Day 1: Friday 22 October 2021
|
|---|
09:00 - 09:15
CET
| Welcome and Opening Remarks
- Welcome Address: Ryma Abassi, Director, ISET’com
- Introductory Remarks: Bilel Jamoussi, Chief of Study Groups Department, TSB, ITU
- Opening Remarks: Nizar Ben Néji, Minister of Communications Technologies (TBC)
|
09:15 - 10:30
CET | Panel 1: Digital finance: Cyber threat & experience sharing
- SS7 vulnerabilities: Qusai Qaryouti & Mohamed Darweesh, Adaptive Mobile [Presentation]
- Experience sharing: Haider Harragui and Sofiene Maatallah, ANSI
- Transmission of sensitive data over public Networks: Threats and Mitigation: Hassan Trabelsi, Advantio [Presentation]
|
10:30 - 11:00
CET | Coffee Break
|
11:00 - 12:15
CET | Panel 2: Digital finance security : Resiliency and Fraud Risk Mitigation
- Risk mitigation Framework: Bilel Jamoussi, Chief of Study Groups Department, TSB, ITU [Presentation]
- Pros and Cons of Blockchain Versus Traditional Payment Systems, Diane Maurice, United States Treasure [Presentation]
- Best practices (Tunisian Post, D17, banks, regulators, etc)
|
12:15 - 13:15
CET
| Training Part 1: DFS security vulnerabilities: Infrastructure vulnerabilities and mitigation measures (Mobile Infrastructure vulnerabilities)
Telecom infrastructure vulnerabilities such as SS7 can be exploited by an intruder to intercept calls and SMSs, bypass billing, steal money from mobile money accounts, or affect mobile network operations. This session presented the main findings of the Security, Infrastructure and Trust Working Group on securing the infrastructure against SS7 vulnerabilities and threats.
- Qusai Qaryouti & Mohamed Darweesh, Adaptive Mobile [Presentation ]
|
13:15 - 14:30
CET
| Lunch Break
|
14:30 - 16:00
CET | Training Part 2 : DFS security lab: Testing Android application vulnerabilities that affect DFS
This session introduced the ITU DFS security lab and highlight the vulnerabilities in Android based DFS applications. The session also provided, and an overview of the Android app security tests based on the OWASP Mobile Top 10.
- ITU DFS Security Lab: Vijay Mauree, Programme Coordinator, ITU [Presentation]
- Security audit of Android DFS applications: Arnold Kibuuka, Project Officer, ITU [Presentation]
|
16:00
CET
| Closing Remarks
|
Day 2: Saturday, 23 October 2021
|
09:00 - 10:30
CET
| Training part 3: DFS Security Assurance Framework and conducting a DFS security assessment
This session discussed the DFS security assurance framework that can be implemented by DFS providers to better manage the risks and mitigate their impact. The session also covered how a Regulator or DFS provider can assess the compliance to the minimum-security controls using the DFS audit guideline.
- DFS Security Assurance Framework, Vijay Mauree, Programme Coordinator, ITU [Presentation]
- DFS security audit guideline, Arnold Kibuuka, Project Officer, ITU [Presentation]
|
10:30 - 10:45
CET
| Coffee Break
|
10:45 - 12:30
CET
| Training part 4: DFS security lab: USSD and STK platform vulnerabilities
This session highlighted the vulnerabilities to USSD and STK and Android based applications. Threats like Man in the middle attacks, the SIM jacker vulnerability in SIM Cards were discussed. The session also provided an overview of the methodology used for performing the USSD and STK security tests at the ITU DFS Security Lab.
- Security testing for USSD and STK based DFS applications, Arnold Kibuuka, Project Officer, ITU [Presentation]
|
12:30
CET
| Certificate Awarding & Closing
|