Cyber Security : : Law and Guidance.
Saved in:
: | |
---|---|
Place / Publishing House: | London : : Bloomsbury Publishing Plc,, 2018. Ã2018. |
Year of Publication: | 2018 |
Edition: | 1st ed. |
Language: | English |
Online Access: | |
Physical Description: | 1 online resource (787 pages) |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Table of Contents:
- Intro
- Preface
- Dedication
- Bibliography
- Table of Statutes
- Table of Statutory Instruments
- Table of Cases
- 1. THREATS
- Cyber criminals
- States and State-sponsored threats
- Terrorists
- Hacktivists
- Script Kiddies
- 2. VULNERABILITIES
- An expanding range of devices
- Poor cyber hygiene and compliance
- Insufficient training and skills
- Legacy and unpatched systems
- Availability of hacking resources
- 3. THE LAW
- Introduction
- International instruments
- Convention 108
- Council of Europe Convention on Cybercrime
- European and European Union-level instruments
- The Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR)
- European Court of Human Rights (ECtHR) and the application of the ECHR to privacy and data protection
- Case law of the ECtHR (on privacy and security)
- Treaty of Lisbon and the EU Charter of Fundamental Rights and Freedoms
- The EU's General Data Protection Regulation (GDPR)
- E-privacy Directive and Regulation
- Payment Service Directive 2 (PSD2)
- Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS)
- The Directive on security of network and information systems (NIS Directive)
- UK's legislation
- The UK's Human Rights Act 1998 (HRA)
- Data Protection Bill (Act) (2018)
- The Privacy and Electronic Communications (EC Directive) Regulations (PECR)
- Regulation of Investigatory Powers Act (RIPA, 2000), Data Retention and Regulation of Investigatory Powers Act (DRIPA, 2014), Investigatory Powers Act (IPA, 2016)
- Computer Misuse Act (CMA)
- CMA in practice
- A focus on The Computer Misuse Act
- Territorial Scope
- Sections 4 and 5
- 4. HOW TO DEFEND
- Active Cyber Defence
- What is good active cyber defence?
- Building a more secure Internet
- Protecting organisations.
- The supply chain, a potential leaky chain in your armour
- Social engineering, your number one threat
- Malware, a sneaky nightware
- Your company website, your continually exposed gateway to the world
- Removable media and optical media, danger comes in small cheap packages
- Passwords and authentication, the primary gatekeeper
- Smartphones, it is in reality a pocket PC
- Cloud security, more secure than on-premise? Well it depends
- Patching and vulnerability management, a never-ending battle
- Governance, risk and compliance, dry but it can work if done properly
- Protecting our critical national infrastructure and other priority sectors
- Changing public and business behaviours
- Managing incidents and understanding the threat
- 5. PRIVACY AND SECURITY IN THE WORKPLACE
- Introduction
- Legal instruments on data protection and security in the workplace
- Role of the employer
- The definition of an employee and a workplace
- Nature of the processed data
- Legal ground for processing personal data
- Data protection and security requirements extend to all medias
- Companies are responsible for the data security practices of their processors
- Roles of the controller and the processor
- Training and Awareness
- Privacy Matters, Even in Data Security
- Identity and Access Management (IAM) - Limit access to data
- Remote workers
- Execution and applicability of the data protection rights
- 6. SECURITY IN THE BUILT ENVIRONMENT
- Introduction
- Programme/Project Security
- Set up
- Supply Chain Management
- NCSC Principle for Supply Chain Security
- Internal assurance and governance
- Building Information Modelling
- Physical Security
- Electronic Security (including cyber)
- Cyber
- Summary
- 7. THE IMPORTANCE OF POLICY AND GUIDANCE IN DIGITAL COMMUNICATIONS
- Introduction
- The Value of policies.
- The Extent of the Issue
- Key considerations for policy generation
- Systems Deployment
- Ownership and Right to Monitor
- Managed Circulation
- Use of Digital Communications for Personal Purposes
- User Guidance
- Damaging Comments
- Presentation and Content, Including Confidentiality
- Constituents of System Abuse
- Conclusions
- 8. THE C SUITE PERSPECTIVE ON CYBER RISK
- Organisational Ramifications of Cyber Risk
- Assigning Accountability
- Setting Budgets
- Building a CxO-Led Cyber Strategy
- Summary and Outlook
- 9. CORPORATE GOVERNANCE MIND MAP
- Disclosing Data Breaches To Investors
- Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches
- Trade Secrets
- Threats
- Cybersecurity - Security Management Controls
- IT Strategy
- Governance Structure
- Organisational Structures and HR Management
- IT Policies and Procedures
- Resource Investments and Allocations
- Portfolio Management
- Risk Management
- IT Controls
- Personnel and Training
- Physical Security of Cyber Systems
- Systems Security Management
- Recovery Plans for Cyber Systems
- Configuration Change Management and Vulnerability Assessments
- Information Protection
- 10. INDUSTRY SPECIALISTS IN-DEPTH REPORTS
- Mobile Payments
- Key technical and commercial characteristics of mobile payments
- Complex regulatory landscape
- Key technical characteristics of authentication
- Key commercial characteristics of mobile payment authentication
- Information security risks of mobile payments to consumers
- Information security risks of mobile payments to the payment system
- Legislative framework governing payment authentication in Europe
- Regulation of strong consumer authentication
- Other sources of EU guidance
- Legislative framework governing payment authentication in the United States.
- Industry standards governing payment authentication do not exist in the context of mobile payments
- Competition law and mobile payments 00207Conclusion
- Electric Utilities: Critical Infrastructure Protection and Reliability Standards
- Electric Utilities as a part of critical infrastructure
- Electric utilities as a kind of industrial automation and control system
- Current state and further evolution of electricity infrastructure - Smart Grid
- Sources of cybersecurity issues for electric power infrastructure
- Known cyberattacks on electric utilities
- Why guidelines and standards for the protection of electric utilities matter
- The recommended practice: improving industrial control system cybersecurity with defence-in-depth strategies by ICS-CERT of the US Department of Homeland Security
- The electricity subsector cyber-security risk management process by the US Department of Energy
- The NERC critical infrastructure protection cybersecurity standards
- The ISA99/IEC 62443 series of standards for industrial automation and control systems security
- Electricity subsector cyber-security capability maturity model (ES-C2M2) by the US Department of Energy
- Critical infrastructure cybersecurity framework by the US NIST and implementation guidance for the energy sector
- Security for Industrial Control Systems guidance by the UK National Cyber Security Centre
- Manufacturing
- Introduction: Genba, Greek mythology and cyber security
- Think Money Group and UK Financial Services
- Introduction
- How severe could the impact of a cyber-attack be?
- How Should Organisations Tackle the Challenge of Cyber Attacks?
- Regulator Focus within the UK
- Other Threats and Challenges Facing Retail Banking
- Appendix 1
- Toward Energy 4.0
- The Energy Sector: moving to the age of Smart and Digitalised Markets
- The Ukrainian case.
- The legal developments in the European Union
- The NIS Directive and Energy
- The Clean Energy for all Europeans
- Beyond the US and the EU
- The sectorial and silos strategies versus the multi-sector horizontal approach
- An analysis of the energy sub sectors: strengths, weaknesses and law
- Conclusions and the way forward
- Aerospace, Defence and Security Sector
- Introduction
- Comparing Civilian and Military Cyber Security Sectors
- The Digital Age and the Digital Battlespace
- Offensive Cyber Capability
- Benefit and Threat
- Opportunities for the ADS Sector
- Evolution of the Threat
- Corporations on the Frontline
- Example of Proliferation - Stuxnet
- A new weapon
- Example of Civilian Infrastructure under attack - Ukraine Power Grid
- Wider concerns
- Example of Criminal Attacks at Scale - SWIFT Payment Network
- Performance of the ADS Sector in Cyber Security
- Notable cyber security events in the ADS sector
- Cyber Security in non-Government sectors: Missed Opportunity?
- Banking - in the Emirates
- Introduction
- The People: Building a solid team
- The Process: Building a program
- In Closing
- Healthcare
- Introduction
- What is Wannacry?
- What is ransomware?
- How the Department and the NHS responded
- Key findings
- Practical Points: Prevention and Protection
- Selling or buying your healthcare practice - things to look out for in the due diligence
- Medical Devices
- Introduction
- Conclusions and recommendations
- 11. SOCIAL MEDIA AND CYBER SECURITY
- Introduction
- What is Social Media and why does it matter?
- Who are the key social media players?
- Fake News and why it matters
- The Weaponising of Social Media
- Digital profiling
- Data Protection
- What is to be done?
- As individuals or individual businesses, what needs to be done?.
- 12. INTERNATIONAL LAW AND INTERACTION BETWEEN STATES.