18
International Telecommunication Union Committed to Connecting the World ITU National Cybersecurity ITU National Cybersecurity Framework Framework 16 July 2008 Joseph Richardson [email protected] for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication Development Bureau

ITU National Cybersecurity Framework · Joseph Richardson [email protected] for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

  • Upload
    others

  • View
    2

  • Download
    0

Embed Size (px)

Citation preview

Page 1: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

InternationalTelecommunicationUnion

Committed to Connecting the World

ITU National Cybersecurity ITU National Cybersecurity FrameworkFramework

16 July 2008

Joseph [email protected]

forICT Applications and Cybersecurity Division

Policies and Strategies Department ITU Telecommunication Development Bureau

Page 2: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

2

This Presentation

Introduce the ITU Cybersecurity FrameworkIdentify Issues for Implementing the Framework NationallyIntroduce the ITU Self-Assessment Toolkit

Page 3: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

3

Why a Framework?

Why is a National Strategy needed?Cybersecurity/Critical Information Infrastructure Protection (CIIP) is a SHARED responsibilityAll “participants” must be involved

Appropriate to their roles

Page 4: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

4

Participants

“Participants” responsible for cybersecurity:

“Government, business, other organizations, and individual users who develop, own, provide, manage, service and use information systems and networks”

– From “UNGA Resolution 57/239 Creation of a global culture of cybersecurity”

Page 5: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

55

NationalStrategy

GovernmentIndustry

Collaboration

DeterringCybercrime

IncidentManagementCapabilities

Culture ofCybersecurity

ITU Cybersecurity Framework for National Action

Page 6: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

6

Framework for Action

For each of these five elements, the Framework recommends:

POLICY: to guide national effortsGOALS: to implement the policySPECIFIC STEPS: to achieve goals

Page 7: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

7international telecommunication union

Page 8: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

8

Implementing the Framework Nationally

Actions by GovernmentCollaboration by other participants

Page 9: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

9

Government ActionsProvide leadership, guidance and coordination

Identify lead persons and institutionsDevelop CSIRT with national responsibilityIdentify cooperative arrangements and mechanisms among all participantsIdentify international counterparts and relationshipsIdentify expertsEstablish integrated risk management processAssess and periodically reassess cybersecurityIdentify training requirements

Page 10: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

10

ITU National Cybersecurity/CIIP Self–Assessment Toolkit

Intended to assist national authorities to review their domestic situation related to goals and actions identified in:

UN Resolutions 55/63 (2000) and 56/121 (2001): Combating the Criminal Misuse of Information Technologies Council of Europe’s Convention on Cybercrime (2001)

Adapted from work in APEC-TEL

http://www.itu.int/ITU-D/cyb/cybersecurity/projects/readiness.html

Page 11: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

11

ITU Self–Assessment Toolkit

Based on Best Practices documentFocus: national management and policy levelIntended to assist national governments:

Understand existing national approachDevelop “baseline” re Best PracticesIdentify areas for attentionPrioritize national efforts

Page 12: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

12

Considerations

No nation starting at ZERONo “right” answer or approachContinual review and revision neededAll “participants” must be involved

appropriate to their roles

Page 13: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

13

The Self-Assessment Toolkit

Examines each element of Framework at management and policy level:

National StrategyGovernment - Industry CollaborationDeterring CybercrimeNational Incident Management CapabilitiesCulture of Cybersecurity

Page 14: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

14

The Self-Assessment Toolkit

Looks at organizational issues for each element of Framework:

The peopleThe institutionsThe relationshipsThe policiesThe proceduresThe budget and resources

Page 15: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

15

The Self-Assessment Toolkit

Identifies issues and poses questions:

What Actions have been taken?What Actions are planned?What Actions are to be considered?What is the Status of these actions?

Page 16: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

16

The Framework and Self-Assessment Toolkit

Objective: assist nations organize and manage national efforts to

PreventPrepare forProtect againstRespond to, andRecover from cybersecurity incidents.

Page 17: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

17

Next Steps

What are the next stepsfor your nation?for your region?

Page 18: ITU National Cybersecurity Framework · Joseph Richardson Joseph.Richardson@ties.itu.int for ICT Applications and Cybersecurity Division Policies and Strategies Department ITU Telecommunication

July 2008

Committed to Connecting the World

18

International Telecommunication

Union

Committed to connecting the world


Regional Cybersecurity Week 2019 - RCS Summit...The Regional Cybersecurity Week 2019 The Regional Cybersecurity Week is organized by ITU Arab Regional Cybersecurity Centre (ARCC) in

Regional Cybersecurity Week 2019 - RCS Summit...The Regional Cybersecurity Week 2019 The Regional Cybersecurity Week is organized by ITU Arab Regional Cybersecurity Centre (ARCC) in

Documents
ITU Global Cybersecurity Agenda (GCA) › osg › spuold › cybersecurity › gca › docs › ... · ITU Global Cybersecurity Agenda (GCA): Framework for International Cooperation

ITU Global Cybersecurity Agenda (GCA) › osg › spuold › cybersecurity › gca › docs › ... · ITU Global Cybersecurity Agenda (GCA): Framework for International Cooperation

Documents
Impelmentation Strategy for Cybersecurity€¦ · Impelmentation Strategy for Cybersecurity Workshop ITU 2016 ... to the cyberspace domain. – Post graduate Diploma in Cybersecurity

Impelmentation Strategy for Cybersecurity€¦ · Impelmentation Strategy for Cybersecurity Workshop ITU 2016 ... to the cyberspace domain. – Post graduate Diploma in Cybersecurity

Documents
Geneva, Switzerland, 26-27 April 2012 ITU-T Work on Standardizing e-Health Masahito Kawamori Rapporteur, ITU-T Q28/16 NTT masahito.kawamori@ties.itu.int

Geneva, Switzerland, 26-27 April 2012 ITU-T Work on Standardizing e-Health Masahito Kawamori Rapporteur, ITU-T Q28/16 NTT [email protected]

Documents
ITU Mandate and Activities Related to Cybersecurity - … Mandate and Activities Related to Cybersecurity ... int/ITU-T/edh/files/security-manual.pdf ... activities related to cyber

ITU Mandate and Activities Related to Cybersecurity - … Mandate and Activities Related to Cybersecurity ... int/ITU-T/edh/files/security-manual.pdf ... activities related to cyber

Documents
The ITU-T: Cybersecurity and Standards€¦ ·  · 2007-10-13The ITU-T: Cybersecurity and Standards ... actions, training, best practices, ... Msoft Cardspace Oracle IGF ITU/IETF

The ITU-T: Cybersecurity and Standards€¦ ·  · 2007-10-13The ITU-T: Cybersecurity and Standards ... actions, training, best practices, ... Msoft Cardspace Oracle IGF ITU/IETF

Documents
Www.itu150.org Cybersecurity @ ITU Carla Licciardello Policy Analyst Carla.licciardello@itu.int

Www.itu150.org Cybersecurity @ ITU Carla Licciardello Policy Analyst [email protected]

Documents
ITU National Cybersecurity Framework – – Overvie · 2008. 9. 1. · International Telecommunication Union Committed to Connecting the World ITU National Cybersecurity Framework

ITU National Cybersecurity Framework – – Overvie · 2008. 9. 1. · International Telecommunication Union Committed to Connecting the World ITU National Cybersecurity Framework

Documents
Overview of ITU-D Activities Related to Cybersecurity and ... · International Telecommunication Union Overview of ITU-D Activities Related to Cybersecurity and Critical Information

Overview of ITU-D Activities Related to Cybersecurity and ... · International Telecommunication Union Overview of ITU-D Activities Related to Cybersecurity and Critical Information

Documents
CYBERSECURITY STRATEGY › en › ITU-D › Cybersecurity › Documents › ...implement the Cybersecurity Strategy to reach these goals. Needless to say, Japan’s economic growth,

CYBERSECURITY STRATEGY › en › ITU-D › Cybersecurity › Documents › ...implement the Cybersecurity Strategy to reach these goals. Needless to say, Japan’s economic growth,

Documents
ITU-T CYBEX standards for cybersecurity information ... CYBEX standards for cybersecurity information dissemination and ... 93.8 CWE-89 Improper Neutralization of Special Elements

ITU-T CYBEX standards for cybersecurity information ... CYBEX standards for cybersecurity information dissemination and ... 93.8 CWE-89 Improper Neutralization of Special Elements

Documents
Cybersecurity: a challenge for the ITU · 2008. 9. 17. · ITU Bridging Standardization Gap Forum – Hanoi - 15-17 September ,2008 Draft new ITU-T Rec.X1205 Overview of Cybersecurity

Cybersecurity: a challenge for the ITU · 2008. 9. 17. · ITU Bridging Standardization Gap Forum – Hanoi - 15-17 September ,2008 Draft new ITU-T Rec.X1205 Overview of Cybersecurity

Documents
Regional Cybersecurity Week - RCS SummitThe Regional Cybersecurity week will be hosted by CITRA Kuwait, organized by ARCC and endorsed by ITU. It will include the 7th Regional Cybersecurity

Regional Cybersecurity Week - RCS SummitThe Regional Cybersecurity week will be hosted by CITRA Kuwait, organized by ARCC and endorsed by ITU. It will include the 7th Regional Cybersecurity

Documents
ITU Global Cybersecurity Agenda and Child Online Protection (COP)

ITU Global Cybersecurity Agenda and Child Online Protection (COP)

Documents
cybersecurity@itu · 2017-08-11 · cybersecurity@itu.int Technical: The measurement of technical institutions, terms, or frameworks dealing with cybersecurity. In this aspect, some

cybersecurity@itu · 2017-08-11 · [email protected] Technical: The measurement of technical institutions, terms, or frameworks dealing with cybersecurity. In this aspect, some

Documents
African Union Perspectives on Cybersecurity and Cybercrimestaging.itu.int/en/ITU-T/Workshops-and-Seminars/cybersecurity/... · on Cybersecurity and Cybercrime Souhila Amazouz Senior

African Union Perspectives on Cybersecurity and Cybercrimestaging.itu.int/en/ITU-T/Workshops-and-Seminars/cybersecurity/... · on Cybersecurity and Cybercrime Souhila Amazouz Senior

Documents
ITU Global Cybersecurity Agenda (GCA) › Substantive_2nd_IGF › ITU_GCA_E.pdf · The Global Cybersecurity Agenda (GCA) is an ITU framework for international cooperation aimed at

ITU Global Cybersecurity Agenda (GCA) › Substantive_2nd_IGF › ITU_GCA_E.pdf · The Global Cybersecurity Agenda (GCA) is an ITU framework for international cooperation aimed at

Documents
Impelmentation Strategy for Cybersecurity Workshop ITU 2016 · Strategic Moves and Controls (1) • Cybersecurity contingency plans that will include the national response capability

Impelmentation Strategy for Cybersecurity Workshop ITU 2016 · Strategic Moves and Controls (1) • Cybersecurity contingency plans that will include the national response capability

Documents
ITU National Cybersecurity/CIIP Self-Assessment Tool Rev

ITU National Cybersecurity/CIIP Self-Assessment Tool Rev

Documents
Migration to NGN - ITU: Committed to connecting the world ITU-D/ITU-T Seminar on Standardization and Development of NGN for Arab Region Migration to NGN ChaeSub Lee (chae-sub.lee@ties.itu.int)

Migration to NGN - ITU: Committed to connecting the world ITU-D/ITU-T Seminar on Standardization and Development of NGN for Arab Region Migration to NGN ChaeSub Lee ([email protected])

Documents
Hassan TALIB Vice-Chair ITU-T SG 12, Head DCT ANRT talib@anrt.ma // htalib@ties.itu.int

Hassan TALIB Vice-Chair ITU-T SG 12, Head DCT ANRT [email protected] // [email protected]

Documents
Hassan TALIB, Vice-Chair ITU-T SG 12, Head DCT ANRT talib@anrt.ma // htalib@ties.itu.int

Hassan TALIB, Vice-Chair ITU-T SG 12, Head DCT ANRT [email protected] // [email protected]

Documents
ITU Regional Cybersecurity Forum for Africa and Arab States, Tunis

ITU Regional Cybersecurity Forum for Africa and Arab States, Tunis

Documents
Vladimir Radunović - ITU · 2019. 9. 27. · Cybersecurity. Vladimir Radunović. Director, cybersecurity and e -diplomacy. vladar@diplomacy.edu. Bahrain, October 2019

Vladimir Radunović - ITU · 2019. 9. 27. · Cybersecurity. Vladimir Radunović. Director, cybersecurity and e -diplomacy. [email protected]. Bahrain, October 2019

Documents
Cybersecurity for ALL · ITU provides a global perspective and expertise and is promoting cybersecurity ... In 2007, ITU Secretary-General launched the Global Cybersecurity Agenda,

Cybersecurity for ALL · ITU provides a global perspective and expertise and is promoting cybersecurity ... In 2007, ITU Secretary-General launched the Global Cybersecurity Agenda,

Documents
Regional Cybersecurity Week · t th R Crsecurit s Regional CybeRseCuRity week The Regional Cybersecurity week will be hosted by CITRA Kuwait, organized by ARCC and endorsed by ITU

Regional Cybersecurity Week · t th R Crsecurit s Regional CybeRseCuRity week The Regional Cybersecurity week will be hosted by CITRA Kuwait, organized by ARCC and endorsed by ITU

Documents
ITU-T Rec. X.1205 (04/2008) Overview of cybersecurity

ITU-T Rec. X.1205 (04/2008) Overview of cybersecurity

Documents
CrossReg Broadband 2011 Presentation P34 · Chisinau, Moldova, October 2011 Traffic demand & modeling for BB - OGS Union Oscar González Soto ITU Consultant Expert Spain oscar.gonzalez-soto@ties.itu.int

CrossReg Broadband 2011 Presentation P34 · Chisinau, Moldova, October 2011 Traffic demand & modeling for BB - OGS Union Oscar González Soto ITU Consultant Expert Spain [email protected]

Documents
11 Cybersecurity & Cybersecurity & Child Online Protection (COP) 14-15 February 2012 Colombo, Sri Lanka Eun-Ju Kim, Ph.D. Regional Director ITU Regional

11 Cybersecurity & Cybersecurity & Child Online Protection (COP) 14-15 February 2012 Colombo, Sri Lanka Eun-Ju Kim, Ph.D. Regional Director ITU Regional

Documents
ITU Regional Cybersecurity Forum for Eastern and Southern ... · ITU Regional Cybersecurity Forum for Eastern and Southern Africa Telkom South Africa Regulatory Affairs 25 August

ITU Regional Cybersecurity Forum for Eastern and Southern ... · ITU Regional Cybersecurity Forum for Eastern and Southern Africa Telkom South Africa Regulatory Affairs 25 August

Documents