Академический Документы
Профессиональный Документы
Культура Документы
www.ecrimewales.com
Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5 1. Establishing an e-Crime Wales Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Action 1.1: Action 1.2: Action 1.3: Action 1.4: Establishing management of the Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Providing field resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7 Creating the e-Crime Wales Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9 Organising the Annual e-Crime Summit . . . . . . . . . . . . . . . . . . . . . . . . . .11
2. Supporting businesses to combat e-Crime . . . . . . . . . . . . . . . . . . . . . . . . . .13 Action 2.1: Development of business support resources . . . . . . . . . . . . . . . . . . . . . .13 Action 2.2: e-Security training for ICT professionals . . . . . . . . . . . . . . . . . . . . . . . . . . .15 Action 2.3: Developing the Welsh workforce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17 3. Raising awareness of e-Crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19 Action 3.1: Over-arching PR & Communications Strategy . . . . . . . . . . . . . . . . . . . . .19 Action 3.2: e-Security Business Awareness Campaign . . . . . . . . . . . . . . . . . . . . . . . .20 Action 3.3: Law Enforcement Awareness Programme . . . . . . . . . . . . . . . . . . . . . . . .22 4. Reporting and monitoring of e-Crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25 Action 4.1: Undertaking an e-Crime Impact Study . . . . . . . . . . . . . . . . . . . . . . . . . . .26 Action 4.2: Cross-Sector Reporting Partnerships . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
www.ecrimewales.com
www.ecrimewales.com
Introduction
The threat posed by malicious attack and security breach make concrete strategies and clear, well-developed organisational IT security policies an imperative for all businesses of the 21st century. Although many organisations operating in the private, voluntary or public sectors are aware of the need for action not all have the resources of finance and of knowledge and skills, to implement such policies on their own. There is also a need to raise awareness and understanding among all organisations be they private, voluntary or public of what e-Crime is; what implications it can have, and how it should be reported. e-Crime Wales has been formed as a partnership of public and private sector organisations that are committed to equipping Welsh businesses with the knowledge and tools to be aware, vigilant and ultimately safe from the damaging effects of e-Crime in all its forms. The mandate to deliver on these objectives is provided by the Welsh Assembly Government, and this Action Plan sets out the steps needed to achieve them. The e-Crime Wales Steering Group is made up of organisations that have a stake in combating e-Crime in Wales. The Steering Group will support the Welsh Assembly Government e-Crime Wales Unit to implement the Action Plan by providing strategic steer, advice and support for specific actions where appropriate. The Action Plan supports the vision of e-Crime Wales for every business in Wales to be able to Recognise e-Crime when they see it. Share their experiences of e-Crime. Understand the magnitude of e-Crime; just like real crime it has extremely serious implications to lives and livelihoods. Know the practical steps to take in order to avoid becoming a victim of e-Crime. Learn the correct process for reporting e-Crime to the relevant authorities. Have the resources and support they need from police, government and private sector. Continue exploiting the benefits of ICT adoption without hindrance from the fear. or obstacle of e-Crime.
www.ecrimewales.com
www.ecrimewales.com
www.ecrimewales.com
The presence of a Police Sergeant at the heart of the e-Crime Wales Unit also sends a strong message to businesses and other organisations across Wales that the Welsh Assembly Government and the four Police forces in Wales takes e-Crime seriously and is prepared to deploy resources to deal with it. The e-Crime Team Supervisor will co-ordinate the activities of the Regional Business e-Crime Officers, and act as the link between these Officers and the rest of the e-Crime Wales Unit. As such, the e-Crime Team Supervisor will play an important role in ensuring that the Unit operates as a Wales-wide, cohesive, and focused whole.
Reporting lines
The e-Crime Team Supervisor will be responsible for the day-to-day management and co-ordination of the four Regional Business e-Crime Officers, and will report into the e-Crime Project Manager. However, the four Regional Business e-Crime Officers will have line managers within their home force structures, as well as reporting centrally into the e-Crime Team Supervisor. Key activities Identify and appoint to 5 police officers Deliver e-Crime awareness activities to police forces and community organisations Feed back field intelligence to the e-Crime Wales Unit for dissemination via e-Crime Wales website
www.ecrimewales.com
2. For example, the all-Wales information service provided by Business Eye, or the work of e-Skills Wales (part of e-Skills UK). (e-Skills Wales is responsible for the Sector Skills Agreement for IT: Action Plan for Wales 2005-2008).
www.ecrimewales.com
10
www.ecrimewales.com
www.ecrimewales.com
11
12
www.ecrimewales.com
www.ecrimewales.com
13
Phase 3: Packaging
Following verification, the resources and guidance will be assembled, branded and packaged as a coherent resource kit for combating e-Crime in Wales. This will require professional marketing and design input.
5. Including, as appropriate, the Serious Organised Crime Agency (SOCA) or the Police Central e-Crime Unit (PCeU) currently proposed by the Metropolitan Police. Within Wales, e-Crime Wales will work with the ICT and business support structures established by the Welsh Assembly Government.
14
www.ecrimewales.com
Key activities The following outlines the key activities associated with the implementation of this action. Research and definition Establishment of a business support services working group Development of support resources and guidance Identification of e-security standards within existing e-procurement standards Commissioning of development work (if required) Launch of new e-security standards or re-launch of existing standards
6. The Sector Skills Council for IT and Telecoms 7. For example, the Welsh Assembly Government Department for Children, Education, Lifelong Learning and Skills (DCELLS), and e-Skills UK
www.ecrimewales.com
15
8. e-Skills UK (www.e-skills.com) has also developed several tools to help employers and individuals identify IT skills and competencies, and to assess where skills or development gaps lie. For example, the e-Skills Passport, which supports the development of IT users, and the Skills Framework for the Information Age (SFIA) Profiler, which is aimed at IT professionals. These tools may also offer useful frameworks to inform the analysis of broad skill needs.
16
www.ecrimewales.com
Key activities Verification of training needs Development of detailed skills audit Skills audit Establishment of e-Crime Wales working group on e-security skills Training plan development Joint training workshops Off-the-shelf training Information days for a wider audience of ICT professionals
9. A Winning Wales Future Skills Wales, Skills and Employment Action Plan 2004 10. The working group set up under Action 2.2 will bring together the structures and expertise available through the Department for Children, Education, Lifelong Learning and Skills, e-skills UK and other relevant Sector Skills Councils. Members of the group will work together to carry out any development needed to reinforce structures, or to integrate provision of specialised e-security training with wider ICT skills development.
www.ecrimewales.com
17
18
www.ecrimewales.com
11. DTI: Information Security Breaches Survey 2004, p.3 12. DTI: Information Security Breaches Survey 2004, p.9
www.ecrimewales.com
19
Key activities Ensure e-Crime Wales is understood by influential and relevant opinion formers, and has the platform to articulate its activities and viewpoints Encourage and influence relevant organisations, including e-Crime Wales stakeholders, to reinforce/echo the messages developed for e-Crime Wales Generate compelling and informative content for the Welsh business community via the e-Crime Wales website, newsletter and other vehicles Provide concise and consistent materials to stakeholders for use in other forums
20
www.ecrimewales.com
13. For example, at meetings of business fora, or at specific locations such as Business Advice Centres 14. Issues covered will include legal obligations and liability risks in e-security; data protection advice; strategic importance of e-Security for businesses; the use of risk management and information security protocols.
www.ecrimewales.com
21
Timescales and Responsibilities Commission and carry out a mapping exercise of relevant awareness raising sources to identify gaps in provision Negotiate usage rights and branding with owners of current e-Crime material Develop new material to fill gaps identified in mapping study Identify strategic locations for placement of hard-copy information Develop information material in both hard-copy and electronic format Feed information electronically into e-Crime Wales website Develop material for use at workshops and information days Organise workshop series
22
www.ecrimewales.com
Within the Steering Group, representatives of the law enforcement bodies will be actively involved in this Action. They will work closely with the e-Crime Wales Unit, and be responsible for the specific operational elements of the awareness-raising programme. This will include organising the production and dissemination of awareness-raising information across the police forces in Wales. This may take the form of e-learning modules developed in collaboration with the NPIA, or workshops arranged directly for Police Officers and Police Staff in the Welsh police forces.
www.ecrimewales.com
23
24
www.ecrimewales.com
www.ecrimewales.com
25
26
www.ecrimewales.com
www.ecrimewales.com
27
The partnership approach adopted by the e-Crime Action Plan will build on the existing activities and relationships of stakeholders. For example, the High Tech Crime Units of the four Welsh police forces will bring their knowledge and understanding of e-Crime as experienced at Wales and UK level; the Department for Children, Education, Lifelong Learning and Skills brings its understanding of skills needs, whilst the Department for the Economy and Transport contributes its close links with the business community in Wales and in particular its portfolio of e-business support schemes. Each member of the e-Crime Wales Steering Group will provide leadership in its own constituency and will identify members for a working group charged with taking forward the joint reporting activities. In addition, members of the working group will be responsible for ensuring two-way communication between those regional-level organisations with strong knowledge of businesses and others needs, and those organisations responsible for ensuring that such needs and activities are integrated at pan-Wales level. Once established, the working group will be responsible for carrying out the actual development work and will report on a regular basis to the e-Crime Wales Steering Group.
Implementation tasks Phase 1: Development of a model for the creation of reporting partnerships
Drawing on the research results obtained from the e-Crime Impact study, the first step towards developing reporting partnerships will consist of stimulating regular exchanges between the different organisations involved. The initial meetings will be used to secure the commitment of organisations with a stake in reporting to participate in a working group that will oversee reporting tasks. The initial task for this working group will be to develop a conceptual model for joint reporting activities taking into account aspects such as each partners exact information needs and reasons for reporting; the incentives for and barriers to reporting, and potential ways of integrating reporting processes conceptually and technologically. The resulting model will be tested and refined by comparing and contrasting it with detailed information on current reporting structures and procedures and their underlying rationale, and with good practice examples in the development and use of joint reporting tools. This process will allow the working group to identify potential synergies between existing and desired reporting procedures and to assess the feasibility of developing joint integrated reporting frameworks that build on different target groups own interests in reporting e-Crime.
16. To include large and multi-national businesses and organisations with a presence in Wales 17. Although the awareness-raising activities will go a long way towards achieving buy-in, ultimate success in securing participation by companies and other organisations in the task of reporting e-Crime will depend on being able to allay their concerns around issues of privacy, data protection, etc.
28
www.ecrimewales.com
www.ecrimewales.com
29
30
www.ecrimewales.com
www.ecrimewales.com