A recent attempt to catalog all possible ways in which cyber security may be measured resulted in a list of over 900 items.
The primary reason is to introduce and explain the foundations of concepts that frequently recur in cyber security policy debates.
A recent attempt to catalog all possible ways in which cyber security may be measured resulted in a list of over 900 items.
The primary reason is to introduce and explain the foundations of concepts that frequently recur in cyber security policy debates.
A recent attempt to catalog all possible ways in which cyber security may be measured resulted in a list of over 900 items.
The primary reason is to introduce and explain the foundations of concepts that frequently recur in cyber security policy debates.
Topics to be covered ▪ Catalog Format ▪ Cyber Security Policy Taxonomy Introduction ▪ A recent attempt to catalog all possible ways in which cyber security may be measured resulted in a list of over 900 items. ▪ The primary reason is to introduce and explain the foundations of concepts that frequently recur in cyber security policy debates. ▪ The secondary reason is to impress the reader with the variety and breadth of the field of cyber security policy. ▪ The third reason is to include enough detail in the explanation of cyber security policy issues. ▪ This is for decision makers to recognize how the consequence of a given policy may affect their enterprise. Catalog Format ▪ Each section of the Catalog follows a uniform format. ▪ Each section begins with an overview of the issues of interest for that section. ▪ The overview is meant to shed light on cyber security policy concerns. ▪ Also introduce a taxonomy for the issues within the general section heading. ▪ Each item in the taxonomy will have its own subsection introductory description. Cont’d… ▪ These descriptions are followed by a categorization of cyber security policy issues. ▪ It illustrate the concerns of the subsection. ▪ Also may include examples of events that illustrate major cyberspace developments and corresponding security impact. ▪ The opening discussion in each subsection is followed by a table that lists specific examples of cyber security policy issues. ▪ Each policy statement in a tabular list is enhanced with both explanation and opinions. Cont’d… ▪ This indicate why cyber security policy constituents may be concerned about the issuance of executive mandates with respect to the issue. ▪ The catalog approach is intended to ensure that policy issues are captured systematically. ▪ This is done without prejudice toward one overarching global strategy to accomplish any given organization’s objective for the utilization of cyberspace. Cyber Security Policy Taxonomy ▪ The sections and subsections are: 1. Cyber Governance Issues i. Net Neutrality ii. Internet Names and Numbers iii. Copyrights and Trademarks iv. Email and Messaging 2. Cyber User Issues i. Malvertising ii. Impersonation iii. Appropriate Use Cont’d… iv. Cyber Crime v. Geo-location vi. Privacy 3. Cyber Conflict Issues i. Intellectual Property Theft ii. Cyber Espionage iii. Cyber Sabotage iv. Cyber Warfare 4. Cyber Management Issues i. Fiduciary Responsibility Cont’d… ii. Risk Management iii. Professional Certification iv. Supply Chain v. Security Principles vi. Research and Development 5. Cyber Infrastructure Issues i. Banking and Finance ii. Health Care iii. Industrial Control Systems Cont’d… Table 5.1 Format for Policy Lists Policy statement Explanation Reasons for Controversy This cell contains a This is a brief This column contains two or more statement of policy explanation of cells. Each cell states a different in the form it would why the policy reason why a policymaker might be stated if it were a has significance be motivated to issue the policy management in the domain of statement in the form of a directive. cyber security management directive, or defer from association with the policy statement