[Bp_cybersec_2016] Proposal for the cybersecurity BPF goal and topic

Marilyn Cade marilynscade at hotmail.com
Tue Jun 21 08:29:31 EDT 2016 

I am both supportive, and perhaps, wanting a bit more. 
It is important to deal with the problems. It is also important to prevent problems .Thus, I think that this group should consider a two pronged approach:
Remediation and Prevention/early intervention:
Users are the most vulnerable, and the most under informed and thus sometimes add to, create, or are the source of vulnerabilities.  Malicious attacks are receiving focused intervention. BUT, users, whether they are SMEs, or individual users, could benefit from more attention.
This could be a sub theme in the Cooperation between stakeholders, where both governmental agencies, or commercial suppliers highlight the kind of user support/education/interventions that they provide, that might be leveraged across SG or considered by developing countries for relevance.
Example:  program to teach children about the importance of strong passwords, and how they can coach their parentsExample:  program by the mobile providers and handset providers to simply 'keeping your data safe online'Example: Community outreach programs supported by governmental agencies at the sub national level to reach SMEs and NGOs


From: ilishebo at gmail.com
Date: Tue, 21 Jun 2016 08:31:16 +0200
To: maarten at first.org
Subject: Re: [Bp_cybersec_2016] Proposal for the cybersecurity BPF goal and	topic
CC: bp_cybersec_2016 at intgovforum.org

Maarten,

Well elaborated and I hope we go for this suggested route...

Michael L. Ilishebo,
Kitwe, Zambia

Mobile Contacts:
+260965361255
+260977361255
+260955361255

Social Media Handles
Twitter: @ilishebo
Skype: michael.ilishebo




"walk a mile,for a while,with a smile"


On Tue, Jun 21, 2016 at 3:04 AM, Maarten Van Horenbeeck <maarten at first.org> wrote:
Hi everyone,

Earlier this week, at the FIRST conference in Seoul, some of us had a discussion around opportunities for focus in this BPF. We wanted to propose a way forward of getting this BPF to contribute most to the wider multi-stakeholder community.

Reviewing the outcomes of the spam and CSIRT Best Practices Forums over the last two years, we believe the cybersecurity BPF would most benefit from addressing cooperation between stakeholder groups as a topic.

One of the lessons we learned during our work on the BPF on “Computer Security Incident Response Teams” was that it attracted a fairly narrow audience, mostly engineers working on technical issues. While CSIRT teams in most cases find agreement within their community, there were significant communication issues when engaging with other stakeholder groups, in particular policy makers, civil society, but also law enforcement and even industry. 
During the BPF, we managed to gain consensus on what makes the community more effective at communicating.

We believe that the community would benefit from having a multi-stakeholder discussion, including each of the major IGF stakeholder groups, on how to engage and communicate with each other on cyber security issues. This would support the Internet Governance Principles laid out at the NETmundial Statement, that recognize that "Effectiveness in addressing risks and threats to security and stability of the Internet depends on strong cooperation among different stakeholders".

More concretely, this process would consist of:
Defining the typical roles and responsibilities of each of the stakeholder groups in making the internet a secure and safe place for people to socialize and conduct business;Identifying the typical communication mechanisms between stakeholder groups to discuss cybersecurity related concerns;Collecting a set of successful case studies on existing communication between stakeholder groups that has helped improve cybersecurity.
In order to be effective, we will need to recruit an appropriate number of representatives from each stakeholder group that have an interest in participating. During the CSIRT BPF, we had significant success reaching out 1:1 to stakeholders, and inviting them to participate in our meeting in Brazil. We’d propose a similar step to gain acceptance.

Today, the word “cybersecurity” is often loaded with context, and many organizations associate it with government decision making, or commercial security solutions. Within the IGF, we have an opportunity to redefine cybersecurity as a common goal between all stakeholders, and getting to a good definition of what cooperation should look like.

The final product paper could, just as the BPF on CSIRT did, help to inform each of the constituencies on the roles of other stakeholders, and identify appropriate methods of communicating and discussing difficult security issues.
We're happy to discuss this proposal further during the next call.

Best regards,

Andrew Cormack, Jisc
Adli Wahid, FIRSTCristine Hoepers, CERT.br/NIC.br
Peter Cassidy, Anti-Phishing Working Group (APWG)Maarten Van Horenbeeck, FIRST
Serge Droz, FIRST


_______________________________________________

Bp_cybersec_2016 mailing list

Bp_cybersec_2016 at intgovforum.org

http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org





_______________________________________________
Bp_cybersec_2016 mailing list
Bp_cybersec_2016 at intgovforum.org
http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_cybersec_2016_intgovforum.org/attachments/20160621/0e70b81c/attachment.htm>

More information about the Bp_cybersec_2016 mailing list