Cyber Security : : Law and Guidance.

Cyber Security : : Law and Guidance.

Saved in:
Bibliographic Details
:
MBE, Helen Wong.
Place / Publishing House:London : : Bloomsbury Publishing Plc,, 2018.
Ã2018.
Year of Publication:2018
Edition:1st ed.
Language:English
Online Access:
Physical Description:1 online resource (787 pages)
Tags: Add Tag
No Tags, Be the first to tag this record!
Table of Contents:
  • Intro
  • Preface
  • Dedication
  • Bibliography
  • Table of Statutes
  • Table of Statutory Instruments
  • Table of Cases
  • 1. THREATS
  • Cyber criminals
  • States and State-sponsored threats
  • Terrorists
  • Hacktivists
  • Script Kiddies
  • 2. VULNERABILITIES
  • An expanding range of devices
  • Poor cyber hygiene and compliance
  • Insufficient training and skills
  • Legacy and unpatched systems
  • Availability of hacking resources
  • 3. THE LAW
  • Introduction
  • International instruments
  • Convention 108
  • Council of Europe Convention on Cybercrime
  • European and European Union-level instruments
  • The Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR)
  • European Court of Human Rights (ECtHR) and the application of the ECHR to privacy and data protection
  • Case law of the ECtHR (on privacy and security)
  • Treaty of Lisbon and the EU Charter of Fundamental Rights and Freedoms
  • The EU's General Data Protection Regulation (GDPR)
  • E-privacy Directive and Regulation
  • Payment Service Directive 2 (PSD2)
  • Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS)
  • The Directive on security of network and information systems (NIS Directive)
  • UK's legislation
  • The UK's Human Rights Act 1998 (HRA)
  • Data Protection Bill (Act) (2018)
  • The Privacy and Electronic Communications (EC Directive) Regulations (PECR)
  • Regulation of Investigatory Powers Act (RIPA, 2000), Data Retention and Regulation of Investigatory Powers Act (DRIPA, 2014), Investigatory Powers Act (IPA, 2016)
  • Computer Misuse Act (CMA)
  • CMA in practice
  • A focus on The Computer Misuse Act
  • Territorial Scope
  • Sections 4 and 5
  • 4. HOW TO DEFEND
  • Active Cyber Defence
  • What is good active cyber defence?
  • Building a more secure Internet
  • Protecting organisations.
  • The supply chain, a potential leaky chain in your armour
  • Social engineering, your number one threat
  • Malware, a sneaky nightware
  • Your company website, your continually exposed gateway to the world
  • Removable media and optical media, danger comes in small cheap packages
  • Passwords and authentication, the primary gatekeeper
  • Smartphones, it is in reality a pocket PC
  • Cloud security, more secure than on-premise? Well it depends
  • Patching and vulnerability management, a never-ending battle
  • Governance, risk and compliance, dry but it can work if done properly
  • Protecting our critical national infrastructure and other priority sectors
  • Changing public and business behaviours
  • Managing incidents and understanding the threat
  • 5. PRIVACY AND SECURITY IN THE WORKPLACE
  • Introduction
  • Legal instruments on data protection and security in the workplace
  • Role of the employer
  • The definition of an employee and a workplace
  • Nature of the processed data
  • Legal ground for processing personal data
  • Data protection and security requirements extend to all medias
  • Companies are responsible for the data security practices of their processors
  • Roles of the controller and the processor
  • Training and Awareness
  • Privacy Matters, Even in Data Security
  • Identity and Access Management (IAM) - Limit access to data
  • Remote workers
  • Execution and applicability of the data protection rights
  • 6. SECURITY IN THE BUILT ENVIRONMENT
  • Introduction
  • Programme/Project Security
  • Set up
  • Supply Chain Management
  • NCSC Principle for Supply Chain Security
  • Internal assurance and governance
  • Building Information Modelling
  • Physical Security
  • Electronic Security (including cyber)
  • Cyber
  • Summary
  • 7. THE IMPORTANCE OF POLICY AND GUIDANCE IN DIGITAL COMMUNICATIONS
  • Introduction
  • The Value of policies.
  • The Extent of the Issue
  • Key considerations for policy generation
  • Systems Deployment
  • Ownership and Right to Monitor
  • Managed Circulation
  • Use of Digital Communications for Personal Purposes
  • User Guidance
  • Damaging Comments
  • Presentation and Content, Including Confidentiality
  • Constituents of System Abuse
  • Conclusions
  • 8. THE C SUITE PERSPECTIVE ON CYBER RISK
  • Organisational Ramifications of Cyber Risk
  • Assigning Accountability
  • Setting Budgets
  • Building a CxO-Led Cyber Strategy
  • Summary and Outlook
  • 9. CORPORATE GOVERNANCE MIND MAP
  • Disclosing Data Breaches To Investors
  • Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches
  • Trade Secrets
  • Threats
  • Cybersecurity - Security Management Controls
  • IT Strategy
  • Governance Structure
  • Organisational Structures and HR Management
  • IT Policies and Procedures
  • Resource Investments and Allocations
  • Portfolio Management
  • Risk Management
  • IT Controls
  • Personnel and Training
  • Physical Security of Cyber Systems
  • Systems Security Management
  • Recovery Plans for Cyber Systems
  • Configuration Change Management and Vulnerability Assessments
  • Information Protection
  • 10. INDUSTRY SPECIALISTS IN-DEPTH REPORTS
  • Mobile Payments
  • Key technical and commercial characteristics of mobile payments
  • Complex regulatory landscape
  • Key technical characteristics of authentication
  • Key commercial characteristics of mobile payment authentication
  • Information security risks of mobile payments to consumers
  • Information security risks of mobile payments to the payment system
  • Legislative framework governing payment authentication in Europe
  • Regulation of strong consumer authentication
  • Other sources of EU guidance
  • Legislative framework governing payment authentication in the United States.
  • Industry standards governing payment authentication do not exist in the context of mobile payments
  • Competition law and mobile payments 00207Conclusion
  • Electric Utilities: Critical Infrastructure Protection and Reliability Standards
  • Electric Utilities as a part of critical infrastructure
  • Electric utilities as a kind of industrial automation and control system
  • Current state and further evolution of electricity infrastructure - Smart Grid
  • Sources of cybersecurity issues for electric power infrastructure
  • Known cyberattacks on electric utilities
  • Why guidelines and standards for the protection of electric utilities matter
  • The recommended practice: improving industrial control system cybersecurity with defence-in-depth strategies by ICS-CERT of the US Department of Homeland Security
  • The electricity subsector cyber-security risk management process by the US Department of Energy
  • The NERC critical infrastructure protection cybersecurity standards
  • The ISA99/IEC 62443 series of standards for industrial automation and control systems security
  • Electricity subsector cyber-security capability maturity model (ES-C2M2) by the US Department of Energy
  • Critical infrastructure cybersecurity framework by the US NIST and implementation guidance for the energy sector
  • Security for Industrial Control Systems guidance by the UK National Cyber Security Centre
  • Manufacturing
  • Introduction: Genba, Greek mythology and cyber security
  • Think Money Group and UK Financial Services
  • Introduction
  • How severe could the impact of a cyber-attack be?
  • How Should Organisations Tackle the Challenge of Cyber Attacks?
  • Regulator Focus within the UK
  • Other Threats and Challenges Facing Retail Banking
  • Appendix 1
  • Toward Energy 4.0
  • The Energy Sector: moving to the age of Smart and Digitalised Markets
  • The Ukrainian case.
  • The legal developments in the European Union
  • The NIS Directive and Energy
  • The Clean Energy for all Europeans
  • Beyond the US and the EU
  • The sectorial and silos strategies versus the multi-sector horizontal approach
  • An analysis of the energy sub sectors: strengths, weaknesses and law
  • Conclusions and the way forward
  • Aerospace, Defence and Security Sector
  • Introduction
  • Comparing Civilian and Military Cyber Security Sectors
  • The Digital Age and the Digital Battlespace
  • Offensive Cyber Capability
  • Benefit and Threat
  • Opportunities for the ADS Sector
  • Evolution of the Threat
  • Corporations on the Frontline
  • Example of Proliferation - Stuxnet
  • A new weapon
  • Example of Civilian Infrastructure under attack - Ukraine Power Grid
  • Wider concerns
  • Example of Criminal Attacks at Scale - SWIFT Payment Network
  • Performance of the ADS Sector in Cyber Security
  • Notable cyber security events in the ADS sector
  • Cyber Security in non-Government sectors: Missed Opportunity?
  • Banking - in the Emirates
  • Introduction
  • The People: Building a solid team
  • The Process: Building a program
  • In Closing
  • Healthcare
  • Introduction
  • What is Wannacry?
  • What is ransomware?
  • How the Department and the NHS responded
  • Key findings
  • Practical Points: Prevention and Protection
  • Selling or buying your healthcare practice - things to look out for in the due diligence
  • Medical Devices
  • Introduction
  • Conclusions and recommendations
  • 11. SOCIAL MEDIA AND CYBER SECURITY
  • Introduction
  • What is Social Media and why does it matter?
  • Who are the key social media players?
  • Fake News and why it matters
  • The Weaponising of Social Media
  • Digital profiling
  • Data Protection
  • What is to be done?
  • As individuals or individual businesses, what needs to be done?.
  • 12. INTERNATIONAL LAW AND INTERACTION BETWEEN STATES.

Similar Items