Regulatory, Policy and Legisla4ve Issues in Countering Cyber Crimes

Transcription

1 Regulatory, Policy and Legisla4ve Issues in Countering Cyber Crimes Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical

2 In Brief Career spanning 20 years beginning with various telecommunicahons and IT roles in finance, energy and manufacturing sectors, leading to 13 years at TelecommunicaHon Services of Trinidad & Tobago (TSTT), primarily working in IT roles with security focus In 2013, a>ained M.Sc. InformaHon Security from University College London (UCL), UK. Then formed Pinaka Technology SoluHons to assist organizahon with their strategic ICT and InformaHon Security needs. Adjunct Lecturer, University of West Indies, Arthur Lok Jack School of Business: Masters, InformaHon Systems & Technology Management: InformaHon Security, Ethics & Law Visit website, for addihonal informahon on services, workshops, publicahons

3

4 Upcoming Follow- up to this workshop being proposed for Trinidad & Tobago, April 2017

5 Agenda LegislaHon vs. Technical controls Mobile Money vulnerabilihes Financial Services in US regulahons UK Cyber Security EssenHals scheme Caribbean Cyber Security Ecosystem

6 Protec4on vs. Legisla4on Roberto Arbelaez, Chief Security Advisor for the Americas, Microso[, noted that legislahve efforts to protect against Cyber- crime, promote Cyber- security and provide threat of prosecuhon may not be an effechve deterrent to curb a>acks. He further noted that the lack of technical controls and protechon of assets makes the Caribbean region an a>rachve deshnahon of choice for a>ackers. Anthony Teelucksingh, Senior Counsel at U.S. Department of JusHce, countered that both technical controls and legislahon are equally important tools in the arsenal against Cyber- crime.

7 Security by Design & QA Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking ApplicaHons in the Developing World, cast some doubt on security of some mobile banking apps cihng 28 significant vulnerabilihes across seven applicahons With an defined push towards app development within Caribbean must come the sensihzahon for security by design and proper quality assurance

8 Alterna4vely

9 NY Cyber Security for FSS Cyber Security Programme IdenHfy internal and external cyber risks; ensure confidenhality of non- public informahon at a minimum Use defensive infrastructure and implementahon of policies and procedures to protect IS Detect Cyber Security Events Respond to Cyber Security Events; mihgate against negahve outcome Recover from Cyber Security Events Fulfill regulatory reporhng obligahons

10 NY Cyber Security for FSS

11 NY Cyber Security for FSS

12

13 UK Cyber Essen4als Scheme MiHgaHng against the following: Phishing: malware infechon through users clicking on malicious e- mail a>achments or website links. Hacking: exploitahon of known vulnerabilihes in Internet connected servers and devices using widely available tools and techniques.

14 CSMII A n t h o n y M i n g (Commonwealth Secretariat) declared cyber security awareness and basics cyber hygiene were recurring deficiencies uncovered in the various needs assessments exercises 3 out of 5 representahves menhoned the lack of university graduates with cyber security training as a challenge

15 Cyber Security Ecosystem Caribbean nahons cannot tackle cybercrime on their own; they must involve, engage and encourage parhcipahon from the private sector, academia and civil society on these inihahves. This would ensure capacity building and the creahon of a cyber security ecosystem of professionals including researchers, lecturers, writers, service providers and vendors to contribute towards local and regional protechon.

16 Regulatory, Policy and Legisla4ve Issues in Countering Cyber Crimes Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical