UNICEF Information Security Services Programme

18 October, 2017

...
Photo: ICC/Fernandes

As international cyber threats continue to dominate the news, UNICEF, with UNICC’s assistance, is committed to extend and communicate its information security services.

Confidentiality, integrity and availability

“The next steps of our journey will depend on our willingness to adapt to the changing world around us… to infuse equity throughout our programmes and the post-2015 targets… and to find new ways to realize the rights – and brighten the futures – of the most disadvantaged children around the world”.
Anthony Lake, Executive Director, UNICEF

The UNICEF Strategic Plan sets out a roadmap to better deliver what UNICEF does so well across 190 countries and territories – defending the rights of children for every child, hope, a safe home, laughter, an education, play, a future, love, clean water, childhood, a voice and a fair chance.

Fundamental to these goals is a high level of organizational efficiency and effectiveness … through sound implementation strategies based on UNICEF’s comparative advantage in achieving results for children and through sound management practices and operational excellence based on clear principles, achievement of concrete results, accountability and transparency.

This requires skilled digital business support and a strong information security programme. As UNICEF staff and partners work in an online world, protecting UNICEF’s digital business and information and ICT assets means effective information security.

As international cyber threats continue to dominate the news, UNICEF is committed to extend and communicate its information security services. Working internally with its ICT team, UNICEF has partnered with UNICC for an effective and user-friendly information security services programme.

UNICC is providing UNICEF services to support their Information Security services portfolio which Jorge Torres, Chief Information Security Officer at UNICEF, developed over the years and supported by Chief of IT, Daniel Couture.

These service offerings provide skilled security specialists that focus on security testing and vulnerability/risk management, incident response, security awareness, as well as developing and implementing an Information Security programme based on ISO 27000 information security standards.. To meet the growing demands of the information security program, UNICEF partnered with UNICC, in 2017, to bridge the gap between internal “client” demands and existing resource limitations.

This has been an ongoing 2017 project – just as this year UNICC has received a 2017 CSO50 award for its Information Security Continuous Security Improvement Suite (CSI) for its United Nations Partner Organizations and to meet the needs of the UN’s cyber security strategic goals concerning growing cyber threats.

To meet the growing demands of the security program, UNICEF partnered with UNICC, in 2017, to bridge the gap between internal “client” demands and exiting resource limitations. As part of UNICEF’s commitment to information protection, data privacy and continued focus on operational effectiveness, 2017 became the year to move UNICEF’s security program “to the next level”.

This ambitious endeavor required that UNICEF partner with an organization positioned to support their service portfolio, but with a good understanding of the UN culture. This led UNICEF to UNICC, which provides IT solutions across the UN family.

As part of the first phase of 2017 programme three major millstones are planned for October – the introduction of Nico, an information security animation developed by UNICEF and a third party; the launch of the online UNICEF Information Security Awareness Training course, which UNICC provided supported in its modification and An Inter-Agency Cyber Security event, 25 October 2017, called ‘Women and Children First” . This programme, according to the programme mandates of UNICEF, will work to include UNICEF staff in programme areas that work with protecting children online, aligning privacy measures, data protection, information assets with the business in the best possible ways in supporting children’s rights.

UNICEF Information Security Programme Framework (ongoing)

  • Information Security Programme Plan: UNICC, in partnership with UNICEF, is delivering an analysis and implementation plan to bring UNICEF’s Information Security programme to the next level.
  • Information Security Baseline Assessment: This assessment looks at current UNICEF practices and controls compared to an ISO 27001 security certification alignment… with recommendations for upgrades and improvements, including new operational activities.
  • Information Security Awareness Training: This includes UNICC customised the UN Secretariat’s CBT Security Awareness Training so that it is suitable to other UN organizations. This has become the standard ICT security training for all users across UN Women globally, with:
  • Bulletins (Social Media, Phishing, Mobile Device, 2FA, Ransomware, etc.)
  • Posters
  • Women and Children First: A Joint United Nations Cyber Security Event 25 October 2017Campaigns and Exercises (Phishing, etc.)
  • Guidelines and Procedures – An UNICEF Information Security Policy will be published this year together with the aligned standards such as the UNICEF Information Security Policy: Asset and Access Management.