Presentation is loading. Please wait.

Presentation is loading. Please wait.

ISACA Ireland Cyber Security Policy 9 February 2016.

Published byHorace Golden Modified over 9 years ago

Similar presentations

Presentation on theme: "ISACA Ireland Cyber Security Policy 9 February 2016."— Presentation transcript:

1 ISACA Ireland Cyber Security Policy 9 February 2016

2 Table of Contents Context National Cyber Security Strategy European Union Proposed Network & Information Security Directive Questions Slide 2

3 Slide 3

4 Phishing Slide 4

5 DDoS Slide 5

6 Ransomware Slide 6

7 Web Defacement Slide 7

8 Slide 8 http://www.dcenr.gov.ie/communications/en-ie/Internet-Policy/Pages/Network-and- Information-Security.aspx

9 NCSS 2015-2017: Guiding Principles Rule of law Subsidiarity Risk Based Approach & Proportionality Slide 9

10 NCSS Objectives Slide 10 1.Critical Infrastructure – improve resilience 2.International Engagement 3.Awareness Raising 4.Effective Legal Framework to combat Cybercrime 5.Robust regulatory framework for data protection 6.Build Capacity

11 Key Measures 12 Measures outlined by NCSS Including…. – Establishment of NCSC as statutory body – NIS for public bodies – Relationship with 3 rd -level institutions – Education & Training – NIS Directive

12 National Cyber Security Centre Slide 12 Government Law Enforcement Defence Forces Academia

13 Cybercrime Bill Slide 13

14 Awareness Raising: Internet Safety Slide 14 www.saferinternetday.iewww.saferinternetday.ie –Professional Development Service for Teachers www.pdst.ie

15 Awareness Raising- Cyber Security http://makeITsecure.org https://cybersecuritymonth.eu Slide 15

16 www.makeITsecure.ie

17 Slide 17 cybersecuritymonth.eu

18 European Union Developing competence in cyber security since 2004 Establishment of ENISA High profile attacks –from 2007 Policy Statements on protecting infrastructure & building capabilities –from 2009 2013 EU Cyber Security Strategy Directive on Attacks on Information Systems (2013/40/EU) Proposal for a Directive on Network & Information Security Slide 18

19 What is ENISA ? EU’s Cyber Security Agency Facilitator and enabler of improved co- operation Partnership approach with Member States Assists on improving cyber security capabilities Legal Basis: Regulation No. 526 of 2013 https://www.enisa.europa.eu/about-enisa Slide 19

20 Network and Information Security Commission/ ENISA Network of competent authorities EP3R National CERTs NIS competent authorities Law Enforcement EC3/ Europol CEPOL Eurojust National Cybercrime Units Defence EEAS European Defence Agency National Defence and security authorities EU National Industry Academia EU Cyber Security: Roles and Responsibilities Source: European Commission

21 Proposed Network and Information Security Directive “measures for a high common level of security of network and information systems across the Union” Slide 21

22 Key Themes A high level of NIS in each MS and across the EU PREPARDNESS National capabilities PREPARDNESS National capabilities A CULTURE OF NIS ACROSS SECTORS NIS risk management culture and Public-Private cooperation A CULTURE OF NIS ACROSS SECTORS NIS risk management culture and Public-Private cooperation EU-LEVEL COOPERATION Exchange of information and coordinated reaction EU-LEVEL COOPERATION Exchange of information and coordinated reaction Source: European Commission

23 Scope of Directive (Annex II & Annex III) “operators of essential services” (Critical Infrastructure) –energy, transport, banking, financial market infrastructures, health sector, drinking water supply & distribution, digital infrastructure Digital Services –online/e-commerce marketplace, online search engine, cloud computing service Slide 23

24 State obligation to identify “operators of essential services” Criteria (Articles 3a & 3b) from Annex II essential service dependence on ICT Significant Disruptive Effect EU consistency check (Article 20a) When –initial identification within 27 months of Directive & every 2 years thereafter Slide 24

25 Objectives & priorities Governance framework Preparedness, response & recovery measures including co-operation between private and public sectors Education, awareness raising, training programmes Research & Development plans Risk assessment plan List of entities involved Article 5: National NIS Strategy OBLIGATION on State to adopt strategy covering scope of the Directive and make summary available to EU Commission

26 National Competent Authority & CSIRT (Articles 6 & 7) NCA a regulatory body –assesses industry compliance with cyber security obligations under the Directive CSIRT –Computer Security Incident Response Team – incident monitoring & handling, advice & analysis (cyber security experts) Requirements for adequate resources and appropriate facilities Slide 26

27 EU Cooperation (Articles 8a & 8b) Cooperation Group – Strategic Level Cooperation – Regulatory Authority Level – Capabilities, consistency, guidance CSIRT Network – Operational Level Cooperation – CSIRTs – Focused on incident related activities on a voluntary basis Slide 27

28 “Operators of essential services” (Article 14 obligations) – “to take.. technical and organisational measures to manage the risks posed to the security.. of … systems which they use in their operations” – “measures to prevent and minimise the impact of incidents …” – “notify incidents having a significant impact on the continuity of the essential services…” – “include information.. to determine any xborder impact” Slide 28

29 “Digital service providers” (Article 15a obligations) – “to identify and take.. technical and organisational measures to manage the risks posed to the security.. of … systems which they use in the context of offering services” – “measures to prevent and minimise the impact of incidents …” – “notify any incident having a substantial impact on the provision of a service…” Slide 29

30 Digital Service Providers –Full EU Harmonisation EU Commission regulations on security requirements, preparedness measures and on formats & procedures for reporting Jurisdiction of the State applies where the digital service provider has its main establishment in Ireland. Slide 30

31 Enforcement Powers (CI) National Competent Authority – the necessary powers and means to assess compliance of operators with their obligations – to have powers and means to require operators to provide information & to provide evidence of effective implementation of security policies– purpose of request to operators must be sufficiently specified – may issue binding instructions to operators Slide 31

32 Enforcement Powers (DSPs) National Competent Authority “to take action … through ex-post supervisory activities, when presented with evidence ….Such evidence may be submitted by a competent authority of another Member State where the service is provided.” to have powers and means to – require digital service providers to provide information needed to assess security... including documented security policies – require that digital service providers remedy any failure to fulfil the requirements laid down in Article 15a Slide 32

33 Other Provisions Directive without prejudice to data protection law and national security Obligation on State to preserve confidentiality of business data received and exchanged Use of recognised European & global standards to be encouraged Sanctions/penalties on industry for non- compliance Review Provisions –More EU legislation anticipated Slide 33

34 Indicative Timescales Directive finalised by Apr/May 2016 EU Cooperation Structures in place –Oct/Nov 2016 –EU discussion on consistency of identification of operators to commence immediately Directive Transposed into National Law (likely to be primary legislation) by Jan/Feb 2018 Operators of essential services identified by Jul/Aug 2018 Slide 34

35 Implementation Goals Effective implementation –meets EU Commission’s legal requirements for transposition “Light touch” –regulatory burden on business minimised Appropriate resourcing & capabilities for a secure and trustworthy computing environment in turn sustaining/facilitating business investment in the Irish digital economy Slide 35

36 Implementation Approach Inter-Departmental Working Group Established Government Decision to be sought on Finalisation of Directive for primary legislation Legislation to be drafted on a consultative and transparent basis involving Regulatory Impact Analysis Slide 36

37 Questions for ISACA Ireland Members Role of Directive – in facilitating the development of information security best practise in entities in the State? in enabling appropriate risk management and control measures ? in enabling compliance with recognised international standards? in requiring appropriately certified staff/contractors in cyber security in organisations from CISOs to incident responders? Slide 37

38 Questions for ISACA Ireland Members In the context of consultation Views on the required Article 5 national NIS Strategy ? Views on resourcing of the competent authority and of the national CSIRT ? Views on industry compliance and enforcement measures ? The role ISACA Ireland & its members can play in assisting the implementation of the Directive ? Slide 38

39 Questions ? Informal consolidated version of Directive available at: http://data.consilium.europa.eu/doc/document/ST-15229-2015-REV-2/en/pdf http://data.consilium.europa.eu/doc/document/ST-15229-2015-REV-2/en/pdf Slide 39

Download ppt "ISACA Ireland Cyber Security Policy 9 February 2016."

Similar presentations

Armand Racine Consultant Chemicals Branch

Armand Racine Consultant Chemicals Branch
December 2005 EuP Directive : A Framework for setting eco-design requirements for energy-using products European Commission.

December 2005 EuP Directive : A Framework for setting eco-design requirements for energy-using products European Commission.
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
Ex-ante conditionality – General guidance Workshop on strategic programming, monitoring and evaluation Ilse De Mecheleer, DG EMPL Madrid, 22 February 2013.

Ex-ante conditionality – General guidance Workshop on strategic programming, monitoring and evaluation Ilse De Mecheleer, DG EMPL Madrid, 22 February 2013.
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels

ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
Unit D/3 – Regulated professions

Unit D/3 – Regulated professions
IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.

IAEA International Atomic Energy Agency. IAEA Outline Learning objectives Introduction Functions of Regulatory Body (RB) on EPR Appraisal guidance: Part.
Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.

Data-Sharing and Governance Consultation ANALYSIS OF RESPONSES.
Strategy and Policy Unit: Current Activities and Future Tasks

Strategy and Policy Unit: Current Activities and Future Tasks
NIS Directive and NIS Platform

NIS Directive and NIS Platform
Geneva, Switzerland, 15-16 September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.

Geneva, Switzerland, September 2014 ENISA role in ICT standardization Sławomir Górniak, ENISA ITU Workshop on “ICT.
Regulatory Body MODIFIED Day 8 – Lecture 3.

Regulatory Body MODIFIED Day 8 – Lecture 3.
Www.enisa.europa.eu European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.

European Union Agency for Network and Information Security Follow ENISA: ENISA and standards Sławomir Górniak European Union Agency.
The European Railway Agency in development

The European Railway Agency in development
A PROCUREMENT ASSESSMENT MODEL Joel Turkewitz World Bank April 2003.

A PROCUREMENT ASSESSMENT MODEL Joel Turkewitz World Bank April 2003.
ENVIRONMENTAL LIABILITY IN GREECE THE LEGAL FRAMEWORK & THE ROLE OF FINANCIAL GUARANTEES/ INSURANCE PRODUCTS TO COVER OPERATORS’ RESPONSIBILITIES UNDER.

ENVIRONMENTAL LIABILITY IN GREECE THE LEGAL FRAMEWORK & THE ROLE OF FINANCIAL GUARANTEES/ INSURANCE PRODUCTS TO COVER OPERATORS’ RESPONSIBILITIES UNDER.
Isdefe ISXXXX-090000-1XX 5.10.2010 Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.

Isdefe ISXXXX XX Your best ally Panel: Future scenarios for European critical infrastructures protection Carlos Martí Sempere. Essen.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Croatian Report on new Environmental Protection Law Josipa Blažević-Perušić, B.Sc. Arch. State Secretary Anita Pokrovac-Patekar, B.Sc. Pharm. Senior Environmental.

Croatian Report on new Environmental Protection Law Josipa Blažević-Perušić, B.Sc. Arch. State Secretary Anita Pokrovac-Patekar, B.Sc. Pharm. Senior Environmental.
Australia Cybercrime Capacity Building Conference 27-28 April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.

Similar presentations

Ads by Google