ITU National Cybersecurity/CIIP Self-Assessment Toolkit. Background Information for National Pilot Tests



Similar documents
ITU National Cybersecurity/CIIP Self-Assessment Tool

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

ITU Cybersecurity Work Programme to Assist Developing Countries

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

Cybersecurity for ALL

U.S. Cyber Security Readiness

Actions and Recommendations (A/R) Summary

DHS, National Cyber Security Division Overview

The global challenge

Middle Class Economics: Cybersecurity Updated August 7, 2015

NGN Migration Strategies and Access Modernization. 26 May 2011 Dhaka

An Overview of Large US Military Cybersecurity Organizations

INTERNATIONAL TELECOMMUNICATION UNION

Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED March 2015

Cybersecurity: The Legal, Legislative and Regulatory Outlook

Delaware Cyber Security Workshop September 29, William R. Denny, Esquire Potter Anderson & Corroon LLP

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Bradford J. Willke, CISSP

A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY

ITU. Carla Licciardello Policy Analyst Carla.licciardello@itu.int.

CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition

Preventing and Defending Against Cyber Attacks November 2010

The Comprehensive National Cybersecurity Initiative

Overview of ITU Cybersecurity Activities

ALL ALL. rsecurity. Cybersec. for ITU s Work for a Safer World. International Telecommunication Union

Testimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security

Cybersecurity in Nepal

Testimony of. Mr. Anish Bhimani. On behalf of the. Financial Services Information Sharing and Analysis Center (FS-ISAC) before the

National Cybersecurity & Communications Integration Center (NCCIC)

THE WHITE HOUSE Office of the Press Secretary. FACT SHEET: Administration Cybersecurity Efforts 2015

CYBER SECURITY LEGISLATION AND POLICY INITIATIVES - UGANDA CASE

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for K-12 Education

Cybersecurity in the Commonwealth: Setting the Stage

AG/RES CYBER SECURITY STRATEGY (RESOLUTION)

Preventing and Defending Against Cyber Attacks October 2011

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

Cyber Stability 2015 Geneva, 09 July African Union Perspectives on Cybersecurity and Cybercrime Issues.

Preventing and Defending Against Cyber Attacks June 2011

Statement of. Mike Sena. President, National Fusion Center Association. Director, Northern California Regional Intelligence Center (NCRIC)

SECTION-BY-SECTION. Section 1. Short Title. The short title of the bill is the Cybersecurity Act of 2012.

Confrontation or Collaboration?

Honourable members of the National Parliaments of the EU member states and candidate countries,

STATEMENT OF JOSEPH DEMAREST ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION BEFORE THE

How To Protect Yourself From Cyber Crime

Technological Evolution

In an age where so many businesses and systems are reliant on computer systems,

New Hampshire Cyber Crime Initiative Overview Briefing. NH Assistant Attorney General Lucy H. Carrillo Internet Crimes Prosecutor

CERT/CC Overview & CSIRT Development Team Activities

ITI Cybersecurity Principles for Industry and Government

ISOO Notice : Update on Recent Cyber Incidents at OPM

Cyber Security Strategy

Cybersecurity: Taking Stock and Looking Ahead

Cybersecurity: Authoritative Reports and Resources

Cybersecurity: Authoritative Reports and Resources

Cyber Security Strategy

Cybersecurity and Corporate America: Finding Opportunities in the New Executive Order

The Dow Chemical Company. statement for the record. David E. Kepler. before

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

ASEAN s Cooperation on Cybersecurity and against Cybercrime

Update on U.S. Critical Infrastructure and Cybersecurity Initiatives

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Department of Homeland Security

The Geneva Protocol on Cybersecurity and Cybercrime

MARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.

Institutional Foundations for Cyber Security: Current Responses and New Challenges

Integrating Cybersecurity with Emergency Operations Plans (EOPs) for Institutions of Higher Education (IHEs)

Cyberspace Situational Awarness in National Security System

Capacity Building to Strengthen Cybersecurity: Thailand Update

Re: Request for Comments on the Preliminary Cybersecurity Framework

The IT Industry s Cybersecurity Principles for Industry and Government

AT&T Cybersecurity Policy Overview

Incident Management ITU Pillars & Qatar Case Study Michael Lewis, Deputy Director

Sources of Funding Cyber Security Research

ITU Global Cybersecurity Agenda (GCA)

Safety & Security: Cyber Security

U.S. Department of Justice FY 2016 Budget Request NATIONAL SECURITY. +$106.8 Million in Program Increases. FY 2016 Overview

How To Prevent Cyber Crime

NIST Cybersecurity Framework. ARC World Industry Forum 2014

Cybersecurity: Authoritative Reports and Resources

114 th Congress March, Cybersecurity Legislation and Executive Branch Activity I. ADMINSTRATION S CYBERSECURITY PROPOSALS

Cyber Security Strategy of Georgia

Why Cybersecurity Matters in Government Contracting. Robert Nichols, Covington & Burling LLP

Before the DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Washington, DC ) ) ) ) )

CYBERSECURITY RISK MANAGEMENT

Maintaining Herd Communication - Standards Used In IT And Cyber Security. Laura Kuiper

Today's Mobile Cybersecurity Information Sharing

Cybersecurity-related international institutions: An assessment and a framework for nations strategic policy choices

HOMELAND SECURITY INTERNET SOURCES

Comparison of Information Sharing, Monitoring and Countermeasures Provisions in the Cybersecurity Bills

Wisconsin National Governor s Association: Call To Action

[This page intentionally left blank]

Cybersecurity: A Shared Responsibility and Department of Homeland Security Priority

El Camino College Homeland Security Spring 2016 Courses

Why you should adopt the NIST Cybersecurity Framework

Above My Pay Grade: Incident Response at the National Level

Emerging risks for internet users

Dean C. Garfield President & CEO, Information Technology Industry Council (ITI) Committee on Energy and Commerce

Frequently Asked Questions. OPM Data Breach. Department of the Navy

Transcription:

ITU National Cybersecurity/CIIP Self-Assessment Toolkit Background Information for National Pilot Tests This document provides background information for pilot tests of the ITU National Cybersecurity/CIIP National Self-Assessment Toolkit December 2007 DRAFT For further information, please contact the ITU-D ICT Applications and Cybersecurity Division at <cybmail@itu.int>

The ITU National Cybersecurity/CIIP Self Assessment Toolkit is based on studies underway in the ITU Telecommunication Development Sector s Study Group 1, Question 22/1: Securing information and communication networks: best practices for developing a culture of cybersecurity. This activity calls for ITU Member States and Sector Members to create a report on national best practices in the field of cybersecurity. More information on Question 22/1 activities can be found at the website www.itu.int/itu-d/cyb/cybersecurity/. As a practical initiative by the ITU-D ICT Applications and Cybersecurity Division to assist ITU Member States who wish to elaborate national cybersecurity/critical information infrastructure protection (CIIP) frameworks, this toolkit builds on work currently underway in Question 22/1. In particular, the current version of the toolkit is based on the October 2007 draft of the Report on Best Practices for a National Approach to Cybersecurity: A Basic Management Framework for Organizing National Cybersecurity Efforts. This document provides background information for national authorities considering pilot tests of the toolkit. The toolkit, developed by Joseph Richardson, is intended to assist national government officials in examining their related existing national cybersecurity/ciip policies, procedures, norms, institutions, and relationships. The latest version of this document is available at: www.itu.int/itu-d/cyb/cybersecurity/docs/itu-self-assessment-toolkit-info.pdf For further information on participating in the toolkit pilot tests, please contact: ICT Applications and Cybersecurity Division (CYB) Policies and Strategies Department Bureau for Telecommunication Development International Telecommunication Union Place des Nations 1211 Geneva 20 Switzerland Telephone: +41 22 730 5825/6052 Fax: +41 22 730 5484 E-mail: cybmail@itu.int Website: www.itu.int/itu-d/cyb/ Draft ITU National Cybersecurity/CIIP Self-Assessment Toolkit 2/7

Table of Contents Background...4 Objectives of the Toolkit...4 Actors Involved...5 Actors Involved in Development of a National Strategy...5 Actors Involved in National Coordination Efforts...6 Actors Involved in Government-Industry Collaboration...6 Actors Involved in Deterring Cybercrime...6 Actors Involved in Incident Management...7 Actors Involved in Promoting a Culture of Security...7 Draft ITU National Cybersecurity/CIIP Self-Assessment Toolkit 3/7

Background The ITU National Cybersecurity/CIIP Self-Assessment Toolkit is derived from work underway in the ITU Telecommunication Development Sector s Study Group 1, Question 22/1: Securing information and communication networks: best practices for developing a culture of cybersecurity. This activity calls for ITU Member States and Sector Members to create a report on national best practices in the field of cybersecurity. The toolkit is based on the October 2007 draft of the Report on Best Practices for a National Approach to Cybersecurity: A Basic Management Framework for Organizing National Cybersecurity Efforts (hereafter the Report). More information on Question 22/1 activities can be found at the website: www.itu.int/itu-d/cyb/cybersecurity/ Objectives of the Toolkit The toolkit is intended to assist national government officials at the management level in examining their existing national policies, procedures, norms, institutions, and relationships in light of the Report. It assists in identifying: major players involved in cybersecurity/critical information infrastructure protection (CIIP) in a country; and their roles and their means of coordination, interaction, and cooperation. The toolkit assists policy makers and managers from relevant agencies and institutions to discuss among themselves their nation s cybersecurity efforts and arrangements. Draft ITU National Cybersecurity/CIIP Self-Assessment Toolkit 4/7

During initial discussions among relevant agencies and institutions to consider the toolkit, ideally national relevant agencies and institutions should be represented at similar levels in order to facilitate dialogue among peers. Experience to date has demonstrated that as a target level, ideally this should be at the Director General or Deputy Director General. However, additional representatives at lower levels would of course be welcome to attend the session. These actors would ideally participate in the self-assessment efforts. In addition, consideration should be given to including relevant private sector players and associations in the self-assessment dialogue. Actors Involved The suggested governmental roles and agencies that would normally be involved in the elaboration, development and operation of a national cybersecurity effort are discussed below. Actors Involved in Development of a National Strategy Some countries may have already designated an agency to coordinate and lead interagency efforts and a specific national strategy. Other countries may have taken only initial steps and thus may need to identify a person and institution that will lead development of a national cybersecurity/ciip framework. This role is typically under the head of government and could include a national security council or a cabinet level coordination mechanism. Draft ITU National Cybersecurity/CIIP Self-Assessment Toolkit 5/7

Actors Involved in National Coordination Efforts The agency that will provide operational guidance and likely head the interagency coordination effort on cybersecurity/ciip. Most likely, this would be different from the agency that originally developed the national strategy. For example, in the United States of America, this role is partially handled by the National Cyber Response Coordination Group (NCRCG), a forum of 13 principal agencies that coordinate intragovernmental and public/private preparedness operations to respond to and recover from cyber attacks. Actors Involved in Government-Industry Collaboration The agencies that have significant interaction with the private sector in regard to cybersecurity whether for cybercrime, incident management, or technical and/or policy development. For example, in the United States, a number of agencies are involved in these areas. They include the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) and police related to cybercrime; the Department of Homeland Security (DHS) and USCERT and the Department of Defense (DOD) related to incident management; and the Departments of Homeland Security (DHS) and Commerce (DOC) related to technical and policy development. Actors Involved in Deterring Cybercrime These are the agencies and institutions that develop and enforce laws related to cybersecurity. For example, in the United States, this includes the Department of Justice (DOJ), the Federal Bureau of Investigation (FBI) and police related to investigating and prosecuting cybercrime. Draft ITU National Cybersecurity/CIIP Self-Assessment Toolkit 6/7

Consideration should also be given to including the Courts and the legislature in a self-assessment effort. Actors Involved in Incident Management These are the principal agencies and institutions responsible for preparedness operations to respond to and recover from cyber incidents. The private sector is also a key player in this area. For example, in the Unites States, the lead players are the Department of Homeland Security (DHS) and USCERT. In addition, many other agencies, individually or through the United States GOVCERT, are involved. Among these are the principal agencies of the National Cyber Response Coordination Group (NCRCG) which also includes the Department of Defense (DOD). Private sector CSIRTS and industry associations are also involved. Actors Involved in Promoting a Culture of Security Much of the effort in this area involves awareness raising among individuals, small businesses and other users. This area also includes specific issues such as privacy, and research and development (R&D). In the United States, much of this work is carried out by agencies involved in other areas of cybersecurity noted above. One principal addition is the Federal Trade Commission (FTC) in matters related to privacy. Draft ITU National Cybersecurity/CIIP Self-Assessment Toolkit 7/7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information