Post on 28-Jan-2018
15 September 2016
High Level Qualitative Approach
experience from other countries.
. Stakeholder Interests in Cyber Security, Regulation, Cyber Security
Laws
Criticism and Tension created by introducing Cyber Security
Regulation, Cyber Security Laws
creating new offenses and penalties
the need to protect citizens, property and infrastructure vs the need to respect legal, civil and property rights
distinguishing the different motives of politicians and objective curbing of cyber attacks
the approach on cybersecurityis something separate and different from conventional law and order
the vague goals and terms that give too muchdiscretion to prosecutors.
6. Open-ended information gathering and processing
7. One-size-fits-all approach
a threat to internet freedom
over-reach of state security services, widespread state andcorporate surveillance and new censorship mechanisms meant to regulate online content underthe guise of security.
Source: right2know SA.
Constraints of Cyber Security Regulation & Laws
1. Social Norms
2. Architecture
3. The Law
4. The Market
only 2% is successfully prosecuted
cross border enforcements
3. Different moral values and laws and varied enforcement responses
ineffecient’ in responding timely and creating quick evidence
technically complex and circumvented
scope and pervasiveness of digital technologies
3. Affordability and Access to technology is
adapting counter measures to preventive and detective software
that Technology is the predominant regulating institution
, people don’t want cheap things, they want it for free. (music and piracy case – music is now very cheap but billions commit piracy every year)
governs socially salient behaviours
2. Freedom of speech philosophy
a very powerful force in regulating cyber space
Strategies that can help create the necessary Buy-In
National Cyber Security Center and strategy for affiliation by corporates and experts.
Single Point of Contact for Incidents
Incident Response Teams (CIRT)
Emergency Response Teams (CERT)
Escalation policy from a mere incident status to a critical crime, or emergency level
a shared situational awareness
ability to respond quickly to prevent intrusions
counter-intelligence capabilities
security of the supply chain
cyber education
redirect research and development
deterrence strategies
“
”
Regulation is a Necessity …