Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Slides:



Advertisements
Similar presentations
UNV is administered by the UN Development Programme Volunteerism and Disaster Risk Reduction & Management Oliver Wittershagen Portfolio Manager East Asia.
Advertisements

A strategy for a Secure Information Society –
Philippine Cybercrime Efforts
ITU Regional Seminar on E-commerce Bucharest, Romania May 2002 National E-commerce Strategies for Development Dr. Susanne Teltscher United Nations.
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
UNODC & the Global Response to Cybercrime
Dr Stavroula Leka, I-WHO
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
RESPONSIBLE BUSINESS MATTERS Sustainable Development, Inclusive Growth and the OECD Guidelines for Multinational Enterprises CSR Summit 2014 April 15,
Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Our aim is to understand how to deliver effective cyber security both within the UK and internationally. We will make this knowledge available to governments,
NIS Directive and NIS Platform
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Recommendations to the Ministers of Education of Southeast Asian Countries From Seminar on Lifelong Learning Policy Frameworks in the Southeast Asian Countries.
Outcomes of Public Health
Jamaica 4-6 June,  The HIV/AIDS epidemic poses a real threat to Caribbean nations due to …  “free movement of people” under the CSME  migratory.
Key Elements of Legislation For Disaster Risk Reduction Second Meeting of Asian Advisory Group of Parliamentarians for DRR 5-7 February, 2014, Vientiane,
Caribbean Telecommunications Union. 6th Caribbean Internet Forum (CIF), Port of Spain, October Caribbean Telecommunications Union The Internet: Governance.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
World summit on the information society World Summit on the Information Society World Summit on the Information Society Overview and Assessment Geneva.
World summit on the information society 1 Pierre Gagné International Telecommunication Union March 2004 WSIS Follow-up Building the Information Society:
Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
A National approach to Cyber security/CIIP: Raising awareness.
Inter-American Program for the Prevention of Violence and Crime October 2014.
An Analysis of the Cyber Security Strategy (2008) of Estonia Based in part on ITU Q.22/1 Report On Best Practices For A National Approach To Cybersecurity:
Commissioning Self Analysis and Planning Exercise activity sheets.
Danielius Pivoriunas Sr. Operations officer, Capacity Development, GEF SGP and Relations with countries of Eastern Europe and Central Asia GEF Familiarization.
10/19/2015 / 1 Electronic Commerce Branch UNCTAD - United Nations Conference on Trade and Development Dr. Susanne Teltscher United.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
UNDP Handbook for conducting technology needs assessments and Preliminary analysis of countries’ TNAs UNFCCC Seminar on the development and transfer on.
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
The Role of Peer Review in a Multilateral Framework on Competition Policy Andrea Bruce Investment Trade Policy UNCTAD Regional Seminar for Latin America.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
Bridging the Gap: The Role of the Private Sector in Climate Change Adaptation Richard Welford Chairman, CSR Asia Adaptation Knowledge Platform Learning.
Future Regional Trends, Regional Direction and Cooperation Global Cybersecurity Agenda Pillars.
Dr. Shane Renwick, DVM, MSc, A/Director, Animal Health Science Division, Canadian Food Inspection Agency CAHLN, UCVM June 8, 2010 Foresight for Canadian.
Elements of an Effective Regional Strategy for Development of Statistics - SADC Ackim Jere SADC Secretariat Gaborone, Botswana PARIS 21 Forum on Reinforcing.
Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.
The implementation programme for the 2008 SNA and supporting statistics UNECE special session on National Accounts for economies in transition Geneva,
Foresight Planning & Strategy Dr. Sameh Aboul Enein.
PROTECTING THE INTERESTS OF CONSUMERS OF FINANCIAL SERVICES Role of Supervisory Authorities Keynote Address to the FinCoNet Open Meeting 22 April 2016.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
A look into current and future trends in national policies for eHealth and Innovation in the WHO European Region Clayton Hamilton, eHealth and Innovation.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Policies to combat social exclusion: the case of Albania Forum on energy and poverty reduction strategies 26 June 2007  Athens.
Trafficking flows Breakdown of trafficking flows by geographical reach,
CAPACITY DEVELOPMENT for the CLEAN DEVELOPMENT MECHANISM for CAMBODIA (CD4CDM-CAM) National Workshop on Capacity Development for the Clean Development.
Strengthening Dialogue and Building Trust April 2017
Johannesburg, South Africa
Sendai Framework for Disaster Risk Reduction
Cybersecurity in the ECOWAS region
Deputy Executive Officer: Insurance Financial Services Board
Public-private cooperation
Gender statistics in Information and Communication Technology for Women’s Empowerment and Gender Equality Dorothy Okello, Annual.
GENDER STATISTICS IN INFORMATION AND COMMUNICATION
8 Building Blocks of National Cyber Strategies
National Cyber Strategy Preparedness: 8 Preparatory Questions
Combating Cybercrime: Tools and Capacity Building for Emerging Economies WSIS 2015, Geneva Jinyong Chung May 25, 2015.
Promoting Global Cybersecurity
National-level ICT training strategy
Cyber Security Ecosystem of Georgia. Experience and Challenges
Refreshing New Zealand’s Cyber Security Strategy 2018
The European Union response to cyber threats
NATIONAL AND INTERNATIONAL MEASURES OF CYBERSECURITY
UNODC and CYBERCRIME October 2009.
Presentation transcript:

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015

CMM - Five Dimensions

Start-up : At this level either nothing exists, or it is very embryonic in nature. Formative : Some features of the indicators have begun to grow and be formulated, but may be ad-hoc, disorganized, poorly defined - or simply "new". However, evidence of this activity can be clearly evidenced. Established : The elements of the sub-factor are in place, and working. Strategic : Choices have been made about which parts of the indicator are important, and which are less important for the particular organization/nation. Dynamic : There are clear mechanisms in place to alter strategy depending on the prevailing circumstances. Rapid decision-making, reallocation of resources, and constant attention to the changing environment are features of this level. Levels of Maturity

Dimension 1 Cybersecurity Policy and Strategy D1-1: National Cybersecurity Strategy D1-2: Incident Response D1-3: Critical National Infrastructure (CNI) Protection D1-4: Crisis Management D1-5: Cyber Defence Consideration D1-6: Digital Redundancy Capacity Dimensions

Dimension 2 Cyber culture and society D2-1: Cybersecurity Mind-set D2-2: Cybersecurity Awareness D2-3: Confidence and trust on the Internet D2-4: Privacy online Capacity Dimensions

Dimension 3 Cybersecurity education, training and skills D3-1: National availability of cyber education and training D3-2: National development of cybersecurity education D3-3: Corporate training and educational initiatives within companies D3-4: Corporate Governance, Knowledge and Standards Capacity Dimensions

Dimension 4 Legal and regulatory frameworks D4-1: Cybersecurity legal frameworks D4-2: Legal investigation D4-3: Responsible Disclosure Capacity Dimensions

Dimension 5 Standards, organisations, and technologies D5-1: Adherence to standards D5-2: National Infrastructure Resilience D5-3: Cybersecurity marketplace Capacity Dimensions

Dimension 1: Cybersecurity Policy and Strategy D1-1: National Cybersecurity Strategy Indicator: Strategy Development  No evidence of a cyber security national strategy exists; if a cyber component exists it may be the responsibility of one or more departments of government; a process for development has begun without stakeholder consultation  An outline of a national cyber security strategy has been articulated built on government consultation; consultation processes have been established for key stakeholder groups, possibly involving international assistance  A national cyber strategy has been established; a specific mandate to consult across sectors and civil society has been agreed; data and historic trends are used to plan; some understanding of national cyber security risks and threats drives capacity building at a national level  Cyber security strategy is knowledgeably implemented by multiple stakeholders across government; strategy review and renewal processes are confirmed; regular scenario and real-time cyber exercises are conducted; cyber security strategic plans drive capacity building and investments in security; metrics and measurement processes are established, implemented and inform decision making  Continual revision of cyber security strategy is conducted to adapt to changing socio-political, threat and technology environments, driving the multi-stakeholder decision making process; trust and confidence building measures (TCBMs) are undertaken to ensure the continued inclusion and contribution of all stakeholders including the private sector, wider society and international partners

coordinated response to cyber attacks/risks Factors Crucial for Combating Cybercrime The national cybersecurity strategy content linked explicitly to national risks, priorities and objectives raise public awareness establish incident response capacity mitigate cybercrime protect critical national infrastructure National Cybersecurity Strategy

building trust on internet use promote positive and responsible forms of online behaviour Factors Crucial for Combating Cybercrime Awareness-raising campaigns linked to cyber security strategy Covering a wide range of groups including training courses, seminars and online resources Established metrics for effectiveness Cybersecurity Awareness

capacity to understand complex cybercrime cases and inform decision making Factors Crucial for Combating Cybercrime Public and private sector training available for Employees, Law Enforcement, Prosecutors, Experts, Board members Education/Training

capacity to address and combat cybercrime Factors Crucial for Combating Cybercrime A comprehensive structure within the criminal justice system for combating cybercrime while respecting human rights Comprehensive ICT legislative and regulatory frameworks addressing cybersecurity Substantive cybercrime law Procedural cybercrime law Cybersecurity legal frameworks

technical capacity to prevent cybercrime international and regional cooperation Factors Crucial for Combating Cybercrime Availability and use of critical technologies, processes, business models and standards to support control of cyber across national critical infrastructures and across international cyberspace National Infrastructure Resilience

encourage information sharing among participants Factors Crucial for Combating Cybercrime Existence of a market in cybercrime insurance Assessment of financial risks for public and private sector Cybercrime Insurance

World Bank: Armenia, Kosovo, Bhutan and Montenegro OAS: Jamaica and Colombia Country Assessments using the CMM February-March 2015

Capacity factors in countries assessed thus far range from start- up to established General lack of awareness, education and training General lack of technical standards’ implementation Observations from Capacity Assessments

Steps to be taken forward Assessed Capacity Data Strategy for Investment Science requires measurement Academic analysis of data from assessments could reveal geographic, stakeholder, and interdependent factor trends Trends feed into global strategy for investment Ambition is to assess the world’s cybersecurity capacity alongside regional/international partners

Steps to be taken forward Assessed Capacity Cooperation Cyber-Harm Devising a model against which countries (or regions, or multi-nationals) can assess their capacity in fighting cybercrime The development of a model to understand cyber-harm to focus prioritisation of investments on more specific capacity harm-reduction Benefits drawing on, not competing with, other similar efforts

The CMM is available at:

Thank you WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.