Cybercrime Bill 2014: Due Diligence

•

1 like•1,986 views

The document discusses cybersecurity risks and responsibilities in the Caribbean region. It notes recent cyber attacks and security audits in Trinidad, Jamaica, and Barbados. It summarizes a section of the Cybercrime Bill 2014 that holds corporate directors responsible if they fail to prevent cybercrimes originating from their organization. Finally, it argues that information security requires governance, securing people and processes in addition to technology, and following standards like ISO 27001 to be prepared for incidents.

Technology

• 17 years ICT experience, 5 of which in Senior Professional
roles delivering major Telecommunications and
Information Security projects.
• 2008: Founding member of Information Security focused
Organizational Unit. Established digital forensics lab, had
oversight of vulnerability analysis and penetration testing,
assisted policy development process.
• M.Sc. Information Security comes from University College
London
• Information Security Advisory & ICT Programme
Management
In Brief

The Caribbean Is Immune…Is it?
• Feb 2014: NGC issues Invitation to prequalify document for
Audit Services citing: “Information and Communication
Technology, Systems and Controls review” and
“CYBERCrime” (Trinidad)
• Nov 2013: TSTT issues Network & Session Initiation Protocol
(SIP) Security Audit RFP. Prior news reports speak to several
mobile and bypass fraud activities (Trinidad)
• Nov 2013: Flow identifies cybersecurity as a major threat
(Jamaica)
• Mar 2012: LIME Internet infrastructure attacked (Barbados)

What Happens If An Attack
Originates From Your Organization?

Cybercrime Bill 2014, Section 23
"Offence by body corporate"
Where a body corporate commits an offence under
this Act and the Court is satisfied that a director,
manager, secretary or other similar officer of the body
corporate, or any person who purports to act in such capacity–
(a) connived in or consented to the commission
of the offence; or
(b) failed to exercise due diligence to prevent the
commission of the offence,
the director, manager, secretary or other similar officer or
person purporting to act in that capacity also commits the
offence.

Information Security
Governance Required
• This now places responsibility and
accountability on an individual within the
organization to ensure that said
organizations’ ICT infrastructure, processes
and people do not pose a threat to the public
network and its constituents which also
includes “critical infrastructure” elements.

I’m Safe…Bought Latest Hardware Solution

Securing People and Processes
• Information Security must become part of Risk Management
strategy.
• Senior/Executive management must have oversight and be
responsible for the Information Security Governance.
• Information Security must be properly aligned with
organizational structure and organizational behaviour.
• Information Security specific roles
• Change user behaviours to foster culture of Information
Security.

Securing People and Processes
• Information Security at design stage of project’s System
Development Life Cycle
• Continuous awareness of the evolution of external (and
internal) threats.
• When incidents do occur proper escalation procedures and
remediation efforts need to be put in place.
• Controls and response in accordance with International
Information Security standards such as ISO 27001 (2013).

The discussion will cover the need, urgency and industry direction in deploying solid cyber defense technologies. There will be real world examples of the costs, the danger and the recovery of both cybersecurity offense and defense. There will be a focus on Increase cyber-attack vulnerabilities such as IoT and Cloud Computing, particular to attacks on physical world critical infrastructure. The subject topic will discuss methods of needed rapid development and deployment of cyber defense technologies today with preparation for a Post Quantum Computing Era. Main points covered: • Costs and danger of cyber-attacks now compared to major natural disasters • Nation State threats on critical infrastructure reaching acts of war • Cyber offense short term and Cyber Defense long term Presenter: Larry Karisny is well known in both the public and private sector as a technology innovator, advisor and renowned expert in cyber defense technology. He is a frequent contributor to Government Technology Magazine and has also written for Infosec Island, PenTest, eForencics and is often quoted in other global publications. He is a sought-after speaker at industry summits and conferences as a session lead and moderator covering the subject of cybersecurity. He acts a Director of the cybersecurity think tank, ProjectSafety.org As Director of ProjectSafety.org, Mr. Karisny independently sought out unique Proof of Concept (POC), Intrusion Prevention System (IPS), Intrusion Detection System (IDS), security technological approaches to current cybersecurity solutions. He targeted these advanced cyber security technologies with a focus on securing critical infrastructure systems and ecosystems. His current focus is in demonstrating cybersecurity technologies that offer the capability to defend, detect and remediate malware compromises, system defects and administrative errors. His knowledge base spans from current cybersecurity technologies to Post Quantum cyber defense. His best skill set is to understand even the most complicated information in science and making it understandable to all levels of audience. He is currently involved in commercializing multiple levels of cyber defense technologies form POC to global deployment. Recorded webinar: https://youtu.be/yyVsSj946S4

Cyber security general perspective a

marukanda

Cybersecurity - Introduction and Preventive Measures

Aditya Ratnaparkhi

Cyber War, Cyber Peace, Stones and Glass Houses

Paige Rasid

Cybersecurity

Edwin A. Opare

Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...

Netpluz Asia Pte Ltd

Creating cyber forensic readiness in your organisationJacqueline Fick

Hacking the Helpdesk, Craig Clark

Service Desk Institute

Cyber Security Professionals Viewed via Supply Chain

aletarw

This research examines the issue of supply and demand for cybersecurity professionals to determine how to optimize the output of cybersecurity professionals through a supply chain. It was found that progress is impeded by the lack of a clearly defined and standardized definition of a cybersecurity worker and their associated knowledge, skills, and abilities. There is a known shortage of cybersecurity professionals that is affecting the ability of the United States to fulfil the mandate of President Obama who declared that the protection of our digital infrastructure is a national security priority. The problem with this declaration is that a literature review confirms there is no standard definition of a cybersecurity worker, associated skills, or educational requirements. The cybersecurity workforce to which we speak in this report consists of those who self-identify as cyber or security specialists as well as those who build and maintain the nation’s critical infrastructure. Considering the criticality of the national infrastructure, it is time for the US to take immediate steps to coordinate the development of the cybersecurity field and its associated workforce supply chain.

Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector

CapitolTechU

Cyber Security Awareness

M.Syarifudin, ST, OSCP, OSWP

Vulnerability Intelligence - Standing Still in a world full of change

Eoin Keary

CCA study group

IIBA UK Chapter

Cervone uof t - nist framework (1)

Stephen Abram

Case Study.pdf

DamaineFranklinMScBE

The possibilities provided by the internet in this day and times is almost limitless, fueled by presence of global networks and larger operations being performed on a daily basis coupled with people around the world who enjoy these benefits. However, the internet space is not used for peaceful reasons as it should be assumed. The growing development in technologies and substantive upgrade of programming systems has led to frequent cases of attacks by threat actors, becoming a real problem for large companies. Hence, therefore, one of the most famous cases in relation to hacking in the world was the hacking of important information on the eBay database, an online shopping store. The case study will focus on this attack. 3

What's hot

Singapore Cybersecurity Strategy and Legislation (2018)

Benjamin Ang

2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia

IGN MANTRA

Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things

Katedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski

Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)

Benjamin Ang

Cyber RisksRickWaldman

Cybersecurity-Real World Approach FINAL 2-24-16James Rutt

Lessons learned from the SingHealth Data Breach COI Report

Benjamin Ang

Cybersecurity: The Danger, the Cost, the Retaliation

PECB

Cyber security general perspective a

marukanda

Cybersecurity - Introduction and Preventive Measures

Aditya Ratnaparkhi

Cyber War, Cyber Peace, Stones and Glass Houses

Paige Rasid

Cybersecurity

Edwin A. Opare

Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...

Netpluz Asia Pte Ltd

Creating cyber forensic readiness in your organisationJacqueline Fick

Hacking the Helpdesk, Craig Clark

Service Desk Institute

Cyber Security Professionals Viewed via Supply Chain

aletarw

Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector

CapitolTechU

Cyber Security Awareness

M.Syarifudin, ST, OSCP, OSWP

Vulnerability Intelligence - Standing Still in a world full of change

Eoin Keary

What's hot (19)

Singapore Cybersecurity Strategy and Legislation (2018)

2019-09-11 Workshop incident response n handling honeynet Universitas Indonesia

Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things

Singapore Cybersecurity Strategy and Legislation (for SMU Law School 2019)

Cyber Risks

Cybersecurity-Real World Approach FINAL 2-24-16

Lessons learned from the SingHealth Data Breach COI Report

Cybersecurity: The Danger, the Cost, the Retaliation

Cyber security general perspective a

Cybersecurity - Introduction and Preventive Measures

Cyber War, Cyber Peace, Stones and Glass Houses

Cybersecurity

Are you Cyber ready? Introducing Netpluz managed cyber security - cyber intel...

Creating cyber forensic readiness in your organisation

Hacking the Helpdesk, Craig Clark

Cyber Security Professionals Viewed via Supply Chain

Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial Sector

Cyber Security Awareness

Vulnerability Intelligence - Standing Still in a world full of change

Similar to Cybercrime Bill 2014: Due Diligence

CCA study group

IIBA UK Chapter

Cervone uof t - nist framework (1)

Stephen Abram

Case Study.pdf

DamaineFranklinMScBE

chapter 1. Introduction to Information Security

elmuhammadmuhammad

Cybersecurity Roadmap Development for Executives

Krist Davood - Principal - CIO

Secrets to managing your Duty of Care in an ever- changing world. How well do you know your risks? Are you keeping up with your responsibilities to provide Duty of Care? How well are you prioritising Cybersecurity initiatives? Liability for Cybersecurity attacks sits with Executives and Board members who may not have the right level of technical security knowledge. This session will outline what practical steps executives can take to implement a Cybersecurity Roadmap that is aligned with its strategic objectives. Led by Krist Davood, who has spent over 28 years implementing secure mission critical systems for executives. Krist is an expert in protecting the interconnectedness of technology, intellectual property and information systems, as evidenced through his roles at The Good Guys, Court Services Victoria and Schiavello. The seminar will cover: • Fiduciary responsibility • How to efficiently deal with personal liability and the threat of court action • The role of a Cybersecurity Executive Dashboard and its ability to simplify risk and amplify informed decision making • How to identify and bridge the gap between your Cybersecurity Compliance Rating and the threat of court action

Internet safety and security strategies for building an internet safety wall

Commonwealth Telecommunications Organisation

Cybersecurity and continuous intelligence

NISIInstituut

Welcome to the cybersecurity & continuous intelligence knowledge slidedeck of NISI (Nederlands Instituut voor de Software Industrie). Cybersecurity & Continuous Intelligence is a broad topic, covering rules & regulation, internet, cyberwar, software, machine learning and society & trust. This slidedeck offers you a more in-depth view of this exciting area. Please contact us directly for more information via email info@nisi.nl or the contact on form on nisi.nl. Nederlands Instituut voor de Software Industrie

Combating cyber crimes chinatu

Chinatu Uzuegbu

Dealing with Information Security, Risk Management & Cyber Resilience

Donald Tabone

C4I cyber secuirty by Eric Eifert - Keynote 9.pptx

bakhtinasiriav

Cyber security for Developers

techtutorus

We Are Instructor Led Online Training Hub.Get access to the world’s best learning experience at our online learning community where millions of learners learn cutting-edge skills to advance their careers, improve their lives, and pursue the work they love. We provide a diverse range of courses, tutorials, resume formats, projects based on real business challenges, and job support to help individuals get started with their professional career.

Cyber capability brochureCybersecurity Today A fresh l.docx

faithxdunce63732

Cyber capability brochure Cybersecurity Today: A fresh look at a changing paradigm for government agencies The cyber domain presents endless opportunities to Federal agencies looking for new ways to deliver on their mission and serve citizens, while reducing operational risk. Government is investing in new and innovative technologies that will empower our nation to achieve more. Next-generation identification systems will reduce terrorist and criminal activities by improving and expanding biometric identification and criminal history information services. “Smart” electric grids will make the country more energy independent and increase the use of renewable energies. Intelligent travel systems will make air travel quicker and safer. Electronic medical records are improving access to health care and reducing costs. These investments require up-front planning and preemptive cybersecurity practices to mitigate the inherit risks associated with the advance persistent threat. However, operating in the cyber domain is not without increased risk. Our cybersecurity efforts are matched — if not outpaced — by the sophistication on the part of nimble opponents from other nations, cyber terrorists, cyber criminal syndicates, malicious insiders, cyber espionage — not to mention the inadvertent breach. For better or worse, our cybersecurity efforts are increasingly interconnected with agency mission and programs, inextricably linking daily decisions on performance, workforce management, and information sharing with threat deterrence at every level of the organization. By adopting a proactive, performance- focused, and risk-intelligent approach to cyber initiatives, leaders can help shape their organizations into more proactive, agile, and resilient organizations to protect their people, programs, and mission. Cyber: The new normal Cyber is not just a new domain, it is the new normal. Agency leaders have a critical task ahead of them to take a fresh look at their personnel, policies, processes, and systems to synchronize their cyber initiatives and empower collaboration across departments to protect people, programs, and mission. To strengthen their cyber efforts, today’s leaders are helping drive coordination across functions, agencies, and the private sector toward a shared cyber competence that enables the mission while assigning accountability. Here are some actions agencies should consider: Treat data like a monetary asset. • Understand the value of all your agency’s assets and protect what matters most to the mission and preserve the public’s trust. Follow the flow of information• inside and outside of your agency to identify vulnerabilities; strengthen every link in the chain. Do more with identity management.• Identity, Credentialing, and Access Management (ICAM) offers new opportunities to expand partnerships and add services quickly and cost-efficiently. Make cyber a performance goal.• .

Cyber risks in supply chains

Aparajita Banerjee

This primary focus of study was to investigate how cyber risks in ICT infrastructures of supply chains are managed. As its theoretical base, the study used the Adaptive Security Architecture framework that has been employed by most IT security specialists. Five experienced IT experts participated in a semi-structured interview to provide practical insights on the state of cybersecurity in supply chains operations from various industries. Their responses were analyzed based on the four stages of prediction, prevention, detection and response. This study offers a new framework that suggests cybersecurity requires anticipatory vigilance, profiling malevolence, instantaneous response and uncompromised recovery to dealing with the cyber threats posing disruptions to supply chains.

Cybersecurity Risk Governance

Dan Michaluk

Module 1- Introduction to Cybercrime.pptx

nikshaikh786

Cyber-Security-Unit-1.pptx

TikdiPatel

All About Network Security & its Essentials.pptx

Infosectrain3

Information Technology Security Basics

Mohan Jadhav

Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya

Martin M

STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017

Maurice Dawson

This is the most essential programme of the year around the dangers of cybercrime and how to manage safety within the most indispensable digital sphere & technology system. The reason is that, “Looking beyond Internet of Things (IoT) to Internet of Everything there is a potential market that is approximately $14.4 trillion and over 99% of physical devices are still unconnected.” ~Mo Dawson. Your participation give you golden access to a transcending Cyberspace picture, enhanced solution oriented capabilities as an ICT expert or practitioner, Telecommunications Corporates & Companies Personnel, Aviation ICT Officials, Other Transportation controls network hubs, Business dealer in Cyberspace services provider or supplier, Academicians and researchers, Government Departments & Public service ICT systems Officials & staff, Students, general ICT security involvement and on top of that your enhanced multidimensional scope & prosperity out of this untapped gold mine is guaranteed.

Similar to Cybercrime Bill 2014: Due Diligence (20)

CCA study group

Cervone uof t - nist framework (1)

Case Study.pdf

chapter 1. Introduction to Information Security

Cybersecurity Roadmap Development for Executives

Internet safety and security strategies for building an internet safety wall

Cybersecurity and continuous intelligence

Combating cyber crimes chinatu

Dealing with Information Security, Risk Management & Cyber Resilience

C4I cyber secuirty by Eric Eifert - Keynote 9.pptx

Cyber security for Developers

Cyber capability brochureCybersecurity Today A fresh l.docx

Cyber risks in supply chains

Cybersecurity Risk Governance

Module 1- Introduction to Cybercrime.pptx

Cyber-Security-Unit-1.pptx

All About Network Security & its Essentials.pptx

Information Technology Security Basics

Regional Cyber Security Summit 2016 May 11th-13th Weston Hotel Nairobi Kenya

STAYING SAFE AND SECURED ON TODAY AND TOMORROW’S AFRICA CYBERSPACE WORKSHOP 2017

Recently uploaded

Mission to Decommission: Importance of Decommissioning Products to Increase E...

Product School

When stars align: studies in data quality, knowledge graphs, and machine lear...

Elena Simperl

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

Leading Change strategies and insights for effective change management pdf 1.pdf

OnBoard

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

Product School

The Art of the Pitch: WordPress Relationships and Sales

Laura Byrne

Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes? All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Product School

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Bits & Pixels using AI for Good.........

Alison B. Lowndes

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

PCI PIN Basics Webinar from the Controlcase Team

ControlCase

Recently uploaded (20)

Mission to Decommission: Importance of Decommissioning Products to Increase E...

When stars align: studies in data quality, knowledge graphs, and machine lear...

UiPath Test Automation using UiPath Test Suite series, part 3

JMeter webinar - integration with InfluxDB and Grafana

GraphRAG is All You need? LLM & Knowledge Graph

Monitoring Java Application Security with JDK Tools and JFR Events

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Leading Change strategies and insights for effective change management pdf 1.pdf

Essentials of Automations: Optimizing FME Workflows with Parameters

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...

The Art of the Pitch: WordPress Relationships and Sales

From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

DevOps and Testing slides at DASA Connect

Bits & Pixels using AI for Good.........

UiPath Test Automation using UiPath Test Suite series, part 4

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

PCI PIN Basics Webinar from the Controlcase Team

Cybercrime Bill 2014: Due Diligence

1. Cybercrime Bill 2014 “Due Diligence” Shiva Bissessar, BSc (Hons), MBA, MSc Managing & Technical Director Pinaka Technology Solutions +868 678 5078 spbisses@gmail.com

2. • 17 years ICT experience, 5 of which in Senior Professional roles delivering major Telecommunications and Information Security projects. • 2008: Founding member of Information Security focused Organizational Unit. Established digital forensics lab, had oversight of vulnerability analysis and penetration testing, assisted policy development process. • M.Sc. Information Security comes from University College London • Information Security Advisory & ICT Programme Management In Brief

3. The Caribbean Is Immune…Is it? • Feb 2014: NGC issues Invitation to prequalify document for Audit Services citing: “Information and Communication Technology, Systems and Controls review” and “CYBERCrime” (Trinidad) • Nov 2013: TSTT issues Network & Session Initiation Protocol (SIP) Security Audit RFP. Prior news reports speak to several mobile and bypass fraud activities (Trinidad) • Nov 2013: Flow identifies cybersecurity as a major threat (Jamaica) • Mar 2012: LIME Internet infrastructure attacked (Barbados)

4. What Happens If An Attack Originates From Your Organization?

5. Cybercrime Bill 2014, Section 23 "Offence by body corporate" Where a body corporate commits an offence under this Act and the Court is satisfied that a director, manager, secretary or other similar officer of the body corporate, or any person who purports to act in such capacity– (a) connived in or consented to the commission of the offence; or (b) failed to exercise due diligence to prevent the commission of the offence, the director, manager, secretary or other similar officer or person purporting to act in that capacity also commits the offence.

6. Information Security Governance Required • This now places responsibility and accountability on an individual within the organization to ensure that said organizations’ ICT infrastructure, processes and people do not pose a threat to the public network and its constituents which also includes “critical infrastructure” elements.

7. I’m Safe…Bought Latest Hardware Solution

8. Securing People and Processes • Information Security must become part of Risk Management strategy. • Senior/Executive management must have oversight and be responsible for the Information Security Governance. • Information Security must be properly aligned with organizational structure and organizational behaviour. • Information Security specific roles • Change user behaviours to foster culture of Information Security.

9. Securing People and Processes • Information Security at design stage of project’s System Development Life Cycle • Continuous awareness of the evolution of external (and internal) threats. • When incidents do occur proper escalation procedures and remediation efforts need to be put in place. • Controls and response in accordance with International Information Security standards such as ISO 27001 (2013).

10. Are you prepared?

Cybercrime Bill 2014: Due Diligence

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to Cybercrime Bill 2014: Due Diligence

Similar to Cybercrime Bill 2014: Due Diligence (20)

More from Shiva Bissessar

More from Shiva Bissessar (8)

Recently uploaded

Recently uploaded (20)

Cybercrime Bill 2014: Due Diligence