Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Similar documents
Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

Cybersecurity for ALL

Global cybersecurity and international standards

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Cybersecurity & Spam after WSIS: How MAAWG can help

Australian Government Cyber-security Activities in the Pacific

Bradford J. Willke. 19 September 2007

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

About Issues in Building the National Strategy for Cybersecurity in Vietnam

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

RESOLUTION 45 (Rev. Hyderabad, 2010)

Information Technology Branch Organization of Cyber Security Technical Standard

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

National Policy and Guiding Principles

Promoting Global Cybersecurity

Commonwealth Cyber Declaration

Cybersecurity Strategy of the Republic of Cyprus

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

RESOLUTION 130 (Rev. Antalya, 2006)

RESOLUTION 130 (REV. BUSAN, 2014)

Cybersecurity and Vulnerability Assessment

Discussion on MS contribution to the WP2018

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Digital Health Cyber Security Centre

UNITED STATES OF AMERICA COMMENTS ON THE REPORT OF THE WGIG

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

OAS Cybersecurity Capacity Building Efforts

Transatlantic Cybersecurity: The Need for Regulatory Coordination

The Network and Information Security Directive - ENISA's contribution

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

Global Cybersecurity Agenda

NIS Standardisation ENISA view

Garry Mukelabai Communications Authority Zambia

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Cyber Security Roadmap

Caribbean Cyber Security: Not Only Government s Responsibility

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

National Cyber Incident Response - Architectural Concepts

PIPELINE SECURITY An Overview of TSA Programs

RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

ICT Policy Perspective for APEC. Ministry of Internal Affairs and Communications March 2015

Cybersecurity & Digital Privacy in the Energy sector

ENISA EU Threat Landscape

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

HPH SCC CYBERSECURITY WORKING GROUP

The UNODC Global Programme on Cybercrime Alexandru Caciuloiu CYBERCRIME COORDINATOR SOUTHEAST ASIA AND THE PACIFIC

Plenipotentiary Conference (PP- 14) Busan, 20 October 7 November 2014

Critical Information Infrastructure Protection Law

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

The Republic of Korea. economic and social benefits. However, on account of its open, anonymous and borderless

Cybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Package of initiatives on Cybersecurity

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Itu regional workshop

Call for Expressions of Interest

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

EU policy on Network and Information Security & Critical Information Infrastructures Protection

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

BRIEFING COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES. Geneva 18 April David Satola

POSITION DESCRIPTION

Forum. Ningbo, China 25 February

Co-operation against cybercrime CSIRTs LE private sector

Intelligence-Led Policing, Community Policing and the Prevention of Violent Extremism and Radicalization that lead to Terrorism

European Union Agency for Network and Information Security

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

Society, the economy and the state depend on information and communications technology (ICT).

Presented by: Njei Check Head, Audit Security Division, ANTIC

Panel 1 National CSIRT Experience

Directive on security of network and information systems (NIS): State of Play

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

POSITION DESCRIPTION

Cybersecurity Capacity ITU Preetam Maloor Strategy & Policy Advisor 3 March 2015

Cyber Security in Europe

DHS Cybersecurity: Services for State and Local Officials. February 2017

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

Legislative Framework

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Centre for cybersecurity Belgium : Role, Missions et future capacities

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

Overview. Objectives. Components. Information and Communication Technologies Sector Development Project. Project

National CIRT - Montenegro. Ministry for Information Society and Telecommunications

Enhancing the cyber security &

Ministerial Meeting 19 th June 2015 Nuku alofa, Tonga

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Harmonisation of Digital Markets in the EaP. Vassilis Kopanas European Commission, DG CONNECT

KISH REMARKS APEC CBPR NOV 1 CYBER CONFERENCE KEIO Page 1 of 5 Revised 11/10/2016

Special Action Plan on Countermeasures to Cyber-terrorism of Critical Infrastructure (Provisional Translation)

DIGITAL AGENDA FOR EUROPE

Summary of Cyber Security Issues in the Electric Power Sector

E-Signature Law of Iraq no. ( 78) of 2012

World Telecommunication Development Conference (WTDC- 14) Dubai, 30 March 10 April 2014

Legal and Regulatory Developments for Privacy and Security

a publication of the health care compliance association MARCH 2018

13967/16 MK/mj 1 DG D 2B

Transcription:

Fundamentals of Cybersecurity/CIIP Building Capacity: Using a National Strategy & Self- Presented to: 2009 ITU Regional Cybersecurity Forum for Asia-Pacific Connecting the World Responsibly 23-25 25 September 2009 Hyderabad, India Presenter: Joseph Richardson CTP, Inc.

Developing a National Cybersecurity Strategy Getting Started Part 1: Part 2: The Statement A National Cybersecurity Strategy 2

The Audience The target audience for National Cybersecurity Strategy Government leaders (executive and legislative) Business and industry Other organizations and institutions Individuals and the general public 3

The Audience Level of awareness and response How aware are participants of cybersecurity issues? What authorities are in place? Who has taken action? What actions have been taken? Significant decisions already taken in regard to cybersecurity 4

The Case for Action Role of ICTs in the nation The national economy The national security For national critical infrastructures For national social interactions 5

The Case for Action Risks associated with ICTs Vulnerabilities of ICTs Threats from ICT use 6

The Case for Action Risks to be managed The national economy The national security National critical infrastructures National social interaction 7

The Case for Action Other national goals and objectives: the stage for Cybersecurity Economic National security Critical infrastructure protection Social Other 8

Collaboration and Information exchange Government with Industry and other participants For policy development Existing mechanisms Improvements needed? For information sharing and operational matters Existing mechanisms Improvements needed? For Trusted forums Existing mechanisms Improvements needed? 9

Collaboration and Information exchange Industry with Industry Existing mechanisms Within same industry Among interconnected critical industries Role of government in each mechanism Improvements needed? 10

Incident Management Management Issues: Identify Coordinator for Incident Management (CIM) Identify roles and responsibilities of CIM Identify cooperating government agencies (and points of contact for each) Identify cooperating partners from other national and international nal participants (and points of contact for each) Identify mechanisms for receiving advice from other participants on policy development Identify mechanisms for information sharing and cooperation with key participants on incident management (operations) 11

Incident Management Operational and policy issues, including; CSIRT with national responsibility (N-CSIRT) Ensure a full range of CSIRT services are available Protection plan for government operated systems Tools and procedures for cybersecurity and the protection of national cyber resources Integrated risk management 12

Legal Framework Policy Issues: Review and update legal authorities, including; Cybercrime Privacy Data protection Commercial law Digital signatures Encryption Others 13

Legal Framework Management Issues Identify lead ministries for reviews and update Ensure outreach and awareness among participants, including in particular the judiciary and legislative branches 14

Legal Framework Operational Issues Identify and train cybercrime enforcement offices Ensure cooperative arrangements with N-CSIRT, N international counterparts and other national participants Participate in international cooperative arrangements 15

Culture of Security Develop security awareness programs for and outreach to all participants, for example, children, small business, etc. Enhance science and technology (S&T) and research and development (R&D) Other initiatives 16

Other considerations Budget and financing Implementation timeframe and milestones Review and reassessment 17

A National Cybersecurity Strategy Part 2: The Statement 18

A National Cybersecurity Strategy Policy (goals) on cybersecurity Case for action Role of ICTs in nation Risk to be managed Relationship to other national goals and objectives 19

A National Cybersecurity Strategy Security initiatives and actions to be undertaken Collaboration and information exchange Leadership, key participants and assignment of roles Policy development mechanisms Information sharing and operational mechanisms Trusted forums and their operations Industry to industry cooperation, including among interdependent critical industries 20

A National Cybersecurity Strategy Security initiatives and actions to be undertaken Incident Management Coordinator for Incident Management (CIM) Roles and responsibilities of CIM Establish CSIRT with national responsibilities (N-CSIRT) Obtain CSIRT services Key cooperating participants and roles Protection for government operated systems Proposals for protection of national cyber resources Integrated risk management 21

A National Cybersecurity Strategy Security initiatives and actions to be undertaken Legal Framework Legal authorities for review and update Lead ministries For cybercrime enforcement initiatives International cooperation 22

A National Cybersecurity Strategy Security initiatives and actions to be undertaken Culture of Security Awareness and outreach programs S&T and R&D Other considerations 23

A National Cybersecurity Strategy Other considerations Budget and financing Implementation timeframes Review and reassessment plans 24

Output of the Self-: A National Cybersecurity Strategy Summary of key findings from self-assessment Input from all participants Program of Actions and Recommendations Promulgated at a level to ensure action by all participants 25

Conclusion The National Cybersecurity/CIIP Self and Strategy can assist governments to: Understand existing national approach Develop baseline on best practices Identify areas for attention Prioritize, coordinate and manage national efforts Get all participants involved Appropriate to their roles. Using regional and international norms facilitates necessary cross border cooperation 26

Questions? Thank You Joseph Richardson CTP, Inc. 300 N Lee St, 3rd floor Alexandria, VA 22314 USA 27

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback