Café pédagogique · Author: ciip Created Date: 11/15/2011 10:10:14 PM
Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security
-
Upload
carla-faulkner -
Category
Documents
-
view
61 -
download
0
description
Transcript of Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security
![Page 1: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/1.jpg)
Self-Assessment and Formulation of a National Cyber security/ciip
Strategy:
culture of security
![Page 2: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/2.jpg)
The Self-Assessmentpurpose
Snapshot of where the nation is• Educate participants
Identify strengths and weaknesses
Identify gaps
Allocate responsibilities
Establish priorities
Provide input to a national cyber security strategy
10/19/1010/19/10
![Page 3: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/3.jpg)
The self-assessmentaudience
All participants – the ultimate target
• But to ensure national action, the self-assessment must be addressed to key decision makers in Government (executive and legislative) Business and industry Other organizations and institutions Individuals and the general public
10/19/1010/19/10
![Page 4: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/4.jpg)
key elements
10/18/1010/18/1044
Legal Framework
Culture ofCybersecurity
IncidentManagement
Collaborationand Information
Exchange
Key Elements of a National Cybersecurity Strategy
![Page 5: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/5.jpg)
The Self-Assessmentkey elements
D. Culture of Security:
Develop security awareness programs for and outreach to all participants, for example, children, small business, etc.
Enhance science and technology (S&T) and research and development (R&D)
Other initiatives
10/19/1010/19/10
![Page 6: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/6.jpg)
Yael WeinmanCounsel for International Consumer Protection
Office of International AffairsU.S. Federal Trade Commission
September 2010
A Cultural Shift:Cybersecurity Gets Personal
![Page 7: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/7.jpg)
Federal Trade Commission
General jurisdiction consumer protection agency
Enforcement through federal district court and administrative litigation
Small agency
www.ftc.gov
![Page 8: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/8.jpg)
Federal Trade Commission
Three-prong approach: Individual Culture Organizational Culture FTC Enforcement
Components of Cybersecurity Privacy and Data Security Spam Spyware Identity Theft
How the FTC Can Help Consumer and Business Education Research and Consultation International cooperation
![Page 9: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/9.jpg)
Personal Culture
Privacy and Data Security
• It is every individual’s responsibility
• You don’t need computer
expertise or to be a member of IT to ensure data privacy and security
![Page 10: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/10.jpg)
Organizational Culture
Privacy and Data Security
• Build in privacy and data security from the ground up
• Privacy Impact Assessments
• Routine use of data security hardware and software
![Page 11: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/11.jpg)
Enforcement
Privacy and Data Security
![Page 12: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/12.jpg)
Personal Culture
Spam and Phishing
Don’t open unknown emails
Never open attachments
unless you know the sender
Type URLs into the address
bar rather than clicking
Don’t respond with account or personal
information
![Page 13: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/13.jpg)
Organizational Culture
Spam and Phishing
Let customers know how you
will use their personal
information—and stick to it
Know the rules on sending
unsolicited commercial email
(UCE)
Know how to communicate with your
customers
![Page 14: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/14.jpg)
Enforcement
Spam and Phishing
$2.5 Million court-ordered fine for
weight loss spam
$413,000 fine under a settlement
with an X rated website
![Page 15: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/15.jpg)
Personal Culture
Spyware
Don’t install software from an
unknown source on your computer
Be aware that games and other
freeware can contain spyware
Maintain virus protection software
![Page 16: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/16.jpg)
Organizational Culture
Spyware
A consumer’s computer belongs to him or her, not software distributors
Full disclosures must be clear andconspicuous
A consumer must be able to uninstallor disable downloaded software
![Page 17: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/17.jpg)
Enforcement
Spyware
Zango: $3 million disgorgement
Seismic Entertainment
ERG Ventures
![Page 18: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/18.jpg)
Identity Theft
![Page 19: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/19.jpg)
![Page 20: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/20.jpg)
Identity Theft Task Force
![Page 21: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/21.jpg)
Strategy – 4 key areas
keeping sensitive consumer data out of the hands of identity thieves through better data security and more accessible education;
making it more difficult for identity thieves who obtain consumer data to use it to steal identities;
assisting the victims of identity theft in recovering from the crime; and
deterring identity theft by more aggressive prosecution and punishment of those who commit the crime
![Page 22: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/22.jpg)
Consumer and Business Education
Guidance to Business
Consumer Education
Communicating effectively
![Page 23: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/23.jpg)
OnGuardOnline
![Page 24: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/24.jpg)
En Español
![Page 25: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/25.jpg)
Spam
![Page 26: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/26.jpg)
Spyware
![Page 27: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/27.jpg)
Identity Theft
![Page 28: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/28.jpg)
1. Take stock.
2. Scale down.
3. Lock it.
4. Pitch it.
5. Plan ahead.
"Protecting PERSONAL INFORMATION: A Guide for Business"
Five Key Principles
![Page 29: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/29.jpg)
Additional Resources
National Institute of Standards and Technology (NIST) Computer Security Resource Center. www.csrc.nist.gov
NIST’s Risk Management Guide for Information Technology Systems. www.csrc.nist.gov/publications/nistpubs/800-30/sp800-30.pdf
Department of Homeland Security’s National Strategy to Secure Cyberspace. www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf
SANS (SysAdmin, Audit, Network, Security) Institute’s Twenty Most Critical Internet Security Vulnerabilities. www.sans.org/top20
United States Computer Emergency Readiness Team (US-CERT). www.us-cert.govCarnegie Mellon Software Engineering Institute’s CERT Coordination Center.
http://www.cert.org/certcc.htmlCenter for Internet Security (CIS). www.cisecurity.orgThe Open Web Application Security Project. www.owasp.orgInstitute for Security Technology Studies. www.ists.dartmouth.eduOnGuard Online. www.OnGuardOnline.gov
![Page 30: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/30.jpg)
Thank youThank you
Yael WeinmanCounsel for International Consumer Protection
Office of International AffairsU.S. Federal Trade Commission
[email protected]@ftc.gov
![Page 31: Self-Assessment and Formulation of a National Cyber security/ciip Strategy: culture of security](https://reader036.fdocuments.in/reader036/viewer/2022081512/56812f52550346895d94e186/html5/thumbnails/31.jpg)
Questions?
Thank YouThank You
Joseph Richardson
10/19/1010/19/10