CYBER SECURITY AND DATA PROTECTION Theme: Securing Businesses and Public Transactions. Regional Headquarters, The University of the West Indies, Mona

Similar documents
Mobile Money Takes Centrestage at UWI s Fourth National Cyber Security Conference

Madam MC, Distinguished Ladies and Gentlemen, Presenters and Conference Participants,

Bradford J. Willke. 19 September 2007

ENISA EU Threat Landscape

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

New Zealand National Cyber Security Centre Incident Summary

A Holistic Approach to Cyber Security

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Promoting Global Cybersecurity

RESOLUTION 130 (REV. BUSAN, 2014)

Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Regional Development Forum For the Arab States(RDF-ARB) 2018

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

Caribbean Cyber Security: Not Only Government s Responsibility

Legal, Ethical, and Professional Issues in Information Security

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

Cybersecurity for ALL

ENISA Cooperation in the EU / NIS Directive

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Discussion on MS contribution to the WP2018

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Caribbean Telecommunications Union

Commonwealth Cyber Declaration

European Union Agency for Network and Information Security

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

Presented by: - Anselm Charles ICT Manager CARICOM IMPACS

PIONEER TRAINING INSTITUTE

OAS Cybersecurity Capacity Building Efforts

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

Why you should adopt the NIST Cybersecurity Framework

Cyber Security Strategy

Building a Resilient Security Posture for Effective Breach Prevention

GLobal Action on CYbercrime (GLACY) Assessing the Threat of Cybercrime in Mauritius

Global Wildlife Cybercrime Action Plan1

IJESRT. (I2OR), Publication Impact Factor: (ISRA), Impact Factor: 2.114

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

Donor Countries Security. Date

ECOWAS Regional Stakeholder Workshop on the Development of National Cooking Energy Action Plans August 2014, Banjul, The Gambia

Protecting information across government

National Open Source Strategy

Canada Life Cyber Security Statement 2018

Call for Expressions of Interest

School of Engineering & Built Environment

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Safeguarding company from cyber-crimes and other technology scams ASSOCHAM

Building Resilience to Disasters for Sustainable Development: Visakhapatnam Declaration and Plan of Action

RESOLUTION 130 (Rev. Antalya, 2006)

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Itu regional workshop

CYBER FRAUD & DATA BREACHES 16 CPE s May 16-17, 2018

Programme. Legal Instruments for the Internet Economy. Building Capacity and Implementing Regulation. Malta, 14 th to 19 th September, 2015

Security and resilience in Information Society: the European approach

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

The need for developing a cyber security ecosystem of professionals

Cybersecurity and Data Protection Developments

ISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006

Rethinking Information Security Risk Management CRM002

EXPERT GROUP MEETING ON CYBERCRIME

Hundred and seventy-fifth session REPORT BY THE DIRECTOR-GENERAL ON THE IMPLICATIONS OF THE PROCLAMATION OF A WORLD DAY FOR AUDIOVISUAL HERITAGE

CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME

EVENT BROCHURE SECURITY WORLD APRIL 2017 MELIA HANOI HOTEL HOSTED BY ORGANIZED BY SUPPORTED BY.

Senator the Hon Stephen Conroy Minister for Broadband, Communications and the Digital Economy. Deputy Leader of the Government in the Senate

DIGITAL AGENDA FOR EUROPE

E-Signature Law of Iraq no. ( 78) of 2012

RESOLUTION 45 (Rev. Hyderabad, 2010)

Legal and Regulatory Developments for Privacy and Security

Cybersecurity Capacity ITU Preetam Maloor Strategy & Policy Advisor 3 March 2015

Professional Training Course - Cybercrime Investigation Body of Knowledge -

Package of initiatives on Cybersecurity

CYBER SECURITY AND THE PENSIONS INDUSTRY Karen Tasker 1 February 2018

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Cyber Risks in the Boardroom Conference

Government Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security

INTERNATIONAL TELECOMMUNICATION UNION

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Cybersecurity A Regulatory Perspective Sara Nielsen IT Manager Federal Reserve Bank of Kansas City

UN General Assembly Resolution 68/243 GEORGIA. General appreciation of the issues of information security

RESOLUTION 67 (Rev. Buenos Aires, 2017)

Level 4 Diploma in Computing

Program 1. THE USE OF CYBER ACTIVE DEFENSE BY THE PRIVATE SECTOR

Cybersecurity and the Board of Directors

How to Establish Security & Privacy Due Diligence in the Cloud

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

INDEPENDENT COMMUNICATIONS AUTHORITY OF SOUTH AFRICA(ICASA) CYBERSECURITY PRESENTATION AT SAIGF. 28 th November 2018

Concept Note: GIDC. Feasibility Study(F/S) on Government Integrated Data Center (GIDC) for the Republic of Nicaragua

NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES

Cyber Security in Europe

Cyber Security: Threat and Prevention

A Framework for Managing Crime and Fraud

OUTCOME DOCUMENT OF THE INTERNATIONAL CONFERENCE ON CYBERLAW, CYBERCRIME & CYBERSECURITY

DATA BREACH NUTS AND BOLTS

Project III Public/private cooperation

MNsure Privacy Program Strategic Plan FY

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

Netherlands Cyber Security Strategy. Michel van Leeuwen Head of Cyber Security Policy Ministry of Security and Justice

Transcription:

2 nd National Conference on CYBER SECURITY AND DATA PROTECTION Theme: Securing Businesses and Public Transactions Regional Headquarters, The University of the West Indies, Mona November 20-21, 2014 Conference Report Following the resounding success of the first Cyber Security conference in September 2013, the Mona ICT Policy Centre at the Mona School of Business and Management, The University of the West Indies, partnered with the international organisation Internet Society (ISOC) to host a second national conference November 20-21, 2014. The event was held at the Regional Headquarters of The University of the West Indies under the theme Cyber Security and Data Protection: Securing Businesses and Public Transactions. Themes covered included computer fraud, data protection and its impact on small and large enterprises. Specific panels focused on issues such as E-Commerce and Cybercrimes, Cyber Security for Banking, Data Protection for Government Agencies, Security for Small Enterprises, and Evaluating Measures against Lotto Scamming. Conference speakers spanned some of the key stakeholders and interest groups in Jamaica, including banking and financial institutions, government agencies and regulators, and NGOs. Among the local and international speakers were the Minister of State in the Ministry of Science, Technology, Energy and Mining, the Honourable Julian Robinson, Mr Shernon Osepa, Manager, Regional Affairs for Latin America and the Caribbean Bureau, Internet Society (ISOC), Microsoft s Digital Crimes Unit Director for Latin America Emerging Markets, Mr Miguel E. Sciancalepore and Mr Patrick Hylton, Group Managing Director of the National Commercial Bank. The attached conference agenda gives more precise details on the themes and speakers at the event. The Conference was also organised in association with the International Telecommunication Union (ITU), the Caribbean Institute of Media and Communication (CARIMAC) and the international law firm of Gibson Henlin Gibson. The National Commercial Bank, Jamaica s largest banking institution, sponsored the event. 1 P a g e

The two-day event aimed to build on recommendations and advances from the previous conference. This included effort towards updating and enhancing the national cyber security action plan for Jamaica. Indeed, this second staging was a direct outcome of the first event where participants resoundingly called for the event to become an annual fixture, given its role in information dissemination, awareness raising, and in providing opportunities for stakeholders and interested parties to network and share experiences on challenges and mitigating factors in cyber security. As with the first staging, the event was well-supported attracting close to 130 attendees over the two days. These represented the business community, public sector, academia, and NGO groups. Likewise, the event received much publicity with a number of radio interviews being solicited nationally. Interviews were supported by articles in the online and print media, the links of which are provided in this report. The evaluation carried out directly after the conference showed delegates registering moderate to strong agreement that their understanding of cyber security and data protection issues had been advanced due to the information presented at the conference with the sessions and content being noted relevant. There is now a call for the event to become a permanent fixture on the national events calendar. Major Outcomes The 2013 conference had called for the establishment of establishment of a CIRT in Jamaica, the establishment of an IXP and further legal and regulatory advancements in Jamaica s cyber security framework. Since then, an IXP was introduced and became operational in September 2014 and plans are underway to finalise a CIRT in Jamaica. Learning from International Experiences: Breaches in one jurisdiction have implications for other jurisdictions with impact and perpetrators being transnational. As such, lesson can be drawn from hacking incidents that took place locally and globally towards informing the approach to addressing similar breaches in Jamaica and the rest of the region. More Targeted Intervention for Small Businesses: Small businesses face particular risks as it relates to cyber-attacks and are also seen as gateways to larger businesses. Such businesses tend to adopt whatever solutions are suggested to them given lack of knowledge and experience in the area. They also tend to be unaware of the questions that should be asked, while exposure tends to relate to other challenges such as informality. There is therefore need for more targeted interventions aimed specifically at small businesses. Human and Cultural Element: There is a cultural, psychological and human element to Cyber security, data protection and lotto scamming issues. There is need for a greater understanding of these issues and how they can factor in efforts to address cyber security issues. There is need for training in ICT ethics i.e. following from this, there is a need to understand that addressing 2 P a g e

cyber threats is not only about technology. Rather, this is first a people first issue, then processes and technology. Cyber Security Audits: Following the first national conference, the call was reiterated for organisations of all sizes and in the different sectors to conduct cyber security and systems audits and to consider the introduction of cyber security insurance in organisations. Cyber Security Policy: The need for government to indicate its seriousness towards addressing cyber security via a coordinated cyber security policy was raised with calls for swifter action towards this goal. The Government has since this conference, announced its cyber security policy with many of the outcome features of the two national conferences organised by the MICT. Training and Research: There is need for more research into the historical trends, impact and avoidance measures for local cyber-attacks at the government and corporate levels. To this end a charge was issued for The University of the West Indies and MSBM to do more research on small businesses. This was matched by calls for MSMEs to resource the research undertakings of academic and research institutions such as the UWI towards advancing information on cyber security mitigation. There was also a call for more training on cyber security issues and measures at different levels, including on ethical hacking. Cloud computing: While the conference underscored the value of cloud computing, a number of threats and challenges were highlighted. Among these was the cost of accessing the cloud, with the result that its benefits remain a deterrent for many small businesses. Furthermore, there are uncertainties (e.g. civil unrest in a location that a service is located) associated with various locations in which data may be stored. The reality is that it is human beings who interact with cloud stations. As a safety measure organisations ought to assess more strategically what information they wish to place in the cloud and investigate the use of security measures such as encryption. Structure and Content of Future Conferences: Specific recommendations were made regarding the conference, including a call for the issuing of certificates of participation to conference attendees. Another suggestion was made for the introduction of specific and parallel training sessions for those who have far less information and another for those who are more technically advanced. Individual and Employee Rights vs. Employer Rights: Employees and employers are generally concerned about security. The reality however, is that these concerns do not necessarily take the same form within an organisation. As such, the concern for security among employers may not be in sync with those of their employees, particularly where the former is expressed as data protection and the latter as individual and personal privacy. As such, there is need for balance 3 P a g e

between the desire for organisations to have information about their employees (and the wider public and including on activities and preferences) and that of individuals for privacy. Importance of Collaboration at a multi-sectoral and multi-stakeholder levels: Cyber security and related issues, including data protection are pervasive, increasing in their impact and span. As such, a remerging point in this second national conference was the importance of collaboration at a multi-sectoral and multi-stakeholder level in addressing cyber threats. Such an approach is important as no one group or sector has the capacity to the increasing challenges unilaterally. Public Education and Increased Availability of Information on Cyber Security: In continuing the emphasis on public education and information, the presentations have been made freely available via the conference website (http://cybersecurity2014.msbm-uwi.org). This practice ensures ease of access to the wider public and specific stakeholder groups and as such is a vital information source. In short, the second National Cyber Security Conference was a resounding success. To this end, the Mona ICT Policy Centre extends a sincere thanks to supporters and particularly to the ISOC, NCB, ITU, CARIMAC, Henlin Gibson Henlin, the Jamaica Gleaner Company Limited and the Jamaica Observer for their contribution towards making the event the success that it was. 4 P a g e

Media Report http://www.jamaicaobserver.com/business/ncb-backs-uwi-cyber-security-research-and-policydevelopment_18027991 http://www.jamaicabusinesscalendar.com/event/2nd-national-conference-on-cyber-security-dataprotection/#.vnctkcawjzs http://www.siliconcaribe.com/2014/11/12/university-of-the-west-indies-mona-campus-to-host-2ndcyber-security-conference-this-month/ Radio Interviews UWI s On Campus, November 16, 2014 Jamaican Morning on RJR, November 17, 2014 Independent Talk on Power 106, November 19, 2014 Real Business with Ralston Hyman on Power 106, November 21, 2014 Love FM's Morning Watch, November 21, 2014 5 P a g e

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback