ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines.

Slides:



Advertisements
Similar presentations
Module N° 4 – ICAO SSP framework
Advertisements

4 th Meeting of the EC International Dialogue on Bioethics Copenhagen, June 19 th, 2012 Large research and medical databases in clinical and research multi-centred.
Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.
PRESENTATION ON MONDAY 7 TH AUGUST, 2006 BY SUDHIR VARMA FCA; CIA(USA) FOR THE INSTITUTE OF INTERNAL AUDITORS – INDIA, DELHI CHAPTER.
USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.
RESPONSIBLE BUSINESS MATTERS Sustainable Development, Inclusive Growth and the OECD Guidelines for Multinational Enterprises CSR Summit 2014 April 15,
Wade E. Kline, AICP Community Development Planner.
TECHNICAL VOCATIONAL EDUCATIONAL AND TRAINING COLLEGES AN INTRODUCTION TO THE IMPEMENTATION OF A COMPLIANT RISK MANAGEMENT PROCESS July 2014.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Meeting with IESBA CPAB Update Glenn Fagan and Kam Grewal April 7, 2014.
National Infrastructure Protection Plan
Ethics CS-480b Network Security Dick Steflik. ACM Code of Ethics This Code, consisting of 24 imperatives formulated as statements of personal responsibility,
Intangible Cultural Heritage Section
©Ian Sommerville 2004Software Engineering, 7th edition. Chapter 1 Slide 1 An Introduction to Software Engineering.
1 Pertemuan 19 Organisational Back Up Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Computer Security: Principles and Practice
SE 112 Slide 1 SE 112 l
Stephen S. Yau CSE , Fall Security Strategies.
National Cybersecurity Management System
UK Office for Security & Counter Terrorism Future threats and the potential role of the CBRN Action plan in supporting the BTWC Dr Catherine Terry International.
Trinidad & Tobago Corporate Governance Code 2013
Session 3 – Information Security Policies
Session 3 - Plenary on implementing Principle 1 on an Explicit Policy on Regulatory Quality, Principle 3 on Regulatory Oversight, and Principle 6 on Reviewing.
Information Systems Controls for System Reliability -Information Security-
Control environment and control activities. Day II Session III and IV.
1 May 2006 … Identity management - Internet - Data controller - PKI - Vulnerabilities - Fingerprint - Critical Information Infrastructure - Privacy and.
Resiliency Rules: 7 Steps for Critical Infrastructure Protection.
ICTS and VIOLENCE AGAINST CHILDREN: MINIMISING RISKS AND RELEASING POTENTIAL EXPERT CONSULTATION Costa Rica, 9-10 June 2014 Renato Leite Monteiro Council.
A Common Immigration Policy for Europe Principles, actions and tools June 2008.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Key Elements of Legislation For Disaster Risk Reduction Second Meeting of Asian Advisory Group of Parliamentarians for DRR 5-7 February, 2014, Vientiane,
Principles of good practice Jana Kunická Community Philanthropy Initiative Coordinator European Foundation Centre.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
A General Overview of Information Security Senior advisor Mona Naomi Lintvedt
1 An Introduction to Software Engineering. 2 Objectives l To introduce software engineering and to explain its importance l To set out the answers to.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
City of Tshwane GDS August Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme.
Coordination and Net Working on DRR Rapid Emergency Assessment and Coordination Team (REACT) Bishkek November, 2009.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
A National approach to Cyber security/CIIP: Raising awareness.
3 rd meeting of the DAC Joint Venture on Procurement, Tanzania, 6 May 2008 Draft OECD Recommendation on Enhancing Integrity in Public Procurement Elodie.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.
Roadmap For An Effective Compliance And Ethics Program The Top Ten Things the Board Must Know [Name of Presenter] [Title] [Date]
ENISA efforts for securing European Internet Infrastructure
Durban, South Africa, 8 July 2013 Outcome of WTSA-12 on spam Xiaoya Yang, Head, WTSA Programmes Division ITU-TSB ITU Workshop on “Countering.
Policies and Procedures for Civil Society Participation in GEF Programme and Projects presented by GEF NGO Network ECW.
DEVELOPMENT COOPERATION FRAMEWORK Presentation by Ministry of Finance 10 December 2013.
, 27 July 2005 World Bank Washington DC, 27 July 2005 Markus Kummer Executive Coordinator Secretariat of the Working Group on Internet Governance
A project implemented by the HTSPE consortium This project is funded by the European Union SECURITY AND CITIZENSHIP RIGHT AND CITIZENSHIP
“Participation is a Goal, not just a Means, in NFPs.” Margaret A. Shannon, Ph.D. COST Action E-19 Vienna, September 15, 2003.
AUSTRALIA. A National Strategy for Enhancing the Safety and Security of our Food Supply ที่มา : We pride ourselves on our high safety and security standards.
Future needs for capacity building and recommendations to the OIE Dr Sarah Kahn Consultant to the OIE
The NIST Special Publications for Security Management By: Waylon Coulter.
Organizations of all types and sizes face a range of risks that can affect the achievement of their objectives. Organization's activities Strategic initiatives.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
International Standards of Supreme Audit Institutions (ISSAIs) Jennifer Thomson Director OPSPF & Chief Financial Management Officer World Bank.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
SUNY Maritime Internal Control Program. New York State Internal Control Act of 1987 Establish and maintain guidelines for a system of internal controls.
Principles Identified - UK DfT -
Suggestion for Summarizing Process of the Principles
An Introduction to Software Engineering
Gender statistics in Information and Communication Technology for Women’s Empowerment and Gender Equality Dorothy Okello, Annual.
GENDER STATISTICS IN INFORMATION AND COMMUNICATION
The GEF Public Involvement Policy
CS-480b Network Security Dick Steflik
Presentation transcript:

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 1 The content is based on New OECD Guidelines for the Security of Information Systems and Networks Abdelfattah ABUQAYYAS CoE/ARB Coordinator ITU - BDT TOWARDS A CULTURE OF SECURITY

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 2 Backgrounds Considering the growing role of the Internet in today's society, technology convergence and, in particular, the increasing network interconnection, information systems are more vulnerable than ever before and are exposed to a growing number of threats. ICTs raise new challenges for security, and new concerns are being addressed by several national and international entities  ITU: "In a world of intertwined global networks, is there a need for a coordinated, sustained, and institutionalized approach to protecting critical network infrastructures?"  OECD: "For global networks to be trustworthy, infrastructures and services must be reliable, transactions must be secure and private, and personal data must be effectively protected"

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 3 Backgrounds  Threats and incidents on the Internet are increasing  For the purpose of preventing threats and incidents, many people are in the spotlight of the role of communications standardization  ITU-T attaches importance to security

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 4 Participants  Guidelines (PRINCIPLES) apply to all participants: governments, businesses, other organizations and individual users who develop, own, provide, manage service and use information systems and networks  PRINCIPLES: The following nine principles are complementary and should be read as a whole. They concern participants at all levels, including policy and operational levels. Under these Guidelines, the responsibilities of participants vary according to their roles. All participants will be aided by awareness, education, information sharing and training that can lead to adoption of better security understanding and practices. Efforts to enhance the security of information systems and networks should be consistent with the values of a democratic society, particularly the need for an open and free flow of information and basic concerns for personal privacy

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 5 PRINCIPLES 1.Awareness 2.Responsibility 3.Response 4.Ethics 5.Democracy 6.Risk assessment 7.Security design and implementation 8.Security management 9.Reassessment

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 6 Awareness 1.Awareness: Participants should be aware of the need for security of information systems and networks and what they can do to enhance security  Awareness of the risks and available safeguards is the first line of defense for the security of information systems and networks. Information systems and networks can be affected by both internal and external risks. Participants should understand that security failures may significantly harm systems and networks under their control. They should also be aware of the potential harm to others arising from interconnectivity and interdependency. Participants should be aware of the configuration of, and available updates for, their system, its place within networks, good practices that they can implement to enhance security, and the needs of other participants.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 7 Responsibility 2.Responsibility: All participants are responsible for the security of information systems and networks  Participants depend upon interconnected local and global information systems and networks and should understand their responsibility for the security of those information systems and networks. They should be accountable in a manner appropriate to their individual roles. Participants should review their own policies, practices, measures, and procedures regularly and assess whether these are appropriate to their environment. Those who develop, design and supply products and services should address system and network security and distribute appropriate information including updates in a timely manner so that users are better able to understand the security functionality of products and services and their responsibilities related to security

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 8 Response 3.Response: Participants should act in a timely and co-operative manner to prevent, detect and respond to security incidents  Recognizing the interconnectivity of information systems and networks and the potential for rapid and widespread damage, participants should act in a timely and co-operative manner to address security incidents. They should share information about threats and vulnerabilities, as appropriate, and implement procedures for rapid and effective co-operation to prevent, detect and respond to security incidents. Where permissible, this may involve cross-border information sharing and co-operation

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 9 Ethics Democracy 4.Ethics: Participants should respect the legitimate interests of others  Given the pervasiveness of information systems and networks in our societies, participants need to recognize that their action or inaction may harm others. Ethical conduct is therefore crucial and participants should strive to develop and adopt best practices and to promote conduct that recognizes security needs and respects the legitimate interests of others 5.Democracy: The security of information systems and networks should be compatible with essential values of a democratic society  Security should be implemented in a manner consistent with the values recognized by democratic societies including the freedom to exchange thoughts and ideas, the free flow of information, the confidentiality of information and communication, the appropriate protection of personal information, openness and transparency

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 10 Risk assessment 6.Risk assessment: Participants should conduct risk assessments  Risk assessment identifies threats and vulnerabilities and should be sufficiently broad-based to encompass key internal and external factors, such as technology, physical and human factors, policies and third-party services with security implications. Risk assessment will allow determination of the acceptable level of risk and assist the selection of appropriate controls to manage the risk of potential harm to information systems and networks in light of the nature and importance of the information to be protected. Because of the growing interconnectivity of information systems, risk assessment should include consideration of the potential harm that may originate from others or be caused to others

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 11 Security design and implementation 7.Security design and implementation: Participants should incorporate security as an essential element of information systems and networks  Systems, networks and policies need to be properly designed, implemented and coordinated to optimize security. A major, but not exclusive, focus of this effort is the design and adoption of appropriate safeguards and solutions to avoid or limit potential harm from identified threats and vulnerabilities. Both technical and non-technical safeguards and solutions are required and should be proportionate to the value of the information on the organization's systems and networks. Security should be a fundamental element of all products, services, systems and networks, and an integral part of system design and architecture. For end users, security design and implementation consists largely of selecting and configuring products and services for their system

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 12 Security management 8.Security management: Participants should adopt a comprehensive approach to security management  Security management should be based on risk assessment and should be dynamic, encompassing all levels of participants’ activities and all aspects of their operations. It should include forward-looking responses to emerging threats and address prevention, detection and response to incidents, systems recovery, ongoing maintenance, review and audit. Information system and network security policies, practices, measures and procedures should be coordinated and integrated to create a coherent system of security. The requirements of security management depend upon the level of involvement, the role of the participant, the risk involved and system requirements

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 13 Reassessment 9.Reassessment: Participants should review and reassess the security of information systems and networks, and make appropriate modifications to security policies, practices, measures and procedures  New and changing threats and vulnerabilities are continuously discovered. Participants should continually review, reassess and modify all aspects of security to deal with these evolving risks

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 14 AIMS  These Guidelines aim to:  Promote a culture of security among all participants as a means of protecting information systems and networks.  Raise awareness about the risk to information systems and networks; the policies, practices, measures and procedures available to address those risks; and the need for their adoption and implementation.  Foster greater confidence among all participants in information systems and networks and the way in which they are provided and used.  Create a general frame of reference that will help participants understand security issues and respect values in the development and implementation of coherent policies, practices, measures and procedures for the security of information systems and networks.  Promote cooperation and information sharing, as appropriate, among all participants in the development and implementation of security policies, practices, measures and procedures.  Promote the consideration of security as an important objective among all participants involved in the development or implementation of standards.

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 15 Recommendations  OECD  RCOMMENDS these Guidelines to governments, businesses, other organizations and individual users who develop, own, provide, manage, service, and use information systems and networks;  RECOMMENDS that Member countries to establish new, or amend existing, policies, practices, measures and procedures to reflect and take into account the Guidelines by adopting and promoting a culture of security as set out in the Guidelines;  Consult, coordinate and cooperate at national and international levels to implement the Guidelines;  Disseminate the Guidelines throughout the public and private sectors, including to governments, business, other organizations, and individual users to promote a culture of security, and to encourage all concerned parties to be responsible and to take necessary steps to implement the Guidelines in a manner appropriate to their individual roles;  Make the Guidelines available to non-member countries in a timely and appropriate manner;  Review the Guidelines every five years so as to foster international co- operation on issues relating to the security of information systems and networks

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 16 Implementation  Governments:  promote a culture of security through education, training and awareness-raising activities.  establish a new policy or amend existing policy with regard to the protection of information systems and networks, according to the nine principles  attach great importance to the security of their systems and set a good example  research and development of technology for security  Business Sector:  suppliers of services and products should bring to market secure services and products  supply timely and pertinent security information, such as “security ‑ hole” patches and virus protection updates to users.  research and development of technology for security  information sharing on security among private sector as well as with the government sector.  attach great importance to the protection of the security of these systems

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 17 Implementation  Individual users:  need to be aware of potential security risks and the available safeguards for their systems.  need to be responsible for maintaining the security of their systems. For example, they need to update their systems and software regularly or understand and implement common security practices  need to be instructed and supported by both government and business, where appropriate  Other Organizations:  Organisations that are involved in standard setting should treat security as one of their highest priorities in making and implementing new and existing standards.  Organisations that are involved with usage of information systems and networks should promote the culture of security among different user groups. For example, security and appropriate usage should be an integral part of the computer education programmes

ITU CoE/ARB 11 th Annual Meeting of the Arab Network for Human Resources 16 – 18 December 2003; Khartoum - Sudan 18 Thank You TOWARDS A CULTURE OF SECURITY

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.