ISACA Ireland Cyber Security Policy 9 February 2016.

Slides:



Advertisements
Similar presentations
Armand Racine Consultant Chemicals Branch
Advertisements

December 2005 EuP Directive : A Framework for setting eco-design requirements for energy-using products European Commission.
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Ex-ante conditionality – General guidance Workshop on strategic programming, monitoring and evaluation Ilse De Mecheleer, DG EMPL Madrid, 22 February 2013.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
Unit D/3 – Regulated professions
IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform
Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Regulatory Body MODIFIED Day 8 – Lecture 3.
European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
The European Railway Agency in development
A PROCUREMENT ASSESSMENT MODEL Joel Turkewitz World Bank April 2003.
ENVIRONMENTAL LIABILITY IN GREECE THE LEGAL FRAMEWORK & THE ROLE OF FINANCIAL GUARANTEES/ INSURANCE PRODUCTS TO COVER OPERATORS’ RESPONSIBILITIES UNDER.
Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Croatian Report on new Environmental Protection Law Josipa Blažević-Perušić, B.Sc. Arch. State Secretary Anita Pokrovac-Patekar, B.Sc. Pharm. Senior Environmental.
Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
Implementation of EU Electronic Communication Directives.
WORKSHOP, Nicosia 2-3rd July 2008 “Extension of SAFETY & QUALITY Common Requirements to the EMAC States” Item 3 : Regulatory Context Peter Stastny EUROCONTROL.
A project implemented by the HTSPE consortium This project is funded by the European Union SECURITY AND CITIZENS SECURITY AND CITIZENSHIP CONSUMER
The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
Approaches and Mainstreaming of Ecosystem-based Adaptation in Europe International workshop “Mainstreaming an ecosystem based approach to climate change.
SEVESO II transposition and implementation – possible approaches and lessons learned from MS/NMS SEVESO II transposition and implementation – possible.
Directorate General for Energy and Transport European Commission Directorate General for Energy and Transport Regulation of electricity markets in the.
Recommendation 2001/331/EC: Review and relation to sectoral inspection requirements Miroslav Angelov European Commission DG Environment, Unit A 1 Enforcement,
Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Regulatory Authority.
IAEA International Atomic Energy Agency School of Drafting Regulations – November 2014 Government and Regulatory Body Functions and Responsibilities IAEA.
Deregulation to the Economy and removal of Administrative Barriers, Russian Federation EuropAid/114008/C/SV/RU Setting up of national accreditation system.
International Atomic Energy Agency Roles and responsibilities for development of disposal facilities Phil Metcalf Workshop on Strategy and Methodologies.
Directorate General for Enterprise and Industry European Commission The New Legislative Framework - Market Surveillance UNECE “MARS” Group meeting Bratislava,
Andrea SERVIDA European Commission DG INFSO.A3 Update on EU policy on Network and Information Security & Critical Information.
EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.
EPHA Briefing Paper (Part 2): High Level Reflection Process on Patient Mobility in the EU - summary of final recommendations - December 2003 (See also.
Information Overview SF: Planning & Programming Workshops for EC Delegation Patrick Colgan & Ján Krištín PROGRAMMING PROCEDURES in Support of Regional.
The New Legislative Framework
Milestones for Nuclear Power Infrastructure Development Establishment of A Regulatory Framework Gustavo Caruso, Section Head, Regulatory Activities Section.
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.
SEVESO II transposition and implementation: Possible approaches and lessons learned from member states and new member states SEVESO II transposition and.
Deconstructing the EU NIS Directive: model, architecture, interfaces, expressions Tony Rutkowski, 08.
PROTECTING THE INTERESTS OF CONSUMERS OF FINANCIAL SERVICES Role of Supervisory Authorities Keynote Address to the FinCoNet Open Meeting 22 April 2016.
The Commonwealth Cybercrime Initiative David Tait, Cybercrime Policy Analyst.
Capacity Building for the implementation of the Cartagena Protocol on Biosafety by the German Development Co-operation: German Federal Ministry for Economic.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
1. Consumers, Health, Agriculture and Food Executive Agency General presentation on the Regulation (EC) No 882/2004 Providing an overview of the main.
INSPIRE and the role of Spatial Data Interest Communities (SDIC)
TRANSPORT SCIENCE: INNOVATIVE BUSINESS SOLUTIONS
ITC - ETUC European Sectoral Social Dialogue in the construction industry Werner Buelen Tel : 02/ (ext.45)
Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March
The 3rd package for the internal energy market
French Port Cybersecurity Initiative
Co-operating with the European Aviation safety Agency
PRESENTATION OF MONTENEGRO
About the NIS directive
The Security of Network and Information Systems Directive
Critical Infrastructure Protection Policy Priorities
Cyber Security coordination in Europe CERT-EU’s perspective
8 Building Blocks of National Cyber Strategies
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
Trust and Security Unit
The role of the ECCP (1) The involvement of all relevant stakeholders – public authorities, economic and social partners and civil society bodies – at.
Ofcom’s role in cyber security
The European Union response to cyber threats
Community of Users.
Outline Background: development of the Commission’s position
Presentation transcript:

ISACA Ireland Cyber Security Policy 9 February 2016

Table of Contents Context National Cyber Security Strategy European Union Proposed Network & Information Security Directive Questions Slide 2

Slide 3

Phishing Slide 4

DDoS Slide 5

Ransomware Slide 6

Web Defacement Slide 7

Slide 8 Information-Security.aspx

NCSS : Guiding Principles Rule of law Subsidiarity Risk Based Approach & Proportionality Slide 9

NCSS Objectives Slide 10 1.Critical Infrastructure – improve resilience 2.International Engagement 3.Awareness Raising 4.Effective Legal Framework to combat Cybercrime 5.Robust regulatory framework for data protection 6.Build Capacity

Key Measures 12 Measures outlined by NCSS Including…. – Establishment of NCSC as statutory body – NIS for public bodies – Relationship with 3 rd -level institutions – Education & Training – NIS Directive

National Cyber Security Centre Slide 12 Government Law Enforcement Defence Forces Academia

Cybercrime Bill Slide 13

Awareness Raising: Internet Safety Slide 14 –Professional Development Service for Teachers

Awareness Raising- Cyber Security Slide 15

Slide 17 cybersecuritymonth.eu

European Union Developing competence in cyber security since 2004 Establishment of ENISA High profile attacks –from 2007 Policy Statements on protecting infrastructure & building capabilities –from EU Cyber Security Strategy Directive on Attacks on Information Systems (2013/40/EU) Proposal for a Directive on Network & Information Security Slide 18

What is ENISA ? EU’s Cyber Security Agency Facilitator and enabler of improved co- operation Partnership approach with Member States Assists on improving cyber security capabilities Legal Basis: Regulation No. 526 of Slide 19

Network and Information Security Commission/ ENISA Network of competent authorities EP3R National CERTs NIS competent authorities Law Enforcement EC3/ Europol CEPOL Eurojust National Cybercrime Units Defence EEAS European Defence Agency National Defence and security authorities EU National Industry Academia EU Cyber Security: Roles and Responsibilities Source: European Commission

Proposed Network and Information Security Directive “measures for a high common level of security of network and information systems across the Union” Slide 21

Key Themes A high level of NIS in each MS and across the EU PREPARDNESS National capabilities PREPARDNESS National capabilities A CULTURE OF NIS ACROSS SECTORS NIS risk management culture and Public-Private cooperation A CULTURE OF NIS ACROSS SECTORS NIS risk management culture and Public-Private cooperation EU-LEVEL COOPERATION Exchange of information and coordinated reaction EU-LEVEL COOPERATION Exchange of information and coordinated reaction Source: European Commission

Scope of Directive (Annex II & Annex III) “operators of essential services” (Critical Infrastructure) –energy, transport, banking, financial market infrastructures, health sector, drinking water supply & distribution, digital infrastructure Digital Services –online/e-commerce marketplace, online search engine, cloud computing service Slide 23

State obligation to identify “operators of essential services” Criteria (Articles 3a & 3b) from Annex II essential service dependence on ICT Significant Disruptive Effect EU consistency check (Article 20a) When –initial identification within 27 months of Directive & every 2 years thereafter Slide 24

Objectives & priorities Governance framework Preparedness, response & recovery measures including co-operation between private and public sectors Education, awareness raising, training programmes Research & Development plans Risk assessment plan List of entities involved Article 5: National NIS Strategy OBLIGATION on State to adopt strategy covering scope of the Directive and make summary available to EU Commission

National Competent Authority & CSIRT (Articles 6 & 7) NCA a regulatory body –assesses industry compliance with cyber security obligations under the Directive CSIRT –Computer Security Incident Response Team – incident monitoring & handling, advice & analysis (cyber security experts) Requirements for adequate resources and appropriate facilities Slide 26

EU Cooperation (Articles 8a & 8b) Cooperation Group – Strategic Level Cooperation – Regulatory Authority Level – Capabilities, consistency, guidance CSIRT Network – Operational Level Cooperation – CSIRTs – Focused on incident related activities on a voluntary basis Slide 27

“Operators of essential services” (Article 14 obligations) – “to take.. technical and organisational measures to manage the risks posed to the security.. of … systems which they use in their operations” – “measures to prevent and minimise the impact of incidents …” – “notify incidents having a significant impact on the continuity of the essential services…” – “include information.. to determine any xborder impact” Slide 28

“Digital service providers” (Article 15a obligations) – “to identify and take.. technical and organisational measures to manage the risks posed to the security.. of … systems which they use in the context of offering services” – “measures to prevent and minimise the impact of incidents …” – “notify any incident having a substantial impact on the provision of a service…” Slide 29

Digital Service Providers –Full EU Harmonisation EU Commission regulations on security requirements, preparedness measures and on formats & procedures for reporting Jurisdiction of the State applies where the digital service provider has its main establishment in Ireland. Slide 30

Enforcement Powers (CI) National Competent Authority – the necessary powers and means to assess compliance of operators with their obligations – to have powers and means to require operators to provide information & to provide evidence of effective implementation of security policies– purpose of request to operators must be sufficiently specified – may issue binding instructions to operators Slide 31

Enforcement Powers (DSPs) National Competent Authority “to take action … through ex-post supervisory activities, when presented with evidence ….Such evidence may be submitted by a competent authority of another Member State where the service is provided.” to have powers and means to – require digital service providers to provide information needed to assess security... including documented security policies – require that digital service providers remedy any failure to fulfil the requirements laid down in Article 15a Slide 32

Other Provisions Directive without prejudice to data protection law and national security Obligation on State to preserve confidentiality of business data received and exchanged Use of recognised European & global standards to be encouraged Sanctions/penalties on industry for non- compliance Review Provisions –More EU legislation anticipated Slide 33

Indicative Timescales Directive finalised by Apr/May 2016 EU Cooperation Structures in place –Oct/Nov 2016 –EU discussion on consistency of identification of operators to commence immediately Directive Transposed into National Law (likely to be primary legislation) by Jan/Feb 2018 Operators of essential services identified by Jul/Aug 2018 Slide 34

Implementation Goals Effective implementation –meets EU Commission’s legal requirements for transposition “Light touch” –regulatory burden on business minimised Appropriate resourcing & capabilities for a secure and trustworthy computing environment in turn sustaining/facilitating business investment in the Irish digital economy Slide 35

Implementation Approach Inter-Departmental Working Group Established Government Decision to be sought on Finalisation of Directive for primary legislation Legislation to be drafted on a consultative and transparent basis involving Regulatory Impact Analysis Slide 36

Questions for ISACA Ireland Members Role of Directive – in facilitating the development of information security best practise in entities in the State? in enabling appropriate risk management and control measures ? in enabling compliance with recognised international standards? in requiring appropriately certified staff/contractors in cyber security in organisations from CISOs to incident responders? Slide 37

Questions for ISACA Ireland Members In the context of consultation Views on the required Article 5 national NIS Strategy ? Views on resourcing of the competent authority and of the national CSIRT ? Views on industry compliance and enforcement measures ? The role ISACA Ireland & its members can play in assisting the implementation of the Directive ? Slide 38

Questions ? Informal consolidated version of Directive available at: Slide 39

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.