Cyber Security : Law and Guidance.

Intro -- Preface -- Dedication -- Bibliography -- Table of Statutes -- Table of Statutory Instruments -- Table of Cases -- 1. THREATS -- Cyber criminals -- States and State-sponsored threats -- Terrorists -- Hacktivists -- Script Kiddies -- 2. VULNERABILITIES -- An expanding range of devices -- Poor cyber hygiene and compliance -- Insufficient training and skills -- Legacy and unpatched systems -- Availability of hacking resources -- 3. THE LAW -- Introduction -- International instruments -- Convention 108 -- Council of Europe Convention on Cybercrime -- European and European Union-level instruments -- The Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR) -- European Court of Human Rights (ECtHR) and the application of the ECHR to privacy and data protection -- Case law of the ECtHR (on privacy and security) -- Treaty of Lisbon and the EU Charter of Fundamental Rights and Freedoms -- The EU's General Data Protection Regulation (GDPR) -- E-privacy Directive and Regulation -- Payment Service Directive 2 (PSD2) -- Regulation on electronic identification and trust services for electronic transactions in the internal market (eIDAS) -- The Directive on security of network and information systems (NIS Directive) -- UK's legislation -- The UK's Human Rights Act 1998 (HRA) -- Data Protection Bill (Act) (2018) -- The Privacy and Electronic Communications (EC Directive) Regulations (PECR) -- Regulation of Investigatory Powers Act (RIPA, 2000), Data Retention and Regulation of Investigatory Powers Act (DRIPA, 2014), Investigatory Powers Act (IPA, 2016) -- Computer Misuse Act (CMA) -- CMA in practice -- A focus on The Computer Misuse Act -- Territorial Scope -- Sections 4 and 5 -- 4. HOW TO DEFEND -- Active Cyber Defence -- What is good active cyber defence? -- Building a more secure Internet -- Protecting organisations.

The supply chain, a potential leaky chain in your armour -- Social engineering, your number one threat -- Malware, a sneaky nightware -- Your company website, your continually exposed gateway to the world -- Removable media and optical media, danger comes in small cheap packages -- Passwords and authentication, the primary gatekeeper -- Smartphones, it is in reality a pocket PC -- Cloud security, more secure than on-premise? Well it depends -- Patching and vulnerability management, a never-ending battle -- Governance, risk and compliance, dry but it can work if done properly -- Protecting our critical national infrastructure and other priority sectors -- Changing public and business behaviours -- Managing incidents and understanding the threat -- 5. PRIVACY AND SECURITY IN THE WORKPLACE -- Introduction -- Legal instruments on data protection and security in the workplace -- Role of the employer -- The definition of an employee and a workplace -- Nature of the processed data -- Legal ground for processing personal data -- Data protection and security requirements extend to all medias -- Companies are responsible for the data security practices of their processors -- Roles of the controller and the processor -- Training and Awareness -- Privacy Matters, Even in Data Security -- Identity and Access Management (IAM) - Limit access to data -- Remote workers -- Execution and applicability of the data protection rights -- 6. SECURITY IN THE BUILT ENVIRONMENT -- Introduction -- Programme/Project Security -- Set up -- Supply Chain Management -- NCSC Principle for Supply Chain Security -- Internal assurance and governance -- Building Information Modelling -- Physical Security -- Electronic Security (including cyber) -- Cyber -- Summary -- 7. THE IMPORTANCE OF POLICY AND GUIDANCE IN DIGITAL COMMUNICATIONS -- Introduction -- The Value of policies.

The Extent of the Issue -- Key considerations for policy generation -- Systems Deployment -- Ownership and Right to Monitor -- Managed Circulation -- Use of Digital Communications for Personal Purposes -- User Guidance -- Damaging Comments -- Presentation and Content, Including Confidentiality -- Constituents of System Abuse -- Conclusions -- 8. THE C SUITE PERSPECTIVE ON CYBER RISK -- Organisational Ramifications of Cyber Risk -- Assigning Accountability -- Setting Budgets -- Building a CxO-Led Cyber Strategy -- Summary and Outlook -- 9. CORPORATE GOVERNANCE MIND MAP -- Disclosing Data Breaches To Investors -- Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches -- Trade Secrets -- Threats -- Cybersecurity - Security Management Controls -- IT Strategy -- Governance Structure -- Organisational Structures and HR Management -- IT Policies and Procedures -- Resource Investments and Allocations -- Portfolio Management -- Risk Management -- IT Controls -- Personnel and Training -- Physical Security of Cyber Systems -- Systems Security Management -- Recovery Plans for Cyber Systems -- Configuration Change Management and Vulnerability Assessments -- Information Protection -- 10. INDUSTRY SPECIALISTS IN-DEPTH REPORTS -- Mobile Payments -- Key technical and commercial characteristics of mobile payments -- Complex regulatory landscape -- Key technical characteristics of authentication -- Key commercial characteristics of mobile payment authentication -- Information security risks of mobile payments to consumers -- Information security risks of mobile payments to the payment system -- Legislative framework governing payment authentication in Europe -- Regulation of strong consumer authentication -- Other sources of EU guidance -- Legislative framework governing payment authentication in the United States.

Industry standards governing payment authentication do not exist in the context of mobile payments -- Competition law and mobile payments 00207Conclusion -- Electric Utilities: Critical Infrastructure Protection and Reliability Standards -- Electric Utilities as a part of critical infrastructure -- Electric utilities as a kind of industrial automation and control system -- Current state and further evolution of electricity infrastructure - Smart Grid -- Sources of cybersecurity issues for electric power infrastructure -- Known cyberattacks on electric utilities -- Why guidelines and standards for the protection of electric utilities matter -- The recommended practice: improving industrial control system cybersecurity with defence-in-depth strategies by ICS-CERT of the US Department of Homeland Security -- The electricity subsector cyber-security risk management process by the US Department of Energy -- The NERC critical infrastructure protection cybersecurity standards -- The ISA99/IEC 62443 series of standards for industrial automation and control systems security -- Electricity subsector cyber-security capability maturity model (ES-C2M2) by the US Department of Energy -- Critical infrastructure cybersecurity framework by the US NIST and implementation guidance for the energy sector -- Security for Industrial Control Systems guidance by the UK National Cyber Security Centre -- Manufacturing -- Introduction: Genba, Greek mythology and cyber security -- Think Money Group and UK Financial Services -- Introduction -- How severe could the impact of a cyber-attack be? -- How Should Organisations Tackle the Challenge of Cyber Attacks? -- Regulator Focus within the UK -- Other Threats and Challenges Facing Retail Banking -- Appendix 1 -- Toward Energy 4.0 -- The Energy Sector: moving to the age of Smart and Digitalised Markets -- The Ukrainian case.

The legal developments in the European Union -- The NIS Directive and Energy -- The Clean Energy for all Europeans -- Beyond the US and the EU -- The sectorial and silos strategies versus the multi-sector horizontal approach -- An analysis of the energy sub sectors: strengths, weaknesses and law -- Conclusions and the way forward -- Aerospace, Defence and Security Sector -- Introduction -- Comparing Civilian and Military Cyber Security Sectors -- The Digital Age and the Digital Battlespace -- Offensive Cyber Capability -- Benefit and Threat -- Opportunities for the ADS Sector -- Evolution of the Threat -- Corporations on the Frontline -- Example of Proliferation - Stuxnet -- A new weapon -- Example of Civilian Infrastructure under attack - Ukraine Power Grid -- Wider concerns -- Example of Criminal Attacks at Scale - SWIFT Payment Network -- Performance of the ADS Sector in Cyber Security -- Notable cyber security events in the ADS sector -- Cyber Security in non-Government sectors: Missed Opportunity? -- Banking - in the Emirates -- Introduction -- The People: Building a solid team -- The Process: Building a program -- In Closing -- Healthcare -- Introduction -- What is Wannacry? -- What is ransomware? -- How the Department and the NHS responded -- Key findings -- Practical Points: Prevention and Protection -- Selling or buying your healthcare practice - things to look out for in the due diligence -- Medical Devices -- Introduction -- Conclusions and recommendations -- 11. SOCIAL MEDIA AND CYBER SECURITY -- Introduction -- What is Social Media and why does it matter? -- Who are the key social media players? -- Fake News and why it matters -- The Weaponising of Social Media -- Digital profiling -- Data Protection -- What is to be done? -- As individuals or individual businesses, what needs to be done?.

12. INTERNATIONAL LAW AND INTERACTION BETWEEN STATES.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2023. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.