Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cybercrime Bill 2014: Due Diligence


Published on

Information Security Governance

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Cybercrime Bill 2014: Due Diligence

  1. 1. Cybercrime Bill 2014 “Due Diligence” Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions +868 678 5078
  2. 2. • 17 years ICT experience, 5 of which in Senior Professional roles delivering major Telecommunications and Information Security projects. • 2008: Founding member of Information Security focused Organizational Unit. Established digital forensics lab, had oversight of vulnerability analysis and penetration testing, assisted policy development process. • M.Sc. Information Security comes from University College London • Information Security Advisory & ICT Programme Management In Brief
  3. 3. The Caribbean Is Immune…Is it? • Feb 2014: NGC issues Invitation to prequalify document for Audit Services citing: “Information and Communication Technology, Systems and Controls review” and “CYBERCrime” (Trinidad) • Nov 2013: TSTT issues Network & Session Initiation Protocol (SIP) Security Audit RFP. Prior news reports speak to several mobile and bypass fraud activities (Trinidad) • Nov 2013: Flow identifies cybersecurity as a major threat (Jamaica) • Mar 2012: LIME Internet infrastructure attacked (Barbados)
  4. 4. What Happens If An Attack Originates From Your Organization?
  5. 5. Cybercrime Bill 2014, Section 23 "Offence by body corporate" Where a body corporate commits an offence under this Act and the Court is satisfied that a director, manager, secretary or other similar officer of the body corporate, or any person who purports to act in such capacity– (a) connived in or consented to the commission of the offence; or (b) failed to exercise due diligence to prevent the commission of the offence, the director, manager, secretary or other similar officer or person purporting to act in that capacity also commits the offence.
  6. 6. Information Security Governance Required • This now places responsibility and accountability on an individual within the organization to ensure that said organizations’ ICT infrastructure, processes and people do not pose a threat to the public network and its constituents which also includes “critical infrastructure” elements.
  7. 7. I’m Safe…Bought Latest Hardware Solution
  8. 8. Securing People and Processes • Information Security must become part of Risk Management strategy. • Senior/Executive management must have oversight and be responsible for the Information Security Governance. • Information Security must be properly aligned with organizational structure and organizational behaviour. • Information Security specific roles • Change user behaviours to foster culture of Information Security.
  9. 9. Securing People and Processes • Information Security at design stage of project’s System Development Life Cycle • Continuous awareness of the evolution of external (and internal) threats. • When incidents do occur proper escalation procedures and remediation efforts need to be put in place. • Controls and response in accordance with International Information Security standards such as ISO 27001 (2013).
  10. 10. Are you prepared?