[Bp_cybersec_2016] Summary of BPF Cybersecurity questionnaire responses

Lynn St.Amour st.amour at bluewin.ch
Wed Oct 11 10:39:29 EDT 2017 

Dear Maarten, Wout,

thank you to both of you for these notes.  And, thank you to the BPF Cybersecurity team for all their efforts.  This is such an important area.

Both contributions show how all aspects of the IGF ecosystem work together to make for an expert, very rich set of advisory activities.   It starts with expert views, is multistakeholder, runs from global insights to local and individual responsibilities, and includes concrete proposals for action and implementation.

Very interesting, very helpful.

Best,
Lynn



> On Oct 11, 2017, at 4:14 AM, Wout de Natris <denatrisconsult at hotmail.nl> wrote:
> 
> Dear all,
> 
> Yesterday at the NL IGF a session was held at the request of the Dutch Cyber Security Council, a body of experts from the public and private sector and academia that advises the Council of Ministers directly. The topic was (implementation of) duties to care in ICT.
> 
> A part of the discussion focused on what could the IGF do to assist in harmonisation of duties to care. I am sharing the outcomes with you, mainly because it sums up the IGF outsiders' view of how the IGF/a BPF can contribute and make a difference. Representatives from different stakeholder groups agreed on the following:
> 
> - identify current best practices from around the globe;
> - identify which duties and obligations are already captured in present laws;
> - use the multistakeholder model to discuss from the bottom up;
> - this topic can only be solved through multistakeholderism as no single party is able to solve it successfully.
> 
> An overriding theme was to identify which indispensable parties are currently not at "the table" and then ask the questions why are they not there? and what is needed to make these organisations join the debate. One was formulated thus: "Companies should take themselves seriously and show that they stand for their product, service and business".
> 
> FYI. The Council published a guide on Duties to Care. There is an English version, should you be interested, including several tests that help stakeholders conclude for themselves why this topic is of interest to them. You can find it here:
> 
> https://www.cybersecurityraad.nl/binaries/20170518_DEF%20CSR_HandreikingZorgplichten_EN_web_tcm56-260893.pdf
> EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER ...
> www.cybersecurityraad.nl
> 2 EVERY BUSINESS HAS DUTIES OF CARE IN THE FIELD OF CYBER SECURITY introduction Page Summary and checkliSt Page aNd iNSide cOVeR Introduction 4
> Kind regards,
> 
> Wout
> 
> 
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> De Natris Consult
> Kamerlingh Onnesstraat 43                                                        Tel: +31 648388813            
> 2014 EK Haarlem                                                                          Skype: wout.de.natris
> 
> denatrisconsult at hotmail.nl
> 
> http://www.denatrisconsult.nl
> 
> Blog http://woutdenatris.wordpress.com
> 
> 
> From: Bp_cybersec_2016 <bp_cybersec_2016-bounces at intgovforum.org> on behalf of Maarten Van Horenbeeck <maarten at first.org>
> Sent: Wednesday, October 11, 2017 2:22 AM
> To: bp_cybersec_2016 at intgovforum.org
> Subject: [Bp_cybersec_2016] Summary of BPF Cybersecurity questionnaire responses
>  
> Hi everyone,
> 
> You have all seen the set of contributions we've received and which Elenora collected for us at https://www.intgovforum.org/multilingual/content/bpf-on-cybersecurity-contributions.
> 
> In an effort to standardize the responses a little bit for easier analysis, I compiled a summary in a Google Docs spreadsheet below. The organization names at the top link directly to the organization or individual's contribution.
> 
> https://docs.google.com/spreadsheets/d/1-08VFnxiinxjyqqlwleAqAtPoj-u95QK5t6tKm0Kf1k/edit#gid=2627417
> 
> There are a few caveats to this collection:
> 	• Each row maps to an individual question in the questionnaire. When the response was short, I typically included it directly in the sheet, between quotes. When the response was long, I tried to summarize the core message behind the response.
> 	• When a contribution did not align closely to the set of questions, I made summaries to place the answer in the appropriate question category.
> This is a subjective process so please always validate with the actual document if you plan to use a contribution. Also feel free to flag errors or inconsistencies by adding comments to the document.
> 
> There's a lot of great material here for our Geneva meeting and further discussion. Do have a look and if you see topics worthy of further debate or discussion, please do use the mailing list or bring it up in one of our calls.
> 
> Another question to consider while reviewing the document, is whether there are specific stakeholders that are underrepresented (or even individual participants/organizations) and that we should engage further ahead of Geneva.
> 
> Cheers,
> Maarten
> _______________________________________________
> Bp_cybersec_2016 mailing list
> Bp_cybersec_2016 at intgovforum.org
> http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org

More information about the Bp_cybersec_2016 mailing list