The document discusses strategies for integrating cybercrime prevention into an organization's overall anti-crime approach. It outlines common cybercrimes in South Africa, highlights key aspects of the Electronic Communications and Transactions Act, and emphasizes the importance of good information governance. The presentation recommends implementing proactive measures like understanding internal and external threats, defining security roles, establishing policies and procedures, collaborating with law enforcement, and educating users. The overarching message is that organizations must take cybersecurity as seriously as physical security to effectively combat cybercrime.
Integrating the prevention of cyber crime into the overall anti-crime strateg...Jacqueline Fick
Integrating the prevention of cybercrime into the overall anti-crime strategies of your organisation. Broad overview of the South African law that applies to cyber. Value of information governance and a hands-on approach to the detection and prevention of cyber crime in your organisation.
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
This webinar illustrates:
- The responsibility to appoint a CISO
- Application security program (internal and external) and review by the CISO
- Overview of the risk assessment policy and procedures
- Setting up a program specific to your organization's information systems and business operations
- Identifying cyber threats and how to incorporate controls
- Maintaining an audit trail to include detection and responses to cybersecurity events
- How ISO 27001 and vsRisk can provide the right tools to help you implement a successful program that meets compliance requirements
A recording of the webinar can be found here:
https://www.youtube.com/watch?v=URfAd2E37Eo
To become compliant with upcoming GDPR, organisations cannot rely solely on rules, these will protect against the known threats, while Machine Learning protects from the unknown.
Funded by City Bridge Trust, the #CyberSafeLambeth initiative offers free GDPR training for charities in Lambeth
Individuals that lead in IT within charities will be able to attend free General Data Protection Regulation (GDPR) compliance and cybersecurity training, where they will be given expert guidance, support and instruction, thanks to new funding by City Bridge Trust.
#CyberSafeLambeth is a training programme that educates IT Manager level staff in local charities about GDPR and offers insight and knowledge to overcome cybersecurity threats and work more effectively.
The in-depth training programme will run across a number of days and will educate Lambeth-based charity IT professionals about key aspects of cybersecurity and the implications of GDPR, which comes into force from 25 May 2018.
The programme, which is being funded by City Bridge Trust, will require all trainees to commit to help at least one other, smaller Lambeth charity through The Integrate Agency CIC’s innovative ‘Hire a Volunteer’ platform.
This world class training opportunity will be available for Lambeth-based IT manager level charity professionals. Each will be taught about threats and trends within the industry, providing them with the skills and know how to confidently meet the requirements for GDPR.
Eoin Heffernan, Founder of Integrate said: “We are delighted to be able to offer cybersecurity training to local charities and reach out to train charity IT professionals working in the London Borough of Lambeth.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
This webinar provides an overview of:
- The principle of accountability and what it means
- Applying the principle of accountability
- Developing policies and procedures that comply with the Regulation
- Raising GDPR awareness and providing employees with training
- The board's responsibility to appoint a dedicated data privacy team of DPO
- The requirement to conduct data privacy audits and impact assessments
A recording of this webinar is available here:
https://www.youtube.com/watch?v=6KGeMwz7jro&feature=youtu.be
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
This webinar discusses the following:
- The specific situation in which organisations are required to appoint a DPO
- The DPO's relation to the controller, processor and senior management/the board
- The responsibilities of the DPO
- The function of data protection impact assessment under the GDPR
- The legal requirements for appointing a DPO
A recording of this webinar is available here:
https://www.youtube.com/watch?v=U06aooC-MRU
Integrating the prevention of cyber crime into the overall anti-crime strateg...Jacqueline Fick
Integrating the prevention of cybercrime into the overall anti-crime strategies of your organisation. Broad overview of the South African law that applies to cyber. Value of information governance and a hands-on approach to the detection and prevention of cyber crime in your organisation.
NY State's cybersecurity legislation requirements for risk management, securi...IT Governance Ltd
This webinar illustrates:
- The responsibility to appoint a CISO
- Application security program (internal and external) and review by the CISO
- Overview of the risk assessment policy and procedures
- Setting up a program specific to your organization's information systems and business operations
- Identifying cyber threats and how to incorporate controls
- Maintaining an audit trail to include detection and responses to cybersecurity events
- How ISO 27001 and vsRisk can provide the right tools to help you implement a successful program that meets compliance requirements
A recording of the webinar can be found here:
https://www.youtube.com/watch?v=URfAd2E37Eo
To become compliant with upcoming GDPR, organisations cannot rely solely on rules, these will protect against the known threats, while Machine Learning protects from the unknown.
Funded by City Bridge Trust, the #CyberSafeLambeth initiative offers free GDPR training for charities in Lambeth
Individuals that lead in IT within charities will be able to attend free General Data Protection Regulation (GDPR) compliance and cybersecurity training, where they will be given expert guidance, support and instruction, thanks to new funding by City Bridge Trust.
#CyberSafeLambeth is a training programme that educates IT Manager level staff in local charities about GDPR and offers insight and knowledge to overcome cybersecurity threats and work more effectively.
The in-depth training programme will run across a number of days and will educate Lambeth-based charity IT professionals about key aspects of cybersecurity and the implications of GDPR, which comes into force from 25 May 2018.
The programme, which is being funded by City Bridge Trust, will require all trainees to commit to help at least one other, smaller Lambeth charity through The Integrate Agency CIC’s innovative ‘Hire a Volunteer’ platform.
This world class training opportunity will be available for Lambeth-based IT manager level charity professionals. Each will be taught about threats and trends within the industry, providing them with the skills and know how to confidently meet the requirements for GDPR.
Eoin Heffernan, Founder of Integrate said: “We are delighted to be able to offer cybersecurity training to local charities and reach out to train charity IT professionals working in the London Borough of Lambeth.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
This webinar provides an overview of:
- The principle of accountability and what it means
- Applying the principle of accountability
- Developing policies and procedures that comply with the Regulation
- Raising GDPR awareness and providing employees with training
- The board's responsibility to appoint a dedicated data privacy team of DPO
- The requirement to conduct data privacy audits and impact assessments
A recording of this webinar is available here:
https://www.youtube.com/watch?v=6KGeMwz7jro&feature=youtu.be
Appointing a Data Protection Officer under the GDPRIT Governance Ltd
This webinar discusses the following:
- The specific situation in which organisations are required to appoint a DPO
- The DPO's relation to the controller, processor and senior management/the board
- The responsibilities of the DPO
- The function of data protection impact assessment under the GDPR
- The legal requirements for appointing a DPO
A recording of this webinar is available here:
https://www.youtube.com/watch?v=U06aooC-MRU
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
The Future of the Modern Workplace Event 2019 - Data Security and ProtectionAtlas_Cloud
Event partners Ward Hadaway walk us through the latest in data security and protection law with two very insightful presentations delivered across the three events.
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
Shared with permission from author. Analysis from individual members of OASIS, presented at a recent meeting of the OASIS Cyber Threat Intelligence TC (the development platform for STIX/TAXII). Extracted from a broader set posted to: https://lists.oasis-open.org/archives/cti/201601/msg00000/_cybersecurity_act_reference-model_1.1.pptx
This information is provided for information, but does not represent the output or official views of OASIS or its technical committees..
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Data breaches
- Notification rules
- Supervisory authorities
- EU Data Protection Board
View the webinar here: https://www.youtube.com/watch?v=eww0D_y6Hfo
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
An overview of GDPR data privacy and the impact on traditional information security practices, which was presented at SecureWorld Dallas, October, 2017
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
Watch the free webinar on-demand NOW: https://info.trustarc.com/marketing-under-gdpr-webinar.html
Practical advice on what marketing activities can and can’t be done.
Marketing is an area that will be highly impacted by changes required under the GDPR, but there is a lack of clear guidance as to what the compliance requirements mean in practice. Do you need consent for everything? How can direct marketing practices comply with the GDPR and still meet business objectives?
This on-demand webinar will support privacy and marketing teams by providing practical advice on what marketing activities can and cannot be done.
#trustarcGDPRevents
Webinar Speakers
James Koons
Senior Privacy Consultant, TrustArc
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
CyNation: 7 Things You Should Know about EU GDPRIryna Chekanava
An overview of EU GDPR key characteristics, its origins and legal implications of non-compliance. It also provides the initial steps that an organisation needs to follow to operate in compliance with new cyber security regulatory landscape.
Secure Data GI - Delivering Contextual IntelligenceSkybox Security
Learn the steps to achieving complete security processes including early threat detection, real-time assessment, automation, and rapid response.
This was presentation was given with Skybox Security at Infosecurity Europe 2015.
Be careful what you wish for! How the GDPR even now it has been finalised may not solve the key problems of rthe tech community of what is personal data and what is anonymised/pseudonymous.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
The Future of the Modern Workplace Event 2019 - Data Security and ProtectionAtlas_Cloud
Event partners Ward Hadaway walk us through the latest in data security and protection law with two very insightful presentations delivered across the three events.
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
Shared with permission from author. Analysis from individual members of OASIS, presented at a recent meeting of the OASIS Cyber Threat Intelligence TC (the development platform for STIX/TAXII). Extracted from a broader set posted to: https://lists.oasis-open.org/archives/cti/201601/msg00000/_cybersecurity_act_reference-model_1.1.pptx
This information is provided for information, but does not represent the output or official views of OASIS or its technical committees..
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Data breaches
- Notification rules
- Supervisory authorities
- EU Data Protection Board
View the webinar here: https://www.youtube.com/watch?v=eww0D_y6Hfo
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
An overview of GDPR data privacy and the impact on traditional information security practices, which was presented at SecureWorld Dallas, October, 2017
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
Watch the free webinar on-demand NOW: https://info.trustarc.com/marketing-under-gdpr-webinar.html
Practical advice on what marketing activities can and can’t be done.
Marketing is an area that will be highly impacted by changes required under the GDPR, but there is a lack of clear guidance as to what the compliance requirements mean in practice. Do you need consent for everything? How can direct marketing practices comply with the GDPR and still meet business objectives?
This on-demand webinar will support privacy and marketing teams by providing practical advice on what marketing activities can and cannot be done.
#trustarcGDPRevents
Webinar Speakers
James Koons
Senior Privacy Consultant, TrustArc
To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/
CyNation: 7 Things You Should Know about EU GDPRIryna Chekanava
An overview of EU GDPR key characteristics, its origins and legal implications of non-compliance. It also provides the initial steps that an organisation needs to follow to operate in compliance with new cyber security regulatory landscape.
Secure Data GI - Delivering Contextual IntelligenceSkybox Security
Learn the steps to achieving complete security processes including early threat detection, real-time assessment, automation, and rapid response.
This was presentation was given with Skybox Security at Infosecurity Europe 2015.
details of tools and methods used in cyber crime & how to protect your system from crimes...
detail study of password cracking, Denial of service, DDoS, steganography, keylogger, proxy server, phishing etc..
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 201.docxalfred4lewis58146
Outline for an Enterprise IT Security PolicyNo NameJanuary 24, 2016
Running head: IT Security Policy Outline 1
10
Running head: BASIC PAPER TEMPLATE
Introduction
An it security policy is a strategy developed by an organization or an enterprise to protect and maintain network and resources (Bowden, 2003). It is very important that organization create a well-written policy that is geared towards dealings with threats towards availability, confidentiality and integrity. The United States Government has implemented a Cybersecurity framework, which is geared towards improving the critical infrastructure of cybersecurity (NIST, 2014). “The Framework focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organization’s risk management processes. The Framework consists of three parts: the Framework Core, the Framework Profile, and the Framework Implementation Tiers” (NIST, 2014).
In addition a proper outline for an IT Security Policy will not only address all applicable elements of the framework core and protective technologies listed in the NIST cybersecurity framework but also address relevant policies and controls from sources including the CIS critical security controls. CIS controls are recommended set of actions that helps an organization defend their infrastructure and are created by people who are highly skilled in dealing with attacks and how they work (CIS, 2015).Analysis
The national Aeronautics and Space Administration (NASA) is a government owned enterprise that organization that is responsible for the civilian space programs and is continuing to venture on to new things such as air transportation (NASA, 2015). Thus, Information technology plays is a vital part of the organizations development as they focus on increasing the productivity of scientist, engineers and mission support personnel by responsively and efficiently delivering reliable, innovative and secure IT services (NASA, 2015). According to NASA’s information technology governance (2013) “the Agency spends more than $1.5 billion annually on a portfolio of IT assets that includes approximately 550 information systems it uses to control spacecraft, collect and process scientific data, provide security for its IT infrastructure, and enable NASA personnel to collaborate with colleagues around the world.” In addition, Technical scientific information generated by NASA research, science, engineering, technology, and exploration initiatives is one of its most valuable assets and should be protected under a solid IT security policy. NASA’s has a sophisticated information infrastructure such as DAEP, SN, DSN, and NEN and supplies telecommunication services to customers across the globe.
In addition, NASA has had it share of cyber threats over the years and has since continued to develop a better IT security policy to safeguard against threats. Following 5408 computer security incidents in 2010 and 2011 the .
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INF.docxbagotjesusa
SECURITY AND SAFETY OF THE POWER GRID AND ITS RELATED COMPUTER INFORMATION SYSTEMS 1
Security and safety of the power grid and its related computer information systems
Name of the student:
Name of the institution:
There have been increased use and application of information and communication technologies in most of critical infrastructures and departments of the government. They have proved to be fundamentally significant in helping the various departments to carry out their daily activities with a lot of ease and proficiency. However, these systems have also opened quite a considerable unforeseen opportunity both positive and negative. The infrastructures have become highly efficient and flexible and this has been very beneficial to the people. On the other hand, there have been persistent problems with cybercrimes and hackers who have outsmarted the government and the set securities protocols every now and then. This has made the state lose billions of dollars in a theft of its secrets and high-level information. In this case, it is right to analyze all the general impacts that can be put in place to prevent cybercrimes as well as threats. It is hence important to validate all the necessary measures that need to be put in place in every organization. The paper will hence give recommendations that can help the named organization solve the issues mentioned.
To address this issue, proper precautions needs to be put in place. The government has to demonstrate preparedness in combating this crime both in terms of systems put in place and also the legal jurisprudence (Higgins, 2016). The US power grid system is an interconnected system that is made up of power generation, transmissions software, and its distribution with a capacity to bring down the whole economy if not well protected. The nation's department of defense (DoD) is one of the most critical and sensitive institutions that can paralyze the state if tampered with by unscrupulous individuals. The situation is even worse if there is an advanced persistent threat (APT) against computers and software that operates the western interconnection power grid. This needs an urgent measure to remove the threat immediately and avoid its reoccurrence. We recommend the following security and safety of the power grid and its related computer information systems are taken by the concerned departments:
a. Creation of a special branch that is specifically dedicated to cyber security
It is high time for the government to come up with a special branch of the military personnel that will be dedicated to fighting cybercrimes (Higgins, 2016). Its main function will be to detect cybercrime activities, to develop mechanisms to prevent cybercrimes, apprehend, arrest and align cyber criminals in a court of law.
b. Creation of special court to determine cybercrime cases
Security and safety of the power grid and its related computer information systems and those crimes associated w.
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
MeHI Privacy & Security Webinar 3.18.15MassEHealth
Top Reason Why Providers Fail Meaningful Use Audits: Inadequate Security Risk Analysis
Providers are losing incentive dollars by not meeting the Meaningful Use Privacy & Security Measure.
Get on track with your Security Risk Assessment and attest to Meaningful Use with MeHI’s support & solutions:
• Assess your practice’s privacy and security status
• Develop remediation plans to resolve gaps
• Communicate resolution steps to the providers involved
• Track progress in addressing outstanding issues
Let us help you conduct a security risk analysis and address deficiencies and potential threats and ensure that your practice is compliant and that patient data is safe-guarded.
Get The Information Here For Mobile Phone Investigation ToolsParaben Corporation
Mobile phone investigation tools are essential for uncovering crucial evidence stored within smartphones. These sophisticated software solutions meticulously analyze call logs, text messages, GPS data, and app usage, aiding law enforcement and corporate investigators alike in solving crimes and identifying security breaches. With their advanced capabilities, they ensure thorough scrutiny and effective resolution, contributing significantly to justice and security in the digital age.
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region.
INTRODUCTION
What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
Car Accident Injury Do I Have a Case....Knowyourright
Every year, thousands of Minnesotans are injured in car accidents. These injuries can be severe – even life-changing. Under Minnesota law, you can pursue compensation through a personal injury lawsuit.
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
Military Commissions details LtCol Thomas Jasper as Detailed Defense Counsel
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
1. Integrating the prevention
of cybercrime into the
overall anti-crime
strategies of your
organisation
Africa Cybercrime Security
Conference
31 March 2011
Adv Jacqueline Fick
www.pwc.com
2. PwC
Agenda
• Common cybercrimes in South Africa
• Getting to grips with the Electronic Communications and
Transactions Act
• The value of information governance
• Implementing a pro-active strategy in your organisation: a hands-
on approach to dealing with cybercrime
2
March 2011Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
3. PwC
Common cybercrimes in South Africa
• Unauthorised access (s86(1))
• Unauthorised modification of data and various forms of malicious
code (s86(2))
• Denial of Service Attacks (S86(5))
• Devices used to gain unauthorised access to data (s86(4))
• Child pornography
• Computer-related fraud
• Copyright infringement
• Industrial espionage
• Piracy
• Online gambling (leave to appeal pending)
• Phishing/identity theft
3
March 2011
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
4. PwC
Phishing attacks
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
4
March 2011
RSA statistics for February 2011
RSA Online Fraud Reports show that
South Africa does not fall within the
top ten countries hosting phishing
attacks, but features high on the list
of top ten countries by attack volume.
For thirteen (13) consecutive months
the US, UK and South Africa have
been the top three targets for mass
phishing.
(RSA Online Fraud Report – March
2011)
5. PwC
Getting to grips with the Electronic
Communications and Transactions Act, No. 25 of
2002 (ECT Act)
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
5
March 2011
6. PwC
The ECT ACT
'data message' means data generated, sent, received or stored by
electronic means and includes-
(a) voice, where the voice is used in an automated transaction; and
(b) a stored record;
15 Admissibility and evidential weight of data messages
(1) In any legal proceedings, the rules of evidence must not be applied
so as to deny the admissibility of a data message, in evidence-
(a) on the mere grounds that it is constituted by a data message; or
(b) if it is the best evidence that the person adducing it could
reasonably be expected to obtain, on the grounds that it is not
in its original form.
(2) Information in the form of a data message must be given due
evidential weight.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
6
March 2011
7. PwC
The ECT ACT
In assessing the evidential weight of a data message, regard must be
had to-
(a) the reliability of the manner in which the data message was
generated, stored or communicated;
(b) the reliability of the manner in which the integrity of the data
message was maintained;
(c) the manner in which its originator was identified; and
(d) any other relevant factor.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
7
March 2011
8. PwC
CHAPTER XIII: ECT ACT
'access' includes the actions of a person who, after taking note of any
data, becomes aware of the fact that he or she is not authorised to
access that data and still continues to access that data.
86 Unauthorised access to, interception of or interference
with data
(1) Subject to the Interception and Monitoring Prohibition Act, 1992,
(Act 129 of 1992) a person who intentionally accesses or
intercepts any data without authority or permission to do so, is
guilty of an offence.
(2) A person who intentionally and without authority to do so,
interferes with data in a way which causes such data to be
modified, destroyed or otherwise rendered ineffective, is guilty of
an offence.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
8
March 2011
9. PwC
CHAPTER XIII: ECT ACT
(3) A person who unlawfully produces, sells, offers to sell, procures for
use, designs, adapts for use, distributes or possesses any device,
including a computer program or a component, which is designed
primarily to overcome security measures for the protection of data,
or performs any of those acts with regard to a password, access code
or any other similar kind of data with the intent to unlawfully utilise
such item to contravene this section, is guilty of an offence.
(4) A person who utilises any device or computer program mentioned
in subsection (3) in order to unlawfully overcome security measures
designed to protect such data or access thereto, is guilty of an
offence.
(5) A person who commits any act described in this section with the
intent to interfere with access to an information system so as to
constitute a denial, including a partial denial, of service to
legitimate users is guilty of an offence.Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
9
March 2011
10. PwC
CHAPTER XIII: ECT ACT
87 Computer-related extortion, fraud and forgery
(1) A person who performs or threatens to perform any of the acts
described in section 86, for the purpose of obtaining any unlawful
proprietary advantage by undertaking to cease or desist from such
action, or by undertaking to restore any damage caused as a result
of those actions, is guilty of an offence.
(2) A person who performs any of the acts described in section 86 for
the purpose of obtaining any unlawful advantage by causing fake
data to be produced with the intent that it be considered or acted
upon as if it were authentic, is guilty of an offence.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
10
March 2011
11. PwC
The value of good information governance
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
11
March 2011
12. PwC
The value of good information governance
• IT is the foundation on which we operate our businesses and
information is fast becoming the most valuable asset an organisation
has.
• The value of information has also led to businesses focusing more on
the information or data they host, process or use than on the
technology employed to perform these functions.
• Need for risk management.
• The IT risk environment is influenced by both internal and external
factors and measures must be put in place to ensure the protection,
confidentiality, availability and authenticity of information, to govern
the use of external service providers to host/process data, to regulate
the access to company networks from remote locations and off
course, to be sensitive to the threat of cyber attacks such as hacking,
identity theft, cyber espionage, denial of service attacks, computer-
related fraud and extortion.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
12
March 2011
13. PwC
Definitions
Information Governance
• King III: … an emerging discipline with an evolving definition.
• Wikipedia: … a set of multi-disciplinary structures, policies,
procedures, processes and controls implemented to manage
information on all media in such a way that it supports the
organisations immediate and future regulatory, legal, risk,
environmental and operational requirements.
• …an enterprise-wide strategy and framework that establishes the
policies, responsibilities and decision-making processes controlling
the use of information owned, or accessed by a business. The goal
should be to balance risk avoidance, cost reduction and increased
business value. Information Governance should also be structured
in such a way as to easily adapt to organisational demands, changes
in technology and be flexible to provide for new information.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
13
March 2011
14. PwC
The value of good information governance
• Information governance involves a balanced approach designed to
meet the needs of the organisation and all of its stakeholders,
including its customers, shareholders and regulators. Furthermore,
information governance is one component of an organisation’s wider
enterprise information management strategy, which itself should be
directly aligned with the overall business strategy. (SAS White Paper
http://www.eurim.org.uk/activities/ig/SAS_WhitePaper.pdf)
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
14
March 2011
15. PwC
Implementing a pro-active strategy in your
organisation: A hands-on approach to dealing
with cybercrime
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
15
March 2011
16. PwC
Implementing a pro-active strategy in your
organisation: A hands-on approach to dealing
with cybercrime
• Cyber security is just as important as physical security.
• Relationship between physical and network security.
• Know and understand your organisation:
• This includes an understanding of the external environment and
the threats facing the organisation. It also refers to a thorough
understanding of the internal environment and the way the
organisation operates – its employees, levels of staff morale,
business partners of the organisation, service providers, etc.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
16
March 2011
17. PwC
Implementing a pro-active strategy in your
organisation: A hands-on approach to dealing
with cybercrime
• Define security roles and responsibilities:
• Although security should be everyone within an organisation’s
concern, ownership of information security should be assigned to
specific individuals, coupled with the necessary levels of authority
and accountability. To assist with the process it is recommended
that security roles and responsibilities be incorporated into job
descriptions and that performance in terms of these areas be
measured accordingly.
• Ensure that you have proper policies and procedures in place for the
use of IT.
• Establish clear processes to enable end-users to report suspected
cybercrimes.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
17
March 2011
18. PwC
Implementing a pro-active strategy in your
organisation: A hands-on approach to dealing
with cybercrime
• Effective public private partnerships:
• The effective control of cybercrime requires more than just
cooperation between public and private security agencies. The
role of the communications and IT industries in designing
products that are resistant to crime and that facilitate detection
and investigation is also of critical importance. To effectively
address cyber crime also calls for a less re-active and more pro-
active approach to the prevention, detection, investigation and
prosecution of these crimes.
• Value of intelligence: Exchange information with law
enforcement agencies. Know your opponent and use the
information to develop and update security policies. Think like a
hacker.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
18
March 2011
19. PwC
Implementing a pro-active strategy in your
organisation: A hands-on approach to dealing
with cybercrime
• Stay up to date:
• Maintain awareness of new developments in both technology and
services. Use a risk-based approach to determine when it would
be necessary to upgrade or adapt current systems and processes to
accommodate new developments.
• Continuous auditing and assessment of process:
• It is recommended that a process of continuous auditing be
implemented to ensure that the strategy remains aligned to
business objectives, adapts to changes in technology or identified
threats, and to allow for the analysis of information that is
gathered from the different implemented controls.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
19
March 2011
20. PwC
Practical Guidelines and Tips
• Email is more than messages. It contains personal information,
contact lists, sensitive company information, etc. Email policies:
• Do not open suspicious emails.
• Use spam filters.
• Encrypt important files or records.
• Choose complex passwords and change your password regularly.
The Post-it problem.
• Back up regularly.
• Install powerful anti-virus and firewall software and keep it up to
date. Regularly update security patches.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
20
March 2011
21. PwC
Practical Guidelines and Tips
• Create good habits such as deleting your temporary internet files
and cookies. This protects against hackers who can access your
accounts from where you have been on the internet.
• Turn off your computer and modem/disconnect from the internet
when not in use.
• Know what information you have, where it is stored and who has
access thereto.
• Be wary to provide personal information via a website you are not
familiar with.
• Never allow strange or unfamiliar individuals to use your computer,
not even if they say they are from the IT department!
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
21
March 2011
22. PwC
Practical Guidelines and Tips
• Educate users:
• Teach IT users how to identify cyber threats and how to respond.
• Share security information with all users of IT in the organisation.
• Read up on the latest ways hackers create phishing scams to gain
access to your personal information.
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
22
March 2011
23. PwC
In summary
• Organisations need to realise the true value of information.
• Cyber criminals steal information.
• We can only effectively combat cybercrime if we share information
and collaborate.
• Know your opponent.
• Be pro-active and not re-active.
• Implement good information governance principles in your
organisation.
• Educate all IT users.
• Protect your information with the same vigour as you protect
physical property, brand names, money, etc!
Integrating the prevention of cyber crime into the overall anti-crime strategies of your organisation
23
March 2011