게시글 보기
(WP2) Network and Information Security Workshop
Date
2018-06-20
Hit
1001

 

 

Network and Information Security Workshop

 

9-13 October, Thimphu, Bhutan

 

Participants:

System/network administrators and IT managers from universities and research organisations in Bhutan (52 participants)

 

Lead organisation:

Bhutan Computer Incident Response Team ( BtCIRT ), Department of IT and Telecom (DITT), Ministry of Information and Communications ( MoIC )

Website: https://www.btcirt.bt/ / https://www.dit.gov.bt/

 

Objective:

- To introduce information security skills and measures to combat cyber threats

- To help the participants further strengthen their networks through adoption of correct measures

- To be able to audit their systems and implement all relevant measures accordingly to keep cybersecurity threats at bay

 

Approach:

The Capacity Development Training Program is important for IT engineers and administrators, especially in emerging countries/economies. In September 2015, TEIN*CC provided the “Campus Network Design & Operations and Linux System Administration” workshopduring the TEIN4 project phase , and it was successfully completed by 90 participants from various research and education institutes. However, the aspect of information security did not feature highly on the agenda, partly because most of the efforts had been focusing on the development of the infrastructure itself. Hence a capacity development program was organised for the network administrators and IT managers to provide practical skills and advance knowledge in the field of network security.

 

Program:

The five-day workshop gave participants ample opportunities to familiarize themselves with and to consolidate their expertise in hardening their systems. The experienced network security experts from APNIC delivered lectures and showed practical skills. The workshop also looked at some handy tools that the system owners can equip themselves with. Enthusiastic and engaging discussions on policies and key concepts related to cybersecurity contributed to providing much-needed focus on how to sustain and maintain safety in the cyber environment down the line. The sessions provided information and insights into notorious attacks and countermeasures to prevent or withstand them with good examples. The workshop came to an end after five memorable days with most participants expressing their satisfaction with positive feedback.

 

Impact:

Today, more sophisticated, powerful and easy-to-use tools to launch attacks are freely available on the Internet that has made system/network administrators’ jobs more challenging to implement equally effective defense systems. It is even more challenging for Bhutan where cybersecurity is still in its infant stage. In order to address these skills gap, workshop was conducted with the intend to cover best practices on all theoretical and practical aspects related to network and system security. The content covered various topics such as authentication, access control, availability, integrity, privacy, confidentiality, and trustworthiness.

The workshop was instrumental and timely to enhance their overall knowledge and practical skills in the area of network and system security. It also helped the participants to gain latest know-how(s) on cyber threats, and acquire the necessary skills to prevent and respond to these threats. As most of the tools introduced during the workshop were free tools, the participants were able to immediately use them without any financial implications. To some extent, part of knowledge and skills gained during the workshop were imparted to colleagues and students back in the universities.

 

Voices from the fields:

Video clip: https://www.youtube.com/watch?v=xw4hfKFHzKM

 

Jeevan Gurung

(ICT Unit, College of Science and Technology)

 

·        What is your role at your office and what challenges do you face in your job?

 

         I am the ICTO of the college. I am responsible for overlooking systems and Networks of the college as well as planning the infrastructures upgradation.

 

·        What made you sign up for this workshop?

 

         I signed up for the workshop as security is a major issue in the IT field. Since we are working in silos in the college, we hardly get to explore this area due to the workload. When we are able to look up on these, we are not able to make a judgement as to which tools/industry practices (especially open source tools) are best suited for our workplace. 

 

·        Did the training live up to your expectations? 8 months on from the workshop, have you had a chance to put the acquired know-how into practice in your day-to-day job?

 

         I managed to get a look at the security loopholes we had in our workplace and the required steps we had to make. We are working on it right now. We were not able to implement all the tools due to the existing setup and intend to continue to do so when implementing new systems and in our planning’s. 

 

·        What difference this workshop make you and your institution when you returned from the workshop – any examples?

 

         We could implement the best practices in some of the existing systems. Example would be the structured network we implemented in few areas and the planning we are doing. We intend to include in the future plans as well as the policies we are working on.

 

·        What would be on top of your wish list for a training workshop in the future?

 

          I wish we had more time to do hands-on practices and work in a group. If possible setup a proper lab to get the optimum/best idea. If more topics related to real life issues in Bhutan were also covered, this would give us broader idea as well as boost our confidence.

 

 

Ugyen Namgyel

(Lecturer in the Jigme Namgyel Engneering College)

 

·        What is your role at your office and what challenges do you face in your job?

          Lecturer (Teaching Students of Computer System and Network)

         Also I am currently looking after the department besides teaching.

 

·        What made you sign up for this workshop?

         In fact the workshop was intended for ICT officials, I have signed in on personal request upon finding the workshop relevant to the module that we deliver to the students of computer system and network (i.e. Information Security Management Module). 

 

·        Did the training live up to your expectations? 8 months on from the workshop, have you had a chance to put the acquired know-how into practice in your day-to-day job?

         The workshop training was extremely helpful in terms of teaching learning purpose. Immediately upon the return from the workshop I could share with Colleagues in the department and also teach the same content to the second year students since I was teaching the module information security and network management and monitoring.

 

·       What difference this workshop make you and your institution when you returned from the workshop – any examples?

         It definitely helped in imparting the current practices of network security to students besides. And I did talk to colleagues on its importance and to attend similar kind of PD programmes as it was directly related to the programme delivery in the College.

 

·        What would be on top of your wish list for a training workshop in the future?

          I am very much looking forward for similar kind of teaching in advanced network security, cryptography, cloud computing and virtualization technology with much hands on practice with live demos.