Cyber Security : : Law and Guidance.
Saved in:
| : | |
|---|---|
| Place / Publishing House: | London : : Bloomsbury Publishing Plc,, 2018. Ã2018. |
| Year of Publication: | 2018 |
| Edition: | 1st ed. |
| Language: | English |
| Online Access: | |
| Physical Description: | 1 online resource (787 pages) |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| LEADER | 10868nam a22004333i 4500 | ||
|---|---|---|---|
| 001 | 5006683657 | ||
| 003 | MiAaPQ | ||
| 005 | 20240229073842.0 | ||
| 006 | m o d | | ||
| 007 | cr cnu|||||||| | ||
| 008 | 240229s2018 xx o ||||0 eng d | ||
| 020 | |a 9781526505880 |q (electronic bk.) | ||
| 020 | |z 9781526505866 | ||
| 035 | |a (MiAaPQ)5006683657 | ||
| 035 | |a (Au-PeEL)EBL6683657 | ||
| 035 | |a (OCoLC)1152056199 | ||
| 040 | |a MiAaPQ |b eng |e rda |e pn |c MiAaPQ |d MiAaPQ | ||
| 082 | 0 | |a 005.8 | |
| 100 | 1 | |a MBE, Helen Wong. | |
| 245 | 1 | 0 | |a Cyber Security : |b Law and Guidance. |
| 250 | |a 1st ed. | ||
| 264 | 1 | |a London : |b Bloomsbury Publishing Plc, |c 2018. | |
| 264 | 4 | |c Ã2018. | |
| 300 | |a 1 online resource (787 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 505 | 0 | |a Intro -- Preface -- Dedication -- Bibliography -- Table of Statutes -- Table of Statutory Instruments -- Table of Cases -- 1. THREATS -- Cyber criminals -- States and State-sponsored threats -- Terrorists -- Hacktivists -- Script Kiddies -- 2. VULNERABILITIES -- An expanding range of devices -- Poor cyber hygiene and compliance -- Insufficient training and skills -- Legacy and unpatched systems -- Availability of hacking resources -- 3. THE LAW -- Introduction -- International instruments -- Convention 108 -- Council of Europe Convention on Cybercrime -- European and European Union-level instruments -- The Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) -- European Court of Human Rights (ECtHR) and the application of the ECHR to privacy and data protection -- Case law of the ECtHR (on privacy and security) -- Treaty of Lisbon and the EU Charter of Fundamental Rights and Freedoms -- The EU's General Data Protection Regulation (GDPR) -- E-privacy Directive and Regulation -- Payment Service Directive 2 (PSD2) -- Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS) -- The Directive on security of network and information systems (NIS Directive) -- UK's legislation -- The UK's Human Rights Act 1998 (HRA) -- Data Protection Bill (Act) (2018) -- The Privacy and Electronic Communications (EC Directive) Regulations (PECR) -- Regulation of Investigatory Powers Act (RIPA, 2000), Data Retention and Regulation of Investigatory Powers Act (DRIPA, 2014), Investigatory Powers Act (IPA, 2016) -- Computer Misuse Act (CMA) -- CMA in practice -- A focus on The Computer Misuse Act -- Territorial Scope -- Sections 4 and 5 -- 4. HOW TO DEFEND -- Active Cyber Defence -- What is good active cyber defence? -- Building a more secure Internet -- Protecting organisations. | |
| 505 | 8 | |a The supply chain, a potential leaky chain in your armour -- Social engineering, your number one threat -- Malware, a sneaky nightware -- Your company website, your continually exposed gateway to the world -- Removable media and optical media, danger comes in small cheap packages -- Passwords and authentication, the primary gatekeeper -- Smartphones, it is in reality a pocket PC -- Cloud security, more secure than on-premise? Well it depends -- Patching and vulnerability management, a never-ending battle -- Governance, risk and compliance, dry but it can work if done properly -- Protecting our critical national infrastructure and other priority sectors -- Changing public and business behaviours -- Managing incidents and understanding the threat -- 5. PRIVACY AND SECURITY IN THE WORKPLACE -- Introduction -- Legal instruments on data protection and security in the workplace -- Role of the employer -- The definition of an employee and a workplace -- Nature of the processed data -- Legal ground for processing personal data -- Data protection and security requirements extend to all medias -- Companies are responsible for the data security practices of their processors -- Roles of the controller and the processor -- Training and Awareness -- Privacy Matters, Even in Data Security -- Identity and Access Management (IAM) - Limit access to data -- Remote workers -- Execution and applicability of the data protection rights -- 6. SECURITY IN THE BUILT ENVIRONMENT -- Introduction -- Programme/Project Security -- Set up -- Supply Chain Management -- NCSC Principle for Supply Chain Security -- Internal assurance and governance -- Building Information Modelling -- Physical Security -- Electronic Security (including cyber) -- Cyber -- Summary -- 7. THE IMPORTANCE OF POLICY AND GUIDANCE IN DIGITAL COMMUNICATIONS -- Introduction -- The Value of policies. | |
| 505 | 8 | |a The Extent of the Issue -- Key considerations for policy generation -- Systems Deployment -- Ownership and Right to Monitor -- Managed Circulation -- Use of Digital Communications for Personal Purposes -- User Guidance -- Damaging Comments -- Presentation and Content, Including Confidentiality -- Constituents of System Abuse -- Conclusions -- 8. THE C SUITE PERSPECTIVE ON CYBER RISK -- Organisational Ramifications of Cyber Risk -- Assigning Accountability -- Setting Budgets -- Building a CxO-Led Cyber Strategy -- Summary and Outlook -- 9. CORPORATE GOVERNANCE MIND MAP -- Disclosing Data Breaches To Investors -- Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches -- Trade Secrets -- Threats -- Cybersecurity - Security Management Controls -- IT Strategy -- Governance Structure -- Organisational Structures and HR Management -- IT Policies and Procedures -- Resource Investments and Allocations -- Portfolio Management -- Risk Management -- IT Controls -- Personnel and Training -- Physical Security of Cyber Systems -- Systems Security Management -- Recovery Plans for Cyber Systems -- Configuration Change Management and Vulnerability Assessments -- Information Protection -- 10. INDUSTRY SPECIALISTS IN-DEPTH REPORTS -- Mobile Payments -- Key technical and commercial characteristics of mobile payments -- Complex regulatory landscape -- Key technical characteristics of authentication -- Key commercial characteristics of mobile payment authentication -- Information security risks of mobile payments to consumers -- Information security risks of mobile payments to the payment system -- Legislative framework governing payment authentication in Europe -- Regulation of strong consumer authentication -- Other sources of EU guidance -- Legislative framework governing payment authentication in the United States. | |
| 505 | 8 | |a Industry standards governing payment authentication do not exist in the context of mobile payments -- Competition law and mobile payments 00207Conclusion -- Electric Utilities: Critical Infrastructure Protection and Reliability Standards -- Electric Utilities as a part of critical infrastructure -- Electric utilities as a kind of industrial automation and control system -- Current state and further evolution of electricity infrastructure - Smart Grid -- Sources of cybersecurity issues for electric power infrastructure -- Known cyberattacks on electric utilities -- Why guidelines and standards for the protection of electric utilities matter -- The recommended practice: improving industrial control system cybersecurity with defence-in-depth strategies by ICS-CERT of the US Department of Homeland Security -- The electricity subsector cyber-security risk management process by the US Department of Energy -- The NERC critical infrastructure protection cybersecurity standards -- The ISA99/IEC 62443 series of standards for industrial automation and control systems security -- Electricity subsector cyber-security capability maturity model (ES-C2M2) by the US Department of Energy -- Critical infrastructure cybersecurity framework by the US NIST and implementation guidance for the energy sector -- Security for Industrial Control Systems guidance by the UK National Cyber Security Centre -- Manufacturing -- Introduction: Genba, Greek mythology and cyber security -- Think Money Group and UK Financial Services -- Introduction -- How severe could the impact of a cyber-attack be? -- How Should Organisations Tackle the Challenge of Cyber Attacks? -- Regulator Focus within the UK -- Other Threats and Challenges Facing Retail Banking -- Appendix 1 -- Toward Energy 4.0 -- The Energy Sector: moving to the age of Smart and Digitalised Markets -- The Ukrainian case. | |
| 505 | 8 | |a The legal developments in the European Union -- The NIS Directive and Energy -- The Clean Energy for all Europeans -- Beyond the US and the EU -- The sectorial and silos strategies versus the multi-sector horizontal approach -- An analysis of the energy sub sectors: strengths, weaknesses and law -- Conclusions and the way forward -- Aerospace, Defence and Security Sector -- Introduction -- Comparing Civilian and Military Cyber Security Sectors -- The Digital Age and the Digital Battlespace -- Offensive Cyber Capability -- Benefit and Threat -- Opportunities for the ADS Sector -- Evolution of the Threat -- Corporations on the Frontline -- Example of Proliferation - Stuxnet -- A new weapon -- Example of Civilian Infrastructure under attack - Ukraine Power Grid -- Wider concerns -- Example of Criminal Attacks at Scale - SWIFT Payment Network -- Performance of the ADS Sector in Cyber Security -- Notable cyber security events in the ADS sector -- Cyber Security in non-Government sectors: Missed Opportunity? -- Banking - in the Emirates -- Introduction -- The People: Building a solid team -- The Process: Building a program -- In Closing -- Healthcare -- Introduction -- What is Wannacry? -- What is ransomware? -- How the Department and the NHS responded -- Key findings -- Practical Points: Prevention and Protection -- Selling or buying your healthcare practice - things to look out for in the due diligence -- Medical Devices -- Introduction -- Conclusions and recommendations -- 11. SOCIAL MEDIA AND CYBER SECURITY -- Introduction -- What is Social Media and why does it matter? -- Who are the key social media players? -- Fake News and why it matters -- The Weaponising of Social Media -- Digital profiling -- Data Protection -- What is to be done? -- As individuals or individual businesses, what needs to be done?. | |
| 505 | 8 | |a 12. INTERNATIONAL LAW AND INTERACTION BETWEEN STATES. | |
| 588 | |a Description based on publisher supplied metadata and other sources. | ||
| 590 | |a Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2024. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. | ||
| 655 | 4 | |a Electronic books. | |
| 776 | 0 | 8 | |i Print version: |a MBE, Helen Wong |t Cyber Security: Law and Guidance |d London : Bloomsbury Publishing Plc,c2018 |z 9781526505866 |
| 797 | 2 | |a ProQuest (Firm) | |
| 856 | 4 | 0 | |u https://ebookcentral.proquest.com/lib/oeawat/detail.action?docID=6683657 |z Click to View |