National Cybersecurity Management System

Slides:



Advertisements
Similar presentations
Armand Racine Consultant Chemicals Branch
Advertisements

Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.
Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
1 African ICT Roadmap to Achieve NEPAD Objectives Arusha, Tanzania, 1-3 April 2003 Roles of Government and ATU in the Implementation of NEPAD ICT objectives.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.
WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.
WMO WIGOS in support of DRR 2013 Coordination Meeting of DRR FP October 2013, Geneva Dr S. Barrell, Chair, ICG-WIGOS Dr I. Zahumensky, WIGOS-PO.
Course: e-Governance Project Lifecycle Day 1
NOTE: To change the image on this slide, select the picture and delete it. Then click the Pictures icon in the placeholde r to insert your own image. Cybersecurity.
Environmental Management System (EMS)
29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.
National Infrastructure Protection Plan
DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
Common recommendations and next steps for improving local delivery of climate finance Bangkok, October 31, 2012.
AFI Comprehensive Implementation Programme (ACIP), in cooperation with AFCAC and other stakeholders, to organize Pan African Training Coordination Conferences.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Session 4.2: Creation of national ICT security infrastructure for developing countries National IP-based Networks Security Centres for Developing Countries.
A Common Immigration Policy for Europe Principles, actions and tools June 2008.
International Telecommunication Union CHALLENGING POLICY STEPS TOWARDS IMPLEMENTING COMMON ALERTING PLATFORMS Orhan Osmani Emergency Telecommunications.
Key Elements of Legislation For Disaster Risk Reduction Second Meeting of Asian Advisory Group of Parliamentarians for DRR 5-7 February, 2014, Vientiane,
Robust institutional arrangements for national mitigation efforts Karen Holm Olsen & Miriam Hinostroza Low Carbon Development Programme UNEP DTU Partnership.
Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
World summit on the information society 1 Pierre Gagné International Telecommunication Union March 2004 WSIS Follow-up Building the Information Society:
1 Overcoming Challenges in Preparation and Implementation of NAMAs Kigali, 17 th August 2015 African Regional Workshop on NAMAs.
Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
A National approach to Cyber security/CIIP: Raising awareness.
An Analysis of the Cyber Security Strategy (2008) of Estonia Based in part on ITU Q.22/1 Report On Best Practices For A National Approach To Cybersecurity:
Committed to Connecting the World International Telecommunication Union Presentation Brief about ICTs Applications activities Telecommunication Development.
Assessing The Development Needs of the Statistical System NSDS Workshop, Trinidad and Tobago, July 27-29, 2009 Presented by Barbados.
EU Funding opportunities : Rights, Equality and Citizenship Programme Justice Programme Jose Ortega European Commission DG Justice.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
Risk and Crisis Management Building OECD Principles on Country Crisis Management.
OPTIONS AND REQUIREMENTS FOR ENGAGEMENT OF CIVIL SOCIETY IN GEF PROJECTS presented by Ermath Harrington GEF Regional Focal Point.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.
Integrating GEF in Environment and Sustainable Development Plans and Policies - – Jamaica’s Experience GEF CSP Sub-regional Workshop for Caribbean Focal.
DEVELOPMENT COOPERATION FRAMEWORK Presentation by Ministry of Finance 10 December 2013.
Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.
CCC’s Bi-Monthly Member Meeting GHP Operational Plan 2016 By: Soeung Saroeun, ED EL Sotheary, HOP 08 December 2015, KSSA, Phnom Penh Vision: Sustainable.
Kathy Corbiere Service Delivery and Performance Commission
NIST HIPAA Security Rule Toolkit Kevin Stine Computer Security Division Information Technology Laboratory National Institute of Standards and Technology.
CONTRIBUTING TO THE ELABORATION AND IMPLEMENTATION OF STRATEGIES FOR INTELLECTUAL PROPERTY (IP) DEVELOPMENT Loretta Asiedu Senior Counselor WIPOWindhoek,
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
“DEVELOPMENT OF A NATIONAL ICT POLICY ICT Policy in the ECTEL Member States Mr. Donnie Defreitas MSc, (Hav.), ECTEL Caribbean Internet Forum Bay Gardens.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
CARIBBEAN WORKSHOP ON E-GOVERNMENT BEST PRACTICES Port of Spain, Trinidad & Tobago, July 26-28, 2005.
World summit on the information society 1 WSIS: Building the Information Society: a global challenge in the new Millennium Tim Kelly, Claudia Sarrocco.
About the NIS directive
8 Building Blocks of National Cyber Strategies
The Role of Bilateral Donors in supporting capacity-building in the area of ICT Open Consultations on Financing Mechanisms for Meeting the Challenges.
Dorotea Daniele, Facilitator
Supported by ITU-BTRC Asia-Pacific Regulators’ Roundtable
NATIONAL AND INTERNATIONAL MEASURES OF CYBERSECURITY
Malcolm Johnson, Director, Telecommunication Standardization Bureau
Presentation transcript:

National Cybersecurity Management System Framework – Maturity Model RACI Chart – Impementation Guide Taieb DEBBAGH Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Addressing security challenges on a global scale Agenda 1 - Introduction 2 - National Cybersecurity Management System 3 - NCSec Framework : 5 Domains 4 – NCSec Framework : 34 processes 5 - Maturity Model 6 – NCSec Assessment 7 - Roles & Responsibilities (RACI Chart) 8 - Implementation Guide Geneva, 6-7 December 2010 Addressing security challenges on a global scale

1 - Introduction (1/2) Increasing computer security challenges in the world; No appropriate organizational and institutional structures to deal with these issues; Which entity(s) should be given the responsibility for computer security? Despite there are best practices that organizations can refer to evaluate their security status; But, there is lack of international standards (clear guidance) with which a State or region can measure its current security status.

1 - Introduction (2/2) The main objective of this presentation is to propose a Model of National Cybersecurity Management System (NCSecMS), which is a global framework that best responds to the needs expressed by the ITU Global Cybersecurity Agenda (GCA). This global framework consists of 4 main components: NCSec Framework; Maturity Model; Roles and Responsibilities chart; Implementation Guide.

2 – NCSec Management System Geneva, 6-7 December 2010 Addressing security challenges on a global scale

3 - NCSec Framework : 5 Domains

4 - NCSec Framework (5 Domains and 34 Processes) 1 - SP : Strategy and Policies 3 - AC : Awareness and Communication SP1 NCSec Strategy : Promulgate & endorse a National Cybersecurity Strategy AC1 Leaders in the Government : Persuade national leaders in the government of the need for national action to address threats to and vulnerabilities of the NCSec through policy-level discussions SP2 Lead Institutions : Identify a lead institutions for developing a national strategy, and 1 lead institution per stakeholder category AC2 National Cybersecurity and Capacity : Manage National Cybersecurity and capacity at the national level SP3 NCSec Policies : Identify or define policies of the NCSec strategy AC3 Continuous Service : Ensure continuous service within each stakeholder and among stakeholders SP4 Critical Information Infrastructures Protection : Establish & integrate risk management for identifying & prioritizing protective efforts regarding CII AC4 National Awareness : Promote a comprehensive national awareness program so that all participants—businesses, the general workforce, and the general population—secure their own parts of cyberspace SP5 Stakeholders : Identify the degree of readiness of each stakeholder regarding to the implementation of NCSec strategy & how stakeholders pursue the NCSec strategy & policies AC5 Awareness Programs : Implement security awareness programs and initiatives for users of systems and networks 2 - IO : Implementation and Organisation AC6 Citizens and Child Protection : Support outreach to civil society with special attention to the needs of children and individual users IO1 NCSec Council : Define National Cybersecurity Council for coordination between all stakeholders, to approve the NCSec strategy AC7 Research and Development : Enhance Research and Development (R&D) activities (through the identification of opportunities and allocation of funds) IO2 NCSec Authority : Define Specific high level Authority for coordination among cybersecurity stakeholders AC8 CSec Culture for Business : Encourage the development of a culture of security in business enterprises IO3 National CERT : Identify or establish a national CERT to prepare for, detect, respond to, and recover from national cyber incidents AC9 Available Solutions : Develop awareness of cyber risks and available solutions IO4 Privacy and Personnal Data Protection : Review existing privacy regime and update it to the on-line environment AC10 NCSec Communication : Ensure National Cybersecurity Communication IO5 Laws : Ensure that a lawful framework is settled and regularly levelled 4 - CC : Compliance and Communication IO6 Institutions : Identify institutions with cybersecurity responsibilities, and procure resources that enable NCSec implementation CC1 International Compliance & Cooperation : Ensure regulatory compliance with regional and international recommendations, standards … IO7 National Experts and Policymakers : Identify the appropriate experts and policymakers within government, private sector and university CC2 National Cooperation : Identify and establish mechanisms and arrangements for cooperation among government, private sector entities, university and ONGs at the national level IO8 Training : Identify training requirements and how to achieve them CC3 Private sector Cooperation : Encourage cooperation among groups from interdependent industries (through the identification of common threats) . IO9 Government : Implement a cybersecurity plan for government-operated systems, that takes into account changes management CC4 Incidents Handling : Manage incidents through national CERT to detect, respond to, and recover from national cyber incidents, through cooperative arrangement (especially between government and private sector) IO10 International Expertise : Identify international expert counterparts and foster international efforts to address cybersecurity issues, including information sharing and assistance efforts CC5 Points of Contact : Establish points of contact (or CSIRT) within government, industry and university to facilitate consultation, cooperation and information exchange with national CERT, in order to monitor and evaluate NCSec performance in each sector 5 - EM : Evaluation and Monitoring EM1 NCSec Observatory : Set up the NCSec observatory EM3 NCSec Assessment : Assess and periodically reassess the current state of cybersecurity efforts and develop program priorities EM2 Mechanisms for Evaluation : Define mechanisms that can be used to coordinate the activities of the lead institution, the government, the private sector and civil society, in order to monitor and evaluate the global NCSec performance EM4 NCSec Governance : Provide National Cybersecurity Governance

ACM Publication – December 2008

5 - NCSec Maturity Model PS Process Description Level 1 Level 2 Mor Process Description Level 1 Level 2 Level 3 Level 4 Level 5 SP1 3 Promulgate & endorse a National Cybersecurity Strategy Recognition of the need for a National strategy NCSec is announced & planned. operational for all key activities NCSec is under regular review continuous improvement SP2 1 Identify a lead institution for developing a national strategy, and 1 lead institution per stakeholder category Some institutions have an individual cyber- security strategy Lead institutions are announced for all key activities are operational for all key are under regular review are under SP3 2 Identify or define policies of the NCSec strategy Ad-hoc & Isolated approaches to policies & practices Similar & common processes planned Policies and procedures are defined, documented, operational National best practices are applied &repeatable Integrated policies & procedures Transnational best practice SP4 Establish & integrate Risk management process for Identifying & prioritizing protective efforts regarding NCSec (CIIP) need for risk management process in CIIP CIIP are identified & planned. Risk process is announced approved & CIIP CIIP risk complete, repeatable, and lead to CI best practices process evolves to automated workflow & integrated to enable

Example : SP1 Maturity Model the first process SP1 consists in “Promulgating and endorsing a National Cybersecurity Strategy”.   Process SP1 is in conformance with level 5 if the following conditions are respected: Recognition of the need for National Cybersecurity Strategy the NCSec strategy is “announced and planned” the NCSec strategy is “operational” the NCSec strategy is under a “regular review” the NCSec strategy is under “continuous improvement”

6 - NCSec Assessment Legend: SP1: National Cybersecurity Strategy ce 6 - NCSec Assessment Legend: SP1: National Cybersecurity Strategy SP4: CIIP IO2: National Cybersecurity Authority IO3: National-CERT IO5: Cyber Law AC5: Awareness Programme CC1: International Cooperation CC2: National Coordination EM4: Cybersecurity Governance

7 - RACI Chart / Stakeholders Head of Gov Nat Cyb Coun Legisi Auth ICT Authority Min of Int Min of Def Min of Fin Min of Edu Nat Cyb Auth Civil Soc Trade Union Private Sect Academia Critical Infras Nat CERT CSIRTs Government SP1 NCSec Strategy Promulgate & endorse a National Cybersecurity Strategy I A C R SP2 Lead Institutions Identify a lead institutions for developing a national strategy, and 1 lead institution per stakeholder category SP3 NCSec Policies Identify or define policies of the NCSec strategy SP4 Critical Infrastructures Establish & integrate risk management for identifying & prioritizing protective efforts regarding NCSec (CIIP) R = Responsible, A = Accountable, C = Consulted, I = Informed

8 - Implementation Guide Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Addressing security challenges on a global scale ITU-D / SG1 / Question 22-1/1 Securing information and communication networks, best practices for developing a culture of cybersecurity Report of the meeting of the Rapporteur Group on Question 22-1/1 (Geneva, Wednesday, 22 September 2010 Document 1/23 was presented by Morocco. It provides a model for administrations to use in managing their cybersecurity programme based on ISO 27000 family and COBIT. It was suggested that it could be a framework to be used by developing countries in assessing their cybersecurity strategy. The Rapporteur asked the BDT to put the entire document on the web site of Study Group 1 and invited comments for the next meeting. Geneva, 6-7 December 2010 Addressing security challenges on a global scale

Thank you for your attention Email : t. debbagh@technologies. gov Thank you for your attention Email : t.debbagh@technologies.gov.ma or tdebbagh@gmail.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.