CYBERWELLNESS PROFILE URUGUAY
advertisement
CYBERWELLNESS PROFILE URUGUAY BACKGROUND Total Population: 3 391 000 Internet users, percentage of population: 58.10% (data source: United Nations Statistics Division, December 2012) (data source: ITU Statistics, 2013) 1. CYBERSECURITY 1.1 LEGAL MEASURES 1.1.1 CRIMINAL LEGISLATION Specific legislation on cybercrime has been enacted through the following instruments: -Forgery of electronic documents. Article 4 of Act. 18. 600 (2009) -Attack on the regularity of telecommunications. Act. 18.383 (2008) -Intellectual Property Offenses and related rights. Act 17.616 (2003) -Fraud. Article 160 and 347 of the Criminal Code -Child Pornography. Act 17.815 (2004) 1.1.2 REGULATION AND COMPLIANCE Specific legislation and regulation related to cybersecurity has been enacted through the following instruments: -Regulatory Framework on Cybersecurity. Decree 92/014 -Policy on Information Security in Public Sector. Decree 452/09 --Information Security Direction. Article 148 of Act 18.719 (2010) -National Computer Incident Response Centre CERTuy. Article 73 of Act 18.362 (2008) -National Computer Incident Response Centre CERTuy. Decree 451/009 - Personal data protection and habeas data action Act 18.331 (2008); regulatory Decree 414/009 -Authority: Unit for the Regulation and Control of Personal Data, www.datospersonales.gub.uy - EU Commission decision on the adequate protection ofpersonal data by Uruguay (2012) 1.2 TECHNICAL MEASURES 1.2.1 CIRT Uruguay has an officially recognized national CIRT (CERTuy). 1.2.2 STANDARDS Uruguay has an officially recognized national (and sector specific) cybersecurity framework for implementing internationally recognized cybersecurity standards through Regulatory Framework on Cybersecurity. Decree 92/014. 1.2.3 CERTIFICATION Uruguay does not have any officially approved national (and sector specific) cybersecurity frameworks for the certification and accreditation of national agencies and public sector professionals. 1 1.3 ORGANIZATION MEASURES 1.3.1 POLICY Uruguay has an officially recognized national cybersecurity strategy through the Regulatory Framework on Cybersecurity. Decree 92/014 and the Policy on Information Security in Public Sector. Decree 452/09 . 1.3.2 ROADMAP FOR GOVERNANCE The Regulatory Framework on Cybersecurity. Decree 92/014 and the Policy on Information Security in Public Sector. Decree 452/09 provide a national governance roadmap for cybersecurity in Uruguay. 1.3.3 RESPONSIBLE AGENCY The Agency for e-Government and Information Society is the officially recognized agency responsible for implementing a national cybersecurity strategy, policy and roadmap and can be contacted at direccion@agesic.gub.uy. 1.3.4 NATIONAL BENCHMARKING Uruguay does not have any officially recognized national or sector-specific benchmarking exercises or referential used to measure cybersecurity development. 1.4 CAPACITY BUILDING 1.4.1 STANDARDISATION DEVELOPMENT Uruguay published public guides with recommendations and best practices on CERT's website. In addition, Uruguay also trained public servants about major security issues 1.4.2 MANPOWER DEVELOPMENT Uruguay’s national awareness campaign "safe-connected" includes recommendations related to cybersecurity issues and internet use in general. In addition, there are conferences on various topics such as secure web applications, management systems information security, security policies, electronic signatures and key challenges. Specialists are also trained, with the support of international partners such as the InterAmerican Committee against Terrorism (CICTE/OAS), ITU IMPACT-Alliance, ICANN and the U.S. Secret Service 1.4.3 PROFESSIONAL CERTIFICATION Uruguay does not have the exact number of public sector professionals certified under internationally recognized certification programs in cybersecurity. 1.4.4 AGENCY CERTIFICATION Uruguay does not currently have any certified government and public sector agencies certified under internationally recognized standards in cybersecurity but it is part of its regulation’s strategies. 1.5 COOPERATION 1.5.1 INTRA-STATE COOPERATION To facilitate sharing of cybersecurity assets across borders or with other nation states, Uruguay has officially recognized partnerships with the following organizations: -ITU Impact -First -OAS/CICTE -eLAC -LACNIC Uruguay has an active involvement in the Ibero-American Network of Data Protection and in the International Conference of Data Protection and Privacy Commissioners, hosted in Uruguay in 2012. 2 1.5.2 INTRA-AGENCY COOPERATION Uruguay does not have any officially recognized national or sector-specific programs for sharing cybersecurity assets within the public sector 1.5.3 PUBLIC SECTOR PARTNERSHIP Uruguay does not have any officially recognized national or sector-specific programs for sharing cybersecurity assets within the public and private sector. 1.5.4 INTERNATIONAL COOPERATION Uruguay participated in cybersecurity activities by FIRST, OAS/CICTE, eLAC and LACNIC. CERTuy is a member of FIRST. Uruguay hosted and participated in the ITU-IMPACT Applied Learning for Emergency Response Teams (ALERT 2013) in Montevideo, Uruguay. 2. CHILD ONLINE PROTECTION 2.1 NATIONAL LEGISLATION Specific legislation on child online protection has been enacted through the following instruments: -Article 274* from the Criminal Code, modified by the Law n. 16.707* from July 1995; -Law n. 17.815*, "Commercial or noncommercial sexual violence committed against children, teenagers or mental unable", August 2004. 2.2 UN CONVENTION AND PROTOCOL Uruguay has acceded, with no declarations or reservations to articles 16, 17(e) and 34(c), to the Convention on the Rights of the Child. Uruguay has acceded, with no declarations or reservations to articles 2 and 3, to the Optional Protocol to The Convention on the Rights of the Child on the Sale of Children, Child Prostitution and Child Pornography. 2.3 INSTITUTIONAL SUPPORT The Instituto del Niño y Adolescente del Uruguay is responsible for institutional support in child issues. The Dirección Nacional InFamilia is responsible for enforcing the National Strategy for Childhood and Adolescence. 2.4 REPORTING MECHANISM The CERTuy provides an online form to report incident on its website. The child helpline Linea Azul Servicio Telefónico can be contacted at the number: 800 50 50. ----------------------------------------------------------------------------------------------------------------------------------------------------------DISCLAIMER: Please refer to http://www.itu.int/en/Pages/copyright.aspx More information is available on ITU website at http://www.itu.int/en/ITU-D/Cybersecurity/Pages/default.aspx Last updated on 12th August 2014 3
