Mission-driven Cyber Security – A UNICEF, UN Women and UNICC Event

14 November, 2018

...
Photo: UNICC
Joint agency workshop on information protection and data privacy

​Speakers Kadiatou Sall-Beye (ITU), Soren Thomassen (UN Women), Aldo Gomera (PAHO), Diana Rusu (UN Women) and Mila Romanoff (UN Global Pulse)

UNICEF, UN Women and UNICC hosted an all-day information security best practices workshop on October 29, 9:00-5:00 p.m. with the idea that cybersecurity can be a driver of programme delivery in a UN Agency, rather than an afterthought. Cybersecurity can be central to the new UN Strategy on New Technologies and central to an Agency’s core mission and mandate. A strong cybersecurity strategy fuels agency innovation and growth. It reduces costs and lowers risks, while also making Agencies more efficient and inventive. It helps with the development of digital offerings and business models that help Agencies win. It helps with the development of digital offerings and business models that help Agencies win. It is central to information protection and data privacy. There were forty participants from UN Women, UNICEF, UNICC, UNJSPF, IMD and UNFPA.

UNICC’s roles included assisting UNICEF with the facilitation and setup of the event, as well as three presentations (from Tima Soni, Nitesh Kudva and Tom Beulens – see below).

Today’s rapid digital and technological transformations have brought us to another critical moment. They inspire hope of immense benefits that can elevate the human condition everywhere.
UN Secretary-General Antonio Guterres, Strategy on New Technologies

Challenges and opportunities abound – data privacy and information protection remain paramount. Cyber security is a mission-enabler. Investments in digital business solutions and innovation require oversight, an enterprise outlook, with a view to integration points and security risk mitigation. Bring IT into the light through best practices by embedding security standards in programme delivery.

Description/goals: This will be an all-day workshop sponsored by UNICEF, UN Women and UNICC on the role of cyber security and information protection and data privacy best practices in delivering on organizational missions and mandates. The goal is knowledge sharing between CISOs, business units and stakeholders to highlight successes and discuss current challenges.

Venue: UN Women HQ, 220 East 42nd Street, New York, NY 10017, 19th floor, 9-5 pm (+/- 50 people)
Participants: UN Agency stakeholders in security; CIOs and CISOs, procurement management, information security and ICT management personnel, programme staff, etc. including NY-based UN Agencies: UNICEF; UNICC; UN Women; UNFPA; UNJSPF, PAHO, ITU, UNFCU, IMD, etc.

Speakers:

  • Soren Thomassen Chief, Information Systems and Telecommunications, UN Women
  • Chris Larsson Chief, Deputy Director of Strategy, Risk Management and Governance, UNICEF
  • Jorge Torres, Chief, IT Security, UNICEF
  • Mila Romanoff, Legal and Privacy Specialist, UN Global Pulse
  • Aldo Gomera, Information Security Officer, PAHO
  • Kadiatou Sall-Beye, Project Officer, LDCs, ITU
  • Diana Rusu, Innovation and Knowledge Management for Women’s Economic Empowerment, UN Women

Panel: Speakers above plus:

  •    Tima Soni, Chief Information Security Officer, UN Women

Panel Moderator: Chris Larsson Deputy Director of Strategy, Risk Management and Governance, UNICEF

Afternoon Workshop Speakers above plus:

  • Tom Buelens, Information Security Specialist, UNICEF (from UNICC)
  • Nitesh Kudva, Information Security Specialist, UN Women (from UNICC)

Summary:  The goal of the UN Secretary-General’s Strategy on New Technologies is to define how the United Nations system will support the use of technology to accelerate the achievement of the 2030 Sustainable Development Agenda. Cyber Security can be a natural partner to help get this right.

This workshop highlighted what UN Agencies have been up to on this front. Over recent years UN Women, UNICEF and UNICC (as well as UNDP, PAHO, IMF and others) have gone through significant changes in their ICT delivery model and cyber security postures. These have led to streamlined, secure and cost-effective solutions with an increased awareness of IT process improvement as well as a cultural shift towards IT as a service to the organization. Programme staff, solutions centre resources, business relationship managers, procurement, legal, and ICT stakeholders can learn a lot about optimising their delivery of the work these organizations deliver.

  • Aligning organizational operations and Information/cyber security:
  • Information protection and data privacy
  • Advancing organizational mandates with strong cyber security framework
  • Aligning cyber security to organizational mandates
  • Aligning IT/Information Security with procurement of ICT services/solutions procurement
  • Capturing and classifying assets. A waste-of-time and an Investment
  • Security Assurance Testing and Reviews
  • Business driven Risk Management
  • Operationalisation
  • Striking a balance with internal and external resources
  • Pressures, pain points and organizational challenges
  • ISO YES or ISO NO.

Sessions included:

  • Welcome Soren Thomassen
  • Opening Chris Larsson and Jorge Torres
  • Data for Humanitarian Action: a Legal Perspective – Mila Romanoff
  • Innovation and Security for Women’s Economic Empowerment – Diana Rusu
  • PAHO’s Cyber Security Innovations – Aldo Gomera
  • ITU’s Cyber Security Innovations – Kadiatou Sall-Beye.

Panel of Experts with Moderator: Chris Larsson – Speakers and Tima Soni

  • Information Protection and Data Privacy – Jorge Torres and Mila Romanoff
  • Women in Security in Developing Nations – Tima Soni
  • Cyber Security, Agile Development and Procurement – Jorge Torres
  • Meet Classi – Capturing and Classifying Assets  – Tom Buelens
  • PAHO Microsoft Security Cloud Services – Aldo Gomera
  • UNICC-UN Women Security Operations Centre Pilot – Nitesh Kudva
  • Discussion and Wrap-up Chris Larsson, Jorge Torres and Soren Thomassen.