itu national cybersecurity framework – – overvie · 2008. 9. 1. · international...
TRANSCRIPT
InternationalTelecommunicationUnion
Committed to Connecting the World
ITU National Cybersecurity ITU National Cybersecurity Framework Framework –– OverviewOverview
ITU Regional Cybersecurity Forum forEastern and Southern Africa
Lusaka, Zambia25–28 August 2008
Joseph [email protected]
forICT Applications and Cybersecurity Division
Policies and Strategies Department ITU Telecommunication Development Bureau
August 2008
Committed to Connecting the World
2
This Presentation
Introduce the ITU National Cybersecurity FrameworkIdentify Issues for Implementing the Framework NationallyIntroduce the ITU Self-Assessment Toolkit
August 2008
Committed to Connecting the World
3
This Presentation
Based on:Study Group Q 22/1: Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts
August 2008
Committed to Connecting the World
4
Why a Framework?
Why is a National Strategy needed?Cybersecurity/Critical Information Infrastructure Protection (CIIP) is a SHARED responsibilityAll “participants” must be involved
Appropriate to their roles
August 2008
Committed to Connecting the World
5
Participants
“Participants” responsible for cybersecurity:
“Government, business, other organizations, and individual users who develop, own, provide, manage, service and use information systems and networks”
– From “UNGA Resolution 57/239 Creation of a global culture of cybersecurity”
August 2008
Committed to Connecting the World
66
National Strategy
Government Industry
Collaboration
Deterring Cybercrime
Incident Management Capabilities
Culture of Cybersecurity
ITU Framework for National Action
August 2008
Committed to Connecting the World
7
Framework for Action
For each of these five elements, the Framework recommends:
POLICY: to guide national effortsGOALS: to implement the policySPECIFIC STEPS: to achieve goals
August 2008
Committed to Connecting the World
8international telecommunication union
August 2008
Committed to Connecting the World
9
Implementing the Framework Nationally
Actions by GovernmentCollaboration by other participants
August 2008
Committed to Connecting the World
10
Government ActionsProvide leadership, guidance and coordination
Identify lead persons and institutionsDevelop CSIRT with national responsibilityIdentify cooperative arrangements and mechanisms among all participantsIdentify international counterparts and relationshipsIdentify expertsEstablish integrated risk management processAssess and periodically reassess cybersecurityIdentify training requirements
August 2008
Committed to Connecting the World
11
ITU National Cybersecurity/CIIP Self–Assessment Toolkit
Intended to assist national authorities to review their domestic situation related to goals and actions identified in:
Study Group Q 22/1: Report on Best Practices for a National Approach to Cybersecurity: A Management Framework for Organizing National Cybersecurity Efforts
Adapted from work in APEC-TEL
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/readiness.html
August 2008
Committed to Connecting the World
12
ITU Self–Assessment Toolkit
Focus: national management and policy levelIntended to assist national governments:
Understand existing national approachDevelop “baseline” re Best PracticesIdentify areas for attentionPrioritize national efforts
August 2008
Committed to Connecting the World
13
Considerations
No nation starting at ZERONo “right” answer or approachContinual review and revision neededAll “participants” must be involved
appropriate to their roles
August 2008
Committed to Connecting the World
14
The Self-Assessment Toolkit
Examines each element of Framework at management and policy level:
National StrategyGovernment - Industry CollaborationDeterring CybercrimeNational Incident Management CapabilitiesCulture of Cybersecurity
August 2008
Committed to Connecting the World
15
The Self-Assessment Toolkit
Looks at organizational issues for each element of Framework:
The peopleThe institutionsThe relationshipsThe policiesThe proceduresThe budget and resources
August 2008
Committed to Connecting the World
16
The Self-Assessment Toolkit
Identifies issues and poses questions:
What Actions have been taken?What Actions are planned?What Actions are to be considered?What is the Status of these actions?
August 2008
Committed to Connecting the World
17
The Framework and ITU National Self-Assessment Toolkit
Objective: assist nations organize and manage national efforts to
PreventPrepare forProtect againstRespond to, andRecover from cybersecurity incidents.
August 2008
Committed to Connecting the World
18
Next Steps
What are the next stepsfor your nation?for your region?
August 2008
Committed to Connecting the World
19
International Telecommunication
Union
Committed to connecting the world