Information Security for the UN Family

A hub for UN family cyber security services

​​More than an isolated growth spurt, ICC information security services is seeing sustained growth as UN and other organizations see the value in risk mitigation and information security preparedness. ICC now has over 15 Clients in this area and a growing list of subscribers as well as a global team of 10 experts working on various aspects of infosec, all in just a year and a half.

Industry Trends

Gartner reports that consumption of information security products and services rose by more than 7% last year and it continues to grow, with a rising awareness about the impact of security incidents and an evolving regulatory landscape, including the EU General Data Protection Regulation (GDPR) going into effect in 2018.

Improving security is not just about new technologies. Recent incidents remind us that delivering the basics has never been more important.

Organizations can improve their security posture significantly by addressing security and risk-related hygiene through good governance, threat intelligence networking, security event management and professional incident response, vulnerability and penetration testing, centralized log management, internal network segmentation, backups and system hardening, not to mention information security awareness for business stakeholders.

ICC’s Infosec Services

ICC’s information security services are growing at a rate that far surpasses the market rate, with over 15 Client and Partner Organizations consuming one or more information security services.

ICC’s Clients today include ADB, CTBTO, GGGI, IAEA, ICAO, ICJ, IMO, ITU, OCHA, PAHO, UNCTAD, UNDP, UNHCR, UNICEF, UNJSPF, UNRWA, UN Women, WFP, WHO and WMO.

ICC delivers a simple and value-added, end-to-end set of services to protect your fortress, your users and their data, from cloud security assessments to CISO-as-a-Service (this is governance support).

Common Secure went live in November with five subscribers. The Common Secure programme has been building an information security sharing service available by subscription to the UN family and friends.Common Secure continuously uncovers and monitors actionable information security threats and shares this information iteratively, with an aggregated monthly update in the following areas:

  • Announcements and awareness
  • Collective Intelligence
  • Threats and Vulnerabilities
  • Incidents
  • Credential theft.

The Infosec team has also grown to ten members over the past year. Its activities align to Information Security standards and practices (ISO 27001:2013 and ISAE 3402 Type 2).

ICC team members have CISM, CCISO, CRISC, CISSP, GCPM, CSSLP, GWAPT, GCIH, GFCA, CCPA, Certified Ethical Hacker (CEH) and COBIT Foundation certifications, as well as ITIL Intermediate, Prince2 Practitioner and TOGAF 9.1.ICC was well represented at the recent UN IS-Special Interest Group (January 29-31 2018) in New York facilitating sessions and presenting as well as participating in follow-up work groups.

As early as 2012, the ICT Network of the United Nations Chief Executives Board recommended an inter-Agency approach to information security response to the High-Level Committee on Management (HLCM). The ICT Network determined that a collective approach would provide a valuable service to the UN family, as cyber threats intensified worldwide. With their endorsement in subsequent meetings, the HLCM has ratified the “establishment of a UN cross-organizational Computer Incident Response Team” as part of its 2013-2016 Strategic Plan Results Framework.

UNICC, with a mandate from the ICT Network, has taken on the task to build a cyber-information sharing service launching in 2017 (by subscription), available to the UN family of organizations.
Value added benefits include:

  • Communicate quickly and informally with relevant UN peers directly about cyber threats
  • Multi-lingual user awareness campaign materials
  • Access to a library for best practices and research in information security implementation
  • Vet vendors to protect infosec community reputation
  • Aggregate threat information across the UN system to improve overall situational awareness for the benefit of all members.

ICC’s information security services, including Common Secure, offer continuous, reliable and timely information security protections and controls, including gathering critical cyber information from Partner members, commercial security firms, service providers, federal, state and local government agencies, law enforcement and other trusted resources. ICC is committed to maintaining appropriate levels of information security, pursuing a number of relevant certifications and independent audits based on international standards, including ISO 27001:2015 and ISAE 3402.

These services help to strengthen relationships with the cyber community at large on behalf of United Nations organizations and to foster a reputation for excellence. ICC is uniquely positioned to quickly disseminate cyber threat alerts and other critical information to organizations across the world.

ICC is a 2017 CSO50 Information Security award winner. It has partnerships with the Center for Internet Security (CIS), a forward-thinking, non-profit entity that harnesses the power of a global IT community to safeguard private and public organizations against cyber threats and the Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.

In addition, ICC is an alliance member in the ID 2020 programme to bring global digital identity befits to people across the globe.

For more information please reach out to business@unicc.org.