Cybersecurity

Cybersecurity-PDF Download

  • Date:11 Feb 2020
  • Views:68
  • Downloads:1
  • Pages:10
  • Size:1,005.20 KB

Share Pdf : Cybersecurity

Download and Preview : Cybersecurity


Report CopyRight/DMCA Form For : Cybersecurity


Transcription:

Cybersecurity 2018,Contributing editors,Benjamin A Powell and Jason C Chipman. Wilmer Cutler Pickering Hale and Dorr LLP, Reproduced with permission from Law Business Research Ltd. This article was first published in January 2018, For further information please contact editorial gettingthedealthrough com. Publisher The information provided in this publication is. Tom Barnes general and may not apply in a specific situation. tom barnes lbresearch com Business Legal advice should always be sought before taking. Research any legal action based on the information provided. Subscriptions This information is not intended to create nor does. James Spearing Published by receipt of it constitute a lawyer client relationship. subscriptions gettingthedealthrough com Law Business Research Ltd The publishers and authors accept no responsibility. 87 Lancaster Road for any acts or omissions contained herein The. Senior business development managers London W11 1QQ UK information provided was verified between. Alan Lee Tel 44 20 3780 4147 December 2017 and January 2018 Be advised that. alan lee gettingthedealthrough com Fax 44 20 7229 6910 this is a developing area. Adam Sargent Law Business Research Ltd 2018, adam sargent gettingthedealthrough com No photocopying without a CLA licence Printed and distributed by. First published 2015 Encompass Print Solutions,Dan White Fourth edition Tel 0844 2480 112.
dan white gettingthedealthrough com ISBN 978 1 912377 38 1. Law Business Research 2017,Global overview 5 Korea 60. Benjamin A Powell Jason C Chipman and Maury Riggan Doil Son and Sun Hee Kim. Wilmer Cutler Pickering Hale and Dorr LLP Yulchon LLC. Australia 6 Malta 65,Alex Hutchens Olga Finkel and Robert Zammit. McCullough Robertson WH Partners,Austria 12 Mexico 70. rp d Ger d Federico de Noriega Olea and Rodrigo M ndez Sol s. Maybach G rg Lenneis Ger d Rechtsanw lte GmbH Hogan Lovells. Brazil 17 Philippines 76, Rafael Mendes Loureiro Rose Marie M King Dominguez and Ruben P Acebedo II. Hogan Lovells SyCip Salazar Hernandez Gatmaitan,Leonardo A F Palhares.
Almeida Advogados Spain 81,Blanca Escribano and Sof a Fontanals. China 22 CMS Albi ana Su rez de Lezo,Vincent Zhang and John Bolin. Jincheng Tongda Neal Switzerland 88,Michael Isler Hugh Reeves and J rg Schneider. England Wales 28 Walder Wyss Ltd,Michael Drury and Julian Hayes. BCL Solicitors LLP Turkey 94,mit Herg ner Tolga pek Sabri Kaya and.
France 38 Emek G k e Fidan Deliba, Claire Bernier and Fabrice Aza Herg ner Bilgen zeke. Ukraine 99, Israel 43 Julia Semeniy Sergiy Glushchenko and Oleksandr Makarevich. Eli Greenbaum Asters,Yigal Arnon Co,United Arab Emirates 104. Italy 48 Stuart Paterson and Benjamin Hopps, Rocco Panetta and Francesco Armaroli Herbert Smith Freehills LLP. Panetta Associati Studio Legale,United States 109, Japan 54 Benjamin A Powell Jason C Chipman Leah Schloss and.
Masaya Hirano and Kazuyasu Shiraishi Maury Riggan, TMI Associates Wilmer Cutler Pickering Hale and Dorr LLP. 2 Getting the Deal Through Cybersecurity 2018,Law Business Research 2017. Cybersecurity 2018,Fourth edition, Getting the Deal Through is delighted to publish the fourth edition. of Cybersecurity which is available in print as an e book and online at. www gettingthedealthrough com, Getting the Deal Through provides international expert analysis in. key areas of law practice and regulation for corporate counsel cross. border legal practitioners and company directors and officers. Throughout this edition and following the unique Getting the Deal. Through format the same key questions are answered by leading. practitioners in each of the jurisdictions featured Our coverage this. year includes new chapters on Australia Italy Philippines Spain. Turkey and Ukraine, Getting the Deal Through titles are published annually in print.
Please ensure you are referring to the latest edition or to the online. version at www gettingthedealthrough com, Every effort has been made to cover all matters of concern to. readers However specific legal advice should always be sought from. experienced local advisers, Getting the Deal Through gratefully acknowledges the efforts of all. the contributors to this volume who were chosen for their recognised. expertise We also extend special thanks to the contributing editors. Benjamin A Powell and Jason C Chipman of Wilmer Cutler Pickering. Hale and Dorr LLP for their continued assistance with this volume. January 2018,www gettingthedealthrough com 3,Law Business Research 2017. PHILIPPINES SyCip Salazar Hernandez Gatmaitan,Philippines. Rose Marie M King Dominguez and Ruben P Acebedo II. SyCip Salazar Hernandez Gatmaitan, Legal framework 2 Which sectors of the economy are most affected by.
cybersecurity laws and regulations in your jurisdiction. 1 Summarise the main statutes and regulations that promote. cybersecurity Does your jurisdiction have dedicated Enterprises heavily involved in collecting and handling personal data. cybersecurity laws and electronic or online data would likely be the most affected A good. proxy for a most affected sectors list are those sectors subjected to. The Cybercrime Prevention Act of 2012 CPA defines the following as. mandatory registration with the NPC business process outsourcing. cybercrimes, BPO banks and financial institutions insurance telecommunica. offences against the confidentiality integrity and availability of. tions and internet service companies education healthcare and phar. computer data and systems illegal access illegal interception. maceuticals businesses involved in direct marketing and networking. data interference system interference misuse of devices and. and government agencies,cybersquatting, computer related offences computer related forgery computer. 3 Has your jurisdiction adopted any international standards. related fraud and computer related identity theft and. related to cybersecurity, content related offences cybersex child pornography unsolicited. commercial communications and libel The Department of Information and Communications Technology. DICT Memorandum Circular No 5 2017 requires government agen. The CPA appointed the National Bureau of Investigation NBI and cies to adopt the Code of Practice in the Philippine National Standard. Philippine National Police PNP as enforcement authorities and PNS ISO IEC 27002 Information Technology Security Techniques. regulates their access to computer data creating the Cybercrime Code of Practice for Information Security Controls by 14 September. Investigation and Coordinating Center CICC as an inter agency body 2018 and Critical Information Infrastructures CII to implement the. for policy coordination and enforcement of the national cybersecurity PNS on Information Security Management System ISO IEC 27001 by. plan and an Office of Cybercrime within the Department of Justice 14 September 2019 CII sectors include the government transporta. DOJ OC for international mutual assistance and extradition tion energy water health emergency services banking and finance. The Electronic Commerce Act of 2000 ECA provides for the legal business process outsourcing telecommunications and media Non. recognition of electronic documents messages and signatures for com CII sectors may voluntarily adopt PNS ISO IEC 27002 DICT conducts. merce transactions in government and evidence in legal proceedings risk and vulnerability assessment based on ISO 27000 and ISO 31000. The ECA penalises hacking and piracy of protected material electronic and security assessment based on ISO IEC TR 19791 2010 of CIIs at. signature or copyrighted works limits the liability of service providers least once a year The DICT also issues a Certificate of CyberSecurity. that merely provide access and prohibits persons who obtain access to Compliance to CIIs based on ISO IEC 15408 Information Technology. any electronic key document or information from sharing them The Security Techniques Evaluation Criteria for IT Security and ISO. ECA also expressly allows parties to choose their type or level of elec IEC 18045 Methodology for IT Security Evaluation. tronic data security and suitable technological methods subject to the In prescribing the government s Cloud First Policy DICT Circular. Department of Trade and Industry guidelines No 2017 002 includes ISO IEC 27001 as an accepted international. The Access Devices Regulation Act of 1998 ADRA penalises vari security assurance control for verifying data that can be migrated. ous acts of access device fraud such as using counterfeit access devices to GovCloud or the public cloud and ISO IEC 17203 2011 Open. An access device is any card plate code account number electronic Virtualization Format specification as a standard for interoperability of. serial number personal identification number or other telecommuni GovCloud workloads. cations service equipment or instrumental identifier or other means. of account access that can be used to obtain money goods services or 4 What are the obligations of responsible personnel and. any other thing of value or to initiate a transfer of funds Banks financ directors to keep informed about the adequacy of the. ing companies and other financial institutions issuing access devices organisation s protection of networks and data and how may. must submit annual reports of access device frauds to the Credit Card they be held responsible for inadequate cybersecurity. Association of the Philippines which forwards the reports to the NBI The specific obligation to keep informed of the adequacy of cyberse. The Data Privacy Act of 2012 DPA regulates the collection and curity results from general obligations Under the DPA the employees. processing of personal information in the Philippines and of Filipinos agents or representatives of a personal information controller who. including sensitive personal information in government creates the are involved in the processing of personal information are required to. National Privacy Commission NPC as regulatory authority requires operate and hold personal information under strict confidentiality if. personal information controllers to i implement reasonable and the personal information is not intended for public disclosure even. appropriate measures to protect personal information and ii notify after leaving the public service transfer to another position or upon. the NPC and affected data subjects of breaches and penalises unau termination of employment or contractual relations Also diligence in. thorised processing access due to negligence improper disposal pro preventing the commission of offences under the DPA are required of. cessing for unauthorised purposes unauthorised access or intentional responsible company officers If they participated in or by gross negli. breach concealment of security breaches and malicious or unauthor gence allowed the commission of an offence they may be penalised by. ised disclosure in connection with personal information a fine and imprisonment. The CPA requires persons with leading positions in a corporation. who act or decide on its behalf to exercise sufficient supervision or. 76 Getting the Deal Through Cybersecurity 2018,Law Business Research 2017. SyCip Salazar Hernandez Gatmaitan PHILIPPINES, control within the corporation to prevent cybercrime offences If they identical or in any way similar to the name of a person other than.
fail this duty then the corporation may suffer a fine and hold them the registrant in the case of a personal name and. responsible under the corporation s internal rules acquired without right or with intellectual property interests in it. The Central Bank of the Philippines BSP Manual of Regulations. for Banks requires directors of BSP supervised institutions BSI to 8 Does your jurisdiction have any laws or regulations that. understand the BSI s IT risks and ensure that they are properly man specifically address cyberthreats to critical infrastructure or. aged BSIs include banks non banks with quasi banking functions specific sectors. non bank electronic money issuers and other non bank institutions The CPA imposes a stiffer fine and prison term for offences against the. subject to the BSP s supervision confidentiality integrity and availability of computer data systems if. done against critical infrastructure This refers to the computer sys. 5 How does your jurisdiction define cybersecurity and tems networks programs computer data and traffic data vital to the. cybercrime Philippines whose destruction incapacitation or interference with. The CPA defines cybercrime as those offences listed in question 1 would have a debilitating impact on national or economic security. while it defines cybersecurity as the collection of tools policies risk national public health and safety or any combination of these. management approaches actions training best practices assurance DICT Memorandum Circular No 5 2017 prescribes policies and. and technologies that can be used to protect the cyber environment and rules on CII protection based on the National Cybersecurity Plan 2022. organisation and user s assets where cyber refers to a computer or a NCP2022 Aside from requiring compliance with international stand. computer network the electronic medium in which online communica ards the Circular requires each CII to have a Computer Emergency. tion takes place Response Team CERT which shall report cybersecurity incidents. CII sectors may voluntarily adopt PNS ISO IEC 27002 DICT conducts risk and vulnerability assessment based on ISO 27000 and ISO 31000 and security assessment based on ISO IEC TR 19791 2010 of CIIs at least once a year The DICT also issues a Certificate of CyberSecurity Compliance to CIIs based on ISO IEC 15408 Information Technology

Related Books