CII Protection - Lessons for Developing Countries: South Africa as a Case Study
We explore the process followed in formulating the South African CII (Critical Information Infrastructure) identification criteria and its application. We report on a three pronged approach that defines National Security, severity of CII security incidents and roles and responsibilities for CII protection. Our Criteria assumes the existence of basic ICT security roles within a country as per application of the South African criteria and its suitability for a country with limited resources. We conclude by recommending a CII protection approach that is best suited for developing countries based on our experiences.
KeywordsNational Security Critical Infrastructures Critical Information Infrastructures South African CII Identification Criteria
Unable to display preview. Download preview PDF.
- 1.Dunn, M., Wigert, I.: The International CIIP Handbook 2004: An Inventory and Analysis of Protection Policies in Fourteen Countries, Centre for Security Studies (2004)Google Scholar
- 2.Suter, M.: A Generic National Framework For Critical Information Infrastructure Protection (CIIP) By Manuel Suter, Center for Security Studies, ETH Zurich (2007), http://www.itu.int/ITU-D/cyb/cybersecurity/docs/generic-national-framework-for-ciip.pdf
- 4.Electronic Communications Security Pty (Ltd) Act (Act 68 of (2002), http://www.info.gov.za/view/DownloadFileAction?id=68106
- 5.Electronic Communications and Transactions Act (Act 25 of 2002), http://www.acts.co.za/ect_act/
- 6.National Key Points Act (Act 102 of 1980), http://www.midvaal.gov.za/LinkClick.aspx?link=NATIONAL+KEY+POINTS+ACT+102+OF+1980.doc&tabid=259&mid=893
- 7.Draft ITU National Cyber security/CIIP Self-Assessment Tool (2008), http://www.itu.int/ITU-D/cyb/cybersecurity/projects/readiness.html