Article

The Development of Policies for the Protection of Critical Information Infrastructures (CII)

Authors:
To read the full-text of this research, you can request a copy directly from the author.

Abstract

The 2006 OECD study offers an analysis of the CII security policies in four countries: Canada, Korea, the United Kingdom, and the United States - with a focus on the drivers for and challenges to their development.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the author.

... For government sector it might be (1) Unclassified (2) Sensitive but unclassified (3) Restricted (4) Confidential (5) Secret (6) Top Secret. For other sectors it may be like Traffic Light Protocol [10] (TLP): (1) White (2) Green (3) Amber (4) Red etc. ...
Article
Full-text available
When we talk about the Information Security (IS) it deals with usually cyber security and countermeasures, wearable technology and information security, cyber warfare, information security, network security, mobile security and World Wide Web security. Furthermore, information and data security compact with the risks and threats that can be encountered to an individual, corporate or Government, types of threats and defensive measures that can be taken. This paper talks about the concepts of information and data security on the whole; it's integration and implementation methodologies with our online and offline information systems along with its limitations and future. It's technological overview and how information and data security can be implemented and ensured in an organizational culture. How the privacy and individual rights can be affected if standards are not met. Applications of the information and data security were discussed that along with evidences, examples to strengthen the application and implementation needs.
... Thus, the document provides guidance on both national policies and international cooperation for the protection of CII. The recommendation document derived from the best practices identified in an OECD comparative study of CII policies in seven countries (Australia, Canada, Korea, Japan, The Netherlands, the United Kingdom and the United States) [17] ...
Article
Full-text available
Critical infrastructures are the physical and virtual systems essential to the minimum operations of the economy and the government. Critical Infrastructure Protection (CIP) is a critical agenda item for governments in the developed countries. In these countries, policies and procedures on CIP are already in place and required laws are in action as well. In Turkey, some official introductory studies have been performed in 2009. However, there are a number of steps that Turkey still has to take. In this study, key definitions are provided firstly. After the definitions, the efforts of USA, EU, OECD and NATO are summarized. The last two sections of the paper are dedicated to the steps taken by Turkey and the challenges still ahead Turkey.
Thesis
Full-text available
The military has 5 domains of operations: Land, Sea, Air, Space and now Cyber. This 5th Domain is a heterogeneous network (of networks) of Communication and Information Systems (CIS) which were designed and accredited to meet Netcentric capability requirements; to be robust, secure and functional to the organisation’s needs. Those needs have changed. In the globalised economy and across the Battlespace, organisations now need to share information. Keeping our secrets, secret has been the watchwords of Information Security and the accreditation process; whilst sharing them securely across coalition, geo-physically dispersed networks has become the cyber security dilemma. The diversity of Advanced Persistent Threats, the contagion of Cyber Power and insecurity of coalition Interoperability has generated a plethora of vulnerabilities to the Cyber Domain. Necessity (fiscal and time-constraints) has created security gaps in deployed CIS architectures through their interconnections. This federated environment for superior decision making and shared situational awareness requires that Bridging the (new capability) Gaps needs to be more than just improving security (Confidentiality, Integrity and Availability) mechanisms to the technical system interfaces. The solution needs a new approach to creating and understanding a trusted,social-technical CIS environment and how these (sensitive) information assets should be managed, stored and transmitted. Information Assurance (IA) offers a cohesive architecture for coalition system (of systems) interoperability; the identification of strategies, skills and business processes required for effective information operations, management and exploitation. IA provides trusted, risk managed social-technical (Enterprise) infrastructures which are safe, resilient, dependable and secure. This thesis redefines IA architecture and creates models that recognise the integrated, complex issues within technical to organisational interoperability and the assurance that the right information is delivered to the right people at the right time in a trustworthy environment and identifies the need for IA practitioners and a necessary IA education for all Cyber Warriors.
Article
In public policy information and communications technology (ICT) infrastructures are typically regarded as critical information infrastructures and, thus, require security and protection against cyberthreats. The European Union (EU) Network and Information Security (NIS) policy combines public and private policies at the level of the operators which are highly interdependent. Any NIS policy success rests to an overwhelming degree on the commitment and compliance of the ICT infrastructure operators. Increasingly, policy makers have to pay attention to the supporting governance system which would give best effect to the NIS policy objectives. This contribution focuses on NIS governance in the EU and explores mechanisms of cooperation between public and private operating ICT infrastructure through the lens of governance theory. It concludes that NIS governance objectives can be pursued in public-private partnerships, but not all functions of NIS policy can be suitably performed at the EU level. Any engagement with the industry needs to be supported by appropriate governance mechanisms that deliver high levels of commitment and compliance by private stakeholders. Against this backdrop this paper critically assesses the European Public-Private Partnership for Resilience (EP3R) and offers recommendations for EU policy makers on a suitable Europe-wide multi-stakeholder governance framework to promote NIS strategy and high-level policy.
Article
This report is part of a broader OECD study into Future Global Shocks, examples of which could include a further failure of the global financial system and large-scale pandemics. The authors have concluded that very few single cyber-related events have the capacity to cause a global shock. Governments nevertheless need to make detailed preparations to withstand and recover from a wide range of unwanted cyber events, both accidental and deliberate. There are significant and growing risks of localised misery and loss as a result of compromise of computer and telecommunications services. In addition, reliable Internet and other computer facilities are essential in recovering from most other large-scale disasters.
Article
Full-text available
This paper presents and analyzes a selection of 21 “myths” identified from the authors' experience as being the most common in power utilities and the most harmful to their cybersecurity posture. For each one, tangible and referenced elements, typically sparse and dispersed, are presented in this single and up-to-date reference to support their rationalization. This paper also provides generic recommendations supporting power utilities on the ongoing and challenging process of dispelling the identified myths.
ResearchGate has not been able to resolve any references for this publication.