ESCAP trained by UN InfoSec on staying cyber safe

Tuesday, 15 August 2017

The recent global – and, in some cases, catastrophic - ransomware attacks (Petya and WannaCry) have reinforced just how vulnerable organizations like the UN are to cyber-attacks.

The Department of Management (DM) is committed to implementing the information security measures needed to maintain global UN operations. The Department’s Office of Information and Communications Technology (OICT) is executing the United Nations’ 10-point action plan on information security, which includes the development of a mandatory information security awareness training course.

The mandatory InfoSec training course gives all UN staff and authorized ICT users the fundamental tools and knowledge to stay cyber safe. Take the mandatory course to become more familiar with information security (also known as InfoSec) related topics. The e-course has been shared with partner organisations including FAO, IAEA, ITU, OSCE, UNOPS, and UNRWA. 

As part of DM’s efforts to increase preparedness on information security, Thomas Braun, Chief of the Global Security & Architecture Section in OICT, visited the Economic and Social Commission for Asia and the Pacific (ESCAP) in late June. Mr. Braun sits on the Information Security Special Interest Group, which shares best practices, alerts and other data across the UN system.

Braun presented on information security, including the latest events and developments, shared practical tips, and answered questions. Participants included staff and consultants from the Secretariat, as well as agencies, funds, and programmes.

He also presented to the participants of the fuel management conference and conducted specialized InfoSec training for IT developers involved in application development at the Enterprise Application Centre in Bangkok (EAC-BKK).

This intensive training had sessions on cryptography, web application security risks, and UN information security policies. It was designed to ensure developers are equipped to confront security issues and threats that specifically affect software and web application development.