Crisis Management Plan
|
|
- Mitchell Chase
- 5 years ago
- Views:
Transcription
1 Crisis Management Plan for countering Cyber Attacks and Cyber Terrorism Department of Information Technology Ministry of Communications and Information Technology Government of India
2 Cyber Security Agenda Influencing Factors Cyber Security Agenda
3 In security matters, there is nothing like absolute security We are only trying to build comfort levels, because security costs money and lack of it costs much more Comfort level is a manifestation of efforts as well as a realization of their effectiveness & limitations
4 Cyber threats and concerns International level National level Organisational level Individual level Cyber crime & cyber terrorism Deliberate and anonymous use of ICTs for attacks on critical Infrastructure Unhindered growth of botnets Absence of international mechanism to facilitate information sharing & counter action Risk of attack misperception due to uncertainty of positive attack attribution Cyber crime & terrorism Attacks on Critical Infrastructure Web defacements Website intrusion and malware propagation Malicious Code & spread of botnets Scanning and probing for Cyber espionage Denial of Service & Distributed Denial of Service attacks Supply chain integrity Technical & legal inability for positive attack attribution Website intrusion/ defacement Domain stalking Malicious Code Scanning and probing Denial of Service & Distributed Denial of Service Targeted attacks Phishing Data theft Insider threats Financial frauds Social Engineering hacking & misuse Identity theft & phishing Financial scams Abuse through s Abuse through Social Networking sites Laptop theft
5 Security of Cyber Space - Stakeholders NIB NSCS NCMC MHA MOD DIT DOT NIIPC NDMA NIC STQC CCA CERT-In Sectoral CERTS of key critical sectors TSP/ISPs Incident response teams of critical sector organisations (CSIRTs) General user community
6 Actions for Cyber Security Perspectives for effective security of cyber space Strategic Legal Protection Crisis response and resolution Compliance Education & Awareness Enforcement perspective Collaboration Data Security and Privacy Level Actions Impact Government level Critical Sector level ISP/TSP level Professional level Technical level Individual level International level Security Strategy, ICT policies & laws, CMP, Assurance framework CMP, Security Policy, Drills, TVM Threat monitoring, Rapid response, preventive & quarantine Security skills and competence Honey pots, sensors, intrusion detectors, traffic scanning, etc. Awareness campaign, trainings, security messaging UNGGE, CSCAP, Trusted Computing, ITU Enabler for security, compliance & assurance, adequacy of investment Posture improvement, enhancing capability to detect & resist attacks Prevention of occurrence & reoccurrence of attacks Adequacy of skills & competence for cyber security Actionable security intelligence for proactive & preventive actions Enhanced user awareness, responsible behavior & actions Security ecosystem through a set of cooperative & collaborative actions
7 Crisis Management & Emergency Response - Role of CERT Level Actions Impact CERT- Agency for incident response Incident prevention Alert, advice, MoU, & collaboration Timely alert for preventive & proactive actions Collection, analysis & dissemination of information Forecast and alerts of incidents Incident prediction Response & recovery assistance Honey pots, sensors, filters, etc Helpdesk, incident tracking mechanism Tailored advice for specific actions by critical sector Incident reporting, assistance, knowledge repository Emergency measures for incident handling Coordination of response activities Guidelines, advisories, vulnerability notes, research/white papers & practices Crisis mgmt & emergency response Policy & assurance framework Investigation, analysis & forensic CMP implementation & drill Policy, best practices, audits & assessments Forensic support, pattern analysis, LEA support Improved readiness of critical sectors Improved security posture, assurance over minimal security baseline Investigation support, speedier trial of criminal cases Training & awareness Training of security professionals Better preparedness, adequacy & sufficiency of competence
8 Cyber Security Force multiplier effect Test bed security posture Verification Of critical sectors against latest threats Test bed for cyber security drills & empanelment support Conformity assessment framework ISO ISMS Process /system certification Technical security compliance verification Empanelment of IT Security auditing organizations ISO IT Product security Testing Security manpower training And qualification 4 Training and Skill Development (PPP model) Cyber Forensic LEA Short Term courses Creation of skills? Awareness (PPP Model) 6 Security cooperation with industry(nasscom 3 and other such agencies Skill development & Mass education Security portals & E-forums Security survey & Research Security cooperation & partnership With industry Reporting & analysis Of incidents Awareness How do we reach all? Are we doing right? Enabling Trust through Cyber security Assurance 1 Cyber Laws IT Act compliance and enforcement 2 Security compliance support and research & development 5 CERT-IN : Enabling protection & Resistance to cyber attacks thro Security incident prediction, IT Act 43A compliance Requirement on data security & privacy protection Compliance guidelines & standards 70B, 70, 70A Annual compliance & reporting Core and thrust areas Development of tools ISMS implementation and compliance Assessment tool development & deployment What need to be done? How do we implement ISMS? MoU with vendors & other CERTs Crisis management & emergency response Info sharing & international Co-operation Tech security guidelines, alerts, advices Mitigation Cyber incidents Auditing Security training, security tools portal Are we safe? What if something goes wrong?
9 Crisis Management & Emergency Response Crisis Security Crisis A situation wherein security characters of information are compromised as a result of a failure of an IT system or network of IT systems, due to technical reasons, intentional acts or negligence, leading to consequences that may threaten lives, economy and national security. Cyber security crisis may be triggered by attacks on Individual IT systems Simultaneously on multiple IT systems IT networks in a single or multiple organisations, states or entire nation from within or outside the country
10 Crisis Management & Emergency Response Crisis management & Emergency response is a set of actions aimed at rapid response & remedial measures and recovery & restoration of normalcy in the event of a build-up or emergence of a crisis. These actions include: Containment of crisis Communication to all concerned and Coordination of efforts that can facilitate Adequate & swift response in a timely manner Business continuity to maintain availability of minimum essential services/activities in accordance with international best practices and industry accepted standards Detailed analysis of the crisis event, initiation of appropriate disaster recovery measures and return to normalcy at the earliest Learning from the crisis
11 Crisis Management & Emergency Response Strategic issues in effective Crisis management & emergency response: Implementation of appropriate measures to reduce the likelihood of occurrence or recurrence of incidents and/or reduce the potential effects of those incidents Taking due account of the resilience and mitigation measures Providing continuity for critical services during and following an incident The effectiveness of above actions depends on a range of factors such as: The maximum tolerable period of disruption of a critical activity The costs of implementing a strategy and Consequences of inaction (business impact analysis aided by risk assessment)
12 Crisis Management & Emergency Response Crisis management and emergency response involves actions at two levels: Actions within an organisation the point of action where the crisis has occurred (as part of due diligence and fulfillment of its business objectives, legal and commercial obligations) Actions beyond an organisation the point of coordination between multiple agencies & stakeholders (in view of public safety, economic order and national security) Actions within an organisation are of three types: Putting in place systems and procedures in the form of a crisis management plan in accordance with accepted international best practices Ensuring complete alignment with the National Crisis Management Plan prepared by CERT-In/DIT for countering cyber attacks and cyber terrorism Implementing the crisis management plan, verifying workability through tests & mock drills and demonstrating compliance
13 National Crisis Management Plan - Purpose To ensure that interruption or manipulations of critical functions/services in critical sector organisations are brief, infrequent and manageable and cause least possible damage To enable respective administrative Ministries/Departments to draw-up their own contingency plans in line with Crisis Management Plan for countering cyber attacks and cyber terrorism, equip themselves suitably for implementation, implement, supervise implementation and ensure compliance among all the organisational units (both public & private) within their domain. To assist oranisations to put in place mechanisms to effectively deal with cyber security crisis and be able to pin point responsibilities and accountabilities right down to individual level
14 National Crisis Management Plan - Mandate Ministries/Departments of Central Govt., State Govts. and Union Territories to draw-up their own sectoral Crisis Management Plans in line with the Crisis Management Plan for Countering Cyber attacks and Cyber Terrorism Equip themselves suitably for implementation, implement, supervise implementation and ensure compliance among all the organizational units (both public & private) within their domain Implement the sectoral Crisis Management Plan DIT to conduct mock drills with Ministries/organisations DIT to seek necessary compliance information on implementation of the sectoral Crisis Management Plan from all the organizational units of the Ministries/Departments of Central Government, State Governments and Union Territories on a regular basis and apprise the NCMC of progress
15 Structure of Crisis Management Plan The structure of Crisis Management Plan for countering Cyber Terrorism has five sections dealing with the following: Concept of Crisis Management Plan Nature of cyber crisis Incident prevention measures Crisis recognition mitigation and management Incident closure and information sharing In addition, the document contains guidelines on: Implementing Information Security Management System (ISMS) Incident Response Activities in first hour and first 24 hours Crisis Management and Security of Critical Infrastructure
16 Cyber Attacks - Levels of concern Threat Level Level 1 Guarded Scope: Individual Organisation Condition Large scale attacks on the IT infrastructure of an organisation Level 2 Elevated Scope: Multiple Organisations Simultaneous large scale attacks onto IT infrastructure of multiple organisations Level 3 Heightened Scope: State/Multiple States Level 4 Serious Scope: Entire Nation Cyber attacks on infrastructure of critical sector and Government across a state or multiple states Cyber attacks on infrastructure of critical sector and Government across the nation.
17 How can we work together for effective Crisis Management
18 CERT-In Work Process Detection Analysis Dissemination & Support Department of Information Technology ISP Hot Liners Major ISPs Foreign partners Private Sectors Home Users Analysis Detect Dissemination Press & TV / Radio Recovery
19 Crisis Management & Emergency Response Effective Crisis management & emergency response in an organisation depends on: Proactive security incident preventive actions in the form of implementation of Information Security management System (ISMS) as per ISO standard Proactive monitoring of network assets and traffic for any visible signs of changes from normal situation Being in continuous touch with CERT-In/NTRO/IDS(DIARA) to receive actionable cyber security alerts and advice
20 Crisis Management & Emergency Response Organisations can make effective use of CERT-In supportive initiatives such as: Empanelment of IT security auditors to verify effective implementation of technical, managerial and operational security controls Remote security profiling services to know their security posture and enhance their ability to resist cyber attacks Participating in the Cyber Security drills Proactive and timely security alerts and advices to remain fully updated with regard to possible virus/worm infections, latest security patch status and workarounds for zero-day exploits
21 Cyber Security Drills Expected Actions Secure Monitor Detect Defend Report Mitigate Recover
22 Security Assurance Ladder Security assurance emphasis depends on the kind of environment Low risk : Awareness know your security concerns and follow best practices Medium risk: Awareness & Action Proactive strategies leave you better prepared to handle security threats and incidents High risk: Awareness, Action and Assurance Since security failures could be disastrous and may lead to unaffordable consequences, assurance (basis of trust & confidence) that the security controls work when needed most is essential.
23 Crisis Management & Emergency Response Organisations can help CERT-In in securing the cyber space by: Duly reporting security incidents and sharing all relevant information that can support real-time incident analysis & rapid response Collaborating with CERT-In to keep a watch on cyber space to look for malicious traffic, virus/worm infections and visible signs of build-up or emergence DDoS attacks Regularly participating in CERT-In trainings/workshops on contemporary topics/issues to remain updated on technology and security best practices
24 Sectoral CMP Points for action Identify a member of senior management as a Point of Contact to coordinate security policy compliance efforts across the sector and interact regularly with CERT-In Establish a Sectoral Crisis Management Committee, on the lines of National Crisis Management Committee, with Secretary (in case of Central Ministries/Depts) or Chief Secretary (in case of Sates/UTs) as its Chairman and a 24x7 control room to monitor crisis situations Prepare a list of organisational units that fall under the purview of sectoral CMP and provide them with a list of action points for compliance Direct the organisational units to identify and designate a member of senior management as Chief Information Security Officer (CISO) Prepare a list of CISOs complete with up-to-date contact details Prepare a sectoral CMP on the lines of CMP of CERT-In, outlining roles, responsibilities of sectoral stakeholders, CMP coordination process Direct the organisational units to develop and implement their own CMP on the lines of CMP of CERT-In, including security best practices as per ISO and report compliance on a periodic basis
25 Organisation level CMP Points for action Identify a member of senior management as a Chief Information Security Officer (CISO) to coordinate security policy compliance efforts across the organisation and interact regularly with CERT-In and sectoral Point of Contact Establish a Crisis Management Group, on the lines of Sectoral Crisis Management Committee, with head of organisation as its Chairman Prepare a list of contact persons complete with up-to-date contact details Prepare an Organisational level CMP on the lines of CMP of CERT-In, outlining roles, responsibilities of organisational stakeholders, CMP coordination process Implement the CMP, including security best practices and specific action points as outlined below: Prepare a Security plan and implement Security control measures as per ISO and other guidelines/standards as appropriate Carry out periodic IT security risk assessments and determine acceptable level of risks, consistent with business impact assessment and criticality of business functions
26 Organisation level CMP Points for action Develop and implement a business continuity strategy and contingency plan for IT systems Develop and implement ICT disaster recovery and security incident management processes Periodically test and evaluate the adequacy and effectiveness of technical security control measures, especially after each significant change to the IT applications/systems/networks and it can include: Penetration testing (both announced and unannounced) Vulnerability assessment Application security testing Web security testing Carry out audit of information infrastructure on an annual basis and when there is a major upgradadtion/change in IT infrastructure, by an independent IT security auditing organisation (Ref. to list of CERT-In empanelled IT security auditors on CERT-In web site at Report to CERT-In cyber security incidents as and when they occur and status of cyber security periodically and take part in cyber security mock drills
27
28 Cyber Security - Final Message Failure is not when we fall down, but when we fail to get up
29 We want you Safe Thank you
Introduction. Definitions of CMP
Vol.7 No. 7 Jan-Feb, 2010 Introduction Introduction Definitions of CMP Purpose of CMP Types of Crisis Cyber Security Crisis, Possible targets and Impact Crisis Recognition, Mitigation and Management Structure
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationRFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )
Results-Framework Document (RFD) for CERT-In (-) RFD RESULTS-FRAMEWORK DOCUMENT for ICERT Department of Information Technology (-) Page 1 of 13 Results-Framework Document (RFD) for CERT-In (-) SECTION
More informationProvisional Translation
Provisional Translation Environmental Change Vision to aim as a Goal Merger and Integration of Cyberspace and Real-space [expansion/penetration, progress of the use/application, global] Increasing Serious
More informationBuilding a Resilient Security Posture for Effective Breach Prevention
SESSION ID: GPS-F03B Building a Resilient Security Posture for Effective Breach Prevention Avinash Prasad Head Managed Security Services, Tata Communications Agenda for discussion 1. Security Posture 2.
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationNATIONAL STRATEGY:- MALAYSIAN EXPERIENCE
NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE Devi Annamalai Security, Trust and Governance MCMC 28th August 2007 Hanoi. Vietnam BACKGROUND MCMC is a statutory body established under the Malaysian Communications
More informationRohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION
Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China SRI LANKA COMPUTER EMERGENCY READINESS TEAM COORDINATION CENTRE Agenda o About Sri
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More informationNATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -
NATIONAL CYBER SECURITY STRATEGY - Version 2.0 - CONTENTS SUMMARY... 3 1 INTRODUCTION... 4 2 GENERAL PRINCIPLES AND OBJECTIVES... 5 3 ACTION FRAMEWORK STRATEGIC OBJECTIVES... 6 3.1 Determining the stakeholders
More informationStakeholders Analysis
Stakeholders Analysis Introduction National Stakeholders ISP citizens CNIIP Media National CIRT Academia ONG, Public And Private Institutions sectoral CSIRTs Law enforcement 2 2 CIRT ISP A specialized
More informationNational Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director
National Cyber Security Strategy - Qatar Michael Lewis, Deputy Director 2 Coordinating a National Approach to Cybersecurity ITU Pillars of Cybersecurity as a Reference Point providing the collected best
More informationITU Regional Cybersecurity Forum for Asia-Pacific
ITU Regional Cybersecurity Forum for Asia-Pacific Incident Management Capabilities Australia Country Case Study Graham Ingram General Manager AusCERT July 2008 Copyright 2008 AusCERT Not for further distribution
More informationCOMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN
COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN 24-27 July 2016 1 CONTENT INTRODUCTION POLICY OBJECTIVES POLICY AND LEGISLATIVE PRINCIPLES CYBER SECURITY STRATEGY CHALLENGES AND OPPORTUNITIES CAPACITY BUILDING
More informationDefining Computer Security Incident Response Teams
Defining Computer Security Incident Response Teams Robin Ruefle January 2007 ABSTRACT: A computer security incident response team (CSIRT) is a concrete organizational entity (i.e., one or more staff) that
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationDr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt
Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA The African Internet Governance Forum - AfIGF2017 5 Dec 2017, Egypt Agenda Why? Threats Traditional security? What to secure?
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationRFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350
Έκδοση 1.2-2018.02.14 TLP1: WHITE 1 TLP Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationInformation Security and Cyber Security
Information Security and Cyber Security Policy NEC recognizes that it is our duty to protect the information assets entrusted to us by our customers and business partners as well as our own information
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationSpecial Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)
Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation) December 15, 2000 1. Goals of the Special Action Plan The goal of this action plan is to protect
More informationThe Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless
The Republic of Korea Executive Summary Today, cyberspace is a new horizon with endless possibilities, offering unprecedented economic and social benefits. However, on account of its open, anonymous and
More informationNEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES
NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES Kristina Doda & Aleksandar Vanchoski Budapest, CEPOL conference 2017 New technologies - new social interactions and economic development - need
More informationRESOLUTION 130 (REV. BUSAN, 2014)
RESOLUTION 130 (REV. BUSAN, 2014) Strengthening the role of ITU in building confidence and security in the use of information and communication technologies The Plenipotentiary Conference of the International
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationAre we breached? Deloitte's Cyber Threat Hunting
Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationIT SECURITY OFFICER. Department: Information Technology. Pay Range: Professional 18
Pierce County Classification Description IT SECURITY OFFICER Department: Information Technology Job Class #: 634900 Pay Range: Professional 18 FLSA: Exempt Represented: No Classification descriptions are
More informationCyber Security Incident Response Fighting Fire with Fire
Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the
More informationCyber Resilience - Protecting your Business 1
Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience - Protecting your Business 1 2 Cyber Resilience - Protecting your Business Cyber Resilience
More informationCritical Information Infrastructure Protection Law
Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia.
More informationCybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce
Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce 5-8 September 2017 Yogyakarta, Indonesia Sameer Sharma Senior Advisor ITU Digital Infrastructure for Connectivity SDGs Evolution
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationAn overview of the CERT/CC and CSIRT Community
An overview of the CERT/CC and CSIRT Community Jason A. Rafail October 2007 2007 Carnegie Mellon University Overview CERT/CC CSIRTs with National Responsibility Partnerships and Trust Training Conclusion
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationRESOLUTION 45 (Rev. Hyderabad, 2010)
212 RESOLUTION 45 (Rev. Hyderabad, 2010) The World Telecommunication Development Conference (Hyderabad, 2010), recalling a) Resolution 45 (Doha, 2006) of the World Telecommunication Development Conference
More informationEU policy on Network and Information Security & Critical Information Infrastructures Protection
EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and
More informationCyber Threat Landscape April 2013
www.pwc.co.uk Cyber Threat Landscape April 2013 Cyber Threats: Influences of the global business ecosystem Economic Industry/ Competitors Technology-led innovation has enabled business models to evolve
More informationPromoting Global Cybersecurity
Promoting Global Cybersecurity Presented to ITU-T Study Group 17 Geneva, Switzerland 6 October 2005 Robert Shaw ITU Internet Strategy and Policy Advisor ITU Strategy and Policy Unit 1 Agenda Critical Infrastructures
More informationGUIDANCE NOTE ON CYBERSECURITY
GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope
More informationTHE POWER OF TECH-SAVVY BOARDS:
THE POWER OF TECH-SAVVY BOARDS: LEADERSHIP S ROLE IN CULTIVATING CYBERSECURITY TALENT SHANNON DONAHUE DIRECTOR, INFORMATION SECURITY PRACTICES 1 IT S A RISK-BASED WORLD: THE 10 MOST CRITICAL UNCERTAINTIES
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationPackage of initiatives on Cybersecurity
Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating
More informationCyber Security in Europe
Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing
More informationDirective on security of network and information systems (NIS): State of Play
Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission
More informationRisk Advisory Academy Training Brochure
Academy Brochure 2 Academy Brochure Cyber Security Our Cyber Security trainings are focused on building your internal capacity to leverage IT related technologies more confidently and manage risk and uncertainty
More informationCIRT: Requirements and implementation
CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016 There is no globally
More informationCaribbean Cyber Security: Not Only Government s Responsibility
Caribbean Cyber Security: Not Only Government s Responsibility AWARENESS AND VIGILANCE IS EVERYBODY S RESPONSIBILITY Preseted at: ICT Symposium Antigua and Barbuda March 2017 Caribbean Cyber Security Events
More informationCritical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,
More informationCyber fraud and its impact on the NHS: How organisations can manage the risk
Cyber fraud and its impact on the NHS: How organisations can manage the risk Chair: Ann Utley, Preparation Programme Manager, NHS Providers Arno Franken, Cyber Specialist, RSM Sheila Pancholi, Partner,
More informationDefending Our Digital Density.
New Jersey Cybersecurity & Communications Integration Cell Defending Our Digital Density. @NJCybersecurity www.cyber.nj.gov NJCCIC@cyber.nj.gov The New Jersey Cybersecurity & Communications Integration
More informationJohn Snare Chair Standards Australia Committee IT/12/4
John Snare Chair Standards Australia Committee IT/12/4 ISO/IEC 27001 ISMS Management perspective Risk Management (ISO 31000) Industry Specific Standards Banking, Health, Transport, Telecommunications ISO/IEC
More informationCyber Security Technologies
1 / Cyber Security Technologies International Seminar on Cyber Security: An Action to Establish the National Cyber Security Center Lisbon, 12 th September 2013 23 / Key highlights - Thales Group Thales
More information10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
More informationA new approach to Cyber Security
A new approach to Cyber Security Feel Free kpmg.ch We believe cyber security should be about what you can do not what you can t. DRIVEN BY BUSINESS ASPIRATIONS We work with you to move your business forward.
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationSTRATEGIC PLAN. USF Emergency Management
2016-2020 STRATEGIC PLAN USF Emergency Management This page intentionally left blank. Organization Overview The Department of Emergency Management (EM) is a USF System-wide function based out of the Tampa
More informationNational Cybersecurity preparation to deal with Cyber Attacks
National Cybersecurity preparation to deal with Cyber Attacks Dr. Chaichana Mitrpant Assistant Executive Director, Electronic Transactions Development Agency (ETDA) 1 Over all Internet usage in Thailand
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationThe challenges of the NIS directive from the viewpoint of the Vienna Hospital Association
The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association page 1 Cybersecurity Strategy Essential Points The norms, principles and values that the City of Vienna and the
More informationPresentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT
Presentation to the ITU on the Q-CERT Incident Management Team Ian M Dowdeswell Incident Manager, Q-CERT 2 Q-CERT Mission The Mission of Q-CERT is to be a world-class center of excellence providing expert
More information2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM
2 nd ARF Seminar on Cyber Terrorism PAKISTAN S PERSPECTIVE AND EXPERIENCE WITH REFERENCE TO CERT IN COMBATING CYBER TERRORISM Recap of 1 st ARF Jeju (South Korea) Cyber Terrorism recently been brought
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationGLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius
GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius Presented By Mrs K.Gunesh-Balaghee,, Assistant Solicitor General Mr M.Armmogum,, Ag Senior State Counsel Mrs B.Kissoon-Luckputtya,
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationCentre for cybersecurity Belgium : Role, Missions et future capacities
Centre for cybersecurity Belgium : Role, Missions et future capacities NLO meeting 30/01/2018 Phédra Clouner Deputy Director CCB 01 CCB mission & services Page 2 Legal Basis R.D. 10/10/2014 Contribute
More informationNo IT Audit Staff? How to Hack an IT Audit. Presenters. Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP
No IT Audit Staff? How to Hack an IT Audit Presenters Mark Bednarz, Partner-In-Charge, Risk Advisory PKF O Connor Davies, LLP Learning Objectives After this session, participants will be able to: Devise
More informationAbout Issues in Building the National Strategy for Cybersecurity in Vietnam
Vietnam Computer Emergency Response Team - VNCERT About Issues in Building the National Strategy for Cybersecurity in Vietnam Vu Quoc Khanh Director General Outline Internet abundance Security situation
More informationImplementation Strategy for Cybersecurity Workshop ITU 2016
Implementation Strategy for Cybersecurity Workshop ITU 2016 Council for Scientific and Industrial Research Joey Jansen van Vuuren Intricacies and interdependencies cyber policies must address potential
More informationMember of the County or municipal emergency management organization
EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,
More informationCyber Security Roadmap
Cyber Security Roadmap The Hague, 25 May 2011 Security: Developing a Secure Cyberspace Protecting the 5 th Domain As with land, sea, air and space, a safe Cyberspace is crucial for our societies. Different
More informationCritical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level
Critical Information Infrastructure Protection Role of CIRTs and Cooperation at National Level 1 Global Cybersecurity Agenda (GCA) GCA is designed for cooperation and efficiency, encouraging collaboration
More informationStatement for the Record
Statement for the Record of Seán P. McGurk Director, Control Systems Security Program National Cyber Security Division National Protection and Programs Directorate Department of Homeland Security Before
More informationPOSITION DESCRIPTION
Network Security Consultant POSITION DESCRIPTION Unit/Branch, Directorate: Location: Regulatory Unit Information Assurance and Cyber Security Directorate Auckland Salary range: I $90,366 - $135,548 Purpose
More informationComplying with RBI Guidelines for Wi-Fi Vulnerabilities
A Whitepaper by AirTight Networks, Inc. 339 N. Bernardo Avenue, Mountain View, CA 94043 www.airtightnetworks.com 2013 AirTight Networks, Inc. All rights reserved. Reserve Bank of India (RBI) guidelines
More informationThe European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3
The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 Andrea.Servida@ec.europa.eu What is at stake with CIIs The World Economic Forum
More informationNine Steps to Smart Security for Small Businesses
Nine Steps to Smart Security for Small Businesses by David Lacey Co-Founder, Jericho Forum Courtesy of TABLE OF CONTENTS INTRODUCTION... 1 WHY SHOULD I BOTHER?... 1 AREN T FIREWALLS AND ANTI-VIRUS ENOUGH?...
More informationMonthly Cyber Threat Briefing
Monthly Cyber Threat Briefing January 2016 1 Presenters David Link, PM Risk and Vulnerability Assessments, NCATS Ed Cabrera: VP Cybersecurity Strategy, Trend Micro Jason Trost: VP Threat Research, ThreatStream
More informationBest Practices in Public Information Management in Sri Lanka. Presented by Nimal Athukorala D.C. Dissanayake
Best Practices in Public Information Management in Sri Lanka Presented by Nimal Athukorala D.C. Dissanayake Content Objectives Method of Information Management Case Study- GIC Call Center GIC Web Portal
More informationCompliance: How to Manage (Lame) Audit Recommendations
Compliance: How to Manage (Lame) Audit Recommendations Brian V. Cummings Tata Consultancy Services Ltd brian.cummings@tcs.com Tuesday, August 9, 2011 1:30 p.m. Session 9221 Security & Compliance Risk Landscape
More informationAUDIT UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY. Report No Issue Date: 8 January 2014
UNITED NATIONS DEVELOPMENT PROGRAMME AUDIT OF UNITED NATIONS VOLUNTEERS PROGRAMME INFORMATION AND COMMUNICATION TECHNOLOGY Report No. 1173 Issue Date: 8 January 2014 Table of Contents Executive Summary
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationSummary of Cyber Security Issues in the Electric Power Sector
Summary of Cyber Security Issues in the Electric Power Sector Jeff Dagle, PE Chief Electrical Engineer Energy Technology Development Group Pacific Northwest National Laboratory (509) 375-3629 jeff.dagle@pnl.gov
More informationITU-IMPACT Capacity Building for Least Developed & Developed Countries
ITU-IMPACT Capacity Building for Least Developed & Developed Countries Marco Obiso Cybersecurity Coordinator International Telecommunication Union (ITU) 30 January 2012 ITU and cybersecurity 2003 2005
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationCurrent procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH
Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH International Workshop on Criminal Justice Statistics on Cybercrime and Electronic Evidence
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationEUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity
EUROPEAN COMMISSION JOINT RESEARCH CENTRE Information Note JRC activities in the field of Cybersecurity Date: 28 January, 2016 JRC activities in the field of Cybersecurity 1. Societal and political context
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationThe rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services
The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services Major Trends of 2014 And relevant changes in Threat Scenario Most Target Countries and Sectors
More informationDiscover threats quickly, remediate immediately, and mitigate the impact of malware and breaches
Discover threats quickly, remediate immediately, and mitigate the impact of malware and breaches Introduction No matter how hard you work to educate your employees about the constant and evolving threats
More informationProtecting your data. EY s approach to data privacy and information security
Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share
More informationGreg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security
1 Greg Garcia President, Garcia Cyber Partners Former Assistant Secretary for Cyber Security and Communications, U.S. Department of Homeland Security 2 Government Services 3 Business Education Social CYBERSPACE
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More information