Public Private Partnerships and National Input to International Cyber Security
|
|
- Coleen McCarthy
- 8 years ago
- Views:
Transcription
1 Public Private Partnerships and National Input to International Cyber Security 10 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia. U.S.A.
2 CIP and National Inputs Law Organization Strategy / Policy Breakout Sessions
3 Sample* Areas of Law Security Regulations by Industry / Sector Information Sharing (Open Government, Privacy) Antitrust / Competition Criminal Law Tort Law Private Ordering (Contracts) National Security & Defense Law International Agreements / Law
4 Legal Complexities (?) in Cyber Military support to civil authorities (e.g., Estonia, U.S.) Agency? Clarity re: when business may be acting as agent of the state all parties understand when that happens and the ramifications (business expectations). Primers?
5 CIP and National Inputs Law Organization Strategy / Policy Breakout Sessions
6 Organization Private Sector networks Government hierarchical Decisive leadership and vision Organization whom to go to to get things done Expertise Speed of solution Authorities for coordination Appropriations / Funding CERT MOD, Civilian
7 Organization Threat Mitigation (all state powers of coercion, private sector, users) State Defense (military, intelligence, interior / homeland) private sector when?
8 CIP and National Inputs Law Organization Strategy / Policy Breakout Sessions
9 Strategy / Policy Strategy led, not tool led (mitigation, offense, defense) Strategy incorporates law & policy (permissible & preferable)
10 Strategy / Policy Examples re: CIP Cyber conflict between countries X & Y. Effects on CI in country A. Strategy for interference (harm to life, vs economy) Effects on CI in countries A, B, C. Coordinated strategies for interference? What if potential effects are worse in country B (size of economy, type of information society / vulnerabilities), and needs assistance in interference from country A (politically sensitive?) Risk Management (methodologies)
11 Methodologies Respondents identified 124 unique methodologies or techniques for security risk analysis. The top five accounted for only 28% of all responses. Top 5 Methodologies CARVER 14 RAM-x (C, D, W) 14 ARM/CRM 12 MSRAM 6 OPSEC 6 Some other answers: SHIRA, TRAM, RAMCAP, HLS-CAM
12 CIP and National Inputs Law Organization Strategy / Policy Breakout Sessions
13 Measures for Security
14 Measures for Security
15 Measures for Security (flexibility? Coordination?)
16 TECH-LAW-POLICY RELATIONSHIP TECHNOLOGY the Possible* POLICY the Preferable* LAW the Permissible*
17 TECH-LAW-POLICY RELATIONSHIP TECHNOLOGY the Possible* POLICY the Preferable* LAW the Permissible*
18 TECH-LAW-POLICY RELATIONSHIP TECHNOLOGY the Possible* POLICY the Preferable* LAW the Permissible*
19 TECH-LAW-POLICY RELATIONSHIP LAW the Permissible* TECHNOLOGY the Possible* POLICY the Preferable*
20 LAW OF CYBER CONFLICT information society law criminal law law of armed conflict privacy digital evidence slas e-commerce information society services isp liability e-government access to public information domain names intellectual property freedom of expression it procurements criminal proceedings sanctions crimes wiretapping forensics war crimes terrorist crimes critical information infrastructure protection jus ad bellum jus in bello neutrality
21 LAW OF CYBER CONFLICT information society law criminal law law of armed conflict privacy digital evidence slas e-commerce information society services isp liability e-government access to public information domain names intellectual property freedom of expression it procurements criminal proceedings sanctions crimes wiretapping forensics jus ad bellum war crimes terrorist crimes critical information infrastructure protection jus in bello neutrality
22 LAW OF CYBER CONFLICT information society law criminal law law of armed conflict privacy digital evidence slas e-commerce information society services isp liability e-government access to public information domain names intellectual property freedom of expression it procurements criminal proceedings sanctions crimes wiretapping forensics jus ad bellum war crimes terrorist crimes critical information infrastructure protection jus in bello neutrality
23 Breakout Sessions Laws and procedures are different per country (not necessarily endorsing consensus) Different threats Different vulnerabilities Different social groundworks International Heli: minimum standards, NATO Practical Effects (e.g., rapid response teams)
24 CIP and National Inputs Law Organization Strategy / Policy Breakout Sessions QUESTIONS?
25 Critical Information Infrastructure Protection Law CCD COE Training 8 September 2009 Tallinn, Estonia Maeve Dion Center for Infrastructure Protection George Mason University School of Law Arlington, Virginia. U.S.A.
26 CIIP Law Definitions & Lexicon (CIIP as part of CIP) Sample* Areas of Law Policy Considerations for CIIP
27 Defining CI 2007 Survey Netherlands France New Zealand Germany [A] sector was deemed critical if its breakdown or serious disruption could lead to damage on a national scale. All infrastructures that are vital to the maintenance of primary social and economic processes are considered critical sectors.... infrastructure necessary to provide critical services. Critical services are those whose interruption would have a serious adverse effect on New Zealand as a whole or on a large proportion of the population, and which would require immediate reinstatement. Critical infrastructures (CI) are organisations and facilities of major importance to the community whose failure or impairment would cause a sustained shortage of supplies, significant disruptions to public order or other dramatic consequences.
28 Defining CIP 2007 Survey Australia Canada U.K.... those physical facilities, supply chains, information technologies and communication networks which, if destroyed, degraded or rendered unavailable for an extended period, would significantly impact on the social or economic well being of the nation, or affect Australia s ability to conduct national defence and ensure national security.... those physical and information technology facilities, networks, services and assets which, if disrupted or destroyed, would have a serious impact on the health, safety, security or economic well being of Canadians or the effective functioning of governments in Canada.... those assets, services and systems that support the economic, political and social life of the UK whose importance is such that loss could: cause large scale loss of life have a serious impact on the national economy have other grave social consequences for the community be of immediate concern to the national government.
29 Defining CIP 2007 Survey Belgium Finland... identifies three types of critical infrastructure: vital points, i.e. facilities that require protection because of their socio economic importance, e.g. nuclear plants, bridges, ports, etc.; sensitive points, i.e. facilities that require protection because of their importance for the national or allied defence potential; critical points, i.e. persons, public authorities, communities, buildings, facilities, places and goods which face a real or potential threat of political or criminal nature. Critical Infrastructure to Be Secured: Technological infrastructure of society Transportation, logistics and distribution systems Food supply Energy supply Social and health care arrangements Industry and systems related to national defence
30 CIIP Law Definitions & Lexicon (CIIP as part of CIP) Sample* Areas of Law Policy Considerations for CIIP
31 Sample* Areas of Law Security Regulations by Industry / Sector Information Sharing (Open Government, Privacy) Antitrust / Competition Criminal Law Tort Law Private Ordering (Contracts) National Security & Defense Law International Agreements / Law
32 Security Regulations by Industry Industry / Sector Specific Limited? Interconnections? Operations vs. safety vs. security Comprehensive? Culture / Policy Accountability
33 Information Sharing Required vs. Voluntary Public vs. Private Vulnerabilities AND Threats Third Party Access to Information Proprietary Info / Market Strength Increased Regulation Private lawsuits Privacy / Open Government Laws Within / Between Governments
34 Antitrust / Competition Law Private Sector Collaboration & Cooperation Information Sharing Relationship with Regulators Structures for Exemptions / Approvals Timely? Costly?
35 Criminal Law Wrongful Activity: Alteration / Deletion of Content Degradation / Damage to System Unauthorized Access Traditional Crimes (theft, insider trading, etc.) Intent (act vs. consequential harm) Damage Requirements Aggregation Timing Corporate Accountability Investigation & Enforcement (international)
36 Tort Law ISPs = Publisher or Distributor Slander / Defamation (waiver / immunity) Contributory Infringement (copyright) Negligence vs. Negligent Enablement E.g., Breach Notifications (legislative) Consequential Harm Evolution of Foreseeable (reasonableness) Likelihood of Bad Activity Likelihood of Harm (> intervening criminal act) Least Cost Avoider Contractual Relationship (definition of legal duty )
37 Private Ordering (Contracts) Private Re distribution of Risk Waivers / Immunities (e.g., software) User s Negligence Trumps (e.g., U.K. banking) Risk Assessment based on Knowledge Unequal Knowledge of Risks? Private Risk = Based on Business Practice Risk to Business Profitability Risk of Damage to Assets Risks when Government = Customer Awareness of Threat Levels Costs for Mitigation of Risks (e.g., Estonia vs. U.S.)
38 National Security & Defense Balance of Government Interests Security / Defense Intelligence Law Enforcement Emergency Powers Resource Allocation Control of Systems Prioritization of Restoration War Powers Use of the Military to Support Civil Authorities State Secrets Foreign Ownership (access & control)
39 International Agreements / Law Humanitarian Law NATO Mutual Cooperation Agreements (law enforcement)
40 CIIP Law Definitions & Lexicon (CIIP as part of CIP) Sample* Areas of Law Policy Considerations for CIIP
41 Policy Considerations for CIIP Access & Availability Identification, authentication, access controls, and auditing. Intrusion detection, firewalls, antivirus software. Network resilience, redundancy. Data storage, integrity, encryption. Protecting CII Human Factors Training / certification for technological capabilities. Organizational security programs, training, and oversight. End user education. Organizational Responsiveness To law enforcement and intelligence: technical requirements, information demands, etc. To regulators: Informational auditing, security plans, licensing requirements, etc. Proactive Abilities Awareness and monitoring of interdependencies. Threat identification and prediction.
42 Policy Considerations for CIIP Threats Threats to CII, and threats via CII (disruption & weaponization) WHO? HOW? WHY? Natural disaster. Insider. Associate (contractor / vendor). External (competitor / enemy). Human error (development or operations). Failure of awareness (human error at policy & management level). Deliberate act. Accident. To hurt the infrastructure operator. To hurt an entity reliant upon the infrastructure. Theft / Extortion. To hurt an economy.
43 Policy Considerations for CIIP CIIP Needs Credible monitoring of activity in the Internet and the network backbone. Early warning system. Incident tracking. Response protocols to escalation of incidents. Clearly defined frameworks for response and reconstitution. Trusted processes that enable intelligence transfer between public and private sectors. Alignment of physical CIP and cyber CIP. Establishment of common definitions, taxonomy, and standards. Dedication to the next generation (education & training). Decisive leadership & vision.
44 CIIP Law Definitions & Lexicon (CIIP as part of CIP) Sample* Areas of Law Policy Considerations for CIIP QUESTIONS?
45 SPECTRUM OF CYBER CONFLICT not patching the software breach of internal policy or regulations illegal interception crime armed attack cyber warfare breach of a legal obligation ISPs not reporting illegal activity terrorist activity + purpose to force the government or interfere with social structure of the state
46 LAW OF CYBER CONFLICT information society law not patching the software breach of internal policy or regulations criminal law illegal interception crime law of armed conflict armed attack cyber warfare breach of a legal obligation terrorist activity ISPs not reporting illegal activity + purpose to force the government or interfere with social structure of the state
47 LAW OF CYBER CONFLICT information society law criminal law law of armed conflict privacy digital evidence slas e-commerce information society services isp liability e-government access to public information domain names intellectual property freedom of expression it procurements criminal proceedings sanctions crimes wiretapping forensics war crimes terrorist crimes critical information infrastructure protection jus ad bellum jus in bello neutrality
48 INTERNATIONAL ORGANISATIONS NATO ICANN OECD COUNCIL OF EUROPE EUROPEAN UNION UN OSCE INTERNATIONAL TELECOMMUNICATIONS UNION UNESCO UNCITRAL
49 LEVELS OF CYBER INCIDENT MANAGEMENT INTERNATIONAL STATE ORGANISATION USER
50 LEVELS AND SOURCES OF LAW international treaties bilateral agreements customary law national constitution statutes regulations case law organisation contracts internal regulations soft standards best practices
51 AREAS OF CYBER INCIDENT MANAGEMENT DIPLOMACY INTELLIGENCE MILITARY POLICY LAW ECONOMICS
52 TECH-LAW-POLICY RELATIONSHIP TECHNOLOGY the Possible* POLICY the Preferable* LAW the Permissible*
53 THE BOX
54 LEGAL AUTOMATION
Legal Issues / Estonia Cyber Incident
Control System Cyber Security Conference 22 October 2009 Legal Issues / Estonia Cyber Incident Maeve Dion Center for Infrastructure Protection George Mason University School of Law Legal Issues / Estonia
More information(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework
(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework (U//FOUO) The United States lacks a comprehensive strategic international policy framework and coordinated engagement
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationOn the European experience in critical infrastructure protection
DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1 This presentation
More informationNATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA
NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA JOÃO MANUEL ASSIS BARBAS Coronel de Artilharia. Assessor de Estudos do IDN INTRODUCTION Globalization and information and communication technologies
More informationPROTECTION OF CRITICAL INFRASTRUCTURE AND THE ROLE OF INVESTMENT POLICIES RELATING TO NATIONAL SECURITY. May 2008
PROTECTION OF CRITICAL INFRASTRUCTURE AND THE ROLE OF INVESTMENT POLICIES RELATING TO NATIONAL SECURITY May 2008 This report is published under the OECD Secretariat's responsibility and was prepared by
More informationCYBER SECURITY GUIDANCE
CYBER SECURITY GUIDANCE With the pervasiveness of information technology (IT) and cyber networks systems in nearly every aspect of society, effectively securing the Nation s critical infrastructure requires
More informationDistributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015
Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Today s Agenda What are we talking about today? What is Risk Evolution of risk management Understand the importance of Risk
More informationGermany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),
Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28), General appreciation of the issues of information security Information
More informationNATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY
NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY JANUARY 2012 Table of Contents Executive Summary 1 Introduction 2 Our Strategic Goals 2 Our Strategic Approach 3 The Path Forward 5 Conclusion 6 Executive
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More informationISO? ISO? ISO? LTD ISO?
Property NetProtect 360 SM and NetProtect Essential SM Which one is right for your client? Do your clients Use e-mail? Rely on networks, computers and electronic data to conduct business? Browse the Internet
More informationRogers Insurance Client Presentation
Rogers Insurance Client Presentation Network Security and Privacy Breach Insurance Presented by Matthew Davies Director Professional, Media & Cyber Liability Chubb Insurance Company of Canada mdavies@chubb.com
More informationFinal Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative
Final Draft/Pre-Decisional/Do Not Cite Forging a Common Understanding for Critical Infrastructure Shared Narrative March 2014 1 Forging a Common Understanding for Critical Infrastructure The following
More informationHarmful Interference into Satellite Telecommunications by Cyber Attack
Kobe and QM Symposium on International Law "Diversity of Transnational Criminal Justice" Harmful Interference into Satellite Telecommunications by Cyber Attack 10 April 2015 Yuri Takaya Research Fellow/Lecturer,
More informationCritical Infrastructure Security and Resilience
U.S. Department of Homeland Security in partnership with the National Coordination Office for Space-Based Positioning, Navigation and Timing Critical Infrastructure Security and Resilience International
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationComparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills
April 4, 2012 Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills The chart below compares on civil liberties grounds four bills that seek to promote
More informationCyber Security Strategy for Germany
Cyber Security Strategy for Germany Contents Introduction 2 IT threat assessment 3 Framework conditions 4 Basic principles of the Cyber Security Strategy 4 Strategic objectives and measures 6 Sustainable
More informationCYBER SECURITY INFORMATION SHARING & COLLABORATION
Corporate Information Security CYBER SECURITY INFORMATION SHARING & COLLABORATION David N. Saul Senior Vice President & Chief Scientist 28 June 2013 Discussion Flow The Evolving Threat Environment Drivers
More informationMEMORANDUM. Date: October 28, 2013. Federally Regulated Financial Institutions. Subject: Cyber Security Self-Assessment Guidance
MEMORANDUM Date: October 28, 2013 To: Federally Regulated Financial Institutions Subject: Guidance The increasing frequency and sophistication of recent cyber-attacks has resulted in an elevated risk profile
More informationTHE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS
THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS Read the Marsh Risk Management Research Briefing: Cyber Risks Extend Beyond Data and Privacy Exposures To access the report, visit www.marsh.com.
More informationThe Comprehensive National Cybersecurity Initiative
The Comprehensive National Cybersecurity Initiative President Obama has identified cybersecurity as one of the most serious economic and national security challenges we face as a nation, but one that we
More informationData breach! cyber and privacy risks. Brian Wright Michael Guidry Lloyd Guidry LLC
Data breach! cyber and privacy risks Brian Wright Michael Guidry Lloyd Guidry LLC Collaborative approach Objective: To develop your understanding of a data breach, and risk transfer options to help you
More informationCyber intelligence exchange in business environment : a battle for trust and data
Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building
More informationBusiness-Facilitati on Steering Group APEC CYBERSECURITY STRATEGY
B APEC CYBERSECURITY STRATEGY Doc no: telwg26/ BFSG/22 Agenda item: Business-Facilitati on Steering Group Submitted by: USA delegation APEC CYBERSECURITY STRATEGY Contact: Joseph Richardson Email: richardsonjp@state.gov
More informationLessons from Defending Cyberspace
Lessons from Defending Cyberspace The Challenge of Addressing National Cyber Risk Andy Purdy Workshop on Cyber Security Center for American Studies, Christopher Newport College 10 28-2009 Cyber Threat
More informationInformation Security Policy
Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current
More informationGovernment Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary
Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary 1. The Government hereby approves the National Cyber Security Strategy of Hungary laid down in Annex No.
More informationBusiness Continuity & Disaster Recovery
Business Continuity & Disaster Recovery Safety First Quality Every Time 1 Business Continuity & Disaster Recovery Planning Who here has a formal Business Continuity & Disaster Recovery plan? The purpose
More informationEEI Business Continuity. Threat Scenario Project (TSP) April 4, 2012. EEI Threat Scenario Project
EEI Business Continuity Conference Threat Scenario (TSP) April 4, 2012 EEI Threat Scenario 1 Background EEI, working with a group of CIOs and Subject Matter Experts, conducted a survey with member companies
More informationInformation Security Management System Policy
Information Security Management System Policy Public Version 3.3 Issued Document Name Owner P079A ISMS Security Policy Information Security Security Policies, Standards and Procedures emanate from the
More informationCYBER RISK SECURITY, NETWORK & PRIVACY
CYBER RISK SECURITY, NETWORK & PRIVACY CYBER SECURITY, NETWORK & PRIVACY In the ever-evolving technological landscape in which we live, our lives are dominated by technology. The development and widespread
More informationNetwork security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece
Network security policy issues Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece 1 Sample Agenda Slide 1 The current threat landscape 2 IT security and policy leadership 3 The EU
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationInformation Assurance. and Critical Infrastructure Protection
Information Assurance and Critical Infrastructure Protection A Federal Perspective Information Assurance Presented by the Government Electronics and Information Technology Association 2001 Executive Summary
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More information2374-19. Joint ICTP-IAEA School of Nuclear Energy Management. 5-23 November 2012. Nuclear Security Fundamentals Module 9 topic 2
2374-19 Joint ICTP-IAEA School of Nuclear Energy Management 5-23 November 2012 Nuclear Security Fundamentals Module 9 topic 2 EVANS Rhonda, IAEA Department of Nuclear Safety and Security Office of Nuclear
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationBy: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015
Community Bank Auditors Group Cybersecurity What you need to do now June 9, 2015 By: Gerald Gagne MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2015 Wolf & Company, P.C. Cybersecurity
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationMynxNet Broadband Terms and Conditions
MynxNet Broadband Terms and Conditions Updated 10/12/15 Introduction These terms form the basis of the services provided by MynxNet (referred to as Mynx, Mynxnet, we, us, or our ) to yourself and your
More informationInformation Security Management System Information Security Policy
Management System Policy Version: 3.4 Issued Document Name: Owner: P079A - ISMS Security Policy Classification: Public Security Policies, Standards and Procedures emanate from the Policy which has been
More informationCYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD
CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE 2011 2015 PERIOD The 2011 2015 Cyber Security Strategy of the Czech Republic is linked to the Security Strategy of the Czech Republic and reflects
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationCyber Security Strategy
NEW ZEALAND S Cyber Security Strategy 2015 A secure, resilient and prosperous online New Zealand Ministerial Foreword The internet and technology have become a fundamental element in our lives. We use
More informationCybercrimes: A Multidisciplinary Analysis
Sumit Ghosh Elliot Turrini Editors Cybercrimes: A Multidisciplinary Analysis fyj Springer Part I Introducing Cybercrimes 1 A Pragmatic, Experiential Definition of Computer Crimes 3 1.1 Introducing Computer
More informationCyber/ Network Security. FINEX Global
Cyber/ Network Security FINEX Global ABOUT US >> We are one of the largest insurance brokers in the world >> We have over 180 years of history and experience in insurance; we currently operate in over
More informationInformation Security Law: Control of Digital Assets.
Brochure More information from http://www.researchandmarkets.com/reports/2128523/ Information Security Law: Control of Digital Assets. Description: For most organizations, an effective information security
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationCyber Risks and Insurance Solutions Malaysia, November 2013
Cyber Risks and Insurance Solutions Malaysia, November 2013 Dynamic but vulnerable IT environment 2 Cyber risks are many and varied Malicious attacks Cyber theft/cyber fraud Cyber terrorism Cyber warfare
More informationData breach, cyber and privacy risks. Brian Wright Lloyd Wright Consultants Ltd
Data breach, cyber and privacy risks Brian Wright Lloyd Wright Consultants Ltd Contents Data definitions and facts Understanding how a breach occurs How insurance can help to manage potential exposures
More informationDIVISION N CYBERSECURITY ACT OF 2015
H. R. 2029 694 DIVISION N CYBERSECURITY ACT OF 2015 SEC. 1. SHORT TITLE; TABLE OF CONTENTS. (a) SHORT TITLE. This division may be cited as the Cybersecurity Act of 2015. (b) TABLE OF CONTENTS. The table
More informationNavigating Cyber Risk Exposure and Insurance. Stephen Wares EMEA Cyber Risk Practice Leader Marsh
Navigating Cyber Risk Exposure and Insurance Stephen Wares EMEA Cyber Risk Practice Leader Marsh Presentation Format Four Key Questions How important is cyber risk and how should we view the cyber threat?
More informationTo improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.
BAG15121 Discussion Draft S.L.C. 114TH CONGRESS 1ST SESSION S. XXXX To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes.
More informationActions and Recommendations (A/R) Summary
Actions and Recommendations (A/R) Summary Priority I: A National Cyberspace Security Response System A/R 1-1: DHS will create a single point-ofcontact for the federal government s interaction with industry
More informationENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE. Measures toward enhancing maritime cybersecurity. Submitted by Canada SUMMARY
E FACILITATION COMMITTEE 39th session Agenda item 7 FAL 39/7 10 July 2014 Original: ENGLISH ENSURING SECURITY IN AND FACILITATING INTERNATIONAL TRADE Measures toward enhancing maritime cybersecurity Submitted
More informationCyber Risks Management. Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor
Cyber Risks Management Nikos Georgopoulos, MBA, cyrm Cyber Risks Advisor 1 Contents Corporate Assets Data Breach Costs Time from Earliest Evidence of Compromise to Discovery of Compromise The Data Protection
More informationTrends Concerning Cyberspace
Section 2 Trends Concerning Cyberspace 1 Cyberspace and Security Owing to the information technology (IT) revolution in recent years, information and communication networks such as the Internet are becoming
More informationTen Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder
Ten Questions Your Board Should be asking about Cyber Security Eric M. Wright, Shareholder Eric Wright, CPA, CITP Started my career with Schneider Downs in 1983. Responsible for all IT audit and system
More informationPresidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY
Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY December 2013 Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND
More informationTHE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, 2013. February 12, 2013
THE WHITE HOUSE Office of the Press Secretary For Immediate Release February 12, 2013 February 12, 2013 PRESIDENTIAL POLICY DIRECTIVE/PPD-21 SUBJECT: Critical Infrastructure Security and Resilience The
More informationCyber Liability Insurance Data Security, Privacy and Multimedia Protection
Page 1 of 5 Cyber Liability Insurance Data Security, Privacy and Multimedia Protection What is a Cyber Risk? Technology is advancing at such an alarming rate and business is more and more reliant on IT
More informationA Community Position paper on. Law of CyberWar. Paul Shaw. 12 October 2013. Author note
A Community Position paper on Law of CyberWar Paul Shaw 12 October 2013 Author note This law and cyberwar paper / quasi-treatise was originally written for a course in a CISO certification curriculum,
More informationBuilding Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch
Building Blocks of a Cyber Resilience Program Monika Josi monika.josi@safis.ch About me Chief Security Advisor for Microsoft Europe, Middle East and Africa providing support to Governments and CIIP until
More informationU. S. Attorney Office Northern District of Texas March 2013
U. S. Attorney Office Northern District of Texas March 2013 What Is Cybercrime? Hacking DDOS attacks Domain name hijacking Malware Other computer related offenses, i.e. computer and internet used to facilitate
More informationCyber Security Strategy
2014 2017 Cyber Security Strategy Ministry of Economic Affairs and Communication 2014 TABLE OF CONTENTS Introduction... 2 1. Analysis of current situation... 2 1.1. Sectoral progress... 2 1.2. Trends...
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationFive Principles for Shaping Cybersecurity Norms
TRANSPARENCY PROPORTIONALITY HARMONIZATION RISK REDUCTION COLLABORATION Five Principles for Shaping Cybersecurity Norms Contents Introduction 3 Cybersecurity Norms 5 The Role of the Public Sector 6 Cybersecurity
More informationH. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
More informationCybersecurity Information Sharing Legislation Protecting Cyber Networks Act (PCNA) National Cybersecurity Protection Advancement (NCPA) Act
In a flurry of activity, the U.S. House of Representatives last week passed two cybersecurity information sharing bills. Both the House Intelligence Committee and the House Homeland Security Committee
More informationCYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility
CYBER SECURITY AND RISK MANAGEMENT An Executive level responsibility Cyberspace poses risks as well as opportunities Cyber security risks are a constantly evolving threat to an organisation s ability to
More informationBUDGET LETTER 05-03 PEER-TO-PEER FILE SHARING 4841.1, 4841.2, EXECUTIVE ORDER S-16-04
BUDGET LETTER SUBJECT: PEER-TO-PEER FILE SHARING REFERENCES: STATE ADMINISTRATIVE MANUAL SECTIONS 4819.2, 4840.4, 4841.1, 4841.2, EXECUTIVE ORDER S-16-04 NUMBER: 05-03 DATE ISSUED: March 7, 2005 SUPERSEDES:
More informationworking group on foreign policy and grand strategy
A GRAND STRATEGY ESSAY Managing the Cyber Security Threat by Abraham Sofaer Working Group on Foreign Policy and Grand Strategy www.hoover.org/taskforces/foreign-policy Cyber insecurity is now well established
More informationAttachment A. Identification of Risks/Cybersecurity Governance
Attachment A Identification of Risks/Cybersecurity Governance 1. For each of the following practices employed by the Firm for management of information security assets, please provide the month and year
More informationLaw & Ethics, Policies & Guidelines, and Security Awareness
Law & Ethics, Policies & Guidelines, and Security Awareness Modifications by Prof. Dong Xuan and Adam C. Champion Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of
More informationAPIP - Cyber Liability Insurance Coverages, Limits, and FAQ
APIP - Cyber Liability Insurance Coverages, Limits, and FAQ The state of Washington purchases property insurance from Alliant Insurance Services through the Alliant Property Insurance Program (APIP). APIP
More informationCoverage is subject to a Deductible
Frank Cowan Company Limited 75 Main Street North, Princeton, ON N0J 1V0 Phone: 519-458-4331 Fax: 519-458-4366 Toll Free: 1-800-265-4000 www.frankcowan.com CYBER RISK INSURANCE DETAILED APPLICATION Notes:
More informationEnterprise PrivaProtector 9.0
IRONSHORE INSURANCE COMPANIES 75 Federal St Boston, MA 02110 Toll Free: (877) IRON411 Enterprise PrivaProtector 9.0 Network Security and Privacy Insurance Application THE APPLICANT IS APPLYING FOR A CLAIMS
More informationCloud Computing Contract Clauses
Cloud Computing Contract Clauses Management Advisory Report Report Number SM-MA-14-005-DR April 30, 2014 Highlights The 13 cloud computing contracts did not address information accessibility and data security
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationGovernment Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary
Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary 1. The Government hereby approves the National Cyber Security Strategy of Hungary laid down in Annex No.
More informationSummary of CIP Version 5 Standards
Summary of CIP Version 5 Standards In Version 5 of the Critical Infrastructure Protection ( CIP ) Reliability Standards ( CIP Version 5 Standards ), the existing versions of CIP-002 through CIP-009 have
More informationInsurance Considerations Related to Data Security and Breach in Outsourcing Agreements
Insurance Considerations Related to Data Security and Breach in Outsourcing Agreements Greater New York Chapter Association of Corporate Counsel November 19, 2015 Stephen D. Becker, Executive Vice President
More informationCyber Diplomacy A New Component of Foreign Policy 6
Cyber Diplomacy A New Component of Foreign Policy 6 Assistant Lecturer Dana DANCĂ, PhD. candidate Titu Maiorescu University, Bucharest dana.danca@yahoo.com Abstract Nowadays, the boundary between virtual
More informationCertification for Information System Security Professional (CISSP)
Certification for Information System Security Professional (CISSP) The Art of Service Copyright Notice of rights All rights reserved. No part of this book may be reproduced or transmitted in any form by
More informationThe Battlefield. critical infrastructure:
CIP A Business View Rolf Schulz CEO Definition critical infrastructure: 1. Elements of a system that are so vital that disabling any of them would incapacitate the entire system. 2. [In security,] those
More informationCyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.
Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control
More informationIndustry. Cyber Security. Information Sharing at the Technical Level. Guidelines
NATO Communications and Information Agency (NCI Agency) - Industry Cyber Security Information Sharing at the Technical Level Guidelines Effective date: 28 March 2014 Revision No: Rev 1 Change History Revision
More informationCYBERSECURITY IN FINANCIAL SERVICES POINT OF VIEW CHALLENGE 1 REGULATORY COMPLIANCE ACROSS GEOGRAPHIES
POINT OF VIEW CYBERSECURITY IN FINANCIAL SERVICES Financial services institutions are globally challenged to keep pace with changing and covert cybersecurity threats while relying on traditional response
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationADP Ambassador / Referral Rewards Program Terms and Conditions of Use
ADP Ambassador / Referral Rewards Program Terms and Conditions of Use These Terms and Conditions ("Terms") constitute an agreement between ADP Canada Co. ("ADP"), and You and apply to the ADP Canada Ambassador/Referral
More informationPRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES
PRINCIPLES ON OUTSOURCING OF FINANCIAL SERVICES FOR MARKET INTERMEDIARIES TECHNICAL COMMITTEE OF THE INTERNATIONAL ORGANIZATION OF SECURITIES COMMISSIONS FEBRUARY 2005 Preamble The IOSCO Technical Committee
More informationSubject: Critical Infrastructure Identification, Prioritization, and Protection
For Immediate Release Office of the Press Secretary The White House December 17, 2003 Homeland Security Presidential Directive / HSPD-7 Subject: Critical Infrastructure Identification, Prioritization,
More informationwww.bonddickinson.com Cyber Risks October 2014 2
www.bonddickinson.com Cyber Risks October 2014 2 Why this emerging sector matters Justin Tivey Legal Director T: +44(0)845 415 8128 E: justin.tivey The government estimates that the current cost of cyber-crime
More informationCyber and data Policy wording
Please read the schedule to see whether Breach costs, Cyber business interruption, Hacker damage, Cyber extortion, Privacy protection or Media liability are covered by this section. The General terms and
More information