Lisboa,

22 Maro 2017
Macroeconomia Microeconomia

1. Fim da Guerra Fria / Novo paradigma - Economia 1. A misso / objetivo das organizaes
2. A defesa dos Interesses Nacionais (concentrao 2. O processo de negcio
de esforos no desenvolvimento econmico). 3. Avaliao da ameaa
3. Advento da Internet (o mercado global passou a 4. Avaliao de risco
ser acessvel a todos - democratizao do consumo 5. A cibersegurana
e encurtamento da cadeia de comercializao) 6. O papel do decisor estratgico
4. A transformao dos mercados e dos 7. O papel do CISO
consumidores 8. O papel dos colaboradores (internos e externos)
5. Os novos mercados (legais e ilegais) / os novos
produtos (legais e ilegais) /os novos
consumidores / as novas ameaas
6. O papel dos Estados
a. A defesa do Interesse Nacional
b. Fiscalidade
c. Regulador dos mercados
d. Proteo do consumidor
Gross domestic product, deflator (Index)

Fonte: IMF World Economic Outlook (WEO), April 2016

Gross domestic product, deflator (Index)

Fonte: IMF World Economic Outlook (WEO), April 2016

Gross domestic product, deflator (Index)

Fonte: IMF World Economic Outlook (WEO), April 2016

Gross domestic product, deflator (Index)

Fonte: IMF World Economic Outlook (WEO), April 2016

Gross domestic product based on purchasing-power-parity (PPP) valuation of country GDP
(Current international dollar)

European

Fonte: IMF World Economic Outlook (WEO), April 2016

Gross domestic product based on purchasing-power-parity (PPP) valuation of country GDP
(Current international dollar)

European

Fonte: IMF World Economic Outlook (WEO), April 2016

Gross domestic product based on purchasing-power-parity (PPP) valuation of country GDP
(Current international dollar)

Fonte: IMF World Economic Outlook (WEO), April 2016

Gross domestic product based on purchasing-power-parity (PPP) valuation of country GDP
(Current international dollar)

Fonte: IMF World Economic Outlook (WEO), April 2016

Fonte: Digital Economy Forum
Fonte: Comisso Europeia
Fonte: Accenture strategy
Fonte: HPE Security Research - Cyber Risk Report 2016
APT Groups Return - Chinese Hackers Resume Cyber
Espionage Operations

Fonte: The Hackers News, April 11, 2014 - Swati Khandelwal

Fonte: Som Mittal, President & Chairman of NASSCOM, India
2016
Policy areas

The Digital Single Market strategy is made up of three policy areas or 'pillars:

1. Improving access to digital goods and services

Helping to make the EU's digital world a seamless and level marketplace to buy and sell.

2. An environment where digital networks and services can prosper

Designing rules which match the pace of technology and support infrastructure
development.

3. Digital as a driver for growth

Ensuring that Europe's economy, industry and employment take full advantage of what
digitalisation offers.
 LER
DEPOIS
The Commission will propose:

Rules to make cross-border e-commerce easier

To help cross-border e-commerce to flourish, the Commission updated EU rules (the e-commerce
directive), clarified contractual rights, and develop enforcement (cross border enforcement
cooperation).

Enforcing consumers rules

The Commission will review the Regulation on Consumer Protection Cooperation.

More efficient and affordable parcel delivery

The Commission will assess action taken by industry and launch complementary measures to
improve price transparency and enhance regulatory oversight of parcel delivery.

Ending unjustified geo-blocking

Geo-blocking is a practice used for commercial reasons by online sellers that result in the denial of
access to websites in other states. Geo-blocking, hence, limits consumer's opportunities and
choice, causing dissatisfaction and fragmentation of the Market. The Commission will make
proposals to end unjustified geo-blocking (see geo-blocking and rights of recipients).
 LER
DEPOIS
Launching an antitrust competition inquiry into e-commerce
The Commission launched a Competition Sector Inquiry to identify potential competition
concerns affecting European e-commerce markets.

A modern, more European copyright framework

Copyright drives creativity and the culture industry in Europe. Limits to cross-border access to
copyright protected content is common. This often means that you cannot take your own
content abroad, and that you cannot access many TV and radio programmes from other Member
States.
Innovation and research too are hampered by the lack of a clear EU-wide legal framework. It is
also necessary to ensure that the value generated by some of the new forms of online content
distribution is fairly shared. The Commission has proposed modernised copyright rules to
facilitate wider online availability of content across the EU, to modernise the framework of
exceptions and limitations and to achieve a well-functioning copyright market place.
 LER
DEPOIS
A review of the Satellite and Cable Directive
The Satellite and Cable Directive has been reviewed to assess whether and to what extent the
legal mechanisms similar to the ones established by the Directive could be used in the envisaged
EU copyright modernisation measures, in particular to facilitate the online cross-border
distribution of television and radio programmes.

Reducing VAT burdens

Companies trying to trade across borders face the obstacle and complexity of different VAT
systems. The Commission will propose to cut this burden for example with a single interaction
point, a common threshold, and simpler, single audits.
 LER
DEPOIS
The Commission proposes:

Overhaul of the telecom rules

On 14 September 2016 the Commission proposed a set of measures to ensure that everyone in the
EU will have the best possible internet connection to participate in the digital society and economy.
These proposals encourage investment in very high-capacity networks and accelerate the roll-out of
5G wireless technology and free Wi-Fi access points in public spaces.
This so-called connectivity package includes:
1.The European Electronic Communications Code: a single rule book for communication services,
and the revised BEREC Regulation
2.Common broadband targets for the Gigabit Society
3.A plan to foster European leadership in 5th generation (5G) wireless technology
4.A support scheme for public authorities to offer free Wi-Fi access to theri citizens.

A review of the audiovisual media framework

Europe's Audiovisual media rules need to be fit for the 21st Century. The review will focus on the
roles of different market players in the promotion of European works, and it will consider how to
adapt the existing rules (the Audiovisual Media Services Directive) to new business models for
content distribution.
 LER
DEPOIS
An analysis of the role of online platforms
Online platforms play an ever more central role in the market. The Commission will assess their
role, looking in particular at issues of transparency, use of information (i.e. the right to be
forgotten) relationships between platforms and suppliers, and how to tackle illegal content on the
internet.

Reinforcing trust and security in digital services and in the handling of personal data
The new EU Data protection rules, which entered into force in May 2016, are the basis for a review
of the e-Privacy directive.

A partnership with industry on cybersecurity

On 5 July 2016 the European Commission announced the launch of a contractual Public-Private
Partnership on cybersecurity. The aim of the partnership is to foster cooperation at early stages of
the research and innovation process and to build cybersecurity solutions for various sectors, such
as energy, health, transport and finance. The EU will invest up to 450 million in this partnership,
under its research and innovation programme Horizon 2020. Cybersecurity market players,
represented by European Cyber Security Organisation (ECSO), are expected to invest three times
more.
 LER
DEPOIS
To maximise the growth The Commission will:

Address barriers in the European Data Economy

The Commission considers some necessary steps to ensure the free flow of data by tackling data
location restrictions. It will also explore possible solutions to a number of legal uncertainties
emerging in the data economy, such as access to and transfer of non-personal machine-generated
data, data liability and portability of non-personal data, interoperability and standards.
The Commission has also launched a European Cloud initiative, covering certification, switching of
cloud service providers and a research cloud (see Cloud Computing contracts).

Define priorities for standards and interoperability

The Commission is concentrating on standards and interoperability critical areas to the Digital Single
Market, such as health, transport, planning and energy.

Support an inclusive digital society

An inclusive digital society is one where citizens have the right skills to seize the opportunities of the
digital world and boost their chance of getting a job.
A new e-government plan will also connect business registers across Europe, ensure different
national systems can work together, and that businesses and citizens have to put their data "once
only" to public administrations. The "once only" measure will potentially save around 5 billion per
year by 2017.
The ePrivacy Directive and the General Data Protection Regulation provide the legal
framework to ensure digital privacy for EU citizens. The European Commission has reviewed the
Directive to align it with the new data protection rules.

Informed consent for "cookies" and other devices

The ePrivacy Directive requires Member States to ensure that users grant their consent before
cookies (small text files stored in the user's web browser) are stored and accessed in computers,
smartphones or other device connected to the Internet.
The draft Regulation introduces the concept of "privacy by design" whereby users opt for a higher
or lower level of privacy.

Personal data breaches

Telecom operators and Internet Service Providers possess a huge amount of customers data, which
must be kept confidential and secure. However, sometimes sensible information can be stolen or
lost, or illegally accessed. The ePrivacy Directive ensures that the provider reports any "personal
data breach" to the national authority and informs the subscriber or individual directly of any risk
related to personal data or privacy.
The draft Regulation does not include specific provisions on personal data breaches but relies on
the relevant provisions of the General Data Protection Regulation.
Business process management is the
practice of reengineering and
optimizing an organizations
business processes for improved
performance, increased efficiency,
and effectiveness.

Fonte: Zoe Uwem

 No mundo atual existem trs tipos de
organizaes:

1. Aquelas que foram atacadas com

sucesso;

2. Aquelas que no sabem que

foram atacadas com sucesso; e

3. Aquelas que no querem saber se

j foram atacadas com sucesso.

Fonte: CGI
Threat
Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions,
image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via
unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Source: Glossary of Key Information Security Terms, eds. Richard Kissel, National Institute for Standards and Technology,
US Department of Commerce, NISTIR 7298, Revision 2, - 2013
The potential source of an adverse event.

Source: Glossary of Key Information Security Terms, eds. Richard Kissel, National Institute for Standards and Technology,
US Department of Commerce, NISTIR 7298, Revision 2, - 2013

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions,
image, or reputation), organizational assets, or individuals through an information system via unauthorized access,
destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to
successfully exploit a particular information system vulnerability.

Source: Glossary of Key Information Security Terms, eds. Richard Kissel, National Institute for Standards and Technology,
US Department of Commerce, NISTIR 7298, Revision 2, - 2013
risk
Definition: The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence,
as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated
consequences.

Adapted from: DHS Risk Lexicon, NIPP and adapted from: CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4,
SAFE-BioPharma Certificate Policy 2.5

risk analysis
Definition: The systematic examination of the components and characteristics of risk.

From: DHS Risk Lexicon

risk assessment
Definition: The product or process which collects information and assigns values to risks for the purpose of
informing priorities, developing or comparing courses of action, and informing decision making.

Extended Definition: The appraisal of the risks facing an entity, asset, system, or network, organizational
operations, individuals, geographic area, other organizations, or society, and includes determining the extent to
which adverse circumstances or events could result in harmful consequences.

Adapted from: DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4

risk management
Definition: The process of identifying, analyzing, assessing, and communicating risk and accepting, avoiding,
transferring or controlling it to an acceptable level considering associated costs and benefits of any actions
taken.

Extended Definition: Includes: 1) conducting a risk assessment; 2) implementing strategies to mitigate risks; 3)
continuous monitoring of risk over time; and 4) documenting the overall risk management program.

From: DHS Risk Lexicon and Adapted from: CNSSI 4009, NIST SP 800-53 Rev 4
The Global Risks Landscape 2016

Fonte: World Economic Forum - The Global Risks Report 2016

Fonte: Global Source Risk Perception Survey 2016
Fonte: Global Source Risk Perception Survey 2016
Fonte: Global Source Risk Perception Survey 2016
Fonte: Cyber Security & Information Systems Information Analysis Center
Electricity Subsector Cybersecurity Capability Maturity Model
Cybersecurity

Cybersecurity shall refer to security of cyberspace, where cyberspace itself refers to the set of links and
relationships between objects that are accessible through a generalised telecommunications network, and
to the set of objects themselves where they present interfaces allowing their remote control, remote access
to data, or their participation in control actions within that Cyberspace. Cybersecurity shall therefore
encompass the CIA paradigm for relationships and objects within cyberspace and extend that same CIA
paradigm to address protection of privacy for legal entities (people and corporations), and to address
resilience (recovery from attack).

Source: ENISA
Demasiados executivos vm a cibersegurana como uma funo das tecnologias de informao (TI).

Um ponto muito importante a compreender que a cibersegurana NO uma funo das TI.

Embora seja verdade que o departamento de TI que vai implementar as ferramentas e a tecnologia

usada para a proteger e defender o negcio, tudo o que a cibersegurana faz, ou falha a fazer, pode

ter um impacto significativo no valor da organizao.

A administrao/direo da organizao devem estar conscientes que um programa de

cibersegurana compreensivo necessrio para reduzir o nvel de risco ciber do negcio. Sem

um programa de cibersegurana a organizao est exposta a um nvel muito superior de

risco organizacional e financeiro.

Passos para comear a criar um programa de cibersegurana slido:

1. Tome uma deciso!

2. Contrate um responsvel pela cibersegurana;

3. Faa uma anlise estratgica de cibersegurana;

4. Distribua recursos financeiros;

5. Faa a gesto do elemento humano;

6. Construa ou subcontrate segurana;

7. Construa e organize a equipa de cibersegurana.

O CISO um executivo de nvel snior dentro de uma organizao responsvel por estabelecer e

manter a viso estratgia e os planos de ao com vista a assegurar que os ativos tecnolgicos e

informacionais se encontram devidamente protegidos e funcionais, assim como garantir que as

pessoas dentro da organizao so conscientes dos riscos e desenvolvem a sua atividade dentro

de parmetros de segurana aceitveis.

Do ponto de vista orgnico, o CISO no deve ser a mesma pessoa que executa a funo
de CTO/CIO e deve responder diretamente administrao ou direo geral. Porque
normalmente responsvel pelas funes de auditoria e conformidade no deve ter sob a
sua alada a gesto e a execuo de atividades TIC.
Responsabilidades de um CISO:

Auditoria de segurana;

Gesto do Risco;

Arquitectura de cibersegurana;

Compliance com normativos aplicveis;

Gesto da segurana da informao;

Sensibilizao interna;

Ponto de contato com o CNCS;

Desenvolvimento de capacidades de cibersegurana.

5 passos que deve tomar para melhorar a sua cibersegurana:

1. Tome a deciso de construir um programa de cibersegurana e comece a implement-lo;

2. Considere contratar um consultor externo para conduzir uma anlise estratgica de cibersegurana;
3. Atualize os objetivos estratgicos da organizao por forma a incluir a cibersegurana como uma das
prioridades de topo por forma a fazer chegar a todos a mensagem que leva a srio a preveno de
ciberataques e os subsequentes danos que iro causar;
4. Distribua recursos financeiros e humanos suficientes ao responsvel pela cibersegurana e
autorizao para que este constitua uma equipa com os recursos mnimos necessrios em formao,
em processos e tecnologias para manter o seu negcio seguro;
5. Comunique a toda a organizao que a cibersegurana uma prioridade de topo e que todos os
colaboradores tm responsabilidades de cibersegurana nas suas atividades dirias.
Fonte: Security At Work
Obrigado
vitor.morais@cncs.gov.pt