Michael Goldsmith and I presented an overview of cybersecurity capacity building and current research findings for delegates from across the Commonwealth nations. The first section of slides introduces the Global Cyber Security Capacity Centre (GCSCC), and the second part presents a comparative analysis of the status and impact of capacity building.
Presentation on the analysis of cybersecurity capacity building, finding a clear impact of capacity building on a reduction in end user problems and enhanced use by individuals, governments, and business.
A presentation to the 2019 meeting of the Global Forum on Cyber Expertise (GFCE) in Addis Ababa, October 2019, entitled 'The Shaping and Impacts of Cyber Security Capacity'. The slides are updated since the conference to reflect revised multivariate path analyses.
Message to White House to take Cyber Security seriously - from MITDavid Sweigert
Uploaded as a courtesy by:
Dave Sweigert
In light of increasingly apparent, potentially catastrophic online threats to national security, experts from around the country and globe are emphasizing the government's need to act, and invest, accordingly.
This week, cross-disciplinary leaders in security research have come forward to urge the Trump administration to start fortifying U.S. cybersecurity before it's too late, starting with our key infrastructure. In a collaborative report by MIT’s Internet Policy Research Initiative at the Computer Science and Artificial Intelligence Laboratory (CSAIL) with the Center for International Studies, experts outlined a variety of steps and considerations for helping protect Americans on the digital front, where the cost of attacks has been soaring [PDF].
Based in part on a series of industry-led workshops exploring the concerns of various large U.S. firms, the report warns government that skimping on investment and innovation in cybersecurity for American infrastructure could be very costly business soon. “The nation will require a coordinated, multi-year effort to address deep strategic weaknesses in the architecture of critical systems, in how those systems are operated, and in the devices that connect to them,” the authors commented in in a press release. “But we must begin now. Our goal is action, both immediate and long-term.”
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: Cybersecurity for Government Contractors
Presenter: Robert Nichols, Partner, Covington & Burling LLP
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks ESADE
The process of globalization, the emergence of new powers, and the increasing relevance of non-state actors are creating a multipolar and interconnected world. In the international arena, political and ideological diversity among the most relevant parties, diffusion of power, and the impact of changing global economics have added complexity to the geopolitical landscape. Businesses now operate in a much more difficult, heterogeneous environment.
This publication has been prepared by Zurich Insurance Group Ltd and ESADE.
Section 1: Emerging technologies will fundamentally change the nature of cyber risk.
Section 2: An inadequate global cyber governance framework.
Section 3: Toward a new governance framework: challenges and opportunities.
It's Time to Rethink Your Endpoint StrategyLumension
Today's IT network is more distributed and virtual than ever with the increased use of remote endpoints and cloud-based applications. And increasingly sophisticated malware is targeting the information stored on and accessed by these endpoints and applications. The security status quo has left organizations managing a multitude of products – and has not reduced the IT risk. This series examines the evolving threat landscape, why current defenses are decreasing in effectiveness and what key strategies you can implement to shift from the status quo and improve security from zero-day and targeted attacks, while also simplifying and reducing the costs of managing the endpoint environment.
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. ReefBoston Global Forum
This conference was an official event to establish the Global Citizenship Education Network (GCEN) between UNESCO, UCLA and the Boston Global Forum (BGF) . We had several important dialogues concerning Global Citizenship Education in Cyber Civil Defense
Presentation on the analysis of cybersecurity capacity building, finding a clear impact of capacity building on a reduction in end user problems and enhanced use by individuals, governments, and business.
A presentation to the 2019 meeting of the Global Forum on Cyber Expertise (GFCE) in Addis Ababa, October 2019, entitled 'The Shaping and Impacts of Cyber Security Capacity'. The slides are updated since the conference to reflect revised multivariate path analyses.
Message to White House to take Cyber Security seriously - from MITDavid Sweigert
Uploaded as a courtesy by:
Dave Sweigert
In light of increasingly apparent, potentially catastrophic online threats to national security, experts from around the country and globe are emphasizing the government's need to act, and invest, accordingly.
This week, cross-disciplinary leaders in security research have come forward to urge the Trump administration to start fortifying U.S. cybersecurity before it's too late, starting with our key infrastructure. In a collaborative report by MIT’s Internet Policy Research Initiative at the Computer Science and Artificial Intelligence Laboratory (CSAIL) with the Center for International Studies, experts outlined a variety of steps and considerations for helping protect Americans on the digital front, where the cost of attacks has been soaring [PDF].
Based in part on a series of industry-led workshops exploring the concerns of various large U.S. firms, the report warns government that skimping on investment and innovation in cybersecurity for American infrastructure could be very costly business soon. “The nation will require a coordinated, multi-year effort to address deep strategic weaknesses in the architecture of critical systems, in how those systems are operated, and in the devices that connect to them,” the authors commented in in a press release. “But we must begin now. Our goal is action, both immediate and long-term.”
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: Cybersecurity for Government Contractors
Presenter: Robert Nichols, Partner, Covington & Burling LLP
REPORT Risk Nexus - Global Cyber Governance: Preparing for New Business Risks ESADE
The process of globalization, the emergence of new powers, and the increasing relevance of non-state actors are creating a multipolar and interconnected world. In the international arena, political and ideological diversity among the most relevant parties, diffusion of power, and the impact of changing global economics have added complexity to the geopolitical landscape. Businesses now operate in a much more difficult, heterogeneous environment.
This publication has been prepared by Zurich Insurance Group Ltd and ESADE.
Section 1: Emerging technologies will fundamentally change the nature of cyber risk.
Section 2: An inadequate global cyber governance framework.
Section 3: Toward a new governance framework: challenges and opportunities.
It's Time to Rethink Your Endpoint StrategyLumension
Today's IT network is more distributed and virtual than ever with the increased use of remote endpoints and cloud-based applications. And increasingly sophisticated malware is targeting the information stored on and accessed by these endpoints and applications. The security status quo has left organizations managing a multitude of products – and has not reduced the IT risk. This series examines the evolving threat landscape, why current defenses are decreasing in effectiveness and what key strategies you can implement to shift from the status quo and improve security from zero-day and targeted attacks, while also simplifying and reducing the costs of managing the endpoint environment.
BGF-UNESCO-at-UCLA conference - Cyber security Incidents by Rodman K. ReefBoston Global Forum
This conference was an official event to establish the Global Citizenship Education Network (GCEN) between UNESCO, UCLA and the Boston Global Forum (BGF) . We had several important dialogues concerning Global Citizenship Education in Cyber Civil Defense
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...Boston Global Forum
This conference was an official event to establish the Global Citizenship Education Network (GCEN) between UNESCO, UCLA and the Boston Global Forum (BGF) . We had several important dialogues concerning Global Citizenship Education in Cyber Civil Defense
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
In this joint presentation for the ISSA-LA Summit X in Los Angeles, Jennifer Rathburn, a cybersecurity and data privacy law expert at Foley & Lardner LLP and William Dixon, Associate Managing Director in Kroll's Cyber Risk practice, highlight three incident response scenarios and tips on breach preparation and response.
To learn more, contact Jennifer or William at:
Jennifer Rathburn, Foley & Lardner LLP
jrathburn@foley.com; 414-297-5864
William Dixon, Kroll, a Division of Duff & Phelps
william.dixon@kroll.com; 213-247-3973
New York DFS proposed cybersecurity regulationsBrunswick Group
Groundbreaking cybersecurity regulations proposed this month by the New York State Department of Financial Services would impose significant new compliance responsibilities. The proposed regulations raise the bar for communications and public affairs professionals in particular around cybersecurity planning and response.
The proposed regulations far surpass existing federal or state regulations on cybersecurity, and will require a deeper approach and greater integration between legal, communications, and technology planning and strategies.
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
Symantec Intelligence Report - October 2014Symantec
The number of spear phishing attacks per day continues to trend downward over the last twelve months, coming in at 45 per day in October. Of the attachments used in such email-based attacks, the .doc attachment type comprised 62.5 percent and .exe attachments made up 14.4 percent. Of the industries attacked, the category of Finance, Insurance, and Real Estate received 28 percent of all spear phishing attempts in the month of October, followed by Manufacturing at 17 percent.
The largest data breach that was disclosed in October took place back in July. This breach had previously been reported; however, we learned this month that the breach resulted in the exposure of identities within 76 million households, plus information on an additional seven million small businesses.
In the Mac threat landscape, OSX.Okaz was the most frequently encountered OSX risk seen on OSX endpoints, making up 28.8 percent of OSX risks. OSX.Okaz is an adware program that may modify browser homepage and search settings.
Finally, ransomware as a whole continues to decline as the year progresses. However, the amount of crypto-style ransomware seen continues to increase. This particularly aggressive form of ransomware made up 55 percent of all ransomware in the month of October.
Major global information security trends - a summarySensePost
Presentation by Luc de Graeve at internetix in 2004.
This presentation is a summery of global information security trends in the business environment .The presentation begins with an introduction to major global trends. Legal Issues, threats, technologies and solutions are discussed
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
The New York Department of Financial Services (NYDFS) is expected to pass a proposed cybersecurity regulation in January 2017, called "Cybersecurity Requirements for Financial Services Companies".
In the light of the imminent regulatory update, most financial institutions, and insurance providers are preparing to comply with the fundamental requirements that the NYDFS will likely adopt.
In this webinar, we covered:
- Explanations of the regulation’s key legal requirements;
- How the regulation interacts with other data security laws;
- Industry best practices for securing data;
- The value of online compliance training.
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Group
Cybersecurity is a business critical risk not just an IT issue. The reputational damage of a cyber breach is often less than the technical damage inflicted, the money lost, or the regulatory fines. With new threats proliferating at startling speed how companies respond to an attack can be more important than the attack itself. The good news is that companies can seize this challenge to differentiate themselves from the competition and earn a greater level of trust from stakeholders.
Learn more about the four steps companies can take to build their reputational resilience to cyber attack.
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
Consider a logical cross reference or grouping for Cybersecurity Framework subcategories. This could make an assessment easier and more meaningful.
The Cybersecurity Framework identifies categories and subcategories of practice, processes, and activities to be used in a cyber security assessment. But, categories often house unrelated subcategories and subcategories are dependent on other subcategories across various categories.
This presentation describes coordination of federal biometric and identity management activities, and was given at the 2009 Biometric Consortium Conference.
Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...Carolin Weisser
This presentation was given by Prof Michael Goldsmith and Dr Patricia Esteve-González, both from the Global Cyber Security Capacity Centre (GCSCC), University of Oxford, at the 2020 Global Cybersecurity Capacity Building Conference in Melbourne, 18 February 2020.
The presentation includes:
- Mission, purpose and impact of the GCSCC
- Lessons learned from implementing the Cybersecurity Capacity Maturity Model for Nations (CMM) around the world
- The shaping and impacts of cybersecurity capacity: What is the status of cybersecurity capacity building? What factors are shaping capacity building within nations? What are the implications of capacity building for nations?
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
• Current trends in Cyber attacks
• FFIEC Cyber Assessment Toolkit
• NIST Cybersecurity Framework principles
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
BGF-UNESCO-at-UCLA conference - Madness - The dynamics of International Cyber...Boston Global Forum
This conference was an official event to establish the Global Citizenship Education Network (GCEN) between UNESCO, UCLA and the Boston Global Forum (BGF) . We had several important dialogues concerning Global Citizenship Education in Cyber Civil Defense
Supporting the global efforts in strengthening the safety, security and resilience of Cyberspace, the Commonwealth Cybersecurity Forum 2013, organised by the Commonwealth Telecommunications Organisation. The ceremonial opening examined how Cyberspace could be governed and utilised in a manner to foster freedom and entrepreneurship, while protecting individuals, property and the state, leading to socio-economic development. Speakers of this session, Mr Mario Maniewicz, Chief, Department of Infrastructure, Enabling Environment and E-Applications, ITU; Mr David Pollington, Director, International Security Relations, Microsoft; Mr Alexander Seger, Secretary, Cybercrime Convention Committee, Council of Europe; Mr Nigel Hickson, Vice President, Europe, ICANN and Mr Pierre Dandjinou, Vice President, Africa, ICANN, added their perspectives on various approaches to Cybergovernance, with general agreement on the role Cyberspace could play to facilitate development equitably and fairly across the world.
Hosted by the Ministry of Posts and Telecommunications of Cameroon together with the Telecommunications Regulatory Board of Cameroon and backed by partners and industry supporters including ICANN, Council of Europe, Microsoft, MTN Cameroon, AFRINIC and Internet Watch Foundation, the Commonwealth Cybersecurity Forum 2013 seeks to broaden stakeholder dialogue to facilitate practical action in Cybergovernance and Cybersecurity, some of which will be reflected in the CTO’s own work programmes under its Cybersecurity agenda.
Presentation for March 2017 webcast by NIST.
www.nist.gov/cyberframework
Webcast video: https://www.nist.gov/news-events/events/2017/03/cybersecurity-framework-virtual-events
This presentation introduces the audience to the Framework for Improving Critical Infrastructure Cybersecurity (“The Framework”). It provides a brief history about why and how the Framework was developed, and an understanding of each of the three primary Framework components (the Core, Implementation Tiers, and Profiles). It covers potential benefits of Framework, and how the Framework can be used. It highlights industry resources, progress in Roadmap areas, and future direction of the Framework program.
The Science and Art of Cyber Incident Response (with Case Studies)Kroll
In this joint presentation for the ISSA-LA Summit X in Los Angeles, Jennifer Rathburn, a cybersecurity and data privacy law expert at Foley & Lardner LLP and William Dixon, Associate Managing Director in Kroll's Cyber Risk practice, highlight three incident response scenarios and tips on breach preparation and response.
To learn more, contact Jennifer or William at:
Jennifer Rathburn, Foley & Lardner LLP
jrathburn@foley.com; 414-297-5864
William Dixon, Kroll, a Division of Duff & Phelps
william.dixon@kroll.com; 213-247-3973
New York DFS proposed cybersecurity regulationsBrunswick Group
Groundbreaking cybersecurity regulations proposed this month by the New York State Department of Financial Services would impose significant new compliance responsibilities. The proposed regulations raise the bar for communications and public affairs professionals in particular around cybersecurity planning and response.
The proposed regulations far surpass existing federal or state regulations on cybersecurity, and will require a deeper approach and greater integration between legal, communications, and technology planning and strategies.
Strategic Leadership for Managing Evolving Cybersecurity RisksMatthew Rosenquist
2014 NSF Cybersecurity Summit keynote presentation from Matthew Rosenquist, Cybersecurity Strategist for Intel Corp.
Cybersecurity is difficult. It is a serious endeavor which strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk have matured and expanded on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the challenges, organizational opportunities, and explore best practices to align investments in security to the risk appetite of an organization.
Symantec Intelligence Report - October 2014Symantec
The number of spear phishing attacks per day continues to trend downward over the last twelve months, coming in at 45 per day in October. Of the attachments used in such email-based attacks, the .doc attachment type comprised 62.5 percent and .exe attachments made up 14.4 percent. Of the industries attacked, the category of Finance, Insurance, and Real Estate received 28 percent of all spear phishing attempts in the month of October, followed by Manufacturing at 17 percent.
The largest data breach that was disclosed in October took place back in July. This breach had previously been reported; however, we learned this month that the breach resulted in the exposure of identities within 76 million households, plus information on an additional seven million small businesses.
In the Mac threat landscape, OSX.Okaz was the most frequently encountered OSX risk seen on OSX endpoints, making up 28.8 percent of OSX risks. OSX.Okaz is an adware program that may modify browser homepage and search settings.
Finally, ransomware as a whole continues to decline as the year progresses. However, the amount of crypto-style ransomware seen continues to increase. This particularly aggressive form of ransomware made up 55 percent of all ransomware in the month of October.
Major global information security trends - a summarySensePost
Presentation by Luc de Graeve at internetix in 2004.
This presentation is a summery of global information security trends in the business environment .The presentation begins with an introduction to major global trends. Legal Issues, threats, technologies and solutions are discussed
How to Approach the NYDFS Proposed Cybersecurity RequirementsKyle Brown
The New York Department of Financial Services (NYDFS) is expected to pass a proposed cybersecurity regulation in January 2017, called "Cybersecurity Requirements for Financial Services Companies".
In the light of the imminent regulatory update, most financial institutions, and insurance providers are preparing to comply with the fundamental requirements that the NYDFS will likely adopt.
In this webinar, we covered:
- Explanations of the regulation’s key legal requirements;
- How the regulation interacts with other data security laws;
- Industry best practices for securing data;
- The value of online compliance training.
Brunswick Intelligence - Building reputational resilience to cyber attackBrunswick Group
Cybersecurity is a business critical risk not just an IT issue. The reputational damage of a cyber breach is often less than the technical damage inflicted, the money lost, or the regulatory fines. With new threats proliferating at startling speed how companies respond to an attack can be more important than the attack itself. The good news is that companies can seize this challenge to differentiate themselves from the competition and earn a greater level of trust from stakeholders.
Learn more about the four steps companies can take to build their reputational resilience to cyber attack.
Information technology is a complex business, at best. While IT can provide amazing benefits, it still requires vigilance and diligence to ensure it is running correctly and that it is secure. A security framework can be an excellent tool to evaluate what you might be missing and confirm that what you are already doing is spot-on correct. This session will discuss the importance of using security frameworks and walk attendees through the NIST Cyber Security Framework to review how the framework functions, how to use a framework, and most importantly, how the use of a framework can and will benefit their organization.
Consider a logical cross reference or grouping for Cybersecurity Framework subcategories. This could make an assessment easier and more meaningful.
The Cybersecurity Framework identifies categories and subcategories of practice, processes, and activities to be used in a cyber security assessment. But, categories often house unrelated subcategories and subcategories are dependent on other subcategories across various categories.
This presentation describes coordination of federal biometric and identity management activities, and was given at the 2009 Biometric Consortium Conference.
Lessons Learned from Implementing the Cybersecurity Capacity Maturity Model f...Carolin Weisser
This presentation was given by Prof Michael Goldsmith and Dr Patricia Esteve-González, both from the Global Cyber Security Capacity Centre (GCSCC), University of Oxford, at the 2020 Global Cybersecurity Capacity Building Conference in Melbourne, 18 February 2020.
The presentation includes:
- Mission, purpose and impact of the GCSCC
- Lessons learned from implementing the Cybersecurity Capacity Maturity Model for Nations (CMM) around the world
- The shaping and impacts of cybersecurity capacity: What is the status of cybersecurity capacity building? What factors are shaping capacity building within nations? What are the implications of capacity building for nations?
Securing Fintech: Threats, Challenges & Best PracticesUlf Mattsson
Cyber attacks have increased in frequency and severity, and financial institutions are particularly interesting targets to cyber criminals. Join this presentation to learn the latest cybersecurity threats and challenges plaguing the financial industry, and the policies and solutions your organization needs to have in place to protect against them.
Viewers will learn:
• Current trends in Cyber attacks
• FFIEC Cyber Assessment Toolkit
• NIST Cybersecurity Framework principles
• Security Metrics
• Oversight of third parties
• How to measure cybersecurity preparedness
• Automated approaches to integrate Security into DevOps
About the Presenter:
Ulf Mattsson is the Chief Technology Officer of Security Solutions at Atlantic BT, and earlier at Compliance Engineering. Ulf was the Chief Technology Officer and a founder of Protegrity, He invented the Protegrity Vaultless Tokenization, Data Type Preservation (DTP2) and created the initial architecture of Protegrity's database security technology. Prior to Protegrity, Ulf worked 20 years at IBM in software development and in IBM's Research organization, in the areas of IT Architecture and Security, and received a US Green Card of class ‘EB 11 – Individual of Extraordinary Ability’ after endorsement by IBM. Ulf is the inventor of more than 45 patents in the areas of Encryption, Policy Driven Data Encryption, Internal Threat Protection, Data Usage Control and Intrusion Prevention
Hear how security pros are responding and adapting to increased attacks and breaches, including facilitating more comprehensive cyber threat management strategies and best practices and the increasing investments and resource utilization to mitigate these challenges. Listen to the webinar, based on the Cybersecurity Resource Allocation & Efficacy (CRAE) Index study for Q1 2021, from CyberRisk Alliance Business Intelligence to hear the panel of experts:
•Review survey results from CRAE Index’s Q1 global research study;
•Discuss the latest trends on proactive and reactive cybersecurity; and
•Hear insights on what lies ahead.
Capitol Tech Talk Feb 17 2022 Cybersecurity Challenges in Financial SectorCapitolTechU
Slides from a webinar presented by Capitol Technology University on Feb 17 2022 with Dr. Susan Goodwin presenting on "Cybersecurity Challenges in the Financial Sector."
National cybersecurity capacity building framework for countries in a transit...Mohamed Ben Naseir
National Cybersecurity Capacity Building Framework for Countries in a Transitional Phase
Topics: Business Modeling and Business Process Management; Maturity Models for EA Artefacts and Processes; Models and Frameworks
In Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS, 841-849, 2020.
A SYSTEMATIC REVIEW ON MACHINE LEARNING INSIDER THREAT DETECTION MODELS, DATA...IJNSA Journal
Computers are crucial instruments providing a competitive edge to organizations that have adopted them. Their pervasive presence has presented a novel challenge to information security, specifically threats emanating from privileged employees. Various solutions have been tried to address the vice, but no exhaustive solution has been found. Due to their elusive nature, proactive strategies have been proposed of which detection using Machine Learning models has been favoured. The choice of algorithm, datasets and metrics are cornerstones of model performance and hence, need to be addressed. Although multiple studies on ML for insider threat detection have been done, none has provided a comprehensive analysis of algorithms, datasets and metrics for development of Insider Threat Detection models. This study conducts a comprehensive systematic literature review using reputable databases to answer the research questions posed. Search strings, inclusion and exclusion criteria were set for eligibility of articles published in the last decade.
Cyber Risk Management in 2017: Challenges & RecommendationsUlf Mattsson
https://www.brighttalk.com/webcast/14723/234829?utm_source=Compliance+Engineering&utm_medium=brighttalk&utm_campaign=234829 :
With cyber attacks on the rise, securing your data is more imperative than ever. In future, organizations will face severe penalties if their data isn’t robustly secured. This will have a far reaching impact for how businesses deal with security in terms of managing their cyber risk.
Join this presentation to learn the cyber security controls prescribed by regulation, how this impacts compliance, and how cyber risk management helps CISOs understand the degree these controls are in place and where to prioritize their cyber dollars and ensure they are not at risk for fines.
Viewers will learn:
- The latest cybercrime trends and targets
- Trends in board involvement in cybersecurity
- How to effectively manage the full range of enterprise risks
- How to protect against ransomware
- Visibility into third party risk
- Data security metrics
The International Association of Risk and Compliance Professionals (IARCP) today announced a major revision of the Certified Information Systems Risk and Compliance Professional (CISRCP) certification program.
Nube, Cumplimiento y Amenazas avanzadas: Consideraciones de Seguridad para la...Cristian Garcia G.
El panorama de amenazas en evolución basado en nuestro ISTR (Reporte de Anual de Amenazas en Internet Vol. 24) recientemente publicado, refleja las últimas tendencias y cómo se aplican a Colombia y América Latina. Las principales tendencias de transformación digital, como la nube y la movilidad, junto con los nuevos desafíos de seguridad han cambiado el panorama de ciberseguridad por lo que la estrategia debe enfocarse en términos de riesgos clave, regulaciones y hallazgos sobre la madurez de la seguridad. Recomendaciones para enfocar y mejorar las posturas de ciberseguridad para abordar estas tendencias, incluidos los marcos clave, las tecnologías, los procesos y los cambios culturales son parte integral de los pasos a seguir.
Cybersecurity is difficult. It is a serious endeavor which over time strives to find a balance in managing the security of computing capabilities to protect the technology which connects and enriches the lives of everyone. Characteristics of cyber risk continue to mature and expand on the successes of technology innovation, integration, and adoption. It is no longer a game of tactics, but rather a professional discipline, continuous in nature, where to be effective strategic leadership must establish effective and efficient structures for evolving controls to sustain an optimal level of security.
This presentation will discuss the emerging challenges as it analyzes the cause-and-effect relationships of factors driving the future of cybersecurity.
At the EDIST 2017 the OEB outlined the upcoming Cyber Security Framework for all LDCs in Ontario. The official announcement is to be published sometime early March this year.
Webcast outlines how IT security and operations can address top security concerns and challenges and adapt to new technologies and trends surrounding the endpoint.
2013 Data Protection Maturity Trends: How Do You Compare?Lumension
In 2012 we found out that the BYOD environment and consumerization of the workplace had turned traditional notions of corporate IT upside down. The 2013 Data Protection Maturity Report will highlight how organizations have managed this trend over the last year and what steps are being taken in 2013 to further enhance data security. Find out how IT teams are developing a holistic model that encompasses policy, education, technology and enforcement.
Within this slide deck, we look at each of data protection trends, helping you define your organization’s best practice guide to address the top concerns. We will also be showing you how you can gauge the maturity of your security systems, allowing you to plug any holes before your valuable data starts to leak through them.
Form Responses 1TimestampUntitled QuestionRisk TableRisk IDID Da.docxalisondakintxt
Form Responses 1TimestampUntitled Question
Risk TableRisk IDID DateCause(s) Risk NameConsequenceRisk DetailsRisk Owner (Responsible Person or Group)ProbabilityImpactRisk ScoreResponse Action TypeResponse Actions111/6/22Internet problemstechnologicalZero access to systemsPoor internet Due to ISP issuesInternet providerLikelyMinorAcceptable Risk: MediumTransfer Automaic recover211/6/22incorrect information/dataData lossincomplete information/dataData in transit is corruptedcloud service providerUnlikelyMajorAcceptable Risk: MediumAvoiduse of software that will check the integrity of data311/6/22Denial of servicevendorrevenue loss/ system outageusers cannot access the systemvendorLikelyMajorAcceptable Risk: MediumTransfer Automaic recover411/6/22Cloud servive management interfaceRemote access to management interfacesince cloud service is public it posses a risk that hackers can access the systems remotelymost of te management activities are connected through the cloud and if hacked can couse major problemscloud service providerVery LikelyMajorUnacceptable Risk: HighAvoidimplement protection mechanisms511/6/22Programming errortechnologicalSofware sizes to workinability to have any work doneBallot OnlineVery LikelyMinorAcceptable Risk: LowAvoidhave a fall back option611/6/22data lossData lossboth company and client data lostoccurs when no back up facility has been initiatedcloud service providerUnlikelyModerateAcceptable Risk: LowMitigate There has to be a back up system put in place711/6/22Information that is stored by the cloud service provider is compromisedData breachcompany data become publicly accesiblecloud service provider does not take breach seriouly by faling to conduct testscloud service providerLikelyMajorUnacceptable Risk: Extremely HighAvoidobtain assurance from the provider that such a risk cannot occur811/6/22password breacheither insider or outsiderunauthorized accesspassword being to weakPersonel or IT departmentVery LikelyMajorUnacceptable Risk: HighMitigate come up with a strict password policy911/6/22data breachhackers/ vendorcompromized dataoccurs when sensitive data has been exposedcloud service providerVery LikelyMajorUnacceptable Risk: Extremely HighTransfer Data monitoring1011/6/22fire/floodenviromentalproperty damageextream weather or distastersBallot Online/ cloud service providerUnlikelyMajorUnacceptable Risk: Extremely HighAcceptDistaster recovery measuresSelect OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect One Select OneSelect OneSelect OneSelect On.
Executive panel discussion at the 2010 BDPA Technology Conference on "Federal IT Initiatives".
Panel members: John James (US Navy), Bob Whitkp (US Navy), Tony McMahon (IRS) and Dr. Anthony Junior (US Navy)
Bill Dutton's presentation to the 2022, 7th international SEARCH conference, at Taylor's University, Malaysia, focusing on his concept of a Fifth Estate.
Bill Dutton's presentation on cybersecurity capacity building and work on cybersecurity in working from home (WFH). Is cybersecurity a problem or enabler for WFH?
Overview of the research project entitled 'Changing Workplaces: Implications for Cybersecurity', conducted by the GCSCC in collaboration with GrapeData.
A presentation underpinning a discussion with participants in the wide-area network (WAN) summit held on 26 September 2022 in London at the QEII. It is based on initial descriptive results of a 2022 global survey of over 7,000 internet users on their workplaces prior to the COVID-19 pandemic, during the pandemic, and currently. Questions also address the cybersecurity issues they faced during each stage of the pandemic. The rise of working from home and hybrid working are clear along with declines in office work and the use of decentralised offices. The survey was designed by our research team at the Global Centre for Cybersecurity Capacity Building at the University of Oxford in collaboration with Grape Data, a new and innovative survey research organisation, which fielded the survey.
Presentation for the Seminar on Contemporary Issues of Communication and Culture, Escola de Sociologia e Políticas Públicas, Lisbon University Institute, Lisbon, Portugal, 29 April 2021.
Slides for a talk for the School of Social and Political Sciences and Department of Communication, University of Indonesia, Jakarta, 21 April 2021. I was asked to discuss digital citizenship, and did so from the perspective of the Fifth Estate.
My presentation online entitled 'Power Corrupts', for a seminar on Freedom of Expression on the Net: Implications of Banning Trump from Social Media, 1 February 2012.
MSU is in a position to take a lead in research on the role of next generation broadcasting standards in the use and impact of public broadcasting. This presentation seeks to provide the context and prospects for research on the next generation of public broadcasting.
Presentation on fake news, filter bubbles, and echo chambers for representatives of media and regulatory agencies at Palace Foz (Lisbon), 9 April 2018, by Bill Dutton.
These slides provide the basic talking points for a series of talks I did in Paris, Rome and Berlin from the 11th through the 13th of July 2017. The talk was based on the Quello Center project on 'The Part Played by Search in Shaping Public Opinion', which was supported by a grant from Google.
Talk on 'Political Transformations in Network Societies: The Internet, Power Shifts, and the Fifth Estate' for presentation for students and faculty of CIES, University Institute of Lisbon, Portugal, 9 March 2017.
Presentation on paper with Bianca Reisdorf on 'Cultural Divides and Digital Inequalities: Attitudes Shaping Internet and Social Media Divides', at the 44th Research Conference on Communications, Information and Internet Policy, George Mason University, Arlington Virginia, September 30, 2016.
More from Oxford Martin Centre, OII, and Computer Science at the University of Oxford (20)
ER(Entity Relationship) Diagram for online shopping - TAEHimani415946
https://bit.ly/3KACoyV
The ER diagram for the project is the foundation for the building of the database of the project. The properties, datatypes, and attributes are defined by the ER diagram.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
1. Cybersecurity Capacity Building:
Lessons Learned
Prof Michael Goldsmith – Co-Director and Senior Research Fellow
Professor William H. Dutton – Oxford Martin Fellow
Oxford Martin School, 18 February 2020
2. At the Heart of Oxford • A research programme at the Oxford Martin
School
• Part of the Cyber Security research network
at the University of Oxford
• Partnership and collaboration with the
Department of Computer Science,
Department of Sociology, Oxford Internet
Institute, Said Business School and others
4. The 5 DIMENSIONS
of Cybersecurity
Capacity
D 5
Standards
Organisations,
and
Technologies
D 3
Cybersecurity
Education,
Training and
Skills
D 1
Cybersecurity
Policy
and Strategy
D 2
Cyber
Culture
and Society
D 4
Legal and
Regulatory
Frameworks
6. Aspect 2
Indicator Q
Indicator P
Indicator O
Indicator N
Indicator M
Indicator L
Indicator K
Indicator J
Indicator I
Indicator H
Indicator G
Indicator F
Indicator E
Indicator D
Indicator C
Indicator B
Indicator A
Start-up
Formative
Established
Strategic
Dynamic
5 STAGES of Maturity
7. Stakeholder
clusters
Academia, Civil
Society groups &
Internet
Governance Criminal Justice &
Law Enforcement
Defence &
Intelligence
Community
Government
Ministries
Legislators/Policy
OwnersCSIRT and IT
leaders
(Government &
Private)
Critical National
Infrastructure
Private Sector &
Businesses
Cyber Task Force
International
Partners
Stakeholder Clusters
8. Brazil
Colombia
Ecuador
Jamaica
+ 2 Regional
Studies by the
OAS
Botswana
Burkina Faso
Cabo Verde
Cameroon
Cote d’Ivoire
The Gambia
Ghana
Lesotho
Liberia
Madagascar
Bangladesh
Bhutan
Kyrgyzstan
Indonesia
Myanmar
Thailand
Sri Lanka
Status: January 2020
Fiji
Kiribati
Micronesia
Samoa
Papua New Guinea
Tonga
Vanuatu
Albania
Armenia
Bosnia & Herzegovina
Cyprus
Georgia
Iceland
Kosovo
Lithuania
Macedonia
Montenegro
Serbia
Switzerland
UK
Over 80 National Cybersecurity Capacity Reviews
Mauritius
Namibia
Niger
Nigeria
Senegal
Sierra Leone
Tunisia
Uganda
Zambia
9. Melbourne, Australia
Cape Town, South Africa
Cybersecurity Capacity Centre for Southern Africa
Consortium of University of Cape Town,
Research ICT Africa, the Norwegian Institute of
International Affairs (NUPI) and the GCSCC
Constellation of Regional
Cybersecurity Capacity
Research Centres
10. Lessons Learnt
• Policy and Strategy: Misperception of the role of the CSIRT.
• Culture and Society: Lack of awareness and of understanding of the
relationship between trust/confidence and security.
• Education and Training: Disconnect between educational offerings and
industry needs.
• Bada et al. (2018): study of 6 countries with lack of national programme for
raising awareness, and low ICT literacy levels. The authors link low awareness
to increasing cybercrime indicators.
• Legal Frameworks: Question whether new cybercrime/cybersecurity
legislation is needed or adapting existing law is sufficient.
• Standards: Standards adoption (particularly ISO standards) mostly ad-hoc.
• Overall: Lack of cooperation and information-sharing; resources; data
collection challenges.
11. • Countries found the reviews informative and helpful in identifying
previously under-considered capacity gaps.
• Diverse stakeholder groups enables comprehensive picture in report
development.
• Review itself as capacity-building exercise and allowed discussions
among different stakeholders.
• Various lessons learned across all five dimensions of cybersecurity
capacity.
The Impact of a CMM Assessment
12. • There are cybersecurity challenges not reflected on the current CMM.
• Workshop to discuss suggested changes and gather your feedback
(this Thursday at Fitzroy Ballroom, Sofitel Melbourne on Collins).
• The revised CMM will consider backwards comparability.
• Research outputs.
Revision of the CMM to Keep its Robustness
13.
14. Research on Cybersecurity Capacity:
1. What is the status of capacity building?
2. What factors shape the development of capacity?
3. What are the implications of capacity building?
15. The Shaping and Impacts of
Cyber Security Capacity
Prof S. Creese‡, Dr P. Esteve-González*, Dr R. Shillair†,
and Prof W.H. Dutton*
‡ Founding Director, GCSCC, University of Oxford
* Oxford Martin Fellows, GCSCC, University of Oxford
† Assistant Professor, Quello Centre, Michigan State University &
GCSCC Research Associate
16. Research Model in Dutton et al. (2020)*
*Dutton, W.H., Creese, S., Shillair, R., and Bada, M. (2020). Cybersecurity Capacity: Does It
Matter? Journal of Information Policy, 9, 280-306.
Diffusion
(centrality)
Indicators of
Cyber Security
Capacity
Wealth
End User
Cyber Security
Problems
Size (scale)
Scale
17. Data
This study based on data from field research at the aspect level for 62
countries where the CMM was implemented (2015-2019).
• 31 countries from CMM assessments – collection of data by field
research (GCSCC and strategic & implementation partners).
• 31 countries in IDB and OAS (2016)* – collection of data by an online
survey.
*Inter-American Development Bank and Organization of American States (2016).
Cybersecurity. Are we ready in Latin America and the Caribbean? Cybersecurity Report
2016. Available at https://publications.iadb.org/en/cybersecurity-are-we-ready-latin-
america-and-caribbean (25 June 2019, last accessed).
18. Region Obs. Income (WB) Obs.
Africa 10 Low and lower-medium 22
America 31 Low: 6
Asia 6 Lower-medium: 16
Eastern Europe 5 Upper-medium 30
Europe 4 High 10
South Caucasus 2
Oceania 4
Total 62 Total 62
Countries in the Sample
62 countries where the CMM was applied (2015-2019)
19. The Cyber Security Capacity (CSC) Indicator
Our strategy is to summarize the CMM data on the maturity stage of
47 aspects through an overall average maturity stage that we name
Cybersecurity Capacity (CSC).
• Factors’ average maturity stages were calculated from their
corresponding aspects.
• Dimensions’ average maturity stage were calculated from their
corresponding factors.
• CSC was calculated as the average maturity stage of all dimensions.
20. Alternative indicators Correlation with CSC (N)
Global Cybersecurity Index (ITU) 0.61 (61)
Networked Readiness Index (WEF) 0.76 (50)
Secure Servers (Netcraft) 0.79 (61)
Software Spending (Global Innovation Index) 0.53 (39)
Cyber Security Capacity (CSC) related to
other Cybersecurity Indicators
Pearson’s correlation coefficients, number of observations in
parentheses. All correlations have statistical significance <.001.
21. What is the status of
cybersecurity capacity building?
24. Results of Multivariate Regressions to
Explain Cyber Security Capacity (CSC)
Robust standard errors in parentheses. Symbols +, *, **, *** indicate, correspondingly, levels of
significance at 0.1, 0.05, 0.01, 0.001.
CSC
Number of Users (log) 0.12***
(0.03)
Percentage of Users 0.01**
(0.00)
GDP per capita (log) 0.14*
(0.05)
Constant -1.55**
(0.51)
N 62
R-Squared 0.67
25.
26. What are the implications of
capacity building for nations?
27. *p<.05; **p<.01; ***p<.001
Impact of CSC on End User Cyber Security Problems
(Piracy and Encounter Rates)
Figure 1: Cyber Security Capacity and Impact on Threats
32. • Sample of nations indicates most nations in the early
phases of capacity building.
• Capacity shaped by the scale and centrality of the
Internet and wealth of nations – a capacity divide
• National choices on building capacity have implications
for end-user problems, citizens’ perception of freedom,
as well as the vitality of ICT adoption and usage.
• Cybersecurity capacity needs to be prioritized in the
political agenda to address needs to raise maturity and
avoid inequalities across nations and regions.
Cybersecurity Divide and Global Gap
Dimension: The 5 dimensions represent the clusters of cybersecurity capacity through which the Capacity Centre analyses the nuances of capacity. They represent the different research ‘lenses’ through which cybersecurity capacity is studied. Accordingly, the most fundamental structure of the CMM is divided into dimensions, which consist of a number of factors.
These five dimensions cover the broad expanse of areas that should be considered when seeking to enhance cybersecurity capacity. We recognise that these dimensions may overlap with one another on certain issues, and indeed the Capacity Centre hopes to understand the interdependences between cybersecurity capacities as it conducts more national capacity reviews. Within each dimension, there are several factors, aspects, stages of maturity, and indicators of cybersecurity capacity, each of which is defined as follows:
CMM
The GCSCC will work closely with the Local Host, who is made up of staff from the government organisation with which the agreement was drawn up, in organising the CMM review process.
The Local Host is responsible to identify the relevant stakeholders and schedule consultations in coordination with the GCSCC. The following participants constitute several clusters of stakeholders, which should be invited to the consultations:
We will make sure that the new version of the CMM is backward compatible with the previous version of the CMM.
Come and see Cybil in the Basecamp
Ask Cybil a question and win a bottle of Ginger Beer from Oxford
Meet the Portal Advisory Group and give feedback to one of its members
The GCSCC has developed the Cybersecurity Capacity Maturity Model for Nations (CMM) as a model to facilitate the assessment of the maturity of a country’s cybersecurity capacity.
Developed in consultation with over two hundred international experts drawn from governments, international organisations, academia, public & private sectors and civil society, the CMM reviews cybersecurity capacity across five dimensions:
The GCSCC has developed the Cybersecurity Capacity Maturity Model for Nations (CMM) as a model to facilitate the assessment of the maturity of a country’s cybersecurity capacity.
Developed in consultation with over two hundred international experts drawn from governments, international organisations, academia, public & private sectors and civil society, the CMM reviews cybersecurity capacity across five dimensions:
The GCSCC has developed the Cybersecurity Capacity Maturity Model for Nations (CMM) as a model to facilitate the assessment of the maturity of a country’s cybersecurity capacity.
Developed in consultation with over two hundred international experts drawn from governments, international organisations, academia, public & private sectors and civil society, the CMM reviews cybersecurity capacity across five dimensions:
The GCSCC has developed the Cybersecurity Capacity Maturity Model for Nations (CMM) as a model to facilitate the assessment of the maturity of a country’s cybersecurity capacity.
Developed in consultation with over two hundred international experts drawn from governments, international organisations, academia, public & private sectors and civil society, the CMM reviews cybersecurity capacity across five dimensions:
Before running the full model the multi-variable constructs were tested for validity and reliability. We used confirmatory factor analysis to test both the indicators of cybersecurity capacity and end user cyber security problems. The data satisfactorily passed the tests, indicating both the capacity indicators and the end user problems were reliable. Full details are in the paper since I don’t have time to go over those in depth here.
The overall model was tested using structural equation methods (using SmartPLS- a partial least squares method of analysis). This helped us better see the impacts of the variables on each other. Again, further details of model strength and validity indicators are in the paper.
In looking at scale- the total population and number of Internet users were closely tied together. No surprises there. And in looking at diffusion’s impact to investment in capacity- there is a strong positive relationship- with a beta of .437
The GDP per capita was also a and this generally carried through to a higher investment in the elements of cyber security capacity.
The “ of Cyber Security Capacity” are the items that specifically address capacity that are a part of the investment by the nations that have a higher GDP per capita. So you can see that of the -.457 (beta) .370 (beta) can be accounted for by the cyber security capacity elements.
Before running the full model the multi-variable constructs were tested for validity and reliability. We used confirmatory factor analysis to test both the indicators of cybersecurity capacity and end user cyber security problems. The data satisfactorily passed the tests, indicating both the capacity indicators and the end user problems were reliable. Full details are in the paper since I don’t have time to go over those in depth here.
The overall model was tested using structural equation methods (using SmartPLS- a partial least squares method of analysis). This helped us better see the impacts of the variables on each other. Again, further details of model strength and validity indicators are in the paper.
In looking at scale- the total population and number of Internet users were closely tied together. No surprises there. And in looking at diffusion’s impact to investment in capacity- there is a strong positive relationship- with a beta of .437
The GDP per capita was also a and this generally carried through to a higher investment in the elements of cyber security capacity.
The “ of Cyber Security Capacity” are the items that specifically address capacity that are a part of the investment by the nations that have a higher GDP per capita. So you can see that of the -.457 (beta) .370 (beta) can be accounted for by the cyber security capacity elements.
Before running the full model the multi-variable constructs were tested for validity and reliability. We used confirmatory factor analysis to test both the indicators of cybersecurity capacity and end user cyber security problems. The data satisfactorily passed the tests, indicating both the capacity indicators and the end user problems were reliable. Full details are in the paper since I don’t have time to go over those in depth here.
The overall model was tested using structural equation methods (using SmartPLS- a partial least squares method of analysis). This helped us better see the impacts of the variables on each other. Again, further details of model strength and validity indicators are in the paper.
In looking at scale- the total population and number of Internet users were closely tied together. No surprises there. And in looking at diffusion’s impact to investment in capacity- there is a strong positive relationship- with a beta of .437
The GDP per capita was also a and this generally carried through to a higher investment in the elements of cyber security capacity.
The “ of Cyber Security Capacity” are the items that specifically address capacity that are a part of the investment by the nations that have a higher GDP per capita. So you can see that of the -.457 (beta) .370 (beta) can be accounted for by the cyber security capacity elements.
The GCSCC has developed the Cybersecurity Capacity Maturity Model for Nations (CMM) as a model to facilitate the assessment of the maturity of a country’s cybersecurity capacity.
Developed in consultation with over two hundred international experts drawn from governments, international organisations, academia, public & private sectors and civil society, the CMM reviews cybersecurity capacity across five dimensions: