Presentation is loading. Please wait.

Presentation is loading. Please wait.

A National approach to Cyber security/CIIP: Raising awareness.

Published byRuby Heath Modified over 9 years ago

Similar presentations

Presentation on theme: "A National approach to Cyber security/CIIP: Raising awareness."— Presentation transcript:

1 a National approach to Cyber security/CIIP: Raising awareness

2 Objectives Propose a way of thinking about Cyber Security/CIIP A FRAMEWORK Identify key elements of the FRAMEWORK and relationships among them Suggest methods for building a national consensus on FRAMEWORK and on implementation actions. 10/18/101

3 cybersecurity: Why Worry? Nation is dependent on ICTs   Economic wellbeing   National security   Social cohesion Risk is inherent in ICT use   Vulnerabilities   Threats   Interdependences Conclusion: Action is required 10/18/102

4 cybersecurity: Who’s responsible? “Government, business, other organizations, and individual users who develop, own, provide, manage, service and use information systems and networks” - UNGA Resolution 57/239 Creation of a global culture of cybersecurity   Collectively known as The Participants 10/18/103

5 Participants: What should They do? AWARENESS: Be aware of the need for security and what they can do to enhance it. RESPONSIBILITY: Review their own security policies, practices, measures an procedures regularly and assess appropriateness. RESPONSE: Act in a timely and cooperative manner to prevent, detect and respond to security incidents.   In a manner appropriate to their roles See: UNGA Res 57/239. 10/18/104

6 cybersecurity responsibility It’s SHARED All participants must be responsible Each participant must take action -- appropriate to its role in the overall system   Government has responsibility to lead 10/18/105

7 Government lead: what Does it do? 1. 1.Ensure all participants are aware of security 2. 2.Promote responsibility, and 3. 3.Assure coordinated response by participants; using   A common national vision   Policy and institutional frameworks 10/18/106

8 Government lead how? 1. 1.Conduct a national Cybersecurity Self- Assessment   Take stock 2. 2.Promulgate A National Cybersecurity Strategy   Vision for action 10/18/107

9 Cyber security scope What is meant by cybersecurity? ITU documents speak of “ Enhancing security and building confidence in the use of ICT applications”ITU documents speak of “ Enhancing security and building confidence in the use of ICT applications” UNGA resolutions 57/239 and 58/199 speak of “a culture of cyber security in the application and use of information technologies” and in the protection of critical information infrastructures.UNGA resolutions 57/239 and 58/199 speak of “a culture of cyber security in the application and use of information technologies” and in the protection of critical information infrastructures. Others speak in terms such as cyberspace, the Internet and the information society.Others speak in terms such as cyberspace, the Internet and the information society. 10/18/108

10 Cyber security scope Recognizing there is no fixed definition, a national approach to cybersecurity should include  Physical security of the information infrastructure  Virtual security, and  Human aspects of the use of ICTs, including interactions among people 10/18/109

11 Key documents UNGA Resolutions: 64-211 Taking stock of cybersecurity needs and strategies64-211 Taking stock of cybersecurity needs and strategies 58-199 Creation of a global culture of cybersecurity and the protection of critical information infrastructures58-199 Creation of a global culture of cybersecurity and the protection of critical information infrastructures 57-239 Creation of a global culture of cybersecurity57-239 Creation of a global culture of cybersecurity 56-121 Combating the criminal misuse of information technologies56-121 Combating the criminal misuse of information technologies 55-63 Combating the criminal misuse of information technologies55-63 Combating the criminal misuse of information technologies See: http://www.un.org/documents/resga.htm 10/18/1010

12 Key documents ITU National Cybersecurity/CIIP Self-Assessment Tool ITU Q.22/1 Report On Best Practices For A National Approach To Cybersecurity: Building Blocks For Organizing National Cybersecurity Efforts ITU Cybercrime Resources: ITU Cybercrime Resources: ITU Toolkit For Cybercrime LegislationITU Toolkit For Cybercrime Legislation ITU Publication on Understanding Cybercrime – A Guide for Developing CountriesITU Publication on Understanding Cybercrime – A Guide for Developing Countries See: http://www.itu.int/ITU-D/cyb/cybersecurity/index.html 10/18/1011

13 Take Stock Self-Assessment - What is it? An identification and evaluation of existing national approach to cyber security.An identification and evaluation of existing national approach to cyber security.  Policies  Procedures  Mechanisms  Norms  Institutions  Relationships What are we doing?What are we doing? What should we be doing?What should we be doing? Input for a National Cybersecurity StrategyInput for a National Cybersecurity Strategy 10/18/1012

14 Vision National Strategy - What is it? A Policy Document that Provides a National Vision:  Outlines the case for national action  Identifies participants and their roles  Elaborates organizational responsibilities  Establishes policy and operational structures  Addresses key elements of cybersecurity  Lays out a plan of action 10/18/1013

15 Getting Started The AudienceThe Audience  Who are they?  What is their level of awareness and response?  What decisions already taken? The ParticipantsThe Participants  Those entities and persons who Will prepare and comment on the Self-Assessment and the National Strategy,Will prepare and comment on the Self-Assessment and the National Strategy, Will implement the National StrategyWill implement the National Strategy  They come from GovernmentGovernment Business and IndustryBusiness and Industry AcademiaAcademia Civil SocietyCivil Society 10/18/1014

16 Getting Started The Case for ActionThe Case for Action  Role of ICTs in the nation  Vulnerabilities and threats  Risks to be managed The stage for Cybersecurity:The stage for Cybersecurity:  Relationship to other national goals and objectives Economic and Development goalsEconomic and Development goals Industry goalsIndustry goals Social goalsSocial goals Security goalsSecurity goals 10/18/1015

17 key elements 10/18/1016 Legal Framework Culture of Cybersecurity Incident Management Collaboration and Information Exchange Key Elements of a National Cybersecurity Strategy

18 objectives For each key element  A statement of policy  Identify and prioritize goals to support policy  Elaborate specific steps to reach goals 10/18/1017

19 Other considerations Other Considerations  Resources Budget and financingBudget and financing Equipment and technologyEquipment and technology Human capacitiesHuman capacities  Timeframes and milestones  Priorities  Reviews and reassessments 10/18/1018

20 Output Self-assessment provides: Input to a National Cybersecurity Strategy  A set of Findings and Recommendations With supporting documentationWith supporting documentation Reviewed by all participantsReviewed by all participants   That provide the basis for policy decisions and a program of action to address cybersecurity Promulgated at a level to ensure action by all participants 10/18/1019

21 Conclusion Use of a National Cyber Security Self–Assessment to produce a National Cyber Security Strategy can assist governments: Understand the existing national approachUnderstand the existing national approach Develop “baseline” on best practicesDevelop “baseline” on best practices Identify areas for attentionIdentify areas for attention Prioritize national effortsPrioritize national efforts Promote national actionPromote national action and assist with   regionally and internationally coordination and   cross border cooperation 10/18/1020

22 Final Observations No nation starts at ZERO No “right” answer Continual review and revision needed All “participants” must be involved   Appropriate to their roles 10/18/1021

23 Questions? 10/18/1022

Download ppt "A National approach to Cyber security/CIIP: Raising awareness."

Similar presentations

Thematic Discussion on Human Rights & Resolution 1373 Counter-Terrorism Committee Executive Directorate (CTED) United Nations New York, 7 October 2010.

Thematic Discussion on Human Rights & Resolution 1373 Counter-Terrorism Committee Executive Directorate (CTED) United Nations New York, 7 October 2010.
Its a new digital world with new digital dangers….

Its a new digital world with new digital dangers….
Disaster Risk Reduction and Governance. Ron Cadribo.

Disaster Risk Reduction and Governance. Ron Cadribo.
Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.

Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.

International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.
Consultative Meeting on Strengthening Partnerships with National Rapporteurs on Trafficking in Persons and Equivalent Mechanisms 23-24 May 2013.

Consultative Meeting on Strengthening Partnerships with National Rapporteurs on Trafficking in Persons and Equivalent Mechanisms May 2013.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.

INTERNATIONAL UNION FOR CONSERVATION OF NATURE. 2 Implemented in 12 countries of Africa, Asia, Latin America and the Middle East, through IUCN regional.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.

Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]

National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.

James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
National Cybersecurity Management System

National Cybersecurity Management System
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
Overview of Early Warning system and the role of National Meteorological and Hydrological services Please use this template to guide the development of.

Overview of Early Warning system and the role of National Meteorological and Hydrological services Please use this template to guide the development of.
Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.

Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.

Similar presentations

Ads by Google