Securing information and communication networks: best practices for developing a culture of cybersecurity
advertisement
ITU Workshop on “ICT Security Standardization for Developing Countries” (Geneva, Switzerland, 15-16 September 2014) Session 3 – Cybersecurity and data protection Securing information and communication networks: best practices for developing a culture of cybersecurity Eliot Lear Former (acting) ITU-D Q.22/1 Rapporteur Principal Engineer, Cisco Systems, Inc. lear@cisco.com Geneva, Switzerland, 15-16 September 2014 Three Cycles of Work ITU-D Question 22/1 • Studied cybersecurity overall framework • Provided a view toward spam and relevant organizations • Compendium on cybersecurity readiness Geneva, Switzerland, 15-16 September 2014 ITU-D Question 22-1/1 ITU-D Question 3/2 •Adaptation of ISO framework for mmanagement of cybersecurity •Best practices for service providers •Best practices for public private partnerships •A course on how to build a CERT •Compendium of national experiences on cybersecurity •A survey on cybersecurity readiness •Continue compendium on cybersecurity experiences and analyze results •Include compendium on cybersecurity capabilities •Focus down on Spam •Re-issue cybersecurity readiness survey •Consider framework for common criteria •Address Child Online Protection 2 Three Cycles of Work ITU-D Question 22-1/1 ITU-D Question 22/1 •Studied cybersecurity overall framework •Provided a view toward spam and relevant organizations •Compendium on cybersecurity readiness Geneva, Switzerland, 15-16 September 2014 • Adaptation of ISO framework for management of cybersecurity • Best practices for service providers • Best practices for public private partnerships • A course on how to build a CERT • Compendium of national experiences on cybersecurity • A survey on cybersecurity readiness ITU-D Question 3/2 •Continue compendium on cybersecurity experiences and analyze results •Include compendium on cybersecurity capabilities •Focus down on Spam •Re-issue cybersecurity readiness survey •Consider framework for common criteria •Address Child Online Protection 3 Three Cycles of Work ITU-D Question 3/2 ITU-D Question 22/1 ITU-D Question 22-1/1 •Studied cybersecurity overall framework •Provided a view toward spam and relevant organizations •Compendium on cybersecurity readiness •Adaptation of ISO framework for mmanagement of cybersecurity •Best practices for service providers •Best practices for public private partnerships •A course on how to build a CERT •Compendium of national experiences on cybersecurity •A survey on cybersecurity readiness Geneva, Switzerland, 15-16 September 2014 • Continue compendium on cybersecurity experiences and analyze results • Include compendium on cybersecurity capabilities • Focus down on Spam • Re-issue cybersecurity readiness survey • Consider framework for common criteria • Address Child Online Protection • Hold a workshop! 4 Some Worrying Numbers Source: senderbase.org Geneva, Switzerland, 15-16 September 2014 5 Collaboration is Key! The Private Sector Key contributors to the Question on best practices and available services Member States Articulate their experiences and their needs Programme 2 / Objective 3.2 of the BDT Deliver material and services where needed, ITU-T SG-17, IETF, other standards organizations Provide technical expertise Geneva, Switzerland, 15-16 September 2014 • JCA-COP, CWG-COP Collaboration on Child Online Protection • The Internet Society, AT&T, Cisco, others Focus on anti-spam activities • FIRST Focus on capacity building and outreach to CERTs 6 Where you can find our work http://www.itu.int/pub/publications.a spx?lang=en&parent=D-STGSG01.22.1-2014 This includes the compendium of national experiences, and CERT coursework, as well as cybersecurity readiness survey results and more! Geneva, Switzerland, 15-16 September 2014 7 Just a few thoughts Let’s use the material: course-work Deal with a volatile environment No single organization can provide for all that is needed. Geneva, Switzerland, 15-16 September 2014 8
