains rely on a peer-to-peer network that no single party can control. Authentication of transactions is achieved through cryptographic means and a Mathematical “consensus protocol”* that determines the rules by which the ledger is updated, which allows participants with no particular trust in each other to collaborate without having to rely on a single trusted third party. Thus, Blockchain is, as The Economist calls it, a “trust machine”. Participants in a blockchain can access and check the ledger at any time.
This is just one instance of how ICC is beginning to support a host of Clients with blockchain solutions.
CSA-MISTI Host Cyber Experts in Orlando, Florida Dec 10-13, 2018
Tima Soni of ICC presents on Cloud Security for Social Good
The Cloud Security Alliance (CSA), a leading organization dedicated to defining standards, certifications and best practices to ensure a secure cloud computing environments, held their annual congress Dec. 10-13 in Orlando, Florida. The congress was co-hosted by MIS Training Institute (MISTI), an international leader in audit, IT audit and information security training, with offices in Boston and London. This year’s event focused on areas of growth in cloud security, including standardization, transparency of controls, mobile computing, Big Data in the cloud, innovation and social good.
Over forty speakers gathered in front of hundreds of attendees, who had the additional benefit of taking training for up to 22 CPE credits from across vertical industries, such as Abacode, Adobe, Cisco, Cloud Security Alliance, Arizona State, Darktrace, Greenway Health, ICC, Intuit, Oracle, Raytheon, Salesforce, Starbucks, Symmetry Blockchain, Tripwire, Turner BroadcastingWeb.com, Zscaler and more.
Topics ranged from Creative Disruption, Blockchain, Alexa, Where is my PII?, Re-thinking information security for the digital transformation era, Infosec for Containers and Serverless Environments to Cloud for the Homeless, A secure Internet of Things, Cloud Security for Social Good, and Devsecops.
New technologies create exciting opportunities for today’s agile enterprises. However, these same technologies have also opened the door to clever adversaries in search of new attack vectors. We’re excited to be developing an industry event that will bring together global security experts and cloud providers to discuss such critical issues as global governance, the latest technology and security innovations in order to help organizations address the new frontiers in cloud security.
Jim Reavis, co-founder and CEO of the Cloud Security Alliance
Tima’s keynote speaking session on December 12 highlighted the values and particulars of cloud security in the humanitarian international development sector.
She emphasized ICC’s common services in many areas of information security to UN Agencies and other Partners who are leveraging cloud platforms to support humanitarian causes. Why common services? Each agency has its own people, processes and technology solutions for security – but together they can optimize and extend their security posture and delivery by learning from and collaborating with others. Common Secure services – ICC’s inter-Agency threat intelligence network – is just one way UN entities can best secure and improve their security positioning.
Some United Nations Agencies have been leveraging cloud computing platforms for years, while others have been or still are cloud-averse. Some are avid and agile private, hybrid and public cloud users with decreasing on-premises footprints. In this keynote, Tima will share what has worked for many of ICC and its partner agencies and how the ICC continues to build security services that address the risks that the cloud brings in the context of delivering the sustainable development goals and other programs for social good.
IAEA hosts inter-Agency summit on collaboration transformation challenges
The UN Collaboration Summit gathered UN Agencies on 30 November, hosted by IAEA in Vienna, Austria. The summit showcased best practices, applications and use of communications and collaboration tools by various UN organizations: Microsoft O365 and related services, Azure and SharePoint. It gathered architects, developers, business analysts and other professionals in the UN system that work with Microsoft SharePoint, Office 365 and related technologies. Organizations including DPKO, ICC, IEAE, IMD, ITU, OCHA, OPCW, Microsoft, UNDP, UNOG and UN ICTD discussed a wide range of projects across United Nations agencies that make use of collaboration technologies, especially SharePoint and Office 365.
ICC’s Akhilesh Nirapure, Cloud Architect in the Strategic Consulting unit, Clients-Projects, gave a talk on What’s New in SharePoint (SharePoint Online, SharePoint 2019 and transformation challenges). The last UN Collaboration Summits that ICC participated in were at UNESCO in Paris in 2016 and at Microsoft in New York in 2014.
Akhilesh presented ‘What’s New Modern in SharePoint Online & SharePoint 2019 – Transformation Challenges.’ The idea was to present challenges an organization will face when migrating from on-premise SharePoint environments to SharePoint Online, and how they can benefit if they migrate/upgrade to SharePoint 2019 version. He concluded his talk with a short demo showcasing a simple use case of ‘Feedback Moderation’ by leveraging Office 365 services such Microsoft Forms, Microsoft Flow (workflow engine) and Azure – Cognitive Services (sentiment analysis and content tagging ) using an on-premise “Datagateway” with SharePoint 2019 On-premise.
IAEA hosted an expert panel session moderated by Microsoft and supported by ICC, with the goal to support questions and interest from various attendees. This 1.5 hour session, including ICC’s Akhilesh Nirapure, was remotely supported by Gianluca Nuzzo (CPD, Brindisi), Subhash Vinjamuri (CPS, New York), and ‘Raju’ Rajagopalan Kasthurirangan (CPD, New York). ICC managed to find opportunities to respond to attendees’ questions representing ICC approaches and services.
Among many others, Mehret Abebe from OCHA presented on the journey from SharePoint 2016 to Office 365, which ICC staff worked very closely on (Akhilesh, Anthony and Marcos, CPD team) on day to day basis with Suzanne Connolly (Chief, Information Management Officer, OCHA). ICC helped them understand modern capabilities and built a modern Intranet in SharePoint Online. OCHA acknowledged ICC and recognized how ICC worked well together in achieving their intended goals.
Infrastructure Hosting, DR and Information Security Services
ICC is pleased to inform you that the OPEC Fund for International Development (OFID), with Headquarters in Vienna, has now formally been accepted as an ICC User.
The OPEC Fund for International Development (OFID) is the development finance institution established by the Member States of OPEC in 1976 as a channel of aid to the developing countries. OFID works in cooperation with developing country partners and the international donor community to stimulate economic growth and alleviate poverty in all disadvantaged regions of the world. It does this by providing financing to build essential infrastructure, strengthen social services delivery and promote productivity, competitiveness and trade. OFID’s work is people-centered, focusing on projects that meet basic needs – such as food, energy, clean water and sanitation, healthcare and education – with the aim of encouraging self-reliance and inspiring hope for the future.
Their vision is to aspire to a world where Sustainable Development, centered on human capacity-building, is a reality for all. Their mission is to foster South-South Partnership with fellow developing countries worldwide with the aim of eradicating poverty.
OFID Is interested right away to leverage our infrastructure hosting with a backup DR site. They are also interested in our information security services programme.
Joint Agency Workshop on Information Protection and Data Privacy
Speakers Kadiatou Sall-Beye (ITU), Soren Thomassen (UN Women), Aldo Gomera (PAHO), Diana Rusu (UN Women) and Mila Romanoff (UN Global Pulse)
UNICEF, UN Women and ICC hosted an all-day information security best practices workshop on October 29, 9:00-5:00 p.m. with the idea that cybersecurity can be a driver of programme delivery in a UN Agency, rather than an afterthought. Cybersecurity can be central to the new UN Strategy on New Technologies and central to an Agency’s core mission and mandate. A strong cybersecurity strategy fuels agency innovation and growth. It reduces costs and lowers risks, while also making Agencies more efficient and inventive. It helps with the development of digital offerings and business models that help Agencies win. It helps with the development of digital offerings and business models that help Agencies win. It is central to information protection and data privacy. There were forty participants from UN Women, UNICEF, ICC, UNJSPF, IMD and UNFPA.
ICC’s roles included assisting UNICEF with the facilitation and setup of the event, as well as three presentations (from Tima Soni, Nitesh Kudva and Tom Beulens – see below).
Today’s rapid digital and technological transformations have brought us to another critical moment. They inspire hope of immense benefits that can elevate the human condition everywhere.
UN Secretary-General Antonio Guterres, Strategy on New Technologies
Challenges and opportunities abound – data privacy and information protection remain paramount. Cyber security is a mission-enabler. Investments in digital business solutions and innovation require oversight, an enterprise outlook, with a view to integration points and security risk mitigation. Bring IT into the light through best practices by embedding security standards in programme delivery.
Description/goals: This will be an all-day workshop sponsored by UNICEF, UN Women and ICC on the role of cyber security and information protection and data privacy best practices in delivering on organizational missions and mandates. The goal is knowledge sharing between CISOs, business units and stakeholders to highlight successes and discuss current challenges.
Venue: UN Women HQ, 220 East 42nd Street, New York, NY 10017, 19th floor, 9-5 pm (+/- 50 people)
Participants: UN Agency stakeholders in security; CIOs and CISOs, procurement management, information security and ICT management personnel, programme staff, etc. including NY-based UN Agencies: UNICEF; ICC; UN Women; UNFPA; UNJSPF, PAHO, ITU, UNFCU, IMD, etc.
Soren Thomassen Chief, Information Systems and Telecommunications, UN Women
Chris Larsson Chief, Deputy Director of Strategy, Risk Management and Governance, UNICEF
Jorge Torres, Chief, IT Security, UNICEF
Mila Romanoff, Legal and Privacy Specialist, UN Global Pulse
Aldo Gomera, Information Security Officer, PAHO
Kadiatou Sall-Beye, Project Officer, LDCs, ITU
Diana Rusu, Innovation and Knowledge Management for Women’s Economic Empowerment, UN Women
Panel: Speakers above plus:
Tima Soni, Chief Information Security Officer, UN Women
Panel Moderator: Chris Larsson Deputy Director of Strategy, Risk Management and Governance, UNICEF
Afternoon Workshop Speakers above plus:
Tom Buelens, Information Security Specialist, UNICEF (from ICC)
Nitesh Kudva, Information Security Specialist, UN Women (from ICC)
Summary: The goal of the UN Secretary-General’s Strategy on New Technologies is to define how the United Nations system will support the use of technology to accelerate the achievement of the 2030 Sustainable Development Agenda. Cyber Security can be a natural partner to help get this right.
This workshop highlighted what UN Agencies have been up to on this front. Over recent years UN Women, UNICEF and ICC (as well as UNDP, PAHO, IMF and others) have gone through significant changes in their ICT delivery model and cyber security postures. These have led to streamlined, secure and cost-effective solutions with an increased awareness of IT process improvement as well as a cultural shift towards IT as a service to the organization. Programme staff, solutions centre resources, business relationship managers, procurement, legal, and ICT stakeholders can learn a lot about optimising their delivery of the work these organizations deliver.
Aligning organizational operations and Information/cyber security:
Information protection and data privacy
Advancing organizational mandates with strong cyber security framework
Aligning cyber security to organizational mandates
Aligning IT/Information Security with procurement of ICT services/solutions procurement
Capturing and classifying assets. A waste-of-time and an Investment
Security Assurance Testing and Reviews
Business driven Risk Management
Striking a balance with internal and external resources
Pressures, pain points and organizational challenges
ISO YES or ISO NO.
Welcome Soren Thomassen
Opening Chris Larsson and Jorge Torres
Data for Humanitarian Action: a Legal Perspective – Mila Romanoff
Innovation and Security for Women’s Economic Empowerment – Diana Rusu
ICC partnered with Microsoft, with a co-sponsorship from UN OICT and UNICEF, to organize and host a half-day Security Summit in the context of the ICT Network meeting in NYC on 26 October. This summit provided a moment of unique opportunity for all UN ICT Network organizations to get together for some joint reflection over the most recent trends in cyber threats and corresponding approaches to cyber defense and security.
Participant organizations, from the UN Secretariat, UNICEF, ICC, UNJSPF, UNFPA, IMD, PAHO, IMF, CTBTO, IAEA, UNWTO, and UNHCR and others, had the opportunity to better understand key challenges and threats affecting global digital security, while understanding fundamentals and needs for an effective defense and protection of the UN system, while leveraging in the best way possible all the tools available on the current Microsoft 365 platform already in use by most of the UN system organizations. Alex Pinho, Global Lead of the Tech for Social Impact Group at Microsoft, was quick to welcome all participants and highlight the new partnership between ICC and Microsoft, considering ICC as a trusted broker to work with other UN Agencies in deploying security solutions including those from Microsoft.
The sessions included the opportunity to hear Salem Avan, Director, Global Services Division at the United Nations, give his perspective on UN cybersecurity and a cyber defense agenda, understanding the latest principles and trends of intelligent modern security, with a deeper look into Microsoft 365 integrated Security Suite and the way to best leverage for and UN system protection, with a virtual visit to one of the most advanced cyber defense centers at global scale, closing with a joint reflection and alignment on the key security principles that should be followed by all UN organizations.
ICC has been working all fall with the Microsoft Tech for Impact Group to set up a new strategic partnership to give a new role to ICC for UN Agencies and other related institutions, including Cloud Solution Provider and MS Security Certified Partner status.
Marco Liuzzi and Nitesh Kudva presented on behalf of ICC, introducing ICC’s strategic relationship with Microsoft and looking under the hood at some of ICC’s infosec services, including the Common Secure Threat Intel Network services and ICC’s brand-new Common Secure Operations Centre (CSOC). The session took place at the Microsoft Technology Center in New York, located at 11 Times Square (between 41nd street and 8th Avenue).
There was a strong participation of all the UN ICT Network organizations that speaks to the need for a strong conversation, good collaboration and shared services to get cyber security right.
From mobile and web apps to enterprise collaboration platforms, digital transformation strategy support, agile project management and cloud support, ICC is there to supports its Clients and Partner Organizations
ICC Shares Some of Its Innovations for the UN Chief Executives Board
The UN Innovation Network (UNIN) and a few of its friends have created a video montage for the Chief Executives Board (heads of UN Agencies and the Secretary General) meeting in November. They wanted to show contributions from Agency offices and staff around the globe. ICC took the opportunity to share some snippets of what we do… some single sentences about how we support our Clients and Partner Organizations in their programme delivery. They will share it with CEB participants in a fun and informal way, making it available publicly on the UNIN website here:https://www.tribute.co/unceb/.
Several participants spoke about the Internet of Good Things. See UNICEF stories for really interesting ideas in that respect. The video is about half an hour – feel free to watch the whole thing or skip around to find your ICC colleagues.
From top left:
› Anny Rosyani (Geneva)
› Maria Antonia Rodrigues (Geneva)
› Liliana Oceguera (Brindisi)
› Roberto Anile (Rome)
› Gianluca Nuzzo (Brindisi)
› Bill Allen (New York)
› Hung Pham Ngoc (Hanoi)
› Daniela Mezzadri (Valencia).
Specialized Agency of the United Nations since 1948
Promoting social and economic development
The Universal Postal Union (UPU) has submitted a request to become a Partner of ICC, which was approved by the Management Committee 29 August 2018.
The UPU became a specialized agency of the United Nations (UN) on 1 July 1948. It contributes to the development of UN policies and activities that have a direct link with its mandate and missions to promote social and economic development.
Established in 1874, the Universal Postal Union with headquarters in the Swiss capital Berne, is the second oldest international organization worldwide. With its 192 member countries, the UPU is the primary forum for cooperation between postal sector players. It helps to ensure a truly universal network of up-to-date products and services.
The UPU fulfils an advisory, mediating and liaison role, and provides technical assistance where needed. It sets the rules for international mail exchanges and makes recommendations to stimulate growth in mail, parcel and financial services volumes and improve quality of service for customers.
Trusted shared services and digital business solutions
SOC and SIEM for the UN Family
A Security Operations Centre (SOC), whether embedded in a huge NASA-like Emergency Operations Centre with two hundred personnel, or residing on a series of laptops securing an organizational network, has a single goal: to provide comprehensive information security. A SOC provides real-time views into networks and security setup and status, assuring that systems are not negatively affected and with the ability to execute agreed protocols and processes in a consistent manner when issues arise. The SOC provides constant monitoring of all systems, utilising tools to mitigate risk and validate the health of an organization’s security posture.
A SOC, with its certified cyber security experts and their many years of experience in the UN system, together with a qualified, best-of-breed Security Information Event Management (SIEM) solution, delivers cyber security peace of mind.
The UN Asks for a SOC; ICC Delivers
A SOC (and SIEM) provide organizational risk mitigation, oversight for multiple and dynamic relationships as well as security intelligence for online and cloud services, networks, servers, telecommunication, messaging, databases, firewalls, mobile device management, endpoints, web services, authentication, packaged applications, storage and threat detection and mitigation.
The ICC Management Committee approved an R&D fund for promising and innovative projects over the course of 2017. One of the two selected was a Proof of Concept (POC) for a Security Operations Centre.
ICC ran this POC as a project over the course of 2017-2018, with ICC staff and resources – and UN Women provided a test environment. The POC is complete, with UN Women continuing the services, and the SOC service ready for business for prospective Clients.
The SOC project established computer forensic capabilities within ICC by identifying skills and resources to leverage for Client or Partner Organization support in conducting security incident response and computer forensic investigation and to establish a UN Computer Emergency Response Team (CERT) through which UN Agencies can support each other in case of an incident.
The new SOC and SIEM services complement existing information security services portfolio with services like Common Secure Threat Intel Network, Information Security Governance services, penetration testing SWIFT assessments and ICT Security Operations services.
Benefits for Clients include minimizing operational and reputation impact by improving the capability to detect and respond to information security incidents in a timely manner, protecting critical information assets by managing threats in a proactive, timely and consistent manner and improving investment and risk management decisions by providing regular metrics for management review.
The SOC provides support for cloud solutions such as Microsoft SaaS (Office365, SharePoint Online and OneDrive), Azure Windows Defender Advanced Threat Protection and Advanced Threat Analytics.
Sample SOC dashboard
Additional SOC Benefits
• Managed by experts from various information security and technology areas • Flexible and proactive approach to multiple disciplines of ICT security • Adherence to maintaining the UN immunities and privileges • Leveraged intelligence from Common Secure and other monitoring and reporting feeds from vendors • Deployment of shared resources to serve Clients and provide economies of scale • Improvement of security incident detection through continuous monitoring and analysis of data activity • Dedicated experts with cyber security certifications and experience with United Nations networks and processes.
Additional SIEM Benefits
• High value from investment in security technology • Comprehensive and efficient reporting • Reduced capital and operational costs • Reduced risk of noncompliance • Broader agency support for information security • Early detection of security incidents.
SOC Technology and Operations platforms
Project objectives included developing ICC capabilities (processes and human resources) for the operations of a tiered Security Operations Centre with security monitoring with real-time monitoring, proactive hunting, and event validation and triage. Incident Response includes incident investigations, digital forensics, and malware analysis as well as threat Intelligence including early warnings, countermeasures and recommendations.
The Security Operations Centre pilot lasted one month with 4 full-time dedicated and shared human resources. The pilot developed and adopted processes and procedures for the management of security events and incidents with UN Women systems (Infrastructure, Platform and Applications) as pilot user.
Services and Features
Common Secure SOC services include security monitoring including real-time monitoring, proactive hunting, event validation and triage, incident response including incident investigations, digital forensics, and malware analysis. It also includes threat intelligence including early warnings/countermeasures and recommendations.
Features include centralized security operations and incident response, anomaly detection and misconfiguration fixes, IIS misconfiguration fixes, SQL automated services and firewall NTP misconfiguration fixes. They also include a risk-based approach for alerts, an overview of user activity, firewall configuration and traffic overviews as well as asset and vulnerability overviews.
How it works: from detection through qualification, assigning and response