• No results found

Communicating the Threat

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Communicating the Threat"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Communicating

the Threat

A Study to Assess Current Practices in Information Sharing and Gathering on

Cyber-Security Threats in Canadian Public Sector, Crown Corporations and Major Private

Sector Stakeholders

Project Study Leaders

Valarie Findlay, President, HumanLed Consulting

Kevin Wennekes, Chief Business Officer, Canadian Advanced Technology Alliance

(2)

Contacts for this study: Valarie Findlay (613) 798-3746 [email protected] / [email protected] Kevin Wennekes (613) 769-8614 [email protected] Study Objectives

The detailed study, Communicating the Threat, has a three-fold focus:

Cyber-Security in the Counter-Terror Model - Counter-terror models focus on physical threat-activities and encourage cross-departmental collaboration, communication and shared, exchangeable skills and capabilities including the transfer of information and intelligence from the federal to the community level. The discipline of cyber-security will be analyzed and evaluated in the same framework utilized in counter-terror models, conceptualized in legislation and at the operational and practical levels to deter, actively prevent, detect, respond and recover from cyber-threats and potential cyber-terrorist attacks.

Cyber-Security Collaboration and Knowledge Sharing Cross-Sector- This area will assess current practices in information gathering and sharing, and its utilization, on cyber-security threats in the Canadian public sector, Crown corporations and major private sector stakeholders.

Developing a New Threat/Risk Assessment (TRA) Tool - Examining new Threat/Risk Assessment options and approaches that will provide a dynamic, detailed analysis of threats, risks, vulnerabilities and assets and continuous improvement/shorter iteration cycles to ensure the most relevant and timely data.

Study Approach and Results

Information will be collected in questionnaire-guided in-person or telephone interviews and will explore these key areas:

1. Describing the current methods for determining risk and threat.

2. Describing the current legislation in relation to the counter-terrror model and whether it adequately meets the needs in supporting the management of cyber-threat.

3. Describing the current overall practices in information sharing and gathering for the subject department or organization.

4. Detailed examination of types of information exchange, scope of information, types of cyber-threats, timeliness, processes for clarification and escalation

(3)

Questionnaire/Participant Type:

Executive/C Level

Senior Manager/Resource Supervisor Knowledge/Operational/Level I, II or III Professor Organization Type: Government Crown Private Sector

Security Industry Service/Professional Services Academia

Contact Info:

______________________________________________________ ______________________________________________________ ______________________________________________________

Please note the following:

• Your participation is confidential, non-compensatory and voluntary.

• You may refuse to answer any question you feel to be intrusive or contravening to the security of your affiliated work or organization(s).

• You may choose to withdraw at any point without explanation.

• All collected data and notes will be treated confidentially and destroyed upon completion of the research report and will be stored securely with access limited to the primary researcher (Valarie Findlay).

• Your email confirmation would considered to be written consent to this interview process. • Note the numbering schema is intended for scoring purposes.

Participant Interview Questions

Insight and Opinion

1. Capabilities: What is your insight or opinion, if any and as applicable, of how cyber-security is dealt with in general (Code: CAP):

2. Government: 3. Private Sector: 4. Crown:

(4)

5. Industry/Service Providers

6. Capabilities: What is your insight or opinion, if any and as applicable, of how cyber-security threats and vulnerabilities are (Code: CAP):

7. Communicated to your organization: 8. Within your organization:

9. How it is shared externally:

10. Capabilities: What do you consider to be the roadblock(s) in instituting adequate cyber-security? (Code: CAP)

11. Capabilities: Describe current methods for determining risk and threat - tools, methods, policies, etc. (Code: CAP)

12. Capabilities: Describe your understanding of current legislation in relation to the cyber-security and privacy and whether it adequately meets the needs in supporting the management of cyber-threat (Code: CAP):

13. Capabilities: Describe current overall practices in information sharing and gathering; what type of information is shared, types of cyber-threats, timeliness, processes for clarification and escalation (Code: CAP):

Experience and Practices

14. Information Sharing: Is cross-departmental collaboration and communication encouraged? (Code: IS)

15. Information Sharing: Is there a process for monitoring outside threats and vulnerabilities? (Code: IS)

16. Information Sharing: If yes to #15, is there process for monitoring outside threats and vulnerabilities effective and timely? (Code: IS)

17. Skills: Are there shared, exchangeable skills and capabilities including the transfer of information and Intelligence internally and externally? (Code: SK)

18. Credentials: What training or credentials are required for security resources? (Code: CR) 19. Credentials: If yes to #18, are training or credentials verified, audited and updated with

training for security resources? (Code: CR)

20. Standards: What security standards and processes do you adhere to? (Code: ST)

21. Analysis: What is the level of analysis of threats, risks, vulnerabilities and assets prior to adopting new equipment, etc.? (Code: AN)

22. Analysis: If yes to #21, is this level of analysis of threats, risks, vulnerabilities and assets adhered to? (Code: AN)

23. Analysis: What is the frequency of analysis of threats, risks, vulnerabilities and assets after adoption? (Code: AN)

(5)

24. Improvement: Is there a continuous improvement process or framework for cyber-security? (Code: IM)

25. Improvement: If yes to #24, is the continuous improvement process or framework for cyber-security adhered to? (Code: IM)

26. Incident Reporting: Is there a clear and known incident reporting process for security resources and employees? (Code: IR)

27. Incident Reporting: If yes to #26, is the incident reporting process effective and timely? (Code: IR)

Gaps or Limitations

28. Gaps or Limitations: Discuss your perspectives or experience on the GAPS or LIMITATIONS on following (Code: GP):

29. Information Sharing (Code: GP-IS): 30. Skills (Code: GP-SK):

31. Standards (Code: GP-ST): 32. Credentials (Code: GP-CR): 33. Analysis (Code: GP-AN):

34. Improvement (continuous improvement) (Code: GP-IM): 35. Incident Reporting (Code: GP-IR):

36. Discuss your SUGGESTED IMPROVEMENTS following (Code: SI): 37. Information Sharing (Code: SI-IS):

38. Skills (Code: SI -SK): 39. Standards (Code: SI -ST): 40. Credentials (Code: SI -CR): 41. Analysis (Code: SI -AN):

42. Improvement (continuous improvement) (Code: SI -IM): 43. Incident Reporting (Code: SI -IR):

References

Download now ( PDF - 5 Page - 121.73 KB )

Related documents

INTERNATIONAL MASTER IN INDUSTRIAL

Operations management and improvement in manufacturing and services The course aims at developing a strategic vision of Operations and Supply chain, and understand how Operations

Unitary state in the Constitution of the Republic of Kosovo

The form of a unitary state in the Italian state defined by the constitution, states the unitary state of Italy in the form that “the Republic, one and indivisible, recognizes and

Temple Architecture-Devalaya Vastu – Part Two (2 of 9)

(http://ssubbanna.files.wordpress.com/2012/09/tirupati‑1.jpg)

The development of parental monitoring during adolescence : A meta-analysis

knowledge, parental solicitation, parental control, adolescent’s disclosure, and adolescent secrecy).. over these 31 studies, we

Qelong.pdf

A lone cannibal encountered is a dangerous killer well on the way to becoming a wilderness demon of some sort: a Specialist of 1d6 Levels (6x damage in sneak attacks, +2 on

Scientific way & get ready for the Green Career

To conduct baseline survey, scientic study, wildlife and bio-diversity eld-based projects for the conservation and protection of Nature and Environment... CERTIFICATE COURSE IN

Reader: (Reads text from service book) v. (10) Bring my soul out of prison, that I may give thanks to Your name! 1

great mercy.. John Climacus) (Troparion for St. John – Tone 1)?. Dweller of the desert and angel in

Collagen Disorders and Homoeopathy

Caused by a mutation in type 1 collagen, dominant autosomal disorder, results in weak bones and irregular connective tissue, can be mild or lethal, mild cases have lowered levels