a National approach to Cyber security/CIIP: Raising awareness - PowerPoint PPT Presentation

1 / 23
About This Presentation
Title:

a National approach to Cyber security/CIIP: Raising awareness

Description:

Raising awareness * * * * * * * * * * * * * * * * * * * * * * * * * * * Objectives Propose a way of thinking about Cyber Security/CIIP A FRAMEWORK Identify key ... – PowerPoint PPT presentation

Number of Views:331
Avg rating:3.0/5.0
Slides: 24
Provided by: JosephRi
Category:

less

Transcript and Presenter's Notes

Title: a National approach to Cyber security/CIIP: Raising awareness


1
a National approach to Cyber security/CIIP
Raising awareness
  • Presented to
  • Workshop on Capacity Building for Computer
    Emergency Readiness Team (CERT) for Africa
  • November 1-2, 2010
  • By Joseph Richardson
  • Senior Fellow, GMU-ICC

2
Objectives
  • Propose a way of thinking about Cyber
    Security/CIIP
  • A FRAMEWORK
  • Identify key elements of the FRAMEWORK and
    relationships among them
  • Suggest methods for building a national consensus
    on FRAMEWORK and on implementation actions.

3
cybersecurityWhy Worry?
  • Nation is dependent on ICTs
  • Economic wellbeing
  • National security
  • Social cohesion
  • Risk is inherent in ICT use
  • Vulnerabilities
  • Threats
  • Interdependences
  • Conclusion Action is required

4
cybersecurityWhos responsible?
  • Government, business, other organizations, and
    individual users who develop, own, provide,
    manage, service and use information systems and
    networks
  • - UNGA Resolution 57/239 Creation of a global
    culture of cybersecurity
  • Collectively known as The Participants

5
ParticipantsWhat should They do?
  • AWARENESS Be aware of the need for security and
    what they can do to enhance it.
  • RESPONSIBILITY Review their own security
    policies, practices, measures an procedures
    regularly and assess appropriateness.
  • RESPONSE Act in a timely and cooperative manner
    to prevent, detect and respond to security
    incidents.
  • In a manner appropriate to their roles
  • See UNGA Res 57/239.

6
cybersecurityresponsibility
  • Its SHARED
  • All participants must be responsible
  • Each participant must take action -- appropriate
    to its role in the overall system
  • Government has responsibility to lead

7
Government lead what Does it do?
  • Ensure all participants are aware of security
  • Promote responsibility, and
  • Assure coordinated response by participants
    using
  • A common national vision
  • Policy and institutional frameworks

8
Government lead how?
  • Conduct a national Cybersecurity Self-Assessment
  • Take stock
  • Promulgate A National Cybersecurity Strategy
  • Vision for action

9
Cyber securityscope
  • What is meant by cybersecurity?
  • ITU documents speak of Enhancing security and
    building confidence in the use of ICT
    applications
  • UNGA resolutions 57/239 and 58/199 speak of a
    culture of cyber security in the application and
    use of information technologies and in the
    protection of critical information
    infrastructures.
  • Others speak in terms such as cyberspace, the
    Internet and the information society.

10
Cyber securityscope
  • Recognizing there is no fixed definition, a
    national approach to cybersecurity should include
  • Physical security of the information
    infrastructure
  • Virtual security, and
  • Human aspects of the use of ICTs, including
    interactions among people

11
Key documents
  • UNGA Resolutions
  • 64-211 Taking stock of cybersecurity needs and
    strategies
  • 58-199 Creation of a global culture of
    cybersecurity and the protection of critical
    information infrastructures
  • 57-239 Creation of a global culture of
    cybersecurity
  • 56-121 Combating the criminal misuse of
    information technologies
  • 55-63 Combating the criminal misuse of
    information technologies
  • See http//www.un.org/documents/resga.htm

12
Key documents
  • ITU National Cybersecurity/CIIP Self-Assessment
    Tool
  • ITU Q.22/1 Report On Best Practices For A
    National Approach To Cybersecurity Building
    Blocks For Organizing National Cybersecurity
    Efforts
  • ITU Cybercrime Resources 
  • ITU Toolkit For Cybercrime Legislation
  • ITU Publication on Understanding Cybercrime A
    Guide for Developing Countries
  • See http//www.itu.int/ITU-D/cyb/cybersecurity/in
    dex.html

13
Take Stock Self-Assessment - What is it?
  • An identification and evaluation of existing
    national approach to cyber security.
  • Policies
  • Procedures
  • Mechanisms
  • Norms
  • Institutions
  • Relationships
  • What are we doing?
  • What should we be doing?
  • Input for a National Cybersecurity Strategy

14
VisionNational Strategy - What is it?
  • A Policy Document that Provides a National
    Vision
  • Outlines the case for national action
  • Identifies participants and their roles
  • Elaborates organizational responsibilities
  • Establishes policy and operational structures
  • Addresses key elements of cybersecurity
  • Lays out a plan of action

15
Getting Started
  • The Audience
  • Who are they?
  • What is their level of awareness and response?
  • What decisions already taken?
  • The Participants
  • Those entities and persons who
  • Will prepare and comment on the Self-Assessment
    and the National Strategy,
  • Will implement the National Strategy
  • They come from
  • Government
  • Business and Industry
  • Academia
  • Civil Society

16
Getting Started
  • The Case for Action
  • Role of ICTs in the nation
  • Vulnerabilities and threats
  • Risks to be managed
  • The stage for Cybersecurity
  • Relationship to other national goals and
    objectives
  • Economic and Development goals
  • Industry goals
  • Social goals
  • Security goals

17
key elements
Legal Framework
Culture ofCybersecurity
IncidentManagement
Collaboration and Information Exchange
Key Elements of a National Cybersecurity Strategy
18
objectives
  • For each key element
  • A statement of policy
  • Identify and prioritize goals to support policy
  • Elaborate specific steps to reach goals

19
Other considerations
  • Other Considerations
  • Resources
  • Budget and financing
  • Equipment and technology
  • Human capacities
  • Timeframes and milestones
  • Priorities
  • Reviews and reassessments

20
Output
  • Self-assessment provides Input to a National
    Cybersecurity Strategy
  • A set of Findings and Recommendations
  • With supporting documentation
  • Reviewed by all participants
  • That provide the basis for policy decisions and a
    program of action to address cybersecurity
  • Promulgated at a level to ensure action by all
    participants

21
Conclusion
  • Use of a National Cyber Security SelfAssessment
    to produce a National Cyber Security Strategy can
    assist governments
  • Understand the existing national approach
  • Develop baseline on best practices
  • Identify areas for attention
  • Prioritize national efforts
  • Promote national action
  • and assist with
  • regionally and internationally coordination and
  • cross border cooperation

22
Final Observations
  • No nation starts at ZERO
  • No right answer
  • Continual review and revision needed
  • All participants must be involved
  • Appropriate to their roles

23
Questions?
  • Joseph Richardson
  • Senior Fellow
  • GMU-ICC
Write a Comment
User Comments (0)
About PowerShow.com