ITU National Cybersecurity Framework 16 July 2008
advertisement
Committed to Connecting the World ITU National Cybersecurity Framework 16 July 2008 Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Bureau International Telecommunication Union Committed to Connecting the World This Presentation Introduce the ITU Cybersecurity Framework Identify Issues for Implementing the Framework Nationally Introduce the ITU Self-Assessment Toolkit July 2008 2 Committed to Connecting the World Why a Framework? Why is a National Strategy needed? Cybersecurity/Critical Information Infrastructure Protection (CIIP) is a SHARED responsibility All “participants” must be involved ¾Appropriate to their roles July 2008 3 Committed to Connecting the World Participants “Participants” responsible for cybersecurity: ¾“Government, business, other organizations, and individual users who develop, own, provide, manage, service and use information systems and networks” – From “UNGA Resolution 57/239 Creation of a global culture of cybersecurity” July 2008 4 ITU Cybersecurity Framework for National Action Committed to Connecting the World National Strategy Culture of Cybersecurity Incident Management Capabilities July 2008 Government Industry Collaboration Deterring Cybercrime 55 Committed to Connecting the World Framework for Action For each of these five elements, the Framework recommends: ¾POLICY: to guide national efforts ¾GOALS: to implement the policy ¾SPECIFIC STEPS: to achieve goals July 2008 6 Committed to Connecting the World July 2008 international telecommunication union 7 Committed to Connecting the World Implementing the Framework Nationally Actions by Government Collaboration by other participants July 2008 8 Committed to Connecting the World Government Actions Provide leadership, guidance and coordination ¾ Identify lead persons and institutions ¾ Develop CSIRT with national responsibility ¾ Identify cooperative arrangements and mechanisms among all participants ¾ Identify international counterparts and relationships ¾ Identify experts ¾ Establish integrated risk management process ¾ Assess and periodically reassess cybersecurity ¾ Identify training requirements July 2008 9 Committed to Connecting the World ITU National Cybersecurity/CIIP Self–Assessment Toolkit Intended to assist national authorities to review their domestic situation related to goals and actions identified in: ¾ UN Resolutions 55/63 (2000) and 56/121 (2001): Combating the Criminal Misuse of Information Technologies ¾ Council of Europe’s Convention on Cybercrime (2001) Adapted from work in APEC-TEL July 2008 http://www.itu.int/ITU-D/cyb/cybersecurity/projects/readiness.html 10 Committed to Connecting the World ITU Self–Assessment Toolkit Based on Best Practices document Focus: national management and policy level Intended to assist national governments: ¾ Understand existing national approach ¾ Develop “baseline” re Best Practices ¾ Identify areas for attention ¾ Prioritize national efforts July 2008 11 Committed to Connecting the World Considerations No nation starting at ZERO No “right” answer or approach Continual review and revision needed All “participants” must be involved ¾appropriate to their roles July 2008 12 Committed to Connecting the World The Self-Assessment Toolkit Examines each element of Framework at management and policy level: ¾National Strategy ¾Government - Industry Collaboration ¾Deterring Cybercrime ¾National Incident Management Capabilities ¾Culture of Cybersecurity July 2008 13 Committed to Connecting the World The Self-Assessment Toolkit Looks at organizational issues for each element of Framework: ¾The ¾The ¾The ¾The ¾The ¾The July 2008 people institutions relationships policies procedures budget and resources 14 Committed to Connecting the World The Self-Assessment Toolkit Identifies issues and poses questions: ¾What ¾What ¾What ¾What July 2008 Actions have been taken? Actions are planned? Actions are to be considered? is the Status of these actions? 15 Committed to Connecting the World The Framework and Self-Assessment Toolkit Objective: assist nations organize and manage national efforts to ¾Prevent ¾Prepare for ¾Protect against ¾Respond to, and ¾Recover from cybersecurity incidents. July 2008 16 Committed to Connecting the World Next Steps What are the next steps ¾for your nation? ¾for your region? July 2008 17 Committed to Connecting the World International Telecommunication Union Committed to connecting the world July 2008 18
