Financial Services and Technology Forum 10 July TOPIC: Cyber Security
|
|
- Osborn Young
- 8 years ago
- Views:
Transcription
1 Financial Services and Technology Forum 10 July 2013 Panellists: TOPIC: Cyber Security MEP Christian Engström (Greens, Sweden) Emmanuel Cabau, DG CONNECT, European Commission Cathrin Bauer-Bulst, DG HOME, European Commission Peter Gillespie, Fidelity Worldwide Investment Cornelia Kutterer, Microsoft Moderator: Pierre Francotte, Chair of the Financial Services and Technology Forum and Senior Adviser, Kreab Gavin Anderson Report on panel discussion Christian Engström MEP PANELLISTS STATEMENTS MEP Engström started explaining his view that cyber security can be split in three areas, which partly overlap and are partly separated. The first issue is resilience. Cyber security is about avoiding single points of failure. Often, when the internet is down, this is not because of a malicious attack, but because something went wrong. Resilience needs to be designed into the system, in its hardware. This also applies to payments systems. We are more and more moving towards a system where we are over-relying on credit cards. What do you do when the system does not work and there is no money? The second issue is related to cyber crime and attacks by nations. When this is about the ordinary use of the internet by criminals, that is a police matter. When other nations attack, that is an act of war. Police and military are different and you don t want the military to fight criminals. From the news of the last weeks, we know we are under attack. The most concerning aspect of PRISM is that the US are accessing our personal data. This is very disturbing.
2 A third aspect is industrial espionage and the reading of communications. I am sure that happens. The transfer of bulk data via the Swift agreement also has espionage concerns. This is not in the scope of the Directive, but we need to think about this. I am not entirely sure the cyber security Directive is a necessary and useful thing. Network and Information Security is handled by a lot of private companies working on the protection of the internet. We need to consider what should and what should not be laid down in law. Legislation is slow, but the internet moves very quickly. A structure based on informal cooperation is more appropriate. Otherwise, in a couple of years we are reporting lots of things that are completely irrelevant. Also, the legal basis is shaky. Resilience can t be improved by law. Crime and defence are dealt with by Member States. The EU is not a police or defence union, but a market union. I am sorry to be so negative, but I don t think this Directive is a good idea. Emmanuel Cabau, European Commission I agree with you on a number on things. There is no confusion over what is done by the military and the police. This is a purely civilian Directive. We want to tackle civil resilience to make network and information security function properly. We really shouldn t have a onesize-fits-all solution. Security is not a tick-the-box exercise. The intention is to have a flexible Directive and to allow the framework to evolve. Therefore, there are no precise definitions of internet services and market operators, and that s why we have opted for a Directive and not for a Regulation. We don t want to be over-prescriptive. Some Member States are ahead in cyber security, others are not doing what they should. Cyber threats can have a strong impact on the internal market. They spread from one Member States to others. Only the Member States that are well advanced are cooperation, but only amongst themselves. Lots of incidents are not noticed by market operators and often there is no time to investigate. the sector could also benefit from sharing information. Therefore, we would like to address three issues with the Directive. Firstly, we need to have the necessary capacities. We are not over-prescriptive but say Member States at least need to have a strategy. We want to strengthen operational cooperation, the Computer Emergency Response Teams (CERTs), and competent authorities. Then you can cooperate better in the EU level. We want a soft system at the EU level. Only information that has an impact on EU security has to be shared. Finally, we impose some obligations on the most concerned market operators: the financial sector, health, transport, energy, information society services. We don t prescribe specific measures but want to bring about a culture of risk management. Everybody should take the appropriate measures. This is a very balanced approach.
3 Cathrin Bauer-Bulst, European Commission When you see a dark screen, sometimes it takes a couple of weeks before you know whether that was a technical incident, espionage, a political attack, or a cyber attack. What is done to fight cyber crime? Cyber crime is difficult to define and regards a variety of attacks: attacks against information society operators, the internet as a facilitator for everyday crime (like fraud), child sexual abuse and malware (content-based crime). Anybody can go online and purchase or rent tools for these crimes. The EP just adopted a Directive on attacks against information society infrastructure. The Directive covers direct attacks against ICT systems and infrastructure and criminalises botnets (servers who use infected computers for Distributed Denial of Service (DDos) attacks). When DDoS attacks lead to a breakdown you can retrieve credit card data. An important part is police cooperation and law enforcement. Cyber crime is a relatively safe crime. There are few cases of prosecution and conviction. It is a crime of choice to make money. Due to the cross border nature of the crime, law enforcement authorities (LEAs) depend on information from each other to fight cyber crime. The European Cyber Crime Centre (EC3) at Europol will support investigations, link with LEAs, collect information and serve as a collective voice of cyber crime investigators. Its work is focused on three types of crime: attacks against information systems, child sexual abuse, and payment fraud. For cyber crime, more than for other forms of crime, the infrastructure is privately owned. If there is no cooperation, there is no way of fighting cyber crime. It is one of the most underreported crimes due to the lack of incentives and difficulties with sharing information. Better reporting can help prevent further attacks. We also need to apply common standards to improve resilience. And if we want to deter cyber crime, we need to give the LEAs the information they need to prosecute cyber crime. Reporting of at least serious incidents can help to address this. Peter Gillespie, Fidelity International Ltd Although we are an asset manager, it is difficult to get a real reassurance that we are not included in the scope. The scope is non-exhaustive, so potentially we could be included, even though we don t consider ourselves critical. The legislation seems quite simple but seems to tackle a rapidly changing environment. I do support the intent to increase collaboration though this happens irrespective of legislation. We have some concerns about the reporting mechanism. Depending on the implementation, we may need to notify in one country, but not in another. How does it work if a breach in a UK data centre affects clients outside the UK? Whom do I notify? How does it work if there s a breach outside the EU with consequences within the EU. We are operating in a complex environment and answers on these questions aren t always clear. An own interpretation of every Member State won t increase the clarity. Also, security increases with confidentiality. More people know about a breach, the higher the chance it will be seen by the public. There
4 is a risk that data will bring more damage than benefits. We need to be specific what we ask organisation to report, and to meet conditions of confidentiality and minimum traceability. Cooperation is required, and Fidelity has played a role in it. I see more benefit in industry level collaboration than EU cooperation with this level of detail. Cornelia Kutterer, Microsoft Security is the key concern of our customers. We are working with the public and private sector, small and large companies, and I am happy to give some feedback on what we hear on resilience. I think the Cyber Security Directive will help. National Network and Information Security strategies, will help Member States to better understand and assess the risks of cyber security. But the proposal needs to be workable in practice. The information sharing network has to take into account that information comes from the private sector. There is no element of a bi-directional system. Authorities also need to share information with the sector. Reporting on incidents is one-directional. It concerns a wide variety of incidents, with different partners and is very complex. A potential risk of the Directive is that it could be counterproductive as it challenges that what is already working on a voluntary basis. There are limits to what can be done. We need to have a functioning security risk management structure and put our resources where there is most risk, likelihood and impact. We thus need to focus on the most critical parts: the critical infrastructure. I agree with Peter one what he said on incident reporting. It is not clear what kind of incident needs to be reported, to whom, and under which circumstances. There are also issues of jurisdiction and scope. ROUND OF QUESTIONS BY MODERATOR The moderator asked about the view of the panellists on the scope of the Directive. Emmanuel Cabau answered that the scope was one of the most difficult parts of the work on the Directive. Risks can spread over a network. Everybody needs to take the appropriate measures, including individuals, but they also need to be proportionate. At this stage, we believe it is best to restrict this to critical information infrastructure and to exclude citizens and micro-enterprises. Public administrations, internet enables and main companies that make use of internet society services are included. The proposal is not prescriptive. We did not want to run the risk of excluding something that could become critical in a couple of years. Cornelia Kutterer argued that a narrow scope would make the framework more workable. It would be necessary to define what an incident is and to address the proportionality and administrative burden. If it is risk-based, we need to narrowly define the scope of what is
5 critical to public safety. I d also suggest to start with public administration and then roll out to other critical sectors. Peter Gillespie stated that he d be happy to participate, if reporting requirements are sorted out well. Most of the financial sector does some form or risk assessment. MEP Engström suggested that the fact that the scope is poorly defined could be an indication of the weakness of the proposal in general. There is too much flexibility in the Directive. Also, the EP is not enthusiastic about the delegated acts. I don t legislation is the best way. With legislation, we ll always be far behind the reality of how people are using the internet. Had the Directive come ten years ago, social networks would not be in. Maybe in ten years the internet will look radically different again. The chair then asked Cathrin Bauer-Bulst how market operators could feel more comfortable about reporting. Cathrin Bauer-Bulst answered that trust is a central element. When companies report, they need to be assured that information will not be shared, and that there is someone who can help you. There are already CERTs in most Member States and for the EU institutions. Companies that don t have the resources rely on us. They are happy to report and get assistance. Often, if a virus or Trojan is successful with one bank, criminals will use it others. We need to work together to prevent this. The moderator then asked the opinion of the panellists on reporting Peter Gillespie answered the information should be anonymised as soon as possible. We also need to reduce the amount of unnecessary side data. Cornelia Kutterer said the regime would have be adapted to how information sharing works in practice, according to industry codes. Emmanuel Cabau answered Peter and Cornelia have well-founded concerns and that they will be taken into account in the negotiations. The other alternative either is to do nothing, or to come with a very prescriptive Regulation. We have seen with the Telecommunication Directive that the number of breaches is not very large, only about 100 for the EU. It will be reporting on significant breaches affecting core services, not on a daily basis. Confidentiality and business secrets are important concerns. I agree with the point on anonymity. Reporting should only happen when needed and with the level of detail that is needed. Information should also be bi-directional. QUESTIONS FROM THE AUDIENCE Jonathan Sage of IBM asked about how incentives rather than sanctions could be used to make voluntary reporting more attractive.
6 MEP Engström agreed that a sanction-based mechanism is not the best method. He also pointed out that a patchwork of reporting requirements could have negative effects on pan- European operators. A member of the audience asked about the impact on trade negotiations with the US. Emmanuel Cabau answered that the Cyber Security Directive should not influence the negotiations. With regard to the extraterritorial aspect, there is a lot of space for voluntary, culture-based exchanges of information. The Directive provides that reporting must be done there were the service is affected. Katerina Tapio of NYSE Euronext asked about the added value of public disclosure of cyber incidents. Cornelia Kutterer was not convinced about the necessity of public disclosure. Reporting information needs to remain confidential. Competent authorities should also be audited. Peter Gillespie believed public disclosure needs are already catered for in data protection legislation and pointed at the risks of copycat attacks. Emmanuel Cabau recalled the competent authority is not obliged to disclose and that this should be first discussed between authorities and the notifying company. He argued the authorities should have this possibility when reporting is in the public interest. David Reed of Kreab Gavin Anderson asked whether from the EP s perspective, s strengthened cyber security could be a tool to overcome consumers hesitance to online banking. MEP Engström answered that the lack of consumer confidence is holding back all electronic services. Cyber security is but one aspect, but data protection is another. When you enter data, you don t know what is happening. It is frustrating that most lobbying on data protection has been very unconstructive.
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,
Opinion of the European Data Protection Supervisor on the Joint Communication of the Commission and of the High Representative of the European Union for Foreign Affairs and Security Policy on a 'Cyber
More informationThe European Response to the rising Cyber Threat
SPEECH/12/315 Cecilia Malmström European Commissioner responsible for Home Affairs The European Response to the rising Cyber Threat Transatlantic Cyber Conference organised by the Center for Strategic
More informationDIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations
DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European
More informationResearch Topics in the National Cyber Security Research Agenda
Research Topics in the National Cyber Security Research Agenda Trust and Security for our Digital Life About this document: This document summarizes the research topics as identified in the National Cyber
More information- 'Improving Cyber Security in Europe, the way forward
Report Breakfast Briefing: 'Improving Cyber Security in Europe, the way forward 24 April 2013, European Parliament, Brussels Disclaimer: This report is prepared by the rapporteur, Dr. Alea Fairchild, for
More informationEU Cybersecurity: Ensuring Trust in the European Digital Economy
EU Cybersecurity: Ensuring Trust in the European Digital Economy Synthesis of the FIC Breakfast-Debate 15 October 2013, Brussels With the participation of Tunne Kelam Member of the European Parliament'
More informationCERT's role in national Cyber Security: policy suggestions
CERT's role in national Cyber Security: policy suggestions Subject: Legal Aspect of Cyber Security. Author: Vladimir Chitashvili Lecture: Anna-Maria Osula What is national Cyber Security is? In another
More informationCyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen
Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or
More informationHacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationPolicing Together. A quick guide for businesses to Information Security and Cyber Crime
Policing Together A quick guide for businesses to Information Security and Cyber Crime This leaflet has been produced by the Surrey and Sussex Cyber Crime Unit Who is this leaflet for? This leaflet will
More informationNetwork security policy issues. Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece
Network security policy issues Ilias Chantzos, Director EMEA & APJ NIS Summer School 2008, Crete, Greece 1 Sample Agenda Slide 1 The current threat landscape 2 IT security and policy leadership 3 The EU
More informationThe EBF would like to take the opportunity to note few general remarks on key issues as follows:
Ref.:EBF_001314 Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.
More informationNational Cyber Crime Unit
National Cyber Crime Unit Kevin Williams Partnership Engagement & National Cyber Capabilities Programme Kevin.Williams@nca.x.gsi.gov.uk Official Problem or opportunity Office for National Statistics In
More informationBusiness Plan 2012/13
Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,
More informationHMG Security Policy Framework
HMG Security Policy Framework Security Policy Framework 3 Foreword Sir Jeremy Heywood, Cabinet Secretary Chair of the Official Committee on Security (SO) As Cabinet Secretary, I have a good overview of
More informationEuropean Commission Per email: CNECT-H4@ec.europa.eu
Post Bits of Freedom Bank 55 47 06 512 M +31(0)646282693 Postbus 10746 KvK 34 12 12 86 E simone.halink@bof.nl 1001 ES Amsterdam W https://www.bof.nl European Commission Per email: CNECT-H4@ec.europa.eu
More informationCyber Security Strategy for Germany
Cyber Security Strategy for Germany Contents Introduction 2 IT threat assessment 3 Framework conditions 4 Basic principles of the Cyber Security Strategy 4 Strategic objectives and measures 6 Sustainable
More informationCybercrime: Improving international cooperation
The Hague, 12/06/2015 Cybercrime: Improving international cooperation GCCS2015 Parallel session 4 Document Reference [765004] Version [2] Discussion paper Europol Public Information 1 Introduction In preparation
More informationHOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES EU PROPOSED CYBERCRIME DIRECTIVE
HOW WILL FRANCHISORS IN EUROPE MEET THE CHALLENGES OF THE PROPOSED CYBERCRIME DIRECTIVE? Dr Mark Abell, Graeme Payne and Joseph Jackson, Bird & Bird, London, UK Cybersecurity is arguably receiving more
More informationGLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation
GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708
More informationThe Cancer Running Through IT Cybercrime and Information Security
WHITE PAPER The Cancer Running Through IT Prepared by: Richard Brown, Senior Service Management Consultant Steve Ingall, Head of Consultancy 60 Lombard Street London EC3V 9EA T: +44 (0)207 464 8883 E:
More informationEmerging risks for internet users
Sabeena Oberoi Assistant Secretary, Cyber Security and Asia Pacific Branch Department of Broadband, Communications and the Digital Economy Government s role - DBCDE The new Australian Government Cyber
More informationCybersecurity Awareness. Part 1
Part 1 Objectives Discuss the Evolution of Data Security Define and Discuss Cybersecurity Review Threat Environment Part 1 Discuss Information Security Programs s Enhancements for Cybersecurity Risks Threat
More informationEmerging Security Technological Threats
Emerging Security Technological Threats Jamie Gillespie Training and Education Team Leader, AusCERT About AusCERT Australia s national CERT Collect, monitor, advise on threats and vulnerabilities Incident
More informationNames and Numbers. Computer & Internet Forensic #2 อ.รว ท ต ภ หลำ
Computer & Internet Forensic #2 Names and Numbers อ.รว ท ต ภ หลำ SIGMA Research Laboratory & Department of Computing Faculty of Science, Silpakorn University rawitat@cp.su.ac.th Contents Computer & Internet
More informationCyber Security Issues - Brief Business Report
Cyber Security: Are You Prepared? This briefing provides a high-level overview of the cyber security issues that businesses should be aware of. You should talk to a lawyer and an IT specialist for a complete
More informationCybercrime: risks, penalties and prevention
Cybercrime: risks, penalties and prevention Cyber attacks have been appearing in the news with increased frequency and recent victims of cybercrime have included well-known companies such as Sony, LinkedIn,
More informationGuide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network?
You wouldn t leave the door to your premises open at night. So why risk doing the same with your network? Most businesses know the importance of installing antivirus products on their PCs to securely protect
More informationCouncil of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones. Tbilisi 28-29, September 2009
Council of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones Tbilisi 28-29, September 2009 Presentation Contents An assessment of the Georgian view of cybercrime and current
More informationBSA GLOBAL CYBERSECURITY FRAMEWORK
2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access
More informationFraud and Abuse Policy
Fraud and Abuse Policy 2015 FRAUD AND ABUSE POLICY 2015 1 Contents 4. Introduction 6. Policy Goal 7. Combatting Customer Fraud and Abuse 8. Reporting Breaches 9. How Alleged Breaches Will Be Investigated
More informationCyber security in an organization-transcending way
Cyber security in an organization-transcending way EASEE-gas meeting March 19, 2015 Paul Bloemen ICT Security Manager Gasunie Chair Dutch Energy ISAC March 19, 2015 2 What to talk about Why is cyber security
More informationCyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley
Cyber Security & Cyber Criminality: ~ The Facts ~ - Sgt Phil Cobley Firstly, an apology + + = What shall we discuss What is Cyber Crime? What are the current threats? What is the capability of local and
More informationNEW ZEALAND S CYBER SECURITY STRATEGY
Appendix 1 NEW ZEALAND S CYBER SECURITY STRATEGY June 2011 New Zealand Government 7 June 2011 ISBN: 978-0-478-38200-6 www.med.govt.nz/cyberstrategy MED11 Foreword from the Minister The Internet and digital
More informationSUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012
SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012 Cyberspace is both an ecosystem consisting of an infrastructure and services, and an environment where and through
More informationCOMMISSION OF THE EUROPEAN COMMUNITIES. Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
COMMISSION OF THE EUROPEAN COMMUNITIES Brussels, 21.9.2005 COM(2005) 438 final 2005/0182 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the retention of data processed
More informationThe UK cyber security strategy: Landscape review. Cross-government
REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 890 SESSION 2012-13 12 FEBRUARY 2013 Cross-government The UK cyber security strategy: Landscape review 4 Key facts The UK cyber security strategy: Landscape
More information5581/16 AD/NC/ra DGE 2
Council of the European Union Brussels, 21 April 2016 (OR. en) Interinstitutional File: 2013/0027 (COD) 5581/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: TELECOM 7 DATAPROTECT 6 CYBER 4 MI 37 CSC 15
More informationCyber Security. CYBER SECURITY presents a major challenge for businesses of all shapes and sizes. Leaders ignore it at their peril.
Cyber Security Personal and commercial information is the new commodity of choice for the virtual thief, argues Adrian Leppard, Commissioner for City of London Police, as he sets out the challenges facing
More informationStrategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region
CyberCrime@EAP EU/COE Eastern Partnership Council of Europe Facility: Cooperation against Cybercrime Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region Adopted
More informationQUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt
QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.
More informationIndustrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported
Protecting What Matters Most Christian Fahlke, Regional Sales Manager ALPS March 2015 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported (Source: https://ics-cert.us-cert.gov/sites/default/files/monitors/ics-cert_monitor_sep2014-feb2015.pdf)
More informationMinister Shatter presents Presidency priorities in the JHA area to European Parliament
Minister Shatter presents Presidency priorities in the JHA area to European Parliament 22 nd January 2013 The Minister for Justice, Equality and Defence, Alan Shatter TD, today presented the Irish Presidency
More informationPosition Paper: Berlin, 31 March 2014. Legislative intentions to increase IT Security
Position Paper: Berlin, 31 March 2014 Legislative intentions to increase IT Security eco the Association of the sees itself as lobbyist and supporter of all companies that are involved in the economic
More informationDATA PROTECTION LAWS OF THE WORLD. India
DATA PROTECTION LAWS OF THE WORLD India Date of Download: 6 February 2016 INDIA Last modified 27 January 2016 LAW IN INDIA There is no specific legislation on privacy and data protection in India. However,
More informationEXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007. 2007 No. 2199
EXPLANATORY MEMORANDUM TO THE DATA RETENTION (EC DIRECTIVE) REGULATIONS 2007 2007 No. 2199 1. This explanatory memorandum has been prepared by the Home Office and is laid before Parliament by Command of
More informationCyber Crime ACC Crime
AGENDA ITEM 10 STRATEGIC POLICING AND CRIME BOARD 3 rd December 2013 Cyber Crime ACC Crime PURPOSE OF REPORT 1. The purpose of this report is to provide members of the Strategic Police and Crime Board
More information1. This report outlines the Force s current position in relation to the Policing of Cyber Crime.
Agenda Item No. 5 COMMUNITY OUTCOMES MEETING SUBJECT: CYBER CRIME 4 August 2015 Report of the Chief Constable PURPOSE OF THE REPORT 1. This report outlines the Force s current position in relation to the
More informationCYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION
CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION CYBER-ATLAS A COMPLETE CYBER RISK MANAGEMENT SOLUTION In the ever-evolving technological landscape which we all inhabit, our lives are dominated by
More informationMyths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA)
Myths and Facts about the Cyber Intelligence Sharing and Protection Act (CISPA) MYTH: The cyber threat is being exaggerated. FACT: Cyber attacks are a huge threat to American lives, national security,
More informationHow To Understand And Understand The European Priorities In Information Security
European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria
More informationThe best advice before you decide on what action to take is to seek the advice of one of the specialist Whistleblowing teams.
Whistleblowing Policy (HR Schools) 1.0 Introduction Wainscott school is committed to tackling unlawful acts including fraud, corruption, unethical conduct and malpractice regardless of who commits them,
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationTHE STRATEGIC POLICING REQUIREMENT. July 2012
THE STRATEGIC POLICING REQUIREMENT July 2012 Contents Foreward by the Home Secretary...3 1. Introduction...5 2. National Threats...8 3. Capacity and contribution...9 4. Capability...11 5. Consistency...12
More informationComputer Forensics Preparation
Computer Forensics Preparation This lesson covers Chapters 1 and 2 in Computer Forensics JumpStart, Second Edition. OBJECTIVES When you complete this lesson, you ll be able to Discuss computer forensics
More informationCYBERCRIME AND THE LAW
CYBERCRIME AND THE LAW INTERNATIONAL LAW CYBERCRIME CONVENTION Convention on Cybercrime / Budapest Convention first international treaty seeking to address Internet and computer crime by harmonizing national
More informationHow do we Police Cyber Crime?
How do we Police Cyber Crime? Thursday 4 th June 2015 Craig Jones, SEROCU Presentation Content UK policing cyber crime programme Cyber threat landscape and impact Cyber business resilience Future Challenges
More informationPolicy on Public and School Bus Closed Circuit Television Systems (CCTV)
DEPARTMENT OF TRANSPORT Policy on Public and School Bus Closed Circuit Television Systems (CCTV) Responsibility of: Public Transport Division TRIM File: DDPI2010/3680 Effective Date: July 2010 Version
More informationEuropol Unclassified Basic Protection Level VACANCY NOTICE
The Hague, 16 March 2015 Reg. nº: Europol/2015/TA/AD6/185 VACANCY NOTICE Name of the post: Specialist in Computer Forensics and Malware Analysis within the European Cyber Crime Centre (EC3) Business Area
More informationBill Callaghan s presentation to the Health and Safety Lawyers Association
Bill Callaghan s presentation to the Health and Safety Lawyers Association 3 May 2007 My thanks to Madeleine Abas and your association for the invitation to speak at your event today on the Macrory Regulatory
More informationDepartment of Communications. Enhancing Online Safety for Children Discussion Paper. Submission by the Australian Federal Police
Department of Communications Enhancing Online Safety for Children Discussion Paper Submission by the Australian Federal Police March 2014 1 Introduction The AFP welcomes the opportunity to make a submission
More informationCaedmon College Whitby
Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be
More informationKeynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.
Keynote Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation 6 & 7 Nov 2013 So many of us now don t just work online but live part
More informationInternet Safety and Security: Strategies for Building an Internet Safety Wall
Internet Safety and Security: Strategies for Building an Internet Safety Wall Sylvanus A. EHIKIOYA, PhD Director, New Media & Information Security Nigerian Communications Commission Abuja, NIGERIA Internet
More informationDSCI Inputs on TRAI Consultation on Regulatory Framework for OTT services
DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT services April 24, 2015 DSCI Inputs on TRAI Consultation on Regulatory Framework for OTT Services 1 Question 6: How should the security
More informationThe era of hacks and cyber regulation
6 February 2014 The era of hacks and cyber regulation We trust that you are well versed with the details of the various cyber-attacks that made the headlines towards the end of 2014, and early this year,
More information7 August 2015. I. Introduction
Suggestions for privacy-related questions to be included in the list of issues on Hungary, Human Rights Committee, 115th session, October-November 2015 I. Introduction 7 August 2015 Article 17 of the International
More informationHow To Write An Article On The European Cyberspace Policy And Security Strategy
EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA
More informationCyber Crime and Data Retention
COE Convention nr 185 on cybercrime Concluded in Budapest on 23 November 2001 First comprehensive instrument underlining the seriousness of cybercrime and the possible remedies Defines a series of offences
More informationThe internet and digital technologies play an integral part
The Cyber challenge Adjacent Digital Politics Ltd gives an overview of the EU Commission s Cyber Security Strategy and Commissioner Ashton s priorities to increase cyber security in Europe The internet
More informationIdentifying Cyber Risks and How they Impact Your Business
10 December, 2014 Identifying Cyber Risks and How they Impact Your Business David Bateman, Partner, K&L Gates, Seattle Sasi-Kanth Mallela, Special Counsel, K&L Gates, London Copyright 2013 by K&L Gates
More informationCyber Security The perspective of information sharing
Cyber Security The perspective of information sharing Cyber Security The perspective of information sharing Contents 3 Introduction 3 Objectives 3 Approach 4 Cyber Security a new buzzword or a real challenge
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationHighlights from the Security Awareness Special Interest Group (SASIG) New Year 2014 event:
Highlights from the Security Awareness Special Interest Group () New Year 2014 event: Cyber security adopting a new approach to answer the Board s concerns Hosted by EY: 14th January 2014 The Security
More information33500 POLICY USE OF SOCIAL MEDIA
Version: 1.2 Last Updated: 15/06/15 Review Date: 25/06/18 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. This policy describes how Hampshire Constabulary s use of social media
More informationNCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.
NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities
More informationThe EU approach to Cybersecurity and Cybercrime
The EU approach to Cybersecurity and Cybercrime Ralf Bendrath Policy advisor to Jan Philipp Albrecht MEP, Greens/EFA ISODARCO.it, 12 January 2012 Outline 1. Information & Coordination 2. Internal Security
More informationDRAFT DATA RETENTION AND INVESTIGATORY POWERS BILL
DRAFT DATA RETENTION AND INVESTIGATORY POWERS BILL INTRODUCTION EXPLANATORY NOTES 1. These explanatory notes relate to the Draft Data Retention and Investigatory Powers Bill. They have been prepared by
More informationENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012
ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was
More informationCOUNCIL OF EUROPE COMMITTEE OF MINISTERS
COUNCIL OF EUROPE COMMITTEE OF MINISTERS Recommendation Rec(2006)8 of the Committee of Ministers to member states on assistance to crime victims (Adopted by the Committee of Ministers on 14 June 2006 at
More informationCyber security guide for boardroom members
Cyber security guide for boardroom members 2 Cyber security guide for boardroom members Cyber security at strategic level Our society is rapidly digitising, and we are all reaping the benefits. Our country
More informationINFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes
INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most
More informationIn some cases, whistleblowers may bring a case before an employment tribunal, which can award compensation.
WHISTLEBLOWING Introduction This factsheet has been produced to provide advice on how to negotiate agreements and procedures on whistleblowing for branch officers and stewards. UNISON recognises that employees
More informationWRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM
WRITTEN TESTIMONY BEFORE THE SENATE COMMITTEE ON COMMERCE, SCIENCE, & TRANSPORTATION HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, 2014 2:30 PM TESTIMONY
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1
Protection of Personal Data RPC001147_EN_WB_L_1 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Responsibility of Employees
More informationOn the European experience in critical infrastructure protection
DCAF a centre for security, development and the rule of law On the European experience in critical infrastructure protection Valeri R. RATCHEV ratchevv@yahoo.com @ratchevv DCAF/CSDM 1 This presentation
More informationCyber Security Recommendations October 29, 2002
Cyber Security Recommendations October 29, 2002 Leading Co-Chair (Asia/Oceania) Co-Chair (Americas) Co-Chair (Europe/Africa) Dr. Hiroki Arakawa Executive Vice President NTT Data Corporation Richard Brown
More informationCommonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation
Commonwealth Approach to Cybergovernance and Cybersecurity By the Commonwealth Telecommunications Organisation Trends in Cyberspace Cyberspace provides access to ICT Bridging the digital divide and influencing
More informationPRIVACY POLICY Personal information and sensitive information Information we request from you
PRIVACY POLICY Business Chicks Pty Ltd A.C.N. 121 566 934 (we, us, our, or Business Chicks) recognises and values the protection of your privacy. We also understand that you want clarity about how we manage
More informationCAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia
CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY by Sazali Sukardi Vice President Research CyberSecurity Malaysia SCOPE INTRODUCTION CYBER SECURITY INCIDENTS IN MALAYSIA CAPACITY BUILDING The Council For
More informationCYBER SECURITY THREATS AND RESPONSES
CYBER SECURITY THREATS AND RESPONSES AT GLOBAL, NATION-STATE, INDUSTRY AND INDIVIDUAL LEVELS Heli Tiirmaa-Klaar* Although cyber security has accompanied the ICT sector since the first computer systems
More information2 Gabi Siboni, 1 Senior Research Fellow and Director,
Cyber Security Build-up of India s National Force 2 Gabi Siboni, 1 Senior Research Fellow and Director, Military and Strategic Affairs and Cyber Security Programs, Institute for National Security Studies,
More informationCouncil of the European Union Brussels, 5 March 2015 (OR. en)
Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:
More informationHow To Protect Your Business From A Cyber Attack
Intelligence FIRST helping your business make better decisions Cyber security Keeping your business resilient Cyber security is about keeping your business resilient in the modern technological age. It
More informationESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM
Information & Security: An International Journal Valentyn Petrov, vol.31, 2014, 73-77 http://dx.doi.org/10.11610/isij.3104 ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY
More informationReporting of Suspected or Actual Child Abuse and Neglect
Reporting of Suspected or Actual Child Abuse and Neglect Protocol between the Ministry of Education, the New Zealand School Trustees Association and Child, Youth and Family 2009 Introduction The Ministry
More informationHow To Discuss Cybersecurity In European Parliament
! Moderator: Carlo Schüpp! Non-Executive Director and cofounder of LSEC! In his opening comments, the moderator Mr Schüpp suggested that many of the issues surrounding cybersecurity are linked to the fact
More information