An Approach to defining the Scope and the Method for Cyber Security Strategy Development · 2016....

23
An Approach to defining the Scope and the Method for Cyber Security Strategy Development Aleksandar Klaic, Ph.D. Office of the National Security Council, Croatia

Transcript of An Approach to defining the Scope and the Method for Cyber Security Strategy Development · 2016....

  • An Approach to defining

    the Scope and the Method

    for Cyber Security Strategy

    Development

    Aleksandar Klaic, Ph.D.

    Office of the National Security Council,

    Croatia

  • Subjects

    1. Cyber Space and the Scope of

    Strategy

    2. A Method for Cyber Security Strategy

    Development

    3. Cyber Security in Croatia, National

    Strategy Drafting Process

  • Cyber Space - Importance

    • Internet vs Cyber Space

    – Dial-up, Broadband, Cloud SaaS, PaaS, IaaS …

    – PSTN, ATM, IP, VoIP, IP TV, Triple Play, …

    • Societal necessity

    – Citizens

    – Business

    – Government

    • New dimension of our living

  • Virtual Dimension of the Society • Vision / Final Goal

    • . . . to derive huge economic and social value

    from a vibrant, resilient and secure cyberspace,

    where our actions, guided by our core values of

    liberty, fairness, transparency and the rule of

    law, enhance prosperity, national security and a

    strong society.

    • Implementation of the laws and regulations

    within the new virtual dimension of the society –

    cyber space.

    • . . .

  • How to achieve this goal?

    • Identification of Societal

    Sectors/Subsectors

    • Assessment of Sectoral specifics

    • Implementation of Organisational

    prerequisites

    • Assessment of Threat Environment

    • Coordination and Management Process

  • Identification of Societal Sectors • Government, Business, Citizens

    – Academic Sector

    – Functional areas (Cyber -Crime, -Terrorism, -Defence …)

    • Communication and Inf. Infrastructure

    – Public telecommunications, Gov. infrastructure

    – Critical (Information) Infrastructure (CI, CII)

    – Sensitive Categories of Information, Critical National

    Electronic Registers, …

    • e- Services

    – e-Government, e-Banking, e-Commerce, …

  • Assessment of Sectoral Specifics

    • Sectoral laws & regulations

    – Responsible institutions

    – Sensitive information & information sharing

    • International requirements

    – Implemented Initiatives

    • Intersectoral and national initiatives

    – Coordination, Inf. Sharing, Education, …

  • Organisational Prerequisites

    • National Regulatory Authorities (Telecom,

    Banking, Data Protection, …) - sectoral

    • National CERT/CSIRT – public/national

    • NSA, e-Gov, CA… - government/public

    • Responsible bodies within CI/CII Sectors

    • (Cyber) Crisis Management - government

    • Functional areas – responsible bodies

    – Cyber: Crime, Terrorism, Defence policy …

  • Threat Environment

    • Shared:

    – Cyber Space Environment

    • Cyber Threats

    • Specifics of national infrastructure,

    organization, geopolitical situation, …

    • Different Exposure to Risk

    – Targeted threats

    – National specifics (infrastructure, regional

    specifics, economy, …)

  • Comprehensive Coordination

    and Management Process

    • Decision Making level

    – Strategic decisions

    – Crisis Management decisions

    • Policy Planning level

    – Harmonisation of sectoral policies

    • Necessity of having adequate policies in functional areas

    • Operational and technical level

    – Security incidents treatment, information sharing

  • Cyber Security Strategy

    • The way how to:

    – Identify societal sectors and subsectors

    – Assess sectoral specifics

    – Planning of organisational prerequisites

    – Recognize the threat environment

    – Establish comprehensive coordination process

    • Scope, Content, Requirements, Organization

  • A Method for Cyber Security

    Strategy Development

    • Huge scope

    • Complex, heterogeneous and mutually

    interrelated content

    • Requirements drawn from government and

    business side of certain sector/subsector

    • Coordination and Management rely on

    organizations from different sectors

  • Laws & Regulations in Cyber Space

  • The Basic Strategy Elements

    • Goals:

    – Comprehensive approach, education,

    awareness, …

    • Societal Sectors:

    – Government, Academic, Business, Citizens

    • Main principles:

    – Proactiveness, subsidiarity, proportionality,

    integration, …

  • Cyber Security Areas/Interrelations • Cyber Security Areas (the main recognized)

    – Identifying objectives in order to reach the goals of the

    Strategy

    – Refer to all of the societal sectors defined, stick to the

    main principles

    • Interrelations among Cyber Security Areas

    (functional requirements)

    – Identifying objectives in order to reach the needs of

    related Cyber Security Areas

    – Refer to all of the societal sectors defined, stick to the

    main principles

  • Correlation Between the

    Strategy and the Action plan

    • Cyber Security Strategy

    – Cyber Security Areas/Interrelations

    • identified objectives (description)

    • Action Plan

    – Elaboration of measures for:

    • Each cyber security area/interrelation:

    – Each identified objective (elaboration)

    » Set of measures (one or more)

  • Illustration of the proposed Method

  • Cyber Security in Croatia

    • National Information Security Programme,

    March 2005

    – http://www.cert.hr/sites/default/files/CCERT-

    PUBDOC-2005-04-110.pdf (in Croatian)

    • Public Telecommunication Threats

    Assessment (2010)

    • Guideline on the Protection of Security

    and Integrity of Networks and Services

    – www.nn.hr (NN 109/2012, in Croatian)

    http://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.cert.hr/sites/default/files/CCERT-PUBDOC-2005-04-110.pdfhttp://www.nn.hr/

  • National Inf. Sec. Programme (2005)

  • National Cyber Security Strategy

    Drafting Process in Croatia

    • Government Decision, April 2014

    • UVN is coordinating and responsible body

    • Interdepartmental Committee

    – 20+ institutions with their representatives

    – 9 specialized Working Groups (30+ institutions)

    • Strategy + Action Plan

    • Public discussion planned for April 2015

  • National Cyber Security Strategy Drafting

    Process in Croatia

  • Action Plan – Identified Measures • Strategy = Vision

    • Vision = 8 General Goals on Strategy Level

    • 5 Areas + 4 Interrelations = 35 Objectives

    • 35 Objectives = 78 Measures

    Chapters

    A B C D E F G H I

    Areas 9 CSA1 CSA2 CSA3 CSA4 CSA5 IoA1 IoA2 IoA3 IoA4

    Objectives 35 3 3 2 5 5 5 3 6 3

    Measures 78 3 8 4 13 5 6 5 6 28

  • Thank You !

    dr. sc. Aleksandar Klaić, dipl.ing.el. Assistant Director for Information Security

    [email protected]

    [email protected]

    Office of the National Security Council

    Croatian NSA/DSA

    tel. +385.1.4681 222

    fax. +385.1.4686 049

    www.uvns.hr

    mailto:[email protected]:[email protected]://www.uvns.hr/

Guide to credentialing and defining scope of clinical practice for ...

Guide to credentialing and defining scope of clinical practice for ...

Defining the Project - Novellanovella.mhhe.com/sites/dl/free/0028096596/1015445/Lar96596_ch04... · 102 Chapter 4 Defining the Project Step 1: Defining the Project Scope Defining

Defining the Project - Novellanovella.mhhe.com/sites/dl/free/0028096596/1015445/Lar96596_ch04... · 102 Chapter 4 Defining the Project Step 1: Defining the Project Scope Defining

Defining the Future of Cyber Security · 2016-08-25 · Defining the Future of Cyber Security Erick Foy Director, Channel Sales NAM + + 2 ... web attacks blocked last year Discovered

Defining the Future of Cyber Security · 2016-08-25 · Defining the Future of Cyber Security Erick Foy Director, Channel Sales NAM + + 2 ... web attacks blocked last year Discovered

Defining Fashion: Interpreting the Scope of the Design ...

Defining Fashion: Interpreting the Scope of the Design ...

Developing a Project at Ohmsett : Defining the Scope of ... a Project at...Developing a Project at Ohmsett : Defining the Scope of Work and Budget Developing test or training ing program

Developing a Project at Ohmsett : Defining the Scope of ... a Project at...Developing a Project at Ohmsett : Defining the Scope of Work and Budget Developing test or training ing program

RECENT PREGNANCY DISCRIMINATION LITIGATION: DEFINING … · recent pregnancy discrimination litigation: defining the jurisdictional scope of the pregnancy discrimination act ... wetzel

RECENT PREGNANCY DISCRIMINATION LITIGATION: DEFINING … · recent pregnancy discrimination litigation: defining the jurisdictional scope of the pregnancy discrimination act ... wetzel

Defining Scope of Practice.

Defining Scope of Practice.

Defining the Project - psau.edu.sa...Step 1: Defining the Project Scope •Purpose of the Scope Statement ... same time, managing these expectations. •Interviewing stakeholders one-on-one

Defining the Project - psau.edu.sa...Step 1: Defining the Project Scope •Purpose of the Scope Statement ... same time, managing these expectations. •Interviewing stakeholders one-on-one

Defining process scope

Defining process scope

Defining the Scope of Practice for Nurse Practitioners in MIAM

Defining the Scope of Practice for Nurse Practitioners in MIAM

THE CRISIS IN PATENT COVERAGE: DEFINING SCOPE OF AN ...DEFINING SCOPE OF AN INVENTION BY FUNCTION Paul M. Janicke* INTRODUCTION One of the most important issues in the current debate

THE CRISIS IN PATENT COVERAGE: DEFINING SCOPE OF AN ...DEFINING SCOPE OF AN INVENTION BY FUNCTION Paul M. Janicke* INTRODUCTION One of the most important issues in the current debate

MGMT 4135 Project Management Chapter-4 Defining the …facultyweb.kennesaw.edu/.../MGMT_4135_Chapter4.pdf · Chapter-4 Defining the Project Step-1 Defining the Project Scope • Project

MGMT 4135 Project Management Chapter-4 Defining the …facultyweb.kennesaw.edu/.../MGMT_4135_Chapter4.pdf · Chapter-4 Defining the Project Step-1 Defining the Project Scope • Project

Defining Scope of Practice for Nurse Practitioners: A Regulatory

Defining Scope of Practice for Nurse Practitioners: A Regulatory

DefiNiNg autoNomy, military aND Cyber-relateD impliCatioNS€¦ · DefiNiNg autoNomy, military aND Cyber-relateD impliCatioNS part 1. 2 ... buyer of industrial robots, overtaking

DefiNiNg autoNomy, military aND Cyber-relateD impliCatioNS€¦ · DefiNiNg autoNomy, military aND Cyber-relateD impliCatioNS part 1. 2 ... buyer of industrial robots, overtaking

Defining Scope, Quality, Responsibility, and Activity Sequence 4.

Defining Scope, Quality, Responsibility, and Activity Sequence 4.

The Project One-Pager: A Simple Tool for Collaboratively Defining Project Scope

The Project One-Pager: A Simple Tool for Collaboratively Defining Project Scope

The exam will test the following skills: defining the scope of

The exam will test the following skills: defining the scope of

Defining Agency and Its Scope

Defining Agency and Its Scope

Section 17(a) of the '33 Act: Defining the Scope of ...

Section 17(a) of the '33 Act: Defining the Scope of ...

What is an issue? Differentiating Categorizing Defining Scope CGW4U Percy.

What is an issue? Differentiating Categorizing Defining Scope CGW4U Percy.