TRINIDAD AND TOBAGO CYBER SECURITY AGENCY POLICY AND BILL
|
|
- Roy Blankenship
- 7 years ago
- Views:
Transcription
1 TRINIDAD AND TOBAGO CYBER SECURITY AGENCY POLICY AND BILL Presented By: Sunita Ramsumair Legal Officer Ministry of National Security September 29, 2014
2 Format of Presentation Background Trinidad and Tobago Cyber Security Agency Policy Trinidad and Tobago Cyber Security Agency Bill, List of Clauses Trinidad and Tobago Cyber Security Agency Functions Trinidad and Tobago Cyber Security Agency Powers Trinidad and Tobago Cyber Security Incident Response Team Functions
3 Background In December 2012 the Government of Trinidad and Tobago approved a National Cyber Security Strategy (NCSS) The NCSS sought to guide all operations and initiatives related to cyber security in Trinidad and Tobago In order to achieve the objectives of the NCSS 5 keys areas of focus were identified
4 Background 1. Governance 2. Incident management 3. Collaboration 4. Culture 5. Legislation
5 Background Governance The fundamental goal is to establish a Trinidad and Tobago Cyber Security Agency (TTCSA) as the main body responsible for all cyber security matters and to act as the coordinating centre for all cyber security operations
6 Trinidad and Tobago Cyber Security Agency- Policy
7 Trinidad and Tobago Cyber Security Agency- Policy TTCSA Policy was approved in 2013 TTCSA Policy Purpose: This Policy seeks to establish by legislation the Trinidad and Tobago Cyber Security Agency which will be the main body responsible for all cyber security measures and be the coordinating centre for all cyber security operations.
8 Trinidad and Tobago Cyber Security Agency- Policy It is expected that the TTCSA would- a. Implement and advise on the National Cyber Security Strategy and any subsequent amendments b. Provide situational awareness information c. Collect and analyse data on Cyber Security issues d. Promote efficient Network and Informational Security management; and e. Raise awareness and promote local and international cooperation
9 Trinidad and Tobago Cyber Security Agency- Policy While the TTCSA will have the operational responsibility for cyber security, it is proposed that a Regulatory and Operational Oversight Committee be established, which will provide strategic policy oversight for the TTCSA, thereby ensuring the implementation of the NCSS and adherence to industry standards and regulations.
10 Trinidad and Tobago Cyber Security Agency- Policy The Committee will comprise of Government and key stakeholders in the areas relevant to cyber security and critical infrastructure protection.
11 Trinidad and Tobago Cyber Security Agency- Policy
12 Trinidad and Tobago Cyber Security Agency- Policy It is therefore proposed that the TTCSA will be responsible for coordinating and/or managing the following core functional areas of cyber security- 1. Identifying and engaging stakeholders 2. Housing the Trinidad and Tobago Cyber Security Incident Response Team (TT- CSIRT) 3. Develop a National Cyber Contingency Plan
13 Trinidad and Tobago Cyber Security Agency- Policy 4. Organise Cyber Security Exercises 5. Establish baseline security requirements 6. Public Awareness 7. Foster Research and Development 8. Strengthen training and educational programmes 9. Engage in Local/International Cooperation 10. Establish public-private partnerships
14 Trinidad and Tobago Cyber Security Agency Bill, 2014 List of Clauses
15 Trinidad and Tobago Cyber Security Agency Bill, 2014 List of Clauses 1. Short title 2. Commencement 3. Interpretation Part 1- Preliminary
16 Trinidad and Tobago Cyber Security Agency Bill, 2014 List of Clauses Part 2- Establishment of the Agency 4. Establishment and incorporation of the Agency 5. Appointment of the Board 6. Tenure of Members 7. Removal of member 8. Remuneration of members 9. Meetings 10. Functions of the Agency* 11. Powers of the Agency* 12. Functions of the TT-CSIRT*
17 Trinidad and Tobago Cyber Security Agency Bill, 2014 List of Clauses Part 3- Staff and Expert 13. Chief Executive Officer 14. Duties of Chief Executive Officer 15. Other Staff 16. Appointment and delegation to committees 17. Secondment from and to the services of the Agency
18 Trinidad and Tobago Cyber Security Agency Bill, 2014 List of Clauses Part 4- Finance 18. Funds of the Agency 19. Accounts and audit 20. Exemptions 21. Financial year 22. Annual report
19 Trinidad and Tobago Cyber Security Agency Bill, 2014 List of Clauses 23. Confidentiality Part 5- Miscellaneous 24. Declaration of Interest 25. Protection of employees 26. Regulations
20 Trinidad and Tobago Cyber Security Agency Functions
21 Trinidad and Tobago Cyber Security Agency Functions Clause 10(1)- Functions of the Agency (a) act as the national point of contact for all cyber security related matters; (b) establish a national computer incident response team to be known as the Trinidad and Tobago Cyber Security Incident Response Team (hereinafter referred to as TT-CSIRT );
22 Trinidad and Tobago Cyber Security Agency Functions (c) prepare, review and update periodically and in any event at least annually a national cyber security strategy and prepare such plans necessary for the successful implementation of such strategy;
23 Trinidad and Tobago Cyber Security Agency Functions (d) collect relevant information which would facilitate the analysis of current and emerging risks including those risks which could produce an impact on the resilience and availability of data communications networks and on the authenticity, integrity and confidentiality of the information accessed and transmitted through such networks;
24 Trinidad and Tobago Cyber Security Agency Functions (e) provide advice on cyber security related matters, including situational awareness information, to the Minister, the Trinidad and Tobago Police Service or such other competent national bodies as are necessary; (f) enhance cooperation between different actors operating in the field of network and information security by holding consultations with, inter alia, various industries, universities, public sector bodies and private sector and civil society bodies;
25 Trinidad and Tobago Cyber Security Agency Functions (g) contribute to the awareness raising, and the availability of, current, objective and comprehensive information on network and information security by, inter alia, promoting exchanges of current best practices, including methods of alerting users and facilitating cooperation and collaboration between public and private sector initiatives; (h) develop and publish standards for products and services on network and information security;
26 Trinidad and Tobago Cyber Security Agency Functions (i) establish and publish baseline security requirements and standards for various sectors including operators of critical infrastructures; (j) conduct research and development in the area of cyber security and identify critical research and development needs, gaps and emerging trends for future research;
27 Trinidad and Tobago Cyber Security Agency Functions (k) promote the development of training and education programmes including the accreditation and certification of network and information security academic programmes; (l) advise the Minister on research in the area of network and information security as well as on the effective use and adoption of risk preventative technologies;
28 Trinidad and Tobago Cyber Security Agency Functions (m) promote risk assessment activities, interoperable risk management solutions and studies on information technology security management solutions within public and private sector bodies; (n) develop a National Cyber Security Contingency Plan; (o) coordinate cyber security exercises; and
29 Trinidad and Tobago Cyber Security Agency Functions (p) express independently its own conclusions and orientations and give advice in matters within its scope and objectives.
30 Trinidad and Tobago Cyber Security Agency Powers
31 Trinidad and Tobago Cyber Security Agency Powers Clause 11- Powers of the Agency The Agency may- (a) formulate principles for the guidance of the public and private sector concerning information communication technology security measures; (b) refer such matters to the Trinidad and Tobago Police Service when an offence under the Cybercrime Act, 2014 comes to its knowledge;
32 Trinidad and Tobago Cyber Security Agency Powers (c) enter into Memoranda of Understanding with key stakeholders and partners as necessary to execute its functions; (d) with the approval of the Minister, enter into Memoranda of Understanding with such foreign bodies or organisations performing functions relating to cyber security as it thinks fit; and
33 Trinidad and Tobago Cyber Security Agency Powers (e) do all things which may be necessary or expedient or are incidental or conducive to the discharge of any of its functions and powers under the Act.
34 Trinidad and Tobago Cyber Security Incident Response Team Functions
35 Trinidad and Tobago Cyber Security Incident Response Team Functions Clause 12- Functions of TT-CSIRT The functions of the TT-CSIRT established pursuant to section 10(1)(b) are to (a) be the first point of contact with reference to the handling of cyber incidents and communication between local, regional and international cyber security emergency response teams or cyber security incident response teams to address cyber incidents or incidents of a similar nature as it affects national critical information infrastructure;
36 Trinidad and Tobago Cyber Security Incident Response Team Functions (b) provide incident response and management services, in a coordinated manner, via established industry standard policies and procedures to manage threats associated with cyber incidents; (c) provide alerts and warnings on the latest cyber threats and vulnerabilities which can impact the national community;
37 Trinidad and Tobago Cyber Security Incident Response Team Functions (d) assess and analyse the impact of incidents such as, but not limited to network security breaches, website hackings, virus and network attacks, in order to develop strategies and measures to counteract these incidents; (e) provide to the national community, educational guidelines as to the appropriate use of the national cyber infrastructure;
38 Trinidad and Tobago Cyber Security Incident Response Team Functions (f) establish internal and joint procedures between the public and private sectors to manage the incidents and mitigate the threats associated with them; (g) provide appropriate strategic insights to policy and decision-makers to strengthen the national cyber infrastructure; (h) assess the work of incident response teams within the public and private sector;
39 Trinidad and Tobago Cyber Security Incident Response Team Functions (i) participate in trusted information sharing and disseminate information with international cyber security incident response teams and computer emergency response teams on the emerging threats to critical information infrastructure and Internet resources; and (j) participate in and be a member of regional and international computer emergency response team groups, for collaborative efforts to fight cyber incidents.
40 THANK YOU QUESTIONS?
ESKISP6054.01 Conduct security testing, under supervision
Overview This standard covers the competencies required to conduct security testing under supervision. In order to contribute to the determination of the level of resilience of an information system to
More informationOverview TECHIS60441. Carry out security testing activities
Overview Information, services and systems can be attacked in various ways. Understanding the technical and social perspectives, how attacks work, the technologies and approaches used are key to being
More informationOur Commitment to Information Security
Our Commitment to Information Security What is HIPPA? Health Insurance Portability and Accountability Act 1996 The HIPAA Privacy regulations require health care providers and organizations, as well as
More informationACCReDITATION COuNCIL OF TRINIDAD AND TOBAGO ACT
ACCReDITATION COuNCIL OF TRINIDAD AND TOBAGO ACT ChAPTeR 39:06 Act 16 of 2004 Amended by 16 of 2007 10 of 2008 Current Authorised Pages Pages Authorised (inclusive) by 1 8.. 9 16.. 17 19.. 2 Chap. 39:06
More informationGOVERNMENT OF THE REPUBLIC OF LITHUANIA
GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For
More informationJOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015
JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015 The following consists of the joint explanatory statement to accompany the Cybersecurity Act of 2015. This joint explanatory statement
More information立 法 會 Legislative Council
立 法 會 Legislative Council LC Paper No. CB(4)1212/14-15(04) Ref. : CB4/PL/ITB Panel on Information Technology and Broadcasting Meeting on 17 July 2015 Updated background brief on information security Purpose
More informationOverview TECHIS60241. Carry out risk assessment and management activities
Overview Information in all its forms is a vital component of the digital environment in which we live and work. The protection of information in its physical form is well understood but the protection
More informationREPUBLIC OF TRINIDAD AND TOBAGO. Act No. 16 of 2004
Legal Supplement Part A to the Trinidad and Tobago Gazette, Vol. 43, No. 102, 17th June, 2004 Legal Supplement Part A to the Trinidad and Tobago Second Session Eighth Parliament Republic of Trinidad and
More informationCyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record
Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record Roberta Stempfley Acting Assistant Secretary for Cybersecurity and Communications
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationMinistry of Science and Technology Strategy and Research Division
Job Title: Director, Strategy and Research The Job: A three (3) year contract position. Job Summary: The incumbent is responsible, at an Executive level, for the technical, operational and administrative
More informationInternal Audit Manual
COMPTROLLER OF ACCOUNTS Ministry of Finance Government of the Republic of Trinidad Tobago Internal Audit Manual Prepared by the Financial Management Branch, Treasury Division, Ministry of Finance TABLE
More informationStrategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region
CyberCrime@EAP EU/COE Eastern Partnership Council of Europe Facility: Cooperation against Cybercrime Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region Adopted
More informationFORMAL LETTER OF APPOINTMENT FOR INDEPENDENT DIRECTORS
FORMAL LETTER OF APPOINTMENT FOR INDEPENDENT DIRECTORS To, Sri., Pursuant to the decision of the Board of Directors in its meeting held on and the approval of the Shareholders, I am writing to confirm
More informationCommittees Date: Subject: Public Report of: For Information Summary
Committees Audit & Risk Management Committee Finance Committee Subject: Cyber Security Risks Report of: Chamberlain Date: 17 September 2015 22 September 2015 Public For Information Summary Cyber security
More informationFor Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE. Cyber Security
For Discussion Paper No. 9/2011 on 3 November 2011 DIGITAL 21 STRATEGY ADVISORY COMMITTEE Cyber Security Purpose This paper briefs Members on the global cyber security outlook facing governments of some
More informationINFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK
INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire
More informationJob Description. Radiography Services Manager
Job Description Radiography Services Manager Professionally accountable to: Head of Nursing and Clinical Services Key working relationships: Key reporting relationships: All Radiographers, Consultant Radiologists,
More informationFFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors
Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed
More informationEmergency Management and Business Continuity Policy
www.surreycc.gov.uk Making Surrey a better place Emergency Management and Business Continuity Policy 4 TH EDITION June 2011 Title Emergency Management and Business Continuity Policy Version 4.0 Policy
More informationSpillemyndigheden s change management programme. Version 1.3.0 of 1 July 2012
Version 1.3.0 of 1 July 2012 Contents 1 Introduction... 3 1.1 Authority... 3 1.2 Objective... 3 1.3 Target audience... 3 1.4 Version... 3 1.5 Enquiries... 3 2. Framework for managing system changes...
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationBUSINESS CONTINUITY POLICY. UHB 050 Version No: 4 Previous Trust / LHB Ref No: Interim Civil Contingencies and Emergency Planning Manager
Reference No: BUSINESS CONTINUITY POLICY UHB 050 Version No: 4 Previous Trust / LHB Ref No: N/A Documents to read alongside this Policy N/A Classification of document: Area for Circulation: Author: Executive
More informationRisk and Audit Committee Terms of Reference. 16 June 2016
Risk and Audit Committee Terms of Reference 16 June 2016 Risk and Audit Committee Terms of Reference BHP Billiton Limited and BHP Billiton Plc Approved by the Boards of BHP Billiton Limited and BHP Billiton
More informationThe Compliance Universe
The Compliance Universe Principle 6.1 The board should ensure that the company complies with applicable laws and considers adherence to non-binding rules, codes and standards This practice note is intended
More informationCommunications Manager
Job details Job title: Communications Manager Responsible to: Head of Communications Responsible for: Posts in the Communications Location: Liverpool with travel across all locations Overview of the role
More informationVijay Pal Dalmia, Advocate Delhi High Court & Supreme Court of India
Intellectual Property & Information Technology Laws Division Flat No 903, Indra Prakash Building, 21, Barakhamba Road, New Delhi 110001 (India) Phone: +91 11 42492532 (Direct) Phone: +91 11 42492525 Ext
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Regd. Office: Nanubhai Amin Marg, Industrial Area, P.O. Chemical Industries, Vadodara 390 003 CIN: L36990GJ1943PLC000363 1. BACKGROUND Risk Management Policy Jyoti Ltd. (the Company)
More informationInformation security policy
Information security policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review of IS Policy\Current
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationDECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS
DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS INTER-AMERICAN COMMITTEE AGAINST TERRORISM (CICTE) TWELFTH REGULAR SESSION OEA/Ser.L/X.2.12 7 March, 2012 CICTE/DEC.1/12 rev. 1 Washington, D.C.
More informationEU policy on Network and Information Security and Critical Information Infrastructure Protection
EU policy on Network and Information Security and Critical Information Infrastructure Protection Andrea SERVIDA European Commission Directorate General Information Society and Media - DG INFSO Unit A3
More informationLegislative Council Panel on Information Technology and Broadcasting. Information Security
LC Paper No. CB(1)2407/10-11(05) For Information on 13 June 2011 Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper informs Members about the progress
More informationNHS Commissioning Board: Information governance policy
NHS Commissioning Board: Information governance policy DOCUMENT STATUS: To be approved / Approved DOCUMENT RATIFIED BY: DATE ISSUED: October 2012 DATE TO BE REVIEWED: April 2013 2 AMENDMENT HISTORY: VERSION
More informationThe Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency
The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency 1 Challenge for Cyber Security in Financial Sector (1) Necessity to Strengthen
More informationGLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000. CEO EDS Corporation
GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, 2000 Issue Chair: Issue Sherpa: Dick Brown CEO EDS Corporation Bill Poulos EDS Corporation Tel: (202) 637-6708
More informationESKISP6056.01 Direct security testing
Direct security testing Overview This standard covers the competencies concerning with directing security testing activities. It includes setting the strategy and policies for security testing, and being
More informationCybersecurity Audit Why are we still Vulnerable? November 30, 2015
Cybersecurity Audit Why are we still Vulnerable? November 30, 2015 John R. Robles, CISA, CISM, CRISC www.johnrrobles.com jrobles@coqui.net 787-647-3961 John R. Robles- 787-647-3961 1 9/11-2001 The event
More informationThe vision of the Department of Safety and Security is: A safe and secure environment for the people in KwaZulu-Natal.
VOTE 9 Safety and Security To be appropriated by Vote R16 355 000 Statutory amount Nil Total R16 355 000 Responsible MEC Minister of Safety and Security 1 Administrating department Department of Safety
More informationCybersecurity Strategy of the Republic of Cyprus
Policy Document Cybersecurity Strategy of the Republic of Cyprus Network and Information Security and Protection of Critical Information Infrastructures Version 1.0 23 April 2012 TABLE OF CONTENTS EXECUTIVE
More informationNational Cyber Security Policy -2013
National Cyber Security Policy -2013 Preamble 1. Cyberspace 1 is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information
More informationIT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies
IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document
More informationA COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY
APPENDIX A A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY INTRODUCTION The Internet and related networks
More informationNHS Business Services Authority Information Security Policy
NHS Business Services Authority Information Security Policy NHS Business Services Authority Corporate Secretariat NHSBSAIS001 Issue Sheet Document reference NHSBSARM001 Document location F:\CEO\IGM\IS\BSA
More informationPresidency conclusions on establishing a strategy to combat the manipulation of sport results
COU CIL OF THE EUROPEA U IO EN Presidency conclusions on establishing a strategy to combat the manipulation of sport results 3201st EDUCATIO, YOUTH, CULTURE and SPORT Council meeting Brussels, 26 and 27
More informationCorporate Information Security Management Policy
Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification
More informationNSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division
AUDIT OF IT SECURITY Corporate Internal Audit Division Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada September 20, 2012 Corporate
More information1. This report outlines the Force s current position in relation to the Policing of Cyber Crime.
Agenda Item No. 5 COMMUNITY OUTCOMES MEETING SUBJECT: CYBER CRIME 4 August 2015 Report of the Chief Constable PURPOSE OF THE REPORT 1. This report outlines the Force s current position in relation to the
More informationMaking our Cyber Space Safe
Making our Cyber Space Safe Ghana s Emerging Cyber Security Policy & Strategy William Tevie Director General 5/28/2014 1 Agenda Cyber Security Issues Background to Policy Target Audience for Framework
More informationNSW Government Digital Information Security Policy
NSW Government Digital Information Security Policy Version: 1.0 Date: November 2012 CONTENTS PART 1 PRELIMINARY... 3 1.1 Scope... 3 1.2 Application... 3 1.3 Objectives... 3 PART 2 CORE REQUIREMENTS...
More informationLegislative Council Panel on Information Technology and Broadcasting. Information Security
For Information on 8 July 2013 LC Paper No. CB(4)834/12-13(05) Legislative Council Panel on Information Technology and Broadcasting Information Security Purpose This paper updates Members on the latest
More informationInformation Security Seminar 2013
Information Security Seminar 2013 Mr. Victor Lam, JP Deputy Government Chief Information Officer Office of the Government Chief Information Officer The Government of the Hong Kong Special Administrative
More informationAPPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014
WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles
More informationAdvisory Guidelines of the Financial Supervisory Authority. Requirements regarding the arrangement of operational risk management
Advisory Guidelines of the Financial Supervisory Authority Requirements regarding the arrangement of operational risk management These Advisory Guidelines have established by resolution no. 63 of the Management
More informationSouth Norfolk Council Business Continuity Policy
South Norfolk Council Business Continuity Policy 1 Title: Business Continuity Policy Date of Publication: TBC Version: 2 Published by: Emergency Planning Team Review date: April 2014 Document Owner: Document
More informationaecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA
aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA Agenda Introduction aecert Vision & Mission The need to establish a UAE National CERT Constituent Framework & Service Catalog National
More informationAPPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES
APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company
More informationTowards closer EU-ASEAN collaboration in cybersecurity
Supporting European Union and Southeast Asia ICT strategic partnership and policy dialogue: Connecting ICT EU-SEA Research, Development and Innovation Knowledge Networks Towards closer EU-ASEAN collaboration
More informationThe Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment
East Thames Group The Regulatory Framework for Social Housing in England Governance and Financial Viability standard requirement: Governance Annual Assessment 1 Context 1.1 Under the Regulatory Framework,
More informationEcho Entertainment Group Limited (ABN 85 149 629 023) Risk and Compliance Committee Terms of Reference
(ABN 85 149 629 023) Terms of Reference Contents 1 Introduction to the Terms of Reference 1 1.1 General 1 1.2 Authorities 1 1.3 Board approval 1 1.4 Definitions 1 2 Role of the Committee 1 3 Duties and
More informationINFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK
INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic
More informationManagement and Use of Information & Information Technology (I&IT) Directive. Management Board of Cabinet
Management and Use of Information & Information Technology (I&IT) Directive Management Board of Cabinet February 28, 2014 TABLE OF CONTENTS PURPOSE... 1 APPLICATION AND SCOPE... 1 PRINCIPLES... 1 ENABLE
More informationInformation Governance Management Framework
Information Governance Management Framework Responsible Officer Author Business Planning & Resources Director Governance Manager Date effective from October 2015 Date last amended October 2015 Review date
More informationwww.pwc.com Developing a robust cyber security governance framework 16 April 2015
www.pwc.com Developing a robust cyber security governance framework 16 April 2015 Cyber attacks are ubiquitous Anonymous hacker group declares cyber war on Hong Kong government, police - SCMP, 2 October
More informationTranslated from Spanish. Permanent Mission of the Dominican Republic to the United Nations MPRDNY-1952-15. 5 November 2015. Sir,
1 Translated from Spanish Permanent Mission of the Dominican Republic to the United Nations MPRDNY-1952-15 5 November 2015 Sir, I have the honour to write to you in your capacity as Chair of the Security
More informationFFIEC Cybersecurity Assessment Tool
Overview In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed the Cybersecurity Tool (), on behalf of its members,
More informationRisk management systems of responsible entities
Attachment to CP 263: Draft regulatory guide REGULATORY GUIDE 000 Risk management systems of responsible entities July 2016 About this guide This guide is for Australian financial services (AFS) licensees
More informationBSA GLOBAL CYBERSECURITY FRAMEWORK
2010 BSA GLOBAL CYBERSECURITY FRAMEWORK BSA GLOBAL CYBERSECURITY FRAMEWORK Over the last 20 years, consumers, businesses and governments 1 around the world have moved online to conduct business, and access
More informationA GOOD PRACTICE GUIDE FOR EMPLOYERS
MITIGATING SECURITY RISK IN THE NATIONAL INFRASTRUCTURE SUPPLY CHAIN A GOOD PRACTICE GUIDE FOR EMPLOYERS April 2015 Disclaimer: Reference to any specific commercial product, process or service by trade
More informationAUDIT REPORT, SUMMARY. Summary. Information security in the civil public administration (RiR 2014:23) SWEDISH NATIONAL AUDIT OFFICE
AUDIT REPORT, SUMMARY 1 Summary Information security in the civil public administration (RiR 2014:23) SWEDISH NATIONAL AUDIT OFFICE 1 Information security in the civil public administration We now live
More informationHunter Hall International Limited
Hunter Hall International Limited ABN 43 059 300 426 Board Charter 1. Purpose 1.1 Hunter Hall International Limited (Hunter Hall, HHL) is an ASX-listed investment management company. 1.2 This Board Charter
More informationORDINANCE 22 UNIVERSITY OF LONDON RISK MANAGEMENT POLICY
UNIVERSITY OF LONDON RISK MANAGEMENT POLICY Introduction 2 Guide to Risk Management 2 Underlying approach to Risk Management 2 Components of the Risk Management Framework 3 Role and Responsibilities of
More informationINFORMATION GOVERNANCE POLICY & FRAMEWORK
INFORMATION GOVERNANCE POLICY & FRAMEWORK Version 1.2 Committee Approved by Audit Committee Date Approved 5 March 2015 Author: Responsible Lead: Associate IG Specialist, YHCS Corporate & Governance Manger
More informationBusiness Plan 2012/13
Business Plan 2012/13 Contents Introduction 3 About the NFA..4 Priorities for 2012/13 4 Resources.6 Reporting Arrangements.6 Objective 1 7 To raise the profile and awareness of fraud among individuals,
More informationCONCLUSIONS AND RECOMMENDATIONS OF THE 48 TH SESSION OF THE INTERNATIONAL CONFERENCE ON EDUCATION (ICE)
Distribution: limited ED/BIE/CONFINTED 48/5 Geneva, 28 November 2008 Original: English UNITED NATIONS EDUCATIONAL, SCIENTIFIC AND CULTURAL ORGANIZATION INTERNATIONAL CONFERENCE ON EDUCATION Forty eighth
More informationQuality Management Standard BS EN ISO 9001:2008. www.imsworld.org
Quality Management Standard BS EN ISO 9001:2008 The Origin of Quality Standards Ministry of Defence Marks & Spencer Ford Motor Company All had their own Quality standards, which they expected their suppliers
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationCouncil of the European Union Brussels, 5 March 2015 (OR. en)
Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:
More informationGovernment of Trinidad and Tobago
Ref #: A007 Government of Trinidad and Tobago JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: HEAD HUMAN RESOURCE JOB SUMMARY: The incumbent is required to provide overall management and coordination of
More informationTHE POLICE SERVICE (AMENDMENT) ACT, 2007
THE POLICE SERVICE (AMENDMENT) ACT, 2007 Arrangement of Sections Section 1. Short title 1A. Act inconsistent with Constitution 2. Interpretation 3. Section 4 amended 4. Section 16 amended 5. Sections 17,
More informationInvitation of expressions of interest for the provision of insurance cover
Invitation of expressions of interest for the provision of insurance cover 1. Context and Overview 1.1. The Authority The Irish Auditing and Accounting Supervisory Authority ( IAASA ) is the independent
More informationChair Cabinet Committee on State Sector Reform and Expenditure Control
Office of the Minister of State Services Chair Cabinet Committee on State Sector Reform and Expenditure Control REPORT OF THE GOVERNMENT CHIEF INFORMATION OFFICER ON THE REVIEW OF PUBLICLY ACCESSIBLE INFORMATION
More information26. National Crisis Management Centre
26. National Crisis Management Centre Summary The National Crisis Management Centre (NCMC) is an all-of-government facility that can be used by MCDEM when it is the lead agency emergencies. The NCMC can
More informationCHAPTER E12 - ENVIRONMENTAL IMPACT ASSESSMENT ACT
CHAPTER E12 - ENVIRONMENTAL IMPACT ASSESSMENT ACT ARRANGEMENT OF SECTIONS PART I General principles of environmental impact assessment SECTION 1.Goals and objectives of environmental impact assessment.
More informationMSc Cyber Security. identity. hacker. virus. network. information
identity MSc Cyber Security hacker virus QA is the foremost provider of education in the UK. We work with individuals at all stages of their careers, from our award-winning apprenticeship programmes, through
More informationDORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy
Part Two Part One Not Protectively Marked DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy. The Dorset & Wiltshire Fire and Rescue Authority (DWFRA)
More informationREGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD.
REGULATIONS ON OPERATIONAL RISK MANAGEMENT OF THE BUDAPEST STOCK EXCHANGE LTD. Date and number of approval/modification by the Board of Directors: 36/2010 September 15, 2010 No. and date of approval by
More informationMemorandum of Understanding ( MOU ) Respecting the Oversight of Certain Clearing and Settlement Systems. among:
March 19, 2014 Memorandum of Understanding ( MOU ) Respecting the Oversight of Certain Clearing and Settlement Systems The Parties hereby agree as follows: among: Bank of Canada (the Bank ) Ontario Securities
More informationSouthern State Superannuation Act 2009
Version: 27.8.2015 South Australia Southern State Superannuation Act 2009 An Act to continue the Triple S contributory superannuation scheme for persons employed in the public sector; and for other purposes.
More informationCyber Risk Management
Cyber Risk Management A short guide to best practice Insight October 2014 So what exactly is 'cyber risk'? In essence, cyber risk means the risk connected to online activity and internet trading but also
More informationNATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL
NATIONAL CREDIT UNION ADMINISTRATION OFFICE OF INSPECTOR GENERAL FY 2015 INDEPENDENT EVALUATION OF THE EFFECTIVENESS OF NCUA S INFORMATION SECURITY PROGRAM UNDER THE FEDERAL INFORMATION SECURITY MODERNIZATION
More informationTERMS OF REFERENCE BOARD OF DIRECTORS
TERMS OF REFERENCE BOARD OF DIRECTORS Roles and Responsibilities The principal role of the Board of Directors (the Board ) is stewardship of the Company with the creation of shareholder value, including
More informationFramework for an Aviation Security Management System (SeMS)
Framework for an Aviation Security Management System (SeMS) CAP 1223 Civil Aviation Authority 2014 All rights reserved. Copies of this publication may be reproduced for personal use, or for use within
More informationTechnology and Cyber Resilience Benchmarking Report 2012. December 2013
Technology and Cyber Resilience Benchmarking Report 2012 December 2013 1 Foreword by Andrew Gracie Executive Director, Special Resolution Unit, Bank of England On behalf of the UK Financial Authorities
More informationData Governance in-brief
Data Governance in-brief What is data governance? Data governance is the system of decision rights and accountabilities surrounding data and the use of data. It can involve legislation, organisational
More informationAS TABLED IN THE HOUSE OF ASSEMBLY
AS TABLED IN THE HOUSE OF ASSEMBLY A BILL entitled INSURANCE AMENDMENT ACT 2014 TABLE OF CONTENTS 1 2 3 4 5 6 7 8 9 10 11 12 13 Citation Inserts section 15A Amends section 17A Amends section 30JA Amends
More informationCentral bank corporate governance, financial management, and transparency
Central bank corporate governance, financial management, and transparency By Richard Perry, 1 Financial Services Group This article discusses the Reserve Bank of New Zealand s corporate governance, financial
More informationCOMPLIANCE CHARTER 1
COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...
More informationQueensland Training Assets Management Authority Bill 2014 Explanatory Notes
Queensland Training Assets Management Authority Bill 2014 Explanatory Notes Short Title The short title of the Bill is the Queensland Training Assets Management Authority Bill 2014. Policy objectives and
More information