Climate Resilient & Equitable Water Systems Capital Scan

Climate change is affecting water supply, water management and the health of communities in U.S. cities. Changes in the timing, frequency and intensity of precipitation are placing stress on the built and natural systems that provide fresh water, manage storm water, and treat wastewater. Droughts are shrinking the water supply; heavy rainfall overburdens storm water systems, causing flooding in homes and neighborhoods. Low-income people and communities of color are often the most vulnerable to climate change, living in low-lying areas and lacking the resources to adapt and cope with challenges associated with these patterns.The cumulative impact of climate change on water resources not only leads to a reduction in water quality and the destruction of homes and property, but it can also be a threat to public health, force relocation of communities and cause economic harm.The vision of Kresge's Environment Program is to help communities build resilience in the face of climate change. We believe that cities are central to action on climate change and equity must be a fundamental part of our work in climate adaptation, climate mitigation and building social cohesion

Information security risk management in the South African small, medium and micro enterprise environment

The small, medium and micro enterprise (SMME) environment of South Africa contributes 42% to the national gross domestic product. This is a high number for a largely under-regulated environment. The corporate governance and IT governance standards that apply to South African companies are not feasible for SMMEs, and neither are they enforced, although 80% of failures of SMMEs are attributable to lack of enterprise management skill. The first objective of this dissertation is to examine the South African SMME, and in so doing determine whether local regulatory standards can be used for this unique enterprise formation. The second objective of this dissertation is to determine whether international methodologies for information security risk management, as an inclusive of IT governance, may be used in the unique local SMME formation. The result of these two objectives creates a gap in a typical information security risk management methodology that is suitable for the South African regulatory and economic environment for SMMEs. A model has been created as a possible answer for filling the gap. The dissertation includes the Peculium Model, which answers the regulatory and economic requirements that resulted from the second objective. The Model allows the small enterprise a simple but effective method for managing risks to its information assets, with the control of corporate governance and IT governance included in its framework. The Model answers the methods for identifying and assessing risk in a tradition-based but feasible new qualitative technique.Labuschagne, L., Prof

Gap analysis of ISO/SAE 21434 – Improving the automotive cybersecurity engineering life cycle

Due to the ongoing legislative shift towards mandatedcybersecurity for road vehicles, the automotive cybersecurityengineering standard ISO/SAE 21434 is seeing fastadoption throughout the industry. Early efforts are focusing onthreat analysis and risk assessment (TARA) in the concept anddevelopment phases, exposing the challenge of managing TARAresults coherently throughout the supply chain and life cycle.While the industry focuses on TARA, other aspects such asvulnerability or incident handling are receiving less attention.However, the increasing threat landscape makes these processesincreasingly important, posing another industry challenge.In order to better address these two challenges, we analyzethe cybersecurity engineering framework of ISO/SAE 21434for gaps or deficiencies regarding TARA management andvulnerability and incident handling, as well as similar processesfor incident handling in IT security. The result is a proposalfor modifications and augmentations of the ISO/SAE 21434cybersecurity engineering framework. In particular, we proposea TARA management process to facilitate the coordination andinformation exchange between different systems and life cyclephases, and we propose improvements to the vulnerability andincident handling processes in ISO/SAE 21434 so that they aremore aligned with established standards. This amounts to 13new terminology definitions, 4 new process steps, 2 modifiedprocess steps and 1 entirely new process

‘Top 4’ strategies to mitigate targeted cyber intrusions: mandatory requirement explained

Introduction The Top 4 Strategies to Mitigate Targeted Cyber Intrusions (the Strategies) are the most effective security controls an organisation can implement at this point in time based on the our current visibility of the cyber threat environment. The Australian Signals Directorate (ASD), also known as the Defence Signals Directorate (DSD), assesses that implementing the Top 4 will mitigate at least 85% of the intrusion techniques that the Cyber Security Operations Centre (CSOC) responds to. For this reason, the Attorney‐General\u27s Department has updated the Australian Government Protective Security Policy Framework (PSPF) to require Australian government agencies to implement ICT protective security controls as detailed in the Australian Government Information Security Manual (ISM) to meet ASD\u27s Top 4 Strategies. Document scope This document provides specific implementation information on the Top 4 Strategies, including: information on the scope of and steps to manage the mandatory requirement; and some technical guidance for IT system administrators to planning and implementing the Top 4 Strategies in a typical Windows environment. This document focusses on implementing the Top 4 in a Windows environment, as the majority of government business is currently conducted using Windows operating systems. For agencies seeking implementation advice for systems that use other operating environments, ASD recommends seeking advice from your agency systems integrator or vendor in the first instance. Additionally, ASD recommends conducting research using open source publications, forums and resources available on the operating system and how each of the Top 4 could be implemented. If your agency finds it is not possible or feasible to implement the Top 4 in a non‐windows environment, you should follow appropriate risk‐management practices as outlined in the ISM

Electronic security - risk mitigation in financial transactions : public policy issues

This paper builds on a previous series of papers (see Claessens, Glaessner, and Klingebiel, 2001, 2002) that identified electronic security as a key component to the delivery of electronic finance benefits. This paper and its technical annexes (available separately at http://www1.worldbank.org/finance/) identify and discuss seven key pillars necessary to fostering a secure electronic environment. Hence, it is intended for those formulating broad policies in the area of electronic security and those working with financial services providers (for example, executives and management). The detailed annexes of this paper are especially relevant for chief information and security officers responsible for establishing layered security. First, this paper provides definitions of electronic finance and electronic security and explains why these issues deserve attention. Next, it presents a picture of the burgeoning global electronic security industry. Then it develops a risk-management framework for understanding the risks and tradeoffs inherent in the electronic security infrastructure. It also provides examples of tradeoffs that may arise with respect to technological innovation, privacy, quality of service, and security in designing an electronic security policy framework. Finally, it outlines issues in seven interrelated areas that often need attention in building an adequate electronic security infrastructure. These are: 1) The legal framework and enforcement. 2) Electronic security of payment systems. 3) Supervision and prevention challenges. 4) The role of private insurance as an essential monitoring mechanism. 5) Certification, standards, and the role of the public and private sectors. 6) Improving the accuracy of information on electronic security incidents and creating better arrangements for sharing this information. 7) Improving overall education on these issues as a key to enhancing prevention.Knowledge Economy,Labor Policies,International Terrorism&Counterterrorism,Payment Systems&Infrastructure,Banks&Banking Reform,Education for the Knowledge Economy,Knowledge Economy,Banks&Banking Reform,International Terrorism&Counterterrorism,Governance Indicators