1 / 31

Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security

Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security. Presented to: Workshop on Capacity Building for Computer Emergency Readiness Team (CERT) for Africa November 1-2, 2010 By Joseph Richardson Senior Fellow, GMU-ICC. The Self-Assessment purpose.

carla-faulkner
Download Presentation

Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security Presented to: Workshop on Capacity Building for Computer Emergency Readiness Team (CERT) for Africa November 1-2, 2010 By Joseph Richardson Senior Fellow, GMU-ICC

  2. The Self-Assessmentpurpose • Snapshot of where the nation is • Educate participants • Identify strengths and weaknesses • Identify gaps • Allocate responsibilities • Establish priorities • Provide input to a national cyber security strategy

  3. The self-assessmentaudience • All participants – the ultimate target • But to ensure national action, the self-assessment must be addressed to key decision makers in • Government (executive and legislative) • Business and industry • Other organizations and institutions • Individuals and the general public

  4. key elements Collaboration and Information Exchange IncidentManagement Legal Framework Culture ofCybersecurity Key Elements of a National Cybersecurity Strategy

  5. The Self-Assessmentkey elements D. Culture of Security: • Develop security awareness programs for and outreach to all participants, for example, children, small business, etc. • Enhance science and technology (S&T) and research and development (R&D) • Other initiatives

  6. A Cultural Shift:Cybersecurity Gets Personal Yael Weinman Counsel for International Consumer Protection Office of International Affairs U.S. Federal Trade Commission September 2010

  7. Federal Trade Commission • General jurisdiction consumer protection agency • Enforcement through federal district court and administrative litigation • Small agency • www.ftc.gov

  8. Federal Trade Commission Three-prong approach: • Individual Culture • Organizational Culture • FTC Enforcement Components of Cybersecurity • Privacy and Data Security • Spam • Spyware • Identity Theft How the FTC Can Help • Consumer and Business Education • Research and Consultation • International cooperation

  9. Personal Culture Privacy and Data Security • It is every individual’s responsibility •You don’t need computer expertise or to be a member of IT to ensure data privacy and security

  10. Organizational Culture Privacy and Data Security • Build in privacy and data security from the ground up • Privacy Impact Assessments • Routine use of data security hardware and software

  11. Enforcement Privacy and Data Security

  12. Personal Culture Spam and Phishing Don’t open unknown emails Never open attachments unless you know the sender Type URLs into the address bar rather than clicking Don’t respond with account or personal information

  13. Organizational Culture Spam and Phishing Let customers know how you will use their personal information—and stick to it Know the rules on sending unsolicited commercial email (UCE) Know how to communicate with your customers

  14. Enforcement Spam and Phishing $2.5 Million court-ordered fine for weight loss spam $413,000 fine under a settlement with an X rated website

  15. Personal Culture Spyware Don’t install software from an unknown source on your computer Be aware that games and other freeware can contain spyware Maintain virus protection software

  16. Organizational Culture Spyware A consumer’s computer belongs to him or her, not software distributors Full disclosures must be clear and conspicuous A consumer must be able to uninstall or disable downloaded software

  17. Enforcement Spyware Zango: $3 million disgorgement Seismic Entertainment ERG Ventures

  18. Identity Theft

  19. Identity Theft Task Force

  20. Strategy – 4 key areas • keeping sensitive consumer data out of the hands of identity thieves through better data security and more accessible education; • making it more difficult for identity thieves who obtain consumer data to use it to steal identities; • assisting the victims of identity theft in recovering from the crime; and • deterring identity theft by more aggressive prosecution and punishment of those who commit the crime

  21. Consumer and Business Education • Guidance to Business • Consumer Education • Communicating effectively

  22. OnGuardOnline

  23. En Español

  24. Spam

  25. Spyware

  26. Identity Theft

  27. Five Key Principles "Protecting PERSONAL INFORMATION: A Guide for Business" • Take stock. • Scale down. • Lock it. • Pitch it. • Plan ahead.

  28. Additional Resources National Institute of Standards and Technology (NIST) Computer Security Resource Center. www.csrc.nist.gov NIST’s Risk Management Guide for Information Technology Systems. www.csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf Department of Homeland Security’s National Strategy to Secure Cyberspace. www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf SANS (SysAdmin, Audit, Network, Security) Institute’s Twenty Most Critical Internet Security Vulnerabilities. www.sans.org/top20 United States Computer Emergency Readiness Team (US-CERT). www.us-cert.gov Carnegie Mellon Software Engineering Institute’s CERT Coordination Center. http://www.cert.org/certcc.html Center for Internet Security (CIS). www.cisecurity.org The Open Web Application Security Project. www.owasp.org Institute for Security Technology Studies. www.ists.dartmouth.edu OnGuard Online. www.OnGuardOnline.gov

  29. Thank you Yael Weinman Counsel for International Consumer Protection Office of International Affairs U.S. Federal Trade Commission yweinman@ftc.gov

  30. Questions? Thank You Joseph Richardson

More Related