Выжимки из USA Internet Security Alliance (ISA)’s White Paper (то бишь подробный периодический доклад, в данном случае – ежегодный за март 2011 – ссылка в группе)
Пока что на русский не перевожу, думаю, основная идея будет ясна. Здесь хорошо прописаны цели и задачи, подробно:
Вводное слово для Устава:
We live and work in, and are dependent on, a networked world. However, the complexity and
interconnected nature of the Internet, and the ever‐evolving and sophisticated threat
environment, put cybersecurity beyond the reach of any single entity: to secure our critical
infrastructure, companies must work together, government must coordinate its efforts, and
industry and government must collaborate. (ну, не забываем, что в нашем случае collaborate должны государства)
To that end, many government and industry organizations have made considerable
investments over the years to develop a strong public‐private partnership.
Области применения (ЦЕЛИ И ЗАДАЧИ):
Risk Management:
ü Standards: Government and industry should utilize existing international standards and work through consensus bodies to develop and strengthen international standards for cybersecurity.
ü Assessing Risk: Government and industry need to recognize that their riskmanagement
perspectives stem from different roles and responsibilities. Where government demands a higher standard of care, market incentives need to be available to accommodate non‐commercial needs for security.
ü Incentives: Government and industry must develop a menu of market incentives to motivate companies to voluntarily upgrade their cybersecurity. The incentives must be powerful enough to affect behavior without being so burdensome as to curtail U.S. investment, innovation, and job creation.
Incident Management: Government should fully establish industry’s seat in the
integrated watch center and begin evaluation and process for growing industry’s
presence. Industry should ensure a long‐term plan for filling the watch center seats; and participants should report lessons learned from collaborative exercises as soon as
possible and undertake improvement measures on a timely basis.
Information Sharing and Privacy: Government and industry should clearly articulate
information needs and how to promote more effective information‐sharing to address
those needs; information‐sharing for cybersecurity purposes should be transparent and
should comply with fair information practice principles; government should consider
how it can share more classified and sensitive information, particularly the parts of that
information that can help the private sector defend its systems; and in consultation with
interested parties, including industry and civil liberties organizations, Congress should
consider whether narrow adjustments to surveillance laws are needed for cybersecurity
purposes.
International Engagement: Industry and government need to engage international organizations and standards ‐ making processes and work together to develop a strategy
for engagement, capacity building, and collaboration on issues of global concern.
Supply Chain Security: Government should expand its participation in the international
system that develops supply chain security standards and work with industry to identify
and disseminate them. Government should then leverage these standards when it
acquires technology and take steps to ensure it does not acquire counterfeit technology
products.
Innovation and Research and Development: The public‐private partnership should be
used to create a genuine National Cybersecurity Research and Development Plan with
prioritized, national‐level objectives and a detailed road map that specifies the
respective roles of each partner. The plan and its implementation road map should be
regularly reviewed by the partners and adjusted as necessary.
Education and Awareness: The public‐private partnership should enhance cybersecurity
public awareness and education, and increase the number of cyber‐professionals
available to both government and business, including through policies that boost the
number of science, technology, engineering, and mathematics (STEM) college students
graduating each year.
+ из testimony – как заставить бизнес инвестировать и участвовать в всем этом безобразии:
Government can encourage industry to go beyond efforts already justified by their corporate business needs to assist in broad‐scale CI/KR protection through activities such as:
Providing owners and operators timely, analytical, accurate, and useful information…
Ensuring industry is engaged as early as possible in the development of initiatives and policies related to [the NIPP] - НИПП – американский национальный план защиты
Articulating to corporate leaders …both the business and national security benefits of investing in security measures that exceed their business case
Creating an environment that encourages and supports incentives for companies to voluntarily adopt widely accepted, sound security practices
Providing support for research needed to enhance future CI/KR protection efforts.
Дата добавления: 2015-11-05; просмотров: 17 | Нарушение авторских прав
| <== предыдущая лекция | | | следующая лекция ==> |
| | |