Cybersecurity and Cybercrime. Ministry of National Security

Similar documents
CYBERCRIME AND THE LAW

An Overview of Cybersecurity and Cybercrime in Taiwan

Cybercrime: risks, penalties and prevention

D2.2 Executive summary and brief: Cyber crime inventory and networks in non-ict sectors

Internet Safety and Security: Strategies for Building an Internet Safety Wall

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Cybercrime in Canadian Criminal Law

Acceptable Use Policy

Public Policy Meeting, Legal Issues on Cyber Security in Africa Dakar, Senegal November 2009

Cyber Security Recommendations October 29, 2002

ADVANCEMENT OF CYBER SECUIRTY THROUGH PUBLIC PRIVATE PARTENERSHIP ICT WEEK AUC 4-6 DEC 2013

Cyber security Country Experience: Establishment of Information Security Projects.

Promoting a cyber security culture and demand compliance with minimum security standards;

ITU Global Cybersecurity Agenda (GCA)

Cyber Security Strategy

T-CY Guidance Note #4 Identity theft and phishing in relation to fraud

COB 302 Management Information System (Lesson 8)

Cyber Security Threats and Countermeasures

Government of the Republic of Trinidad & Tobago. National Cyber Security Strategy

Government of the Republic of Trinidad & Tobago. National Cyber Security Strategy

Cyber- Attacks: The New Frontier for Fraudsters. Daniel Wanjohi, Technology Security Specialist

Cybersecurity in SMEs: Evaluating the Risks and Possible Solutions. BANCHE E SICUREZZA 2015 Rome, Italy 5 June 2015 Arthur Brocato, UNICRI

LEGISLATION ON CYBERCRIME IN NIGERIA: IMPERATIVES AND CHALLENGES

Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region

Cybersecurity: Taking Stock and Looking Ahead

MONTENEGRO NATIONAL CYBER SECURITY STRATEGY FOR MONTENEGRO

Draft WGIG Issues Paper on Spam

Pacific Islands Telecommunications Association

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

In an age where so many businesses and systems are reliant on computer systems,

A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY

region16.net Acceptable Use Policy ( AUP )

CYBER SECURITY LEGISLATION AND POLICY INITIATIVES - UGANDA CASE

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

Policy No: 2-B8. Originally Released: Date for Review: 2016

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

NEW ZEALAND S CYBER SECURITY STRATEGY

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

ACCEPTABLE USE AND TAKEDOWN POLICY

Australia s proposed accession to the Council of Europe Convention on Cybercrime

Service Monitoring Discrimination. Prohibited Uses and Activities Spamming Intellectual Property Violations 5

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Information Security Law: Control of Digital Assets.

Cybersecurity Initiatives

Executive Director Centre for Cyber Victim Counselling /

Threats and Attacks. Modifications by Prof. Dong Xuan and Adam C. Champion. Principles of Information Security, 5th Edition 1

BSA GLOBAL CYBERSECURITY FRAMEWORK

Council of Europe Project on Cybercrime in Georgia Report by Virgil Spiridon and Nigel Jones. Tbilisi 28-29, September 2009

National Cyber Crime Unit

Cybercrimes: A Multidisciplinary Analysis

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

A Global Treaty on Cybersecurity and Cybercrime

Models for Cyber-legislation in ESCWA member countries

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Sample Employee Network and Internet Usage and Monitoring Policy

INTRODUCTION DEVELOPMENT AND PHENOMENA

Emerging risks for internet users

Incident categories. Version (final version) Procedure (PRO 303)

JOINT EXPLANATORY STATEMENT TO ACCOMPANY THE CYBERSECURITY ACT OF 2015

Cybercrime & Cybersecurity

The Information Security Problem

Cyber Crime and Data Retention

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Executive Overview...4. Importance to Citizens, Businesses and Government...5. Emergency Management and Preparedness...6

Perception of Cyber Crime in Slovenia

FKCC AUP/LOCAL AUTHORITY

The global challenge

The FBI and the Internet

Information Security Incident Management Guidelines

CONNECTING WITH CONFIDENCE: OPTIMISING AUSTRALIA S DIGITAL FUTURE. AIIA Response

Marist College. Information Security Policy

Policies and Practices on Network Security of MIIT

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Acceptable Use and Publishing Policy

TYPES, PREVALENCE, AND PREVENTION OF CYBERCRIME. Haya Fetais & Mohammed Shabana. Saint Leo University COM- 510

CYBERTERRORISM THE USE OF THE INTERNET FOR TERRORIST PURPOSES

CYBER CRIME AWARENESS

Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows

Vijay Pal Dalmia, Advocate Delhi High Court & Supreme Court of India

Guidelines Applicability Guidelines Statements Guidelines Administration Management Responsibility... 4

What legal aspects are needed to address specific ICT related issues?

Incident Categories (Public) Version (Final)

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

IDENTITY THEFT COMMITTED THROUGH INTERNET

Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy

S. ll IN THE SENATE OF THE UNITED STATES

Acceptable Use Policy

Peace and Justice in Cyberspace

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

ASEAN s Cooperation on Cybersecurity and against Cybercrime

Cyber Security Awareness. Internet Safety Intro.

Acceptable Use Policy

Not-For-Profit Finance Forum Westpac New Zealand Limited

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Acceptable Usage Policy

Cybercrimes NATIONAL CRIME PREVENTION COUNCIL

Acceptable Usage Policy

University of Colorado at Denver and Health Sciences Center HIPAA Policy. Policy: 9.2 Latest Revision: 04/17/2005 Security Incidents Page: 1 of 9

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

MAINE COMMUNITY COLLEGE SYSTEM. SUBJECT: COMPUTER AND NETWORK USE PURPOSE: To promote the responsible use of college and System computers and networks

Transcription:

Cybersecurity and Cybercrime Ministry of National Security

Objective of Presentation What is the nature of Cybersecurity and Cybercrime? Purpose of Legislation Potential Impact on business operations What should businesses do to be ready for new legislation Way forward

News Headlines 3

Adam Palmer Norton Lead Cyber Security Advisor advised that: $388 Billion is the total Bill for Cybercrime footed by online adults in 24 countries over the past year When victims value the time they have lost to Cybercrime it was estimated at over $274 Billion The direct cash cost of cybercrime Money stolen by cybercrime or spent on resolving cyber attacks is estimated at over $114 Billion

What is Cybersecurity? Definition of cybersecurity, referring to ITU-T X.1205, Overview of cybersecurity Cybersecurity strives to ensure the attainment and maintenance of the security properties of the organization and user s assets against relevant security risks in the cyber environment. The general security objectives comprise the following: Availability Integrity, which may include authenticity and non-repudiation Confidentiality

What is the nature of Cybercrime? OECD had recommended that Computer related crime is considered as any illegal or unethical or unauthorised behaviour relating to automatic processing and the transmission of data. Commission of European Union in 2001 described it as any crime that in some way or other involves the use of information technology. It has now been extended to include massive and coordinated attacks against the information infrastructure of a country. Transnational nature of cyberspace makes effective law enforcement difficult. Cyber-criminals defy nations sovereignty and originate attacks from almost any computer in the world

Difficult to define.. Often involves traditional crimes Computer used to commit a crime Child porn, threatening email, assuming someone s identity, sexual harassment, defamation, spam, phishing Computer as a target of a crime Viruses, worms, industrial espionage, software piracy, hacking Content-related offences, concerning the disclosure or making available by means of a computer system of illegal content Offences related to intellectual property

Business Data-Hackers are Everywhere Stealing data Industrial Espionage Identity theft Defamation Deleting data for fun A lot of bored 16 year olds late at night Turning computers into zombies To commit crimes Take down networks Distribute porn Harass someone Ethical/white hat hackers exist too Help break into networks to prevent crimes Source: E-Commerce Network - Suzanne Mello - Nov 5 2004

THE CABINET-APPOINTED INTER MINISTERIAL COMMITTEE ON CYBER SECURITY

ABOUT THE IMC Established by Cabinet in March 2010 Began operations in April 2011 Given a period of twenty four months to complete its mandate

ABOUT THE IMC: Mandate To develop a coordinated National Cyber Security Strategy and Action Plan To facilitate, guide and ensure the enactment of a national Cybercrime Act To facilitate, guide and ensure the implementation of a National Computer Security Incident Response Team (CSIRT) To establish an implementation mechanism that would have legislative authority to develop and enforce cyber security regulations To create a mechanism/framework that ensures that risk/vulnerability assessments of each Ministry s cyber infrastructure and cyber security plan are conducted regularly

ABOUT THE IMC: Composition Core Committee Ministry of National Security (Chair) Ministry of Science and Technology Ministry of Tertiary Education and Skills Training-University of the West Indies Ministry of Public Administration Ministry of the Attorney General Ministry of Public Utilities Ministry of Energy and Energy Affairs Ministry of Finance and the Economy National ICT Company Ltd. (igovtt)

ABOUT THE IMC: Composition Sub Committees: Ministry of Health Ministry of Education Ministry of Legal Affairs Ministry of Foreign Affairs Ministry of Transport Telecommunications Authority of Trinidad and Tobago

Structure of the IMC National Strategy Culture and International Cooperation IMC Incident Management Government/ Civil Society and Private Sector Collaboration Legal

Achievements Coordinated the work of a HIPCAR Consultant which resulted in the development of a Draft Cybercrime Bill Capacity building and training for government stakeholders (OAS/CICTE, HIPCAR and proposed CCI) Developed and obtained approval for National Cyber Security Strategy (December 2012) Developed and obtained approval for a National Cybercrime Policy (February 2013) Developed and obtained approval for the establishment of a Cyber Security Agency (August 2013)

The Cyber Crime Policy: Purpose Ensure a coherent strategy in the prevention, investigation, prosecution and sentencing of computer crime and cybercrime in Trinidad and Tobago Enable Trinidad and Tobago to participate in the international endeavour to fight against transnational computer crime and cybercrime. Inform the preparation of a legislative framework for the deterrence and prosecution of cybercrime

The Cyber Crime Policy: Objectives Prevention and Awareness Raising Criminalization of offences related to computer crime and cybercrime Institution of investigation mechanisms Use of electronic evidence in prosecution Creation of an environment that defines the obligations and restricts the liability of ISPs Repeal of the Computer Misuse Act (2000) and replace with the Cybercrime Act

Legislation covers: Illegal access to a computer system ( hacking, circumventing password protection, exploiting software loopholes etc.) Illegal interception (violating privacy of data communication) Illegal Data interference (malicious codes, viruses, trojan horses etc.) System interference (hindering the lawful use of computer systems) Misuse of devices and illegal devices (tools to commit cyber-offences) Offences affecting critical infrasturcture Computer-related forgery (similar to forgery of tangible documents) Computer-related fraud (similar to real life fraud) Identity related offences SPAM Harassment using an electronic means Child pornography Infringement of copyright and related rights

Cont d Expedited preservation of stored computer data Expedited preservation and partial disclosure of traffic Data Production order Search and seizure of stored computer data Real-time collection of traffic data Interception of content data Procedural safeguards

Public-Private Partnership GoRTT will: Identify public stakeholders responsible for initiating and developing cyber security policies and regulations; Engage both the public and private stakeholders in the process by clearly defining their roles and responsibilities; Define the appropriate incentives that allow private, public and civil society stakeholders to participate in the process (for example no costly regulations). Involve specific critical infrastructure and Internet service providers instead of allocating responsibilities to a specific sector; 21

Public-Private Partnership Include civil society in the implementation of the strategy from an awareness raising standpoint; Foster the development of cyber security certification programmes that will be nationally recognized and accepted by the public and private sectors; Educate the general public and small, medium and large businesses on basic cyberspace safety and security issues. Permanent Stakeholders Group (to be est. by the E.D., TTCSA): It is envisioned that this Group will create an open forum for continued dialogue on cyber security matters. It is also intended that the Group will be available for discussions regarding regulations and standards to be set by the TTCSA. 22

Role of Businesses Companies will be encouraged to: Sensitize employees on cyber security and cyber threats. Evaluate the security of those networks that impact the security of Trinidad and Tobago s critical infrastructure. Such evaluations would include: Conducting risk assessments and audits; Developing continuity plans which consider staff and equipment; and Participating in industry-wide information sharing and best practice dissemination. Provide sufficient opportunities for continuing education and advanced training in the workplace to maintain high skill standards and the capacity to innovate. 23

The New Wild Wild West More cyber criminals than cyber cops Criminals feel safe committing crimes from the privacy of their own homes Brand new challenges facing law enforcement Most not trained in the technologies Internet crimes span multiple jurisdictions Need to retrofit new crimes to existing laws Criminals exploit weaknesses in laws as well as vulnerabilities in technologies. E-Commerce Network - Suzanne Mello - Nov 5 2004

Way forward.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information