International Chamber of Commerce The world business organization



Similar documents
Seamus Reilly Director EY Information Security Cyber Security

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

The National Cybersecurity Workforce Framework Delaware Cyber Security Workshop September 29, 2015

MARYLAND. Cyber Security White Paper. Defining the Role of State Government to Secure Maryland s Cyber Infrastructure.

4-1 Strategic Leadership Training and Education Level

Cyber/ Network Security. FINEX Global

Prepared by the Commission on Environment & Energy

UIC involvement. Teodor Gradinariu Senior Technical Advisor UIC

FSPCOMP3 Assess and mitigate the compliance risks relevant to your organisation

Practical Overview on responsibilities of Data Protection Officers. Security measures

Technology Crime Services

CYSPA launch event - Turkey

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

ICC CYBER SECURITY GUIDE FOR BUSINESS

CONSULTING IMAGE PLACEHOLDER

Cyber Security Recommendations October 29, 2002

Regulatory Framework for Disaster Recovery Planning for the ICT Industry

Cyber Risks in the Boardroom

BUSINESS CHARTER FOR SUSTAINABLE DEVELOPMENT

Cyber security in an organization-transcending way

Prepared testimony of W. Joseph Majka Head of Fraud Control and Investigations Visa Inc.

National Cyber Security Policy -2013

ICC RESOURCE GUIDE FOR SELF-REGULATION OF ONLINE BEHAVIOURAL ADVERTISING (OBA)

G-Cloud Definition of Services Security Penetration Testing

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Infocomm Security Masterplan 2

ICC Guidelines on Whistleblowing

The Geospatial Approach to Cybersecurity: An Executive Overview. An Esri White Paper January 2014

Threat and Hazard Identification and Risk Assessment

CIPAC Water Sector Cybersecurity Strategy Workgroup: FINAL REPORT & RECOMMENDATIONS

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

GEARS Cyber-Security Services

The National Cyber Security Strategy (NCSS) Success through cooperation

The importance of public-private partnership. Peter Hondebrink Ministry of Economic Affairs, Agriculture and Innovation

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

Business Risk Management - Top 10 Questions to Ask

Logging In: Auditing Cybersecurity in an Unsecure World

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

Business Continuity Planning in IT

Defensible Strategy To. Cyber Incident Response

2015 CEO & Board University Cybersecurity on the Rise. Matthew J. Putvinski, CPA, CISA, CISSP

Supplier Vigilance: A Critical Layer of Defense

Risk Management Policy and Framework

How To Strengthen Nuclear Security

STATE OF NEW HAMPSHIRE STRATEGIC PLAN TO ADDRESS CYBER CRIME

CYBER SECURITY Cyber Security for Canadian Directors in the Wake of Ashley Madison

CAPACITY BUILDING TO STRENGTHEN CYBERSECURITY. Sazali Sukardi Vice President Research CyberSecurity Malaysia

Project Management Professional. Group BUSINESS PLAN

CYBER SECURITY Audit, Test & Compliance

cyberr by e-management The Leader in Cybersecurity Risk Intelligence (RI) Cybersecurity Risk: What You Don t Know CAN Hurt You!

Address C-level Cybersecurity issues to enable and secure Digital transformation

REPUBLIC OF MAURITIUS NATIONAL CYBER SECURITY STRATEGY

DHS, National Cyber Security Division Overview

Performs the Federal coordination role for supporting the energy requirements associated with National Special Security Events.

APPENDIX XVIII: EMERGENCY SUPPORT FUNCTION 18 BUSINESS, INDUSTRY, AND ECONOMIC STABILIZATION

National Institute of Standards and Technology Smart Grid Cybersecurity

Seoul Communiqué 2012 Seoul Nuclear Security Summit

Mitigating and managing cyber risk: ten issues to consider

Practical guide for using the Continuous Learning Framework and the Changing Lives leadership model to develop leadership in social services

Cyber Security Survey

Financial Management Framework >> Overview Diagram

INSPIRE AND GROW YOUR BUSINESS IN THE 21 ST CENTURY BUSINESS CHARTER FOR SUSTAINABLE DEVELOPMENT

Working out the answer to this question will help inform every step that follows.

Cyber Essentials Scheme. Summary

MEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries

Top 5 Global Bank Selects Resolution1 for Cyber Incident Response.

How To Protect Visa Account Information

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

Commonwealth Approach to Cybergovernance and Cybersecurity. By the Commonwealth Telecommunications Organisation

Computer Forensics Preparation

Head of Engineering Job Description

Click to edit Master title style

Cybersecurity: Considerations for Internal Audit. IIA Atlanta Chapter Meeting January 9, 2015

Cybersecurity Framework: Current Status and Next Steps

ASEAN s Cooperation on Cybersecurity and against Cybercrime

Transcription:

International Chamber of Commerce The world business organization ICC Cyber Security Guide for Business World Bank Seminar on Cyber Preparedness Vienna. 18 19 May 2015

Gerard Hartsink Chair ICC Task Force on Cyber Security (www.iccwbo.org Paris) Chair Digital Economy Commission ICC Netherlands (www.icc.nl The Hague) Senior Advisor ICC Netherlands (www.icc.nl The Hague)

Threats for Businesses Without suitable precautions, the internet, enterprise information networks and devices are not secure.

What is the background of ICC s Guide? ICC has a long history of providing companies tools and self regulatory guidance to promote good business practice. ICC is dedicated to facilitate trade and investment including to foster e commerce and confidence in the digital economy. An open internet will make the access to knowledge, information, goods and services possible for the benefit of businesses and consumers. Businesses are more and more confronted with challenges that the internet, enterprise information systems and devices are not secure without suitable precautions. ICC created the Cyber Security Guide for Business to make its about 6 million members of 90 National Committees aware of the risks and offer them a guide to mitigate their cyber risks ICC believes that cooperation of businesses and the public sector is essential to mitigate cyber risk in society

Target Groups of the Guide Guide to raise awareness of business role in ensuring security online Conversation starter between IT specialists and company management Relevant for Corporates (management and Board), SMEs, merchants and webmerchants Tool to demonstrate business engagement in addressing cyber security

What should business do? Businesses of all sizes need to develop and nurture key organizational capabilities to manage cyber security Undertake a risk analyses Take necessary actions to ensure employment of best practices Prepare to detect and respond (internally and externally) to cyber events

What should governments do? Intensify international cooperation in order to mitigate cyber crime risks (such as the Global Forum on Cyber Expertise: see www.gccs2015.com) Stimulate public and private cooperation in all jurisdictions to manage cyber security threats Support the ISACs (Information Sharing and Analysis Centers) in all jurisdictions Take appropriate prosecution actions in all jurisdictions in case of breaches

Key Security Principles A: Vision and mind set Principle 1: Principle 2: Focus on information and not on technology Make resilience a mind set B: Organization and Processes Principle 3: Principle 4: Principle 5: Prepare to respond Demonstrate a leadership commitment Act on your vision

Six essential Security Actions Action 1: Action 2: Action 3: Action 4: Action 5: Action 6: Back up business information and validate restore process Update information technology systems Invest in training Monitor your information environment Layer defenses to reduce risks Prepare for when the breach occurs

Security self assessment (1) 1. Do you evaluate how sensitive information is handled within you company? 2. Do you perform information security related risk assessments? 3. At what level is information security governance implemented? 4. Do you have a dedicated information security function? 5. How does your company deal with security risks from your suppliers? 6. Does your company evaluate computer and network security on a regular basis? 7. When introducing new technologies, do you assess potential security risks? 8. Does information security training take place within your company? 9. How do you use passwords within the company? 10. Is there a policy in place for the appropriate use of the internet and social media?

Security self assessment (2) 1. Do you measure, report and follow up on information security related matters? 2. How are systems kept up to date within your company? 3. Are user access rights to applications and systems reviewed on a regular basis? 4. Can your employees use their own personal devices to store company information? 5. Has your company taken measures to prevent loss of stored information?

ICC Cyber Security Guide for Business Read the guide & observe principles Re assess regularly your company s information security Fill in self assessment questionnaire Get inspired Browse through global frameworks and local initiatives listed on our website Review Compare checklist with recommended actions points Implement Follow the recommended steps for applying the principles to your organization's needs

Edition ICC Netherlands Global edition

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information