8. SWCSC | 19 November 2015
Damage to all businesses
9. SWCSC | 19 November 2015
Criminal sanctions
• Budapest Convention 2001
• Computer Misuse Act 1990
o Serious Crime Act 2015
• Wireless Telegraphy Act 2006
• Postal Services Act 2000
• Data Protection Act 1998
• Protection from Harassment Act 1997
• c. 15 more
10. SWCSC | 19 November 2015
More criminal sanctions?
11. SWCSC | 19 November 2015
Consequences of unauthorised access
• breach of privacy law obligations
• regulatory fines
• individual loss claims
Loss of personal
data
• breach of contract
• loss of commercial advantage
• breach of regulatory obligations
• regulatory fines
Loss of confidential
information
• financial fraud
• extortion
• breach of regulatory obligations
• regulatory fines
Financial systems
• denial of service
• physical damage to plant and machinery
• industrial accidents
Operational control
systems
12. SWCSC | 19 November 2015
Australian Signals Directorate
13. SWCSC | 19 November 2015
Four Simple Steps
• Application whitelisting
• General patching
• Patching operating systems
• Restricting administrator privileges to operating systems
http://www.asd.gov.au/infosec/mitigationstrategies.htm
14. SWCSC | 19 November 2015
Cyber-resilience
• audit of legal and regulatory environment
• risk profile
• review the availability and suitability of general and specific insuranceRisk analysis
• development of employee terms & conditions, policies, training and development
• revision of commercial terms in consultancy and technology agreements
• compliance management, including continuous disclosure type obligations
• business continuity planning
Compliance/risk
management
• incident response
• regulatory reporting
• reputation management support
• litigation
Crisis
management
• lobbying in respect of regulatory reform
• interpreting and support the implementation of legal and regulatory obligations
• self-regulatory initiatives
Policy-making
15. SWCSC | 19 November 2015
Stewart James
Partner
07813 019002
s.james@ashfords.co.uk