SlideShare ist ein Scribd-Unternehmen logo

Session 6.2 Prof Ian Walden

Commonwealth Telecommunications Organisation
Commonwealth Telecommunications Organisation
Technologie
1 von 8
Downloaden Sie, um offline zu lesen
Regulating for Information Security Professor Ian Walden Institute of Computer and Communications Law Centre for Commercial Law Studies, Queen Mary, University of London
Introductory remarks • Legal frameworks • Regulatory controls – Behavioural obligations • e.g. breach notification – Regulatory institutions • Protecting critical national infrastructure • Facilitating authentication & data integrity • Controlling cryptography
Legal frameworks • e.g. African Union Convention on ‘Confidence and Security in Cyberspace’ (draft) – Electronic commerce • Validity & enforceability; transparency requirements & contractual obligations – Security • Evidential rules, electronic signatures & certification schemes – Data Protection • Security obligations – Cybercrime • Substantive & procedural law
Institutional response • Supervisory authorities – Independent, oversight (incl. audit rights) & enforcement • e.g. Data protection, NIS, Trust services…… • Computer Security Incident Response Teams (CSIRTs) – CERT Co-ordination Centre • From Carnegie Mellon University (1988) to more than 84 nations • Reactive & proactive services • Warning, Advice & Reporting Points (WARPs) – Community-based • Filtered warnings, advice brokering & trusted sharing
Critical National Infrastructure • Dual nature of the Internet – As source of threat & protected subject matter • e.g. US, The National Strategy to Secure Cyberspace (2003): “the healthy functioning of cyberspace is essential to our economy and our national security” • Protecting infrastructure – e.g. UK: Civil Contingencies Act 2004, Category 2 Responders, s. 22: ‘public electronic communication networks’ – e.g. Australia: Telecommunications and Other Legislation Amendment (Protection of Submarine Cables and Other Measures) Act 2005, No. 104 • Protecting data – e.g. South Africa: Electronic Communications and Transactions Act 2002 • Chapter IX: ‘Protection of Critical Databases’ – “Minister may prescribe minimum standards or prohibitions in respect of..”
eSignatures…. • Digital signatures, PKI & certification services – e.g. EU Directive ‘electronic signatures’ (1999) to Regulation on ‘electronic identification and trust services’ (2014) • Legal recognition – Differential status: ‘electronic signatures’ & ‘advanced electronic signatures’ • Regulatory schemes – Qualification • Mutual recognition & interoperability • Liability
Controlling cryptography • Cryptographic systems/software as a dual-use good – Authorisation schemes • OECD Guidelines for Cryptography Policy (1997) – 8 principles • Trust in & choice of cryptographic methods – e.g. NSA & the Dual EC DRBG standard! • Protection of privacy & lawful access • Wassenaar Arrangement – 41 parties (incl. most EU states, US, Russia, Japan) • 2013 Reforms:: ‘Advanced Persistent Threat Software and related equipment (offensive cyber tools)’ • Category 5, Part 2, ‘Information Security’, esp. Note 3: Cryptography
Concluding remarks • Cybersecurity & the rule of law – Legal certainty • Confidence, trust & security – Shifting liability & risk • e.g. Consumer protection rules • Cost & impact of regulation – For the market & for the state • e.g. digital signatures & PKI

Empfohlen

Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Reform of the EU data protection regime - In house lawyers forum 2013, Richar...Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Reform of the EU data protection regime - In house lawyers forum 2013, Richar...Browne Jacobson LLP
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internetmoldovaictsummit2016
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFIDConsiderati
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
 
E governance dushanbe 2012 katrin-nymanmetkalf
E governance dushanbe 2012 katrin-nymanmetkalfE governance dushanbe 2012 katrin-nymanmetkalf
E governance dushanbe 2012 katrin-nymanmetkalfE-Journal ICT4D
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
From Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesFrom Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesRónán Kennedy
 
Data protection and smart grids
Data protection and smart gridsData protection and smart grids
Data protection and smart gridsRónán Kennedy
 

Empfohlen

Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Reform of the EU data protection regime - In house lawyers forum 2013, Richar...Reform of the EU data protection regime - In house lawyers forum 2013, Richar...
Reform of the EU data protection regime - In house lawyers forum 2013, Richar...Browne Jacobson LLP
 
Freedom of expression on the internet
Freedom of expression on the internetFreedom of expression on the internet
Freedom of expression on the internetmoldovaictsummit2016
 
A balanced perspective on RFID
A balanced perspective on RFIDA balanced perspective on RFID
A balanced perspective on RFIDConsiderati
 
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityImpressions from Caribbean ICT Stakeholder Meeting, CyberSecurity
Impressions from Caribbean ICT Stakeholder Meeting, CyberSecurityShiva Bissessar
 
E governance dushanbe 2012 katrin-nymanmetkalf
E governance dushanbe 2012 katrin-nymanmetkalfE governance dushanbe 2012 katrin-nymanmetkalf
E governance dushanbe 2012 katrin-nymanmetkalfE-Journal ICT4D
 
Achieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyAchieving Caribbean Cybersecuirty
Achieving Caribbean CybersecuirtyShiva Bissessar
 
From Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesFrom Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesRónán Kennedy
 
Data protection and smart grids
Data protection and smart gridsData protection and smart grids
Data protection and smart gridsRónán Kennedy
 
Grameen mobile model and mobile broadband
Grameen mobile model and mobile broadbandGrameen mobile model and mobile broadband
Grameen mobile model and mobile broadbandCommonwealth Telecommunications Organisation
 
Promoting innovation through enabling regulations
Promoting innovation through enabling regulationsPromoting innovation through enabling regulations
Promoting innovation through enabling regulationsCommonwealth Telecommunications Organisation
 
CTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David PollingtonCTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David PollingtonCommonwealth Telecommunications Organisation
 
See beyond realize the vision
See beyond realize the visionSee beyond realize the vision
See beyond realize the visionCommonwealth Telecommunications Organisation
 
Ho IP Telecom
Ho IP TelecomHo IP Telecom
Ho IP TelecomCommonwealth Telecommunications Organisation
 
Digital Broadcasting is History
Digital Broadcasting is HistoryDigital Broadcasting is History
Digital Broadcasting is HistoryCommonwealth Telecommunications Organisation
 
Importance of research for policy
Importance of research for policyImportance of research for policy
Importance of research for policyCommonwealth Telecommunications Organisation
 
Development innovation transformation,osita iweze, huawei
Development innovation transformation,osita iweze, huaweiDevelopment innovation transformation,osita iweze, huawei
Development innovation transformation,osita iweze, huaweiCommonwealth Telecommunications Organisation
 
I walden
I waldenI walden
I waldenOnkar Sule
 
The Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyThe Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyCharles Mok
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsJohn ILIADIS
 
2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication LegislationMartenLinkedin
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityAFRINIC
 
06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptxRahul890054
 
164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.ppt164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.pptharshbj1801
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentationChande Kasita
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Unit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptxUnit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptxSanjith261
 
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineAlexey Yankovski
 
Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)PanagiotisKeramidis
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselOCTF Industry Engagement
 

Weitere ähnliche Inhalte

Andere mochten auch

Andere mochten auch (8)

Grameen mobile model and mobile broadband
Grameen mobile model and mobile broadbandGrameen mobile model and mobile broadband
Grameen mobile model and mobile broadband
 
Promoting innovation through enabling regulations
Promoting innovation through enabling regulationsPromoting innovation through enabling regulations
Promoting innovation through enabling regulations
 
CTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David PollingtonCTO Cybersecurity Forum 2013 David Pollington
CTO Cybersecurity Forum 2013 David Pollington
 
See beyond realize the vision
See beyond realize the visionSee beyond realize the vision
See beyond realize the vision
 
Ho IP Telecom
Ho IP TelecomHo IP Telecom
Ho IP Telecom
 
Digital Broadcasting is History
Digital Broadcasting is HistoryDigital Broadcasting is History
Digital Broadcasting is History
 
Importance of research for policy
Importance of research for policyImportance of research for policy
Importance of research for policy
 
Development innovation transformation,osita iweze, huawei
Development innovation transformation,osita iweze, huaweiDevelopment innovation transformation,osita iweze, huawei
Development innovation transformation,osita iweze, huawei
 

Ähnlich wie Session 6.2 Prof Ian Walden

The Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyThe Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyCharles Mok
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsJohn ILIADIS
 
2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication LegislationMartenLinkedin
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityAFRINIC
 
06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptxRahul890054
 
164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.ppt164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.pptharshbj1801
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentationChande Kasita
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYDEEPAK948083
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Unit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptxUnit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptxSanjith261
 
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineAlexey Yankovski
 
Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)PanagiotisKeramidis
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...Vsevolod Shabad
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"OCTF Industry Engagement
 
The Cyber Law Regime in India
The Cyber Law Regime in IndiaThe Cyber Law Regime in India
The Cyber Law Regime in IndiaDr. Prashant Vats
 

Ähnlich wie Session 6.2 Prof Ian Walden (20)

I walden
I waldenI walden
I walden
 
The Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and PrivacyThe Impact of Cloud: Cloud Computing Security and Privacy
The Impact of Cloud: Cloud Computing Security and Privacy
 
PKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction SystemsPKI : The role of TTPs for the Development of secure Transaction Systems
PKI : The role of TTPs for the Development of secure Transaction Systems
 
2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation2014 Update EU Cyber Law & Authentication Legislation
2014 Update EU Cyber Law & Authentication Legislation
 
Towela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurityTowela_Trans boundary issues in cybersecurity
Towela_Trans boundary issues in cybersecurity
 
06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx06_-_luca_castellani_-_uncitral_castellani_en.pptx
06_-_luca_castellani_-_uncitral_castellani_en.pptx
 
164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.ppt164199724-Introduction-To-Digital-Forensics-ppt.ppt
164199724-Introduction-To-Digital-Forensics-ppt.ppt
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentation
 
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITYMOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
MOBILE & WIRELESS SECURITY And MOBILE & WIRELESS SECURITY
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Unit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptxUnit-5.3 Information Technology Act, 2000-MLP.pptx
Unit-5.3 Information Technology Act, 2000-MLP.pptx
 
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
 
Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)Digital ready policymaking and the digital screening process(1)
Digital ready policymaking and the digital screening process(1)
 
Cyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counselCyber Threat Overview for Euro IT counsel
Cyber Threat Overview for Euro IT counsel
 
Jacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J BJacques Bus F I I R L Presentation J B
Jacques Bus F I I R L Presentation J B
 
File000117
File000117File000117
File000117
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...
 
Uganda cyber laws _ isaca workshop_kampala_by Ruyooka
Uganda cyber laws _ isaca workshop_kampala_by RuyookaUganda cyber laws _ isaca workshop_kampala_by Ruyooka
Uganda cyber laws _ isaca workshop_kampala_by Ruyooka
 
CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"CRI Extract from "Cyber Lessons from the Front lines"
CRI Extract from "Cyber Lessons from the Front lines"
 
The Cyber Law Regime in India
The Cyber Law Regime in IndiaThe Cyber Law Regime in India
The Cyber Law Regime in India
 

Mehr von Commonwealth Telecommunications Organisation

Mehr von Commonwealth Telecommunications Organisation (20)

Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le RouxCommonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
Commonwealth Digital Broadcasting Siwtchover FOrum 2015 Regis Le Roux
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael OjoCommonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
Commonwealth Digital Broadcasting Switchover Forum 2015 Michael Ojo
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
Commonwealth Digital Broadcasting Switchover Forum 2015 Loren Braithwaite Kab...
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint GironsCommonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
Commonwealth Digital Broadcasting Switchover Forum 2015 Régis Saint Girons
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois HernandezCommonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
Commonwealth Digital Broadcasting Switchover Forum 2015 Francois Hernandez
 
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatseCommonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
Commonwealth digital broadcasting switchover forum 2015 dr mothobi mutloatse
 
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijerCommonwealth digital broadcasting switchover forum 2015 annemarie meijer
Commonwealth digital broadcasting switchover forum 2015 annemarie meijer
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer HopeCommonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
Commonwealth Digital Broadcasting Switchover Forum 2015 Mortimer Hope
 
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat DegertCommonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
Commonwealth Digital Broadcasting Switchover Forum 2015 Michele Coat Degert
 
we.learn.it - February 2015
we.learn.it - February 2015we.learn.it - February 2015
we.learn.it - February 2015
 
We learn it agenda
We learn it agendaWe learn it agenda
We learn it agenda
 
Reflections on scale up and transferability
Reflections on scale up and transferabilityReflections on scale up and transferability
Reflections on scale up and transferability
 
Planning your learning expedition final
Planning your learning expedition finalPlanning your learning expedition final
Planning your learning expedition final
 
Le template 2015 final
Le template 2015 finalLe template 2015 final
Le template 2015 final
 
Mapping Tools Version 3
Mapping Tools Version 3Mapping Tools Version 3
Mapping Tools Version 3
 
5 expedition posters
5 expedition posters5 expedition posters
5 expedition posters
 
Session 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El ShamiSession 6.2 Cécile Barayre El Shami
Session 6.2 Cécile Barayre El Shami
 
Session 6.1 Stewart Room
Session 6.1 Stewart RoomSession 6.1 Stewart Room
Session 6.1 Stewart Room
 
Session 5.3 Alexander Ntoko
Session 5.3 Alexander NtokoSession 5.3 Alexander Ntoko
Session 5.3 Alexander Ntoko
 
Session 5.2 Martin Koyabe
Session 5.2 Martin KoyabeSession 5.2 Martin Koyabe
Session 5.2 Martin Koyabe
 

Kürzlich hochgeladen

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 

Session 6.2 Prof Ian Walden

  • 1. Regulating for Information Security Professor Ian Walden Institute of Computer and Communications Law Centre for Commercial Law Studies, Queen Mary, University of London
  • 2. Introductory remarks • Legal frameworks • Regulatory controls – Behavioural obligations • e.g. breach notification – Regulatory institutions • Protecting critical national infrastructure • Facilitating authentication & data integrity • Controlling cryptography
  • 3. Legal frameworks • e.g. African Union Convention on ‘Confidence and Security in Cyberspace’ (draft) – Electronic commerce • Validity & enforceability; transparency requirements & contractual obligations – Security • Evidential rules, electronic signatures & certification schemes – Data Protection • Security obligations – Cybercrime • Substantive & procedural law
  • 4. Institutional response • Supervisory authorities – Independent, oversight (incl. audit rights) & enforcement • e.g. Data protection, NIS, Trust services…… • Computer Security Incident Response Teams (CSIRTs) – CERT Co-ordination Centre • From Carnegie Mellon University (1988) to more than 84 nations • Reactive & proactive services • Warning, Advice & Reporting Points (WARPs) – Community-based • Filtered warnings, advice brokering & trusted sharing
  • 5. Critical National Infrastructure • Dual nature of the Internet – As source of threat & protected subject matter • e.g. US, The National Strategy to Secure Cyberspace (2003): “the healthy functioning of cyberspace is essential to our economy and our national security” • Protecting infrastructure – e.g. UK: Civil Contingencies Act 2004, Category 2 Responders, s. 22: ‘public electronic communication networks’ – e.g. Australia: Telecommunications and Other Legislation Amendment (Protection of Submarine Cables and Other Measures) Act 2005, No. 104 • Protecting data – e.g. South Africa: Electronic Communications and Transactions Act 2002 • Chapter IX: ‘Protection of Critical Databases’ – “Minister may prescribe minimum standards or prohibitions in respect of..”
  • 6. eSignatures…. • Digital signatures, PKI & certification services – e.g. EU Directive ‘electronic signatures’ (1999) to Regulation on ‘electronic identification and trust services’ (2014) • Legal recognition – Differential status: ‘electronic signatures’ & ‘advanced electronic signatures’ • Regulatory schemes – Qualification • Mutual recognition & interoperability • Liability
  • 7. Controlling cryptography • Cryptographic systems/software as a dual-use good – Authorisation schemes • OECD Guidelines for Cryptography Policy (1997) – 8 principles • Trust in & choice of cryptographic methods – e.g. NSA & the Dual EC DRBG standard! • Protection of privacy & lawful access • Wassenaar Arrangement – 41 parties (incl. most EU states, US, Russia, Japan) • 2013 Reforms:: ‘Advanced Persistent Threat Software and related equipment (offensive cyber tools)’ • Category 5, Part 2, ‘Information Security’, esp. Note 3: Cryptography
  • 8. Concluding remarks • Cybersecurity & the rule of law – Legal certainty • Confidence, trust & security – Shifting liability & risk • e.g. Consumer protection rules • Cost & impact of regulation – For the market & for the state • e.g. digital signatures & PKI