SlideShare una empresa de Scribd logo

Session 6.2 Prof Ian Walden

Commonwealth Telecommunications Organisation
Commonwealth Telecommunications Organisation
Tecnología
1 de 8
Descargar para leer sin conexión
Regulating for Information Security Professor Ian Walden Institute of Computer and Communications Law Centre for Commercial Law Studies, Queen Mary, University of London
Introductory remarks • Legal frameworks • Regulatory controls – Behavioural obligations • e.g. breach notification – Regulatory institutions • Protecting critical national infrastructure • Facilitating authentication & data integrity • Controlling cryptography
Legal frameworks • e.g. African Union Convention on ‘Confidence and Security in Cyberspace’ (draft) – Electronic commerce • Validity & enforceability; transparency requirements & contractual obligations – Security • Evidential rules, electronic signatures & certification schemes – Data Protection • Security obligations – Cybercrime • Substantive & procedural law
Institutional response • Supervisory authorities – Independent, oversight (incl. audit rights) & enforcement • e.g. Data protection, NIS, Trust services…… • Computer Security Incident Response Teams (CSIRTs) – CERT Co-ordination Centre • From Carnegie Mellon University (1988) to more than 84 nations • Reactive & proactive services • Warning, Advice & Reporting Points (WARPs) – Community-based • Filtered warnings, advice brokering & trusted sharing
Critical National Infrastructure • Dual nature of the Internet – As source of threat & protected subject matter • e.g. US, The National Strategy to Secure Cyberspace (2003): “the healthy functioning of cyberspace is essential to our economy and our national security” • Protecting infrastructure – e.g. UK: Civil Contingencies Act 2004, Category 2 Responders, s. 22: ‘public electronic communication networks’ – e.g. Australia: Telecommunications and Other Legislation Amendment (Protection of Submarine Cables and Other Measures) Act 2005, No. 104 • Protecting data – e.g. South Africa: Electronic Communications and Transactions Act 2002 • Chapter IX: ‘Protection of Critical Databases’ – “Minister may prescribe minimum standards or prohibitions in respect of..”
eSignatures…. • Digital signatures, PKI & certification services – e.g. EU Directive ‘electronic signatures’ (1999) to Regulation on ‘electronic identification and trust services’ (2014) • Legal recognition – Differential status: ‘electronic signatures’ & ‘advanced electronic signatures’ • Regulatory schemes – Qualification • Mutual recognition & interoperability • Liability
Controlling cryptography • Cryptographic systems/software as a dual-use good – Authorisation schemes • OECD Guidelines for Cryptography Policy (1997) – 8 principles • Trust in & choice of cryptographic methods – e.g. NSA & the Dual EC DRBG standard! • Protection of privacy & lawful access • Wassenaar Arrangement – 41 parties (incl. most EU states, US, Russia, Japan) • 2013 Reforms:: ‘Advanced Persistent Threat Software and related equipment (offensive cyber tools)’ • Category 5, Part 2, ‘Information Security’, esp. Note 3: Cryptography
Concluding remarks • Cybersecurity & the rule of law – Legal certainty • Confidence, trust & security – Shifting liability & risk • e.g. Consumer protection rules • Cost & impact of regulation – For the market & for the state • e.g. digital signatures & PKI

Recomendados

Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Reform of the EU data protection regime - In house lawyers forum 2013, Richar...Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Browne Jacobson LLP
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
moldovaictsummit2016
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFID
Considerati
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Shiva Bissessar
 
E governance dushanbe 2012 katrin-nymanmetkalf
E governance dushanbe 2012 katrin-nymanmetkalfE governance dushanbe 2012 katrin-nymanmetkalf
E governance dushanbe 2012 katrin-nymanmetkalf
E-Journal ICT4D
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar
 
From Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesFrom Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital Rules
Rónán Kennedy
 
Data protection and smart grids
Data protection and smart gridsData protection and smart grids
Data protection and smart grids
Rónán Kennedy
 

Recomendados

Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Reform of the EU data protection regime - In house lawyers forum 2013, Richar...Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Browne Jacobson LLP
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internet
moldovaictsummit2016
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFID
Considerati
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Shiva Bissessar
 
E governance dushanbe 2012 katrin-nymanmetkalf
E governance dushanbe 2012 katrin-nymanmetkalfE governance dushanbe 2012 katrin-nymanmetkalf
E governance dushanbe 2012 katrin-nymanmetkalf
E-Journal ICT4D
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean Cybersecuirty
Shiva Bissessar
 
From Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesFrom Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital Rules
Rónán Kennedy
 
Data protection and smart grids
Data protection and smart gridsData protection and smart grids
Data protection and smart grids
Rónán Kennedy
 
Grameen mobile model and mobile broadband
Grameen mobile model and mobile broadbandGrameen mobile model and mobile broadband
Grameen mobile model and mobile broadband
Commonwealth Telecommunications Organisation
 
Promoting innovation through enabling regulations
Promoting innovation through enabling regulationsPromoting innovation through enabling regulations
Promoting innovation through enabling regulations
Commonwealth Telecommunications Organisation
 
CTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David PollingtonCTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David Pollington
Commonwealth Telecommunications Organisation
 
See beyond realize the vision
See beyond realize the visionSee beyond realize the vision
See beyond realize the vision
Commonwealth Telecommunications Organisation
 
Ho IP Telecom
Ho IP TelecomHo IP Telecom
Ho IP Telecom
Commonwealth Telecommunications Organisation
 
Digital Broadcasting is History
Digital Broadcasting is HistoryDigital Broadcasting is History
Digital Broadcasting is History
Commonwealth Telecommunications Organisation
 
Importance of research for policy
Importance of research for policyImportance of research for policy
Importance of research for policy
Commonwealth Telecommunications Organisation
 
Development innovation transformation,osita iweze, huawei
Development innovation transformation,osita iweze, huaweiDevelopment innovation transformation,osita iweze, huawei
Development innovation transformation,osita iweze, huawei
Commonwealth Telecommunications Organisation
 
I walden
I waldenI walden
I walden
Onkar Sule
 
The Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyThe Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and Privacy
Charles Mok
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction Systems
John ILIADIS
 
2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation
MartenLinkedin
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
AFRINIC
 
06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx
Rahul890054
 
164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.ppt164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.ppt
harshbj1801
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentation
Chande Kasita
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 
Unit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptxUnit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptx
Sanjith261
 
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Alexey Yankovski
 
Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)
PanagiotisKeramidis
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
OCTF Industry Engagement
 

Más contenido relacionado

Destacado

CTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David PollingtonCTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David Pollington
Commonwealth Telecommunications Organisation
 

Destacado (8)

Grameen mobile model and mobile broadband
Grameen mobile model and mobile broadbandGrameen mobile model and mobile broadband
Grameen mobile model and mobile broadband
 
Promoting innovation through enabling regulations
Promoting innovation through enabling regulationsPromoting innovation through enabling regulations
Promoting innovation through enabling regulations
 
CTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David PollingtonCTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David Pollington
 
See beyond realize the vision
See beyond realize the visionSee beyond realize the vision
See beyond realize the vision
 
Ho IP Telecom
Ho IP TelecomHo IP Telecom
Ho IP Telecom
 
Digital Broadcasting is History
Digital Broadcasting is HistoryDigital Broadcasting is History
Digital Broadcasting is History
 
Importance of research for policy
Importance of research for policyImportance of research for policy
Importance of research for policy
 
Development innovation transformation,osita iweze, huawei
Development innovation transformation,osita iweze, huaweiDevelopment innovation transformation,osita iweze, huawei
Development innovation transformation,osita iweze, huawei
 

Similar a Session 6.2 Prof Ian Walden

06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx
Rahul890054
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentation
Chande Kasita
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
DEEPAK948083
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 
Unit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptxUnit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptx
Sanjith261
 
Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)
PanagiotisKeramidis
 

Similar a Session 6.2 Prof Ian Walden (20)

I walden
I waldenI walden
I walden
 
The Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyThe Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and Privacy
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction Systems
 
2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
 
06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx
 
164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.ppt164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.ppt
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentation
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Unit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptxUnit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptx
 
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
 
Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
Jacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J BJacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J B
 
File000117
File000117File000117
File000117
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...
 
Uganda cyber laws _ isaca workshop_kampala_by Ruyooka
Uganda cyber laws _ isaca workshop_kampala_by RuyookaUganda cyber laws _ isaca workshop_kampala_by Ruyooka
Uganda cyber laws _ isaca workshop_kampala_by Ruyooka
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 
The Cyber Law Regime in India
The Cyber Law Regime in IndiaThe Cyber Law Regime in India
The Cyber Law Regime in India
 

Más de Commonwealth Telecommunications Organisation

Más de Commonwealth Telecommunications Organisation (20)

Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le RouxCommonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael OjoCommonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint GironsCommonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois HernandezCommonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
 
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatseCommonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
 
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijerCommonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer HopeCommonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat DegertCommonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
 
we.learn.it - February 2015
we.learn.it - February 2015we.learn.it - February 2015
we.learn.it - February 2015
 
We learn it agenda
We learn it agendaWe learn it agenda
We learn it agenda
 
Reflections on scale up and transferability
Reflections on scale up and transferabilityReflections on scale up and transferability
Reflections on scale up and transferability
 
Planning your learning expedition final
Planning your learning expedition finalPlanning your learning expedition final
Planning your learning expedition final
 
Le template 2015 final
Le template 2015 finalLe template 2015 final
Le template 2015 final
 
Mapping Tools Version 3
Mapping Tools Version 3Mapping Tools Version 3
Mapping Tools Version 3
 
5 expedition posters
5 expedition posters5 expedition posters
5 expedition posters
 
Session 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiSession 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El Shami
 
Session 6.1 Stewart Room
Session 6.1 Stewart RoomSession 6.1 Stewart Room
Session 6.1 Stewart Room
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
Session 5.2 Martin Koyabe
Session 5.2 Martin KoyabeSession 5.2 Martin Koyabe
Session 5.2 Martin Koyabe
 

Último

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Último (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Session 6.2 Prof Ian Walden

  • 1. Regulating for Information Security Professor Ian Walden Institute of Computer and Communications Law Centre for Commercial Law Studies, Queen Mary, University of London
  • 2. Introductory remarks • Legal frameworks • Regulatory controls – Behavioural obligations • e.g. breach notification – Regulatory institutions • Protecting critical national infrastructure • Facilitating authentication & data integrity • Controlling cryptography
  • 3. Legal frameworks • e.g. African Union Convention on ‘Confidence and Security in Cyberspace’ (draft) – Electronic commerce • Validity & enforceability; transparency requirements & contractual obligations – Security • Evidential rules, electronic signatures & certification schemes – Data Protection • Security obligations – Cybercrime • Substantive & procedural law
  • 4. Institutional response • Supervisory authorities – Independent, oversight (incl. audit rights) & enforcement • e.g. Data protection, NIS, Trust services…… • Computer Security Incident Response Teams (CSIRTs) – CERT Co-ordination Centre • From Carnegie Mellon University (1988) to more than 84 nations • Reactive & proactive services • Warning, Advice & Reporting Points (WARPs) – Community-based • Filtered warnings, advice brokering & trusted sharing
  • 5. Critical National Infrastructure • Dual nature of the Internet – As source of threat & protected subject matter • e.g. US, The National Strategy to Secure Cyberspace (2003): “the healthy functioning of cyberspace is essential to our economy and our national security” • Protecting infrastructure – e.g. UK: Civil Contingencies Act 2004, Category 2 Responders, s. 22: ‘public electronic communication networks’ – e.g. Australia: Telecommunications and Other Legislation Amendment (Protection of Submarine Cables and Other Measures) Act 2005, No. 104 • Protecting data – e.g. South Africa: Electronic Communications and Transactions Act 2002 • Chapter IX: ‘Protection of Critical Databases’ – “Minister may prescribe minimum standards or prohibitions in respect of..”
  • 6. eSignatures…. • Digital signatures, PKI & certification services – e.g. EU Directive ‘electronic signatures’ (1999) to Regulation on ‘electronic identification and trust services’ (2014) • Legal recognition – Differential status: ‘electronic signatures’ & ‘advanced electronic signatures’ • Regulatory schemes – Qualification • Mutual recognition & interoperability • Liability
  • 7. Controlling cryptography • Cryptographic systems/software as a dual-use good – Authorisation schemes • OECD Guidelines for Cryptography Policy (1997) – 8 principles • Trust in & choice of cryptographic methods – e.g. NSA & the Dual EC DRBG standard! • Protection of privacy & lawful access • Wassenaar Arrangement – 41 parties (incl. most EU states, US, Russia, Japan) • 2013 Reforms:: ‘Advanced Persistent Threat Software and related equipment (offensive cyber tools)’ • Category 5, Part 2, ‘Information Security’, esp. Note 3: Cryptography
  • 8. Concluding remarks • Cybersecurity & the rule of law – Legal certainty • Confidence, trust & security – Shifting liability & risk • e.g. Consumer protection rules • Cost & impact of regulation – For the market & for the state • e.g. digital signatures & PKI