A National approach to Cyber security/CIIP: Raising awareness.

Slides:

Advertisements

Similar presentations

Thematic Discussion on Human Rights & Resolution 1373 Counter-Terrorism Committee Executive Directorate (CTED) United Nations New York, 7 October 2010.

Advertisements

Its a new digital world with new digital dangers….

Disaster Risk Reduction and Governance. Ron Cadribo.

Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.

Philippine Cybercrime Efforts

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.

Consultative Meeting on Strengthening Partnerships with National Rapporteurs on Trafficking in Persons and Equivalent Mechanisms May 2013.

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Strategy and Policy Unit: Current Activities and Future Tasks

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

National Cybersecurity Management System

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Overview of Early Warning system and the role of National Meteorological and Hydrological services Please use this template to guide the development of.

Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.

Caribbean Telecommunications Union. 6th Caribbean Internet Forum (CIF), Port of Spain, October Caribbean Telecommunications Union The Internet: Governance.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

WHO–ITU National eHealth Strategy Toolkit An effective approach to national Strategy Development and Implementation Clayton Hamilton WHO Regional Office.

World summit on the information society World Summit on the Information Society World Summit on the Information Society Overview and Assessment Geneva.

World Meteorological Organization Working together in weather, climate and water WMO OMM WMO Process and essential steps of Capacity Development.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

An Analysis of the Cyber Security Strategy (2008) of Estonia Based in part on ITU Q.22/1 Report On Best Practices For A National Approach To Cybersecurity:

Assessing The Development Needs of the Statistical System NSDS Workshop, Trinidad and Tobago, July 27-29, 2009 Presented by Barbados.

1 Regional Innovation Strategies RIS. 2 About Regional Innovation Strategies The RIS projects aimed to support regions to develop regional innovation.

Introduction 1. Purpose of the Chapter 2. Institutional arrangements Country Practices 3. Legal framework Country Practices 4. Preliminary conclusions.

Ministry for Women, Youth, Children and Persons with Disabilities.

Draft GEO Framework, Chapter 6 “Architecture” Architecture Subgroup / Group on Earth Observations Presented by Ivan DeLoatch (US) Subgroup Co-Chair Earth.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Durban, South Africa, 8 July 2013 Outcome of WTSA-12 on spam Xiaoya Yang, Head, WTSA Programmes Division ITU-TSB ITU Workshop on “Countering.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

AUB Department of Electrical and Computer Engineering Imad H. Elhajj American University of Beirut Electrical and Computer Engineering

Future Regional Trends, Regional Direction and Cooperation Global Cybersecurity Agenda Pillars.

Eurostat/UNSD Conference on International Outreach and Coordination in National Accounts for Sustainable Development and Growth 6-8 May, Luxembourg These.

Uniting Nations by Learning Together UPR as a process of accountability Regional Governance Week Social Accountability in a Changing Region Cairo,

Revisions Proposed to the CIS Plan by the Global Office Misha V. Belkindas Budapest, July 3-4, 2013.

Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.

The implementation programme for the 2008 SNA and supporting statistics UNECE special session on National Accounts for economies in transition Geneva,

CCC’s Bi-Monthly Member Meeting GHP Operational Plan 2016 By: Soeung Saroeun, ED EL Sotheary, HOP 08 December 2015, KSSA, Phnom Penh Vision: Sustainable.

DEVELOPING THE WORK PLAN

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Foresight Planning & Strategy Dr. Sameh Aboul Enein.

Waisea Vosa Climate Change Unit Division of Political and Treaties Ministry of Foreign Affairs and International Cooperation.

Pilot Project on implementation of SEA for regional planning in Ukraine Prof. Dr. Michael Schmidt Dmitry Palekhov Brandenburg University of Technology.

ITU Regional Standardization Forum for Asia-Pacific (Jakarta, Indonesia, October 2015) TTA’s activities on bridging standardization gap Kihun Kim.

This Project is funded by the European Union Project implemented by Human Dynamics Consortium ECRAN process Climate vulnerability needs assessment Rob.

Financial Services Sector Coordinating Council (FSSCC) 2011 KEY FSSCC INITIATIVES 2011 Key FSSCC Initiatives Project Name: Project Description: All-Hazards.

Seamless integration of ICT throughout government in the Information Age with very limited resources…

United Nations Statistics Division Developing a short-term statistics implementation programme Expert Group Meeting on Short-Term Economic Statistics in.

Cyber Security and Georgia. New Challenges

Herman Smith United Nations Statistics Division

Sendai Framework for Disaster Risk Reduction

Review of proposed outline for handbook

Gender statistics in Information and Communication Technology for Women’s Empowerment and Gender Equality Dorothy Okello, Annual.

Critical Infrastructure Protection Policy Priorities

GENDER STATISTICS IN INFORMATION AND COMMUNICATION

Cybersecurity in Belarus a general overview of support areas

TSMO Program Plan Development

8 Building Blocks of National Cyber Strategies

Combating Cybercrime: Tools and Capacity Building for Emerging Economies WSIS 2015, Geneva Jinyong Chung May 25, 2015.

Promoting Global Cybersecurity

Outline of Presentation

Computer Emergency Response Team

NATIONAL AND INTERNATIONAL MEASURES OF CYBERSECURITY

Presentation transcript:

a National approach to Cyber security/CIIP: Raising awareness

Objectives Propose a way of thinking about Cyber Security/CIIP A FRAMEWORK Identify key elements of the FRAMEWORK and relationships among them Suggest methods for building a national consensus on FRAMEWORK and on implementation actions. 10/18/101

cybersecurity: Why Worry? Nation is dependent on ICTs   Economic wellbeing   National security   Social cohesion Risk is inherent in ICT use   Vulnerabilities   Threats   Interdependences Conclusion: Action is required 10/18/102

cybersecurity: Who’s responsible? “Government, business, other organizations, and individual users who develop, own, provide, manage, service and use information systems and networks” - UNGA Resolution 57/239 Creation of a global culture of cybersecurity   Collectively known as The Participants 10/18/103

Participants: What should They do? AWARENESS: Be aware of the need for security and what they can do to enhance it. RESPONSIBILITY: Review their own security policies, practices, measures an procedures regularly and assess appropriateness. RESPONSE: Act in a timely and cooperative manner to prevent, detect and respond to security incidents.   In a manner appropriate to their roles See: UNGA Res 57/ /18/104

cybersecurity responsibility It’s SHARED All participants must be responsible Each participant must take action -- appropriate to its role in the overall system   Government has responsibility to lead 10/18/105

Government lead: what Does it do? 1. 1.Ensure all participants are aware of security 2. 2.Promote responsibility, and 3. 3.Assure coordinated response by participants; using   A common national vision   Policy and institutional frameworks 10/18/106

Government lead how? 1. 1.Conduct a national Cybersecurity Self- Assessment   Take stock 2. 2.Promulgate A National Cybersecurity Strategy   Vision for action 10/18/107

Cyber security scope What is meant by cybersecurity? ITU documents speak of “ Enhancing security and building confidence in the use of ICT applications”ITU documents speak of “ Enhancing security and building confidence in the use of ICT applications” UNGA resolutions 57/239 and 58/199 speak of “a culture of cyber security in the application and use of information technologies” and in the protection of critical information infrastructures.UNGA resolutions 57/239 and 58/199 speak of “a culture of cyber security in the application and use of information technologies” and in the protection of critical information infrastructures. Others speak in terms such as cyberspace, the Internet and the information society.Others speak in terms such as cyberspace, the Internet and the information society. 10/18/108

Cyber security scope Recognizing there is no fixed definition, a national approach to cybersecurity should include  Physical security of the information infrastructure  Virtual security, and  Human aspects of the use of ICTs, including interactions among people 10/18/109

Key documents UNGA Resolutions: Taking stock of cybersecurity needs and strategies Taking stock of cybersecurity needs and strategies Creation of a global culture of cybersecurity and the protection of critical information infrastructures Creation of a global culture of cybersecurity and the protection of critical information infrastructures Creation of a global culture of cybersecurity Creation of a global culture of cybersecurity Combating the criminal misuse of information technologies Combating the criminal misuse of information technologies Combating the criminal misuse of information technologies55-63 Combating the criminal misuse of information technologies See: 10/18/1010

Key documents ITU National Cybersecurity/CIIP Self-Assessment Tool ITU Q.22/1 Report On Best Practices For A National Approach To Cybersecurity: Building Blocks For Organizing National Cybersecurity Efforts ITU Cybercrime Resources: ITU Cybercrime Resources: ITU Toolkit For Cybercrime LegislationITU Toolkit For Cybercrime Legislation ITU Publication on Understanding Cybercrime – A Guide for Developing CountriesITU Publication on Understanding Cybercrime – A Guide for Developing Countries See: 10/18/1011

Take Stock Self-Assessment - What is it? An identification and evaluation of existing national approach to cyber security.An identification and evaluation of existing national approach to cyber security.  Policies  Procedures  Mechanisms  Norms  Institutions  Relationships What are we doing?What are we doing? What should we be doing?What should we be doing? Input for a National Cybersecurity StrategyInput for a National Cybersecurity Strategy 10/18/1012

Vision National Strategy - What is it? A Policy Document that Provides a National Vision:  Outlines the case for national action  Identifies participants and their roles  Elaborates organizational responsibilities  Establishes policy and operational structures  Addresses key elements of cybersecurity  Lays out a plan of action 10/18/1013

Getting Started The AudienceThe Audience  Who are they?  What is their level of awareness and response?  What decisions already taken? The ParticipantsThe Participants  Those entities and persons who Will prepare and comment on the Self-Assessment and the National Strategy,Will prepare and comment on the Self-Assessment and the National Strategy, Will implement the National StrategyWill implement the National Strategy  They come from GovernmentGovernment Business and IndustryBusiness and Industry AcademiaAcademia Civil SocietyCivil Society 10/18/1014

Getting Started The Case for ActionThe Case for Action  Role of ICTs in the nation  Vulnerabilities and threats  Risks to be managed The stage for Cybersecurity:The stage for Cybersecurity:  Relationship to other national goals and objectives Economic and Development goalsEconomic and Development goals Industry goalsIndustry goals Social goalsSocial goals Security goalsSecurity goals 10/18/1015

key elements 10/18/1016 Legal Framework Culture of Cybersecurity Incident Management Collaboration and Information Exchange Key Elements of a National Cybersecurity Strategy

objectives For each key element  A statement of policy  Identify and prioritize goals to support policy  Elaborate specific steps to reach goals 10/18/1017

Other considerations Other Considerations  Resources Budget and financingBudget and financing Equipment and technologyEquipment and technology Human capacitiesHuman capacities  Timeframes and milestones  Priorities  Reviews and reassessments 10/18/1018

Output Self-assessment provides: Input to a National Cybersecurity Strategy  A set of Findings and Recommendations With supporting documentationWith supporting documentation Reviewed by all participantsReviewed by all participants   That provide the basis for policy decisions and a program of action to address cybersecurity Promulgated at a level to ensure action by all participants 10/18/1019

Conclusion Use of a National Cyber Security Self–Assessment to produce a National Cyber Security Strategy can assist governments: Understand the existing national approachUnderstand the existing national approach Develop “baseline” on best practicesDevelop “baseline” on best practices Identify areas for attentionIdentify areas for attention Prioritize national effortsPrioritize national efforts Promote national actionPromote national action and assist with   regionally and internationally coordination and   cross border cooperation 10/18/1020

Final Observations No nation starts at ZERO No “right” answer Continual review and revision needed All “participants” must be involved   Appropriate to their roles 10/18/1021

Questions? 10/18/1022