CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response
|
|
- Beryl Hubbard
- 5 years ago
- Views:
Transcription
1 CYBER INCIDENT REPORTING GUIDANCE Industry Reporting Arrangements for Incident Response DfT Cyber Security Team
2 Introduction The Department for Transport (DfT) has produced this cyber incident reporting guidance in collaboration with the National Cyber Security Centre (NCSC) to provide instructions for the transport sector regarding the reporting of cyber incidents. It is aimed at transport organisations (including asset owners and operators) in the modes of Aviation, Rail, Road and Maritime. The aim of this guidance is to set out to industry clear reporting methods for significant cyber security incidents to be reported to DfT and the NCSC and where appropriate, fraud and cyber-crime being reported to the National Crime Agency (NCA), through Action Fraud. This guidance will support organisations development of effective incident management and response plans. It is the responsibility of each organisation to implement these plans and assign responsibilities for reporting such incidents. Organisations are encouraged to incorporate this new guidance into existing incident response and disaster recovery procedures and to ensure that it is exercised on a regular basis. This guidance does not replace any existing regulatory reporting requirements, specifically: To the DfT under the Rail Security Regulations; To the Civil Aviation Authority (CAA) under the Mandatory Occurrence Reporting regime. Network and Information Systems (NIS) Directive Additional mandatory incident reporting requirements, which are separate to this guidance, are currently being introduced in the UK in the form of the Network and Information Systems (NIS) Directive. This directive comes into force in May As Competent Authority, DfT will issue further communications as this new directive is transposed into UK law. Further guidance will be shared with Operators of Essential Services that will specify the additional reporting requirements and thresholds. Roles and Responsibilities DfT, NCSC, NCA and Action Fraud all work closely together not only on cyber security issues that impact on transport but also on wider policy issues. Department for Transport (DfT) DfT is the Lead Government Department (LGD) for incidents that impact on transport; this includes cyber incidents. DfT will lead on the management of realworld operational impacts and provide the wider policy response. Our dedicated cyber security transport team are also on hand to provide guidance and support as required.
3 The NCSC The NCSC is the UK s technical authority on cyber security. Its main purpose is to reduce the cyber security risk to the UK by improving its cyber security and cyber resilience. It works with UK organisations, businesses and individuals to provide authoritative and coherent cyber security advice and cyber incident management, underpinned by world class research and innovation. The NCSC identifies and responds to incidents which might impact the UK s national security or economic wellbeing, and/or which have the potential to cause major impact to the continued operation of an organisation. In the event of significant cyber security incidents, it provides direct technical support and cross government coordination of response activities. The National Cyber Crime Unit (NCCU) (part of the National Crime Agency - NCA) The National Cyber Crime Unit (NCCU), part of the National Crime Agency, is the UK's lead for tackling the threat from serious and organised cybercrime. The NCCU leads, supports and coordinates cyber law enforcement activity across the UK, working with partners to provide specialist cyber support and expertise across law enforcement. It works closely with NCSC, Regional Cyber Crime Units, and Police Forces to build an effective cyber response across the UK. Action Fraud Action Fraud is the UK s national fraud and cyber-crime reporting centre for England, Wales and Northern Ireland, providing a central point of contact for citizens and businesses. The National Fraud Intelligence Bureau (NFIB), also hosted by the City of London Police (CoLP), acts upon the information and crimes reported to Action Fraud, developing and disseminating crime packages for investigation locally, regionally and nationally, and executing a range of disruption and crime prevention techniques for victims across all sectors to target criminality and engineer out the threat from fraud and cyber-crime. What is a Cyber Security Incident? The NCSC defines a cyber security incident as: A breach of a system s security in order to affect its integrity or availability; The unauthorised access or attempted access to a system. And may include: attempts to gain unauthorised access to a system and/or to data; the unauthorised use of systems and/or data; modification of a system's firmware, software or hardware without the systemowner's consent; and malicious disruption and/or denial of service.
4 The NCSC defines a significant cyber security incident as: I. a cyber incident causing a significant disruptive event to an essential service; impact on UK s national security or economic wellbeing; or the potential to cause major impact to the continued operation of an organisation. II. III. Relevant incidents affecting the transport sector may also be reported by third parties, such as Managed Service Providers. Who should I report an incident to? The following principles apply for the reporting of cyber security incidents: Is it a cyber-security incident? If you are experiencing unexpected or unusual computer network issues, we recommend that you contact your system administrator or service provider to identify the root cause of the issue. Reporting fraud and cyber-crime If you are experiencing a live cyber-crime attack or have experienced online fraud or a cyber-crime (this includes any criminal act dealing with computers and networks and traditional crimes conducted through the internet, such as scams, distributed denial of service (DDOS) attacks and hacking extortion) you should report this to Action Fraud. Reporting significant cyber-security incidents If you assess that your organisation is a victim of a significant cyber-security incident (as defined above) you should report the incident to the NCSC Incident Management team. You should also report the incident to DfT as your Lead Government Department. Under certain circumstances it will be necessary to notify the Information Commissioners Office 1. How to report an incident You should assess which organisation(s) you need to notify and provide as much information about the incident as possible. The template at the end of this guidance sets out the type of information that is required to report a cyber incident. You should use the tables in the Annex for incident reporting, this includes contact details. Press and Media Communications NCSC will be default initial communications lead for all cyber incidents it triages. It will be responsible for developing and disseminating lines following a cyber incident and agreeing these with DfT and other organisations as required. 1
5 DfT, NCSC and NCA will work collaboratively with the victim organisation to agree appropriate communications handling. Victim organisations are asked to liaise with DfT, NCSC and NCA, as appropriate, before releasing any statements or media releases on the incident. DfT s communications team can facilitate contact between victim organisations and NCSC / NCA if needed. We also strongly encourage organisations to share contact details with DfT / NCSC and NCA in order to build good working relationships. What happens once an incident is reported? The incident information will be triaged and categorised by either the NCSC, or Action Fraud, to determine the correct level and type of support required. The NCSC or Action Fraud/NCA will then engage and contact your organisation, as soon as is reasonably practicable, to provide support or guidance. A post-incident lessons learned process may be conducted for the most serious incidents. This will be led by DfT or the NCSC.
6 Find Out More National Cyber Security Centre Incident Management - Cyber Security Information Sharing Partnership (CiSP) - CiSP is a secure joint industry and Government initiative for exchanging cyber-threat information. Membership provides you with vital threat information and information on ongoing incidents. DfT can act as your sponsor, follow joining instructions on the link above and contact cyber@dft.gsi.gov.uk for sponsorship details. 10 Steps to Cyber Security - The National Cyber Security Centre s website gives further advice on how to protect your systems from a range of cyber and information security threats. Action Fraud - The National Cyber Crime Unit - Media and Press Contacts Department for Transport In office hours: Out of hours: NCSC NCSC media team (24/7): pressoffice@ncsc.gov.uk NCSC media team telephone (24/7):
7 DfT Cyber Incident Response Information Capture This form is intended to be used by the victim to capture initial information of a cyber incident to be sent to DfT. It does not constitute a joint report to NCSC and organisations should make appropriate reporting direct to each organisation including DfT and NCSC. Please fill in this form as fully as possible and send it to the DfT/NCSC addresses in the annex attached. Points to Capture Name of person reporting: Role in the company: Work Phone: Mobile Phone: Address: Name of the Organisation and the essential service it provides Internal incident ID number or name: Date and Time Incident Detected Date and Time Incident Reported Type of Incident Incident status Detected incident / suspected incident Incident stage Ongoing / ended / ongoing but managed Cyber Incidents - Please provide a summary of your understanding of the incident, including any impact to services and/or users, including: Incident type How the incident was discovered Duration Location of the incident (s) Services/systems affected Impact on those services/systems Impact on safety to staff or public Suspected cause Whether there is any known or likely cross-border impact Any other relevant information What investigations and/or mitigations have you or a third party performed or plan to perform. Response
8 Who else has been informed about this incident? (NCSC, NCA, Action Fraud etc) What are your planned next steps?
9 General Guidance - ANNEX
10
11
12
13
Cyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationRegulating Cyber: the UK s plans for the NIS Directive
Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon
More informationTHE STRATEGIC POLICING REQUIREMENT. July 2012
THE STRATEGIC POLICING REQUIREMENT July 2012 Contents Foreward by the Home Secretary...3 1. Introduction...5 2. National Threats...8 3. Capacity and contribution...9 4. Capability...11 5. Consistency...12
More informationUNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21
National and Cyber Security Branch Presentation for Gridseccon Quebec City, October 18-21 1 Public Safety Canada Departmental Structure 2 National and Cyber Security Branch National and Cyber Security
More informationThe UK s National Cyber Security Strategy
The UK s National Cyber Security Strategy 2016 2021 Vision for 2021: The UK is secure and resilient to cyber threats, prosperous and confident in the digital world 1 National Cyber Security Strategy 2016
More informationAction Fraud & the NFIB. DS Martina MCGRILLEN
Action Fraud & the NFIB DS Martina MCGRILLEN 2006 - The Attorney General and Chief Secretary to the Treasury s Fraud Review 2009 - The development of Action Fraud and the NFIB 2014 - The transition of
More informationCyber Crime Update. Mark Brett Programme Director February 2016
Cyber Crime Update Mark Brett Programme Director February 2016 What is Cyber Crime? What are the current threats? What is the capability of local and regional Cyber Crime Investigations? What support is
More informationWorkshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats
Workshop on Cyber Security & Cyber Crime Policies Policies for African Diplomats ROLE OF INTERPOL IN FIGHTING CYBERCRIME IN AFRICA SRIAU Office Augusto de CARVALHO 12-13 APRIL 2018 ADDIS ABABA OVERVIEW
More informationHeavy Vehicle Cyber Security Bulletin
Heavy Vehicle Cyber Security Update National Motor Freight Traffic Association, Inc. 1001 North Fairfax Street, Suite 600 Alexandria, VA 22314 (703) 838-1810 Heavy Vehicle Cyber Security Bulletin Bulletin
More informationInformation Security Incident
Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationDigital Health Cyber Security Centre
Digital Health Cyber Security Centre Current challenges Ransomware According to the ACSC Threat Report 2017, cybercrime is a prevalent threat for Australia. Distributed Denial of Service (DDoS) Targeting
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationCyber Security of ETCS
1 Addressing the challenges Cyber Security of ETCS Simon Tonks 2 Background The UK rail network is currently being upgraded to use new signalling technology (ERTMS) The ROSCOs are delivering the First
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationOctober 2018 ISPA CYBER SECURITY SURVEY 2018
ISPA CYBER SECURITY SURVEY 2018 October 2018 1 1 Executive summary... 3 1.1 Key findings... 3 1.2 Recommendations to Government... 5 2 Introduction... 5 3 Survey findings and analysis... 6 3.1 Investment
More informationCYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM
CYBERAID + The Cyber Solution for UK SMEs THBGROUP.COM The Cyber Security threat Cyber Security is consistently one of the top three risks faced by UK businesses to ensure that adequate protection is in
More informationThe Regional Cyber Crime Unit response to Cyber Crime
British Computer Society Tuesday 9th January 2018 The Regional Cyber Crime Unit response to Cyber Crime Cyber Protect Officer Chris Phillips Overview Cybercrime threat Law enforcement response Priorities
More informationPosition Description. Computer Network Defence (CND) Analyst. GCSB mission and values. Our mission. Our values UNCLASSIFIED
Position Description Computer Network Defence (CND) Analyst Position purpose: Directorate overview: The CND Analyst seeks to discover, analyse and report on sophisticated computer network exploitation
More informationCyber Crime Seminar 8 December 2015
Cyber Crime Seminar Cyber Security & Financial Services in a changing regulatory landscape John Salmon Partner, Pinsent Masons LLP @uktisa Cyber Security and Financial Services: A changing regulatory landscape
More informationSupporting the NHS to Improve Cyber Security. Presented by Chris Flynn Security Operations Lead NHS Digital s Data Security Centre
Supporting the NHS to Improve Cyber Security Presented by Chris Flynn Security Operations Lead NHS Digital s Data Security Centre https://www.youtube.com/watch?v=3bqt7zkkq JA 2 Start with why And why it
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationEUROPEAN COMMISSION JOINT RESEARCH CENTRE. Information Note. JRC activities in the field of. Cybersecurity
EUROPEAN COMMISSION JOINT RESEARCH CENTRE Information Note JRC activities in the field of Cybersecurity Date: 28 January, 2016 JRC activities in the field of Cybersecurity 1. Societal and political context
More informationPHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016
PHISHING ATTACK TARGETING UNIVERSITY STUDENTS MAY 2016 Page 1 of 5 PURPOSE OF THE ALERT The information contained within this alert is based on the reports received by Action Fraud and the National Fraud
More informationBreach Notification Form
Breach Notification Form Report a breach of personal data to the Data Protection Commission Use this form if you are a Data Controller that wishes to contact us to report a personal data breach that has
More informationNew Zealand National Cyber Security Centre Incident Summary
New Zealand National Cyber Security Centre 2013 Incident Summary National Cyber Security Centre 2013 Incident Summary Foreword The incidents summarised in this report reinforce that cyber security is truly
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 3 - revised September 2016 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning
More informationGlobal Security Advisor
Global Security Advisor Location: [North America] [United States] Category: Security *Preferred location: USA. Other locations will be considered globally where WVI is registered to operate. PURPOSE OF
More informationCyber Resilience. Think18. Felicity March IBM Corporation
Cyber Resilience Think18 Felicity March 1 2018 IBM Corporation Cyber Resilience Cyber Resilience is the ability of an organisation to maintain its core purpose and integrity during and after a cyber attack
More informationFOREWORD DR PHILIP SMITH MBE CHAIRMAN MILTON KEYNES BUSINESS LEADERS PARTNERSHIP
02 FOREWORD Criminals who target businesses present a significant threat to those businesses, their customers and their clients. But the police have limited resources to tackle the problem and many incidents
More informationInformation Security Controls Policy
Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes
More informationResponding to Cybercrime:
Responding to Cybercrime: Preserving Crucial Evidence for Law Enforcement RCMP National Division Integrated Technological Crime Unit (ITCU) Presented by : Sgt. Stéphane Turgeon Cpl. David Connors 2 Goals
More informationOutreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness
2011/EPWG/WKSP/020 Session 4 Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness Submitted by: Australia Workshop on Private Sector Emergency Preparedness Sendai,
More informationBradford J. Willke. 19 September 2007
A Critical Information Infrastructure Protection Approach to Multinational Cyber Security Events Bradford J. Willke 19 September 2007 Overview A framework for national Critical Information Infrastructure
More informationSussex Police Business Crime Strategy
Sussex Police Business Crime Strategy 2014-2016 Sussex Police Serving Sussex www.sussex.police.uk Foreword Sussex Police recognise that businesses are a vital part of our local communities and are essential
More informationCritical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.
Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach. By Christopher Ganizani Banda ICT Development Manager Malawi Communications Regulatory Authority 24-26th July,2016 Khartoum,
More informationUpcoming PIPEDA Changes What is changing and what to do about it
Upcoming PIPEDA Changes What is changing and what to do about it Danny Pehar Global Television Cyber Security Expert 02 Danny Pehar Put Text Here This slide is 100% editable. Adapt it to your needs and
More informationEU policy on Network and Information Security & Critical Information Infrastructures Protection
EU policy on Network and Information Security & Critical Information Infrastructures Protection Köln, 10 March 2011 Valérie ANDRIANAVALY European Commission Directorate General Information Society and
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationCESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK
CESG:10 Steps to Cyber Security WORKING WITH GOVERNMENT, INDUSTRY AND ACADEMIA TO MANAGE INFORMATION RISK Building resilience: 10 Steps to Cyber Security 1. Information Risk Management Regime 2. Secure
More informationData Breach Incident Management Policy
Data Breach Incident Management Policy Policy Number FCP2.68 Version Number 1 Status Draft Approval Date: First Version Approved By: First Version Responsible for Policy Responsible for Implementation
More informationPERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established
PERSON SPECIFICATION Area: Crime and Intelligence Directorate Job Title: Cyber PROTECT Officer Weekly Hours: Section: CAID Scale: Grade 6 Version: 1.2 Post No: GI080 Status: Established Version Date: 37
More informationPolicy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018
Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures
More informationCyber Security Program
Cyber Security Program Cyber Security Program Goals and Objectives Goals Provide comprehensive Security Education and Awareness to the University community Build trust with the University community by
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationILM Whistle-blowing Policy for Centres, Providers and Candidates
ILM Whistle-blowing Policy for Centres, Providers and Candidates V1 November 2017 Contents Document Change History 2 Scope 3 Definition 3 How to report a concern 4 What happens next? 4 Confidentiality
More informationNational Policy and Guiding Principles
National Policy and Guiding Principles National Policy, Principles, and Organization This section describes the national policy that shapes the National Strategy to Secure Cyberspace and the basic framework
More informationPrivacy Policy Statement Last update 25 th May 2018.
Privacy Policy Statement Last update 25 th May 2018. Introduction We want our customers to receive a prompt, efficient and courteous service that is delivered in a positive and transparent manner. The
More information2 ESF 2 Communications
2 ESF 2 Communications THIS PAGE LEFT BLANK INTENTIONALLY Table of Contents 1 Introduction... 1 1.1 Purpose and Scope... 1 1.2 Relationship to Other ESF Annexes... 1 1.3 Policies and Agreements... 1 2
More informationRed ALERT Apparent Breach of an Unidentified Pharmacy Related Database
Red ALERT Apparent Breach of an Unidentified Pharmacy Related Database Making the UK more resilient against Cybercrime Date: August 2017 Reference: 0449-CYB This Red Alert is issued by the United Kingdom
More informationHer Majesty the Queen in Right of Canada, Cat. No.: PS4-66/2014E-PDF ISBN:
2014-2017 Her Majesty the Queen in Right of Canada, 2014 Cat. No.: PS4-66/2014E-PDF ISBN: 978-1-100-23291-1 ii Table of contents 1. Introduction....3 What we have learned and what has changed...3 2. A
More informationCybersecurity, safety and resilience - Airline perspective
Arab Civil Aviation Commission - ACAC/ICAO MID GNSS Workshop Cybersecurity, safety and resilience - Airline perspective Rabat, November, 2017 Presented by Adlen LOUKIL, Ph.D CEO, Resys-consultants Advisory,
More informationDirective on Security of Network and Information Systems
European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security
More informationOverview of the Federal Interagency Operational Plans
Overview of the Federal Interagency Operational Plans July 2014 Table of Contents Introduction... 1 Federal Interagency Operational Plan Overviews... 2 Prevention Federal Interagency Operational Plan...2
More informationCOUNTERING IMPROVISED EXPLOSIVE DEVICES
COUNTERING IMPROVISED EXPLOSIVE DEVICES FEBRUARY 26, 2013 COUNTERING IMPROVISED EXPLOSIVE DEVICES Strengthening U.S. Policy Improvised explosive devices (IEDs) remain one of the most accessible weapons
More informationBusiness Continuity Policy
Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014
More informationRohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China MINISTRY OF TELECOMMUNICATION
Rohana Palliyaguru Director -Operations Sri Lanka CERT CC APCERT AGM and Conference, 24 th October 2018 Shanghai, China SRI LANKA COMPUTER EMERGENCY READINESS TEAM COORDINATION CENTRE Agenda o About Sri
More informationNHS Scotland Cyber Attack: NSS Evidence to Scottish Parliament Health & Sport Committee (Jun 17)
B/17/74 NSS Formal Board Meeting Thursday, 29 June 2017 NHS Scotland Cyber Attack: NSS Evidence to Scottish Parliament Health & Sport Committee (Jun 17) Purpose The Board is asked to review and consider
More informationBrussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER
COUNCIL OF THE EUROPEAN UNION Brussels, 19 May 2011 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66 NOTE From : COREPER To: COUNCIL No Cion. prop.: 8548/11 TELECOM 40 DATAPROTECT 27 JAI 213 PROCIV38
More informationGMSS Information Governance & Cyber Security Incident Reporting Procedure. February 2017
GMSS Information Governance & Cyber Security Incident Reporting Procedure February 2017 Review Date; April 2018 1 Version Control: VERSION DATE DETAIL D1.0 20/04/2015 First Draft (SC) D 2.0 28/04/2015
More informationGovernment-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection
Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection L. Laile Di Silvestro Senior Strategist Worldwide Public Sector Microsoft Government Industry Collaboration
More informationCOMMISSION RECOMMENDATION. of on Coordinated Response to Large Scale Cybersecurity Incidents and Crises
EUROPEAN COMMISSION Brussels, 13.9.2017 C(2017) 6100 final COMMISSION RECOMMENDATION of 13.9.2017 on Coordinated Response to Large Scale Cybersecurity Incidents and Crises EN EN COMMISSION RECOMMENDATION
More informationFEMA Region III Cyber Security Program
FEMA Region III Cyber Security Program Maryland Cyber Security Workshop (January 16, 2019) (Presented again at the October 16, 2018, meeting of the Maryland Cybersecurity Council and published with permission.)
More informationStopsley Community Primary School. Data Breach Policy
Stopsley Community Primary School Data Breach Policy Contents Page 1 Introduction... 3 2 Aims and objectives... 3 3 Policy Statement... 4 4 Definitions... 4 5 Training... 5 6 Identification... 5 7 Risk
More informationTHE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS
THE WHITE HOUSE Office of the Press Secretary EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical
More informationResilience in London
Resilience in London A Resilient City The ability of London to detect, prevent and if necessary to withstand, handle and recover from disruptive challenges Objectives London- complexity and risk London
More informationINFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
More information1. To provide an update on the development of the SPA Assurance Map.
Meeting SPA Date and Time 9 June 2014 1015hrs Location Britannia Building, Room B024, Glasgow Caledonian University Title of Paper Assurance Map Item Number 8.2 Presented By Graham Stickle For Approval
More informationPrivacy Policy Premium Carpet Care Ltd
Privacy Policy Premium Carpet Care Ltd This Privacy Policy sets out how we, Premium Carpet Care Limited, collect, store and use information about you when you use or interact with our website, http://www.premiumcarpetcleaningservices.co.uk
More informationISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF
SEPTEMBER 2017 ISRAEL NATIONAL CYBER SECURITY STRATEGY IN BRIEF STATE OF ISRAEL PRIME MINISTER S OFFICE NATIONAL CYBER DIRECTORATE Vision and Objective 5 Development of Israel s national cyber security
More informationPrivacy Policy. England Athletics Limited commitment to Privacy. Introduction. The information we collect about you. The information provided to us
Privacy Policy England Athletics Limited commitment to Privacy Introduction The information we collect about you The information provided to us How we use your information Our legal bases for processing
More informationDHS Cybersecurity. Election Infrastructure as Critical Infrastructure. June 2017
DHS Cybersecurity Election Infrastructure as Critical Infrastructure June 2017 Department of Homeland Security Safeguard the American People, Our Homeland, and Our Values Homeland Security Missions 1.
More informationNetherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice
Netherlands Cyber Security Strategy Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice 1 Netherlands: small country, big time vulnerable #1 80% online banking 95% youth uses
More informationSerious Organised Crime Agency Collaborative Partnership s Work! Howard Lamb SOCA e-crime
Serious Organised Crime Agency Collaborative Partnership s Work! Howard Lamb SOCA e-crime Serious Organised Crime Agency Background Established under the Serious Organised Crime and Police Act 2005 NDPB
More informationOfcom guidance on security requirements in sections 105A to D of the Communications Act Version
Ofcom guidance on security requirements in sections 105A to D of the Communications Act 2003 2017 Version GUIDANCE Publication Date: 18 December 2017 About this document The legislation that applies to
More informationNational Policing Community Security Policy
Document Name File Name National Policing Community Security Policy Community_Security_Policy_FINAL v4_3.doc Authorisation Information Management Business Area Signed version held by National Police Information
More informationASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat
ASEAN COOPERATION ON DISASTER MANAGEMENT Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat AADMER - FOR A MORE UNITED AND COORDINATED RESPONSE TOWARD DISASTERS WITHIN THE REGION
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationCYBER INSURANCE: MANAGING THE RISK
CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt
More informationThe Office of Infrastructure Protection
The Office of Infrastructure Protection National Protection and Programs Directorate Department of Homeland Security Protective Security Coordination Division Overview ND Safety Council Annual Conference
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationDATA BREACH POLICY [Enniskillen Presbyterian Church]
DATA BREACH POLICY [Enniskillen Presbyterian Church] Enniskillen Presbyterian Church is committed to complying with data protection legislation and will take appropriate technical and organisational measures
More informationExploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know
Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know Aristotelis Tzafalias Programme Officer, Trust and Security DG Communications Networks,
More informationPROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK
PROTECTING NATIONAL CRITICAL INFRASTRUCTURE AGAINST CYBER ATTACKS BEST PRACTICES RELATED TO TECHNOLOGY AND STANDARDS FROM EUROPE BANGKOK 23.11.2015 DEFINITION OF CRITICAL INFRASTRUCTURE US EU The nation's
More informationNationwide Suspicious Activity Reporting. Crime Stoppers USA Training Conference New Orleans September 2018
Nationwide Suspicious Activity Reporting Crime Stoppers USA Training Conference New Orleans September 2018 2 NSI Project Partners If You See Something, Say Something Campaign Overview Launched in 2010
More informationProfessional Training Course - Cybercrime Investigation Body of Knowledge -
Overview The expanded use of the Internet has facilitated rapid advances in communications, systems control, and information sharing. Those advances have created enormous opportunities for society, commerce
More informationSTRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE
STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby
More informationLINCOLNSHIRE POLICE CYBER CRIME STRATEGY. Professionalism Respect Integrity Dedication Empathy
LINCOLNSHIRE POLICE CYBER CRIME STRATEGY Professionalism Respect Integrity Dedication Empathy CONTENTS Introduction...1 What is Cyber Crime?...2 What are our aims and objectives?...3 Prevent...4 Prepare...5
More informationWest Midlands Regional Cyber Crime Unit
West Midlands Regional Cyber Crime Unit Detective Inspector Rob Harris Detective Sergeant Gary Sirrell Rccu@west-midlands.pnn.police.uk Twitter:- @WMROCU 1 Why are we here? Police cannot tackle this alone
More informationLEADERSHIP GROUP LG (2017) Paper October 2017 RESILIENCE BOARD
RESILIENCE BOARD Executive summary 1. At its meeting on 27 September, Leadership Group (LG) considered a proposal to establish a Resilience Board to take strategic oversight of personnel, physical and
More informationPutting security first for critical online brand assets. cscdigitalbrand.services
Putting security first for critical online brand assets cscdigitalbrand.services 2 As the most security conscious digital brand service provider, our clients trust us to take care of their businesses and
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationDecember 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development
December 10, 2014 Statement of the Securities Industry and Financial Markets Association Senate Committee on Banking, Housing, and Urban Development Hearing Entitled Cybersecurity: Enhancing Coordination
More informationDATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI
DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI EXECUTIVE SUMMARY The shortage of cybersecurity skills Organizations continue to face a shortage of IT skill
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationNIS Directive : Call for Proposals
National Cyber Security Centre, in Collaboration with the Research Institute in Trustworthy Inter-connected Cyber-physical Systems (RITICS) Summary NIS Directive : Call for Proposals Closing date: Friday
More informationNDIS Quality and Safeguards Commission. Incident Management System Guidance
NDIS Quality and Safeguards Commission Incident Management System Guidance Version 1 - May 2018 Acknowledgment This guidance is published by the Australian Government, using resources developed by the
More informationDirective on security of network and information systems (NIS): State of Play
Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission
More information