C8531 E-crime Action Plan Eng WEB

8/4/2019 C8531 E-crime Action Plan Eng WEB

1/32

www.ecrimewales.com

e-Crime Wales

Action Plan 2008


2/32


3/32

www.ecrimewales.com 3

e-Crime Wales Action Plan

Contents

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5

1. Establishing an e-Crime Wales Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Action 1.1: Establishing management of the Unit . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Action 1.2: Providing field resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Action 1.3: Creating the e-Crime Wales Website . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Action 1.4: Organising the Annual e-Crime Summit . . . . . . . . . . . . . . . . . . . . . . . . . .11

2. Supporting businesses to combat e-Crime . . . . . . . . . . . . . . . . . . . . . . . . . .13

Action 2.1: Development of business support resources . . . . . . . . . . . . . . . . . . . . . .13

Action 2.2: e-Security training for ICT professionals . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Action 2.3: Developing the Welsh workforce . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17

3. Raising awareness of e-Crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Action 3.1: Over-arching PR & Communications Strategy . . . . . . . . . . . . . . . . . . . . .19

Action 3.2: e-Security Business Awareness Campaign . . . . . . . . . . . . . . . . . . . . . . . .20

Action 3.3: Law Enforcement Awareness Programme . . . . . . . . . . . . . . . . . . . . . . . .22

4. Reporting and monitoring of e-Crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Action 4.1: Undertaking an e-Crime Impact Study . . . . . . . . . . . . . . . . . . . . . . . . . . .26

Action 4.2: Cross-Sector Reporting Partnerships . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27


4/32

4 www.ecrimewales.com



5/32



Introduction

The threat posed by malicious attack and security breach make concrete strategies andclear, well-developed organisational IT security policies an imperative for all businesses ofthe 21st century. Although many organisations operating in the private, voluntary orpublic sectors are aware of the need for action not all have the resources of finance andof knowledge and skills, to implement such policies on their own. There is also a need toraise awareness and understanding among all organisations be they private, voluntary orpublic of what e-Crime is; what implications it can have, and how it should be reported.

e-Crime Wales has been formed as a partnership of public and private sector organisationsthat are committed to equipping Welsh businesses with the knowledge and tools to beaware, vigilant and ultimately safe from the damaging effects of e-Crime in all its forms.

The mandate to deliver on these objectives is provided by the Welsh AssemblyGovernment, and this Action Plan sets out the steps needed to achieve them.

The e-Crime Wales Steering Group is made up of organisations that have a stake in combatinge-Crime in Wales. The Steering Group will support the Welsh Assembly Governmente-Crime Wales Unit to implement the Action Plan by providing strategic steer, advice andsupport for specific actions where appropriate.

The Action Plan supports the vision of e-Crime Wales for every business in Walesto be able to

Recognise e-Crime when they see it.

Share their experiences of e-Crime. Understand the magnitude of e-Crime; just like real crime it has extremely serious

implications to lives and livelihoods. Know the practical steps to take in order to avoid becoming a victim of e-Crime. Learn the correct process for reporting e-Crime to the relevant authorities. Have the resources and support they need from police, government and private sector. Continue exploiting the benefits of ICT adoption without hindrance from the fear.

or obstacle of e-Crime.


6/32

www.ecrimewales.com

e-Crime Wales Action Plane-Crime Wales Action Plan


7/32


Establishing an e-Crime Wales Unit

1. Establishing an e-Crime Wales Unit

The e-Crime Wales Steering Group will take the lead in ensuring that this Action Plan achieves the objectivesset out in the 2005 e-Crime Wales Manifesto and endorsed by the Welsh Assembly Government.Members of the Steering Group will champion and act as ambassadors for e-Crime Wales. They will promote

partnership and collaborative approaches to the fight against e-Crime in Wales, and involve a wide range ofstakeholders in this process including police forces and legal authorities; government departments andagencies; business groups and businesses; communities and the general public.

The e-Crime Wales Unit of the Welsh Assembly Government will report to the e-Crime Wales Steering Group.

The Unit is the responsibility of the Welsh Assembly Government but include staff seconded from Welshstakeholder bodies. The Unit will be responsible for formulating and carrying out the policy of the WelshAssembly Government with respect to e-Crime, and will take forward the activities contained in this ActionPlan. The e-Crime Wales Steering Group will have overall strategic responsibility for the e-Crime Wales Unit.

Action 1.1: Establishing management of the Unit

The e-Crime Wales Unit will be responsible for implementing the e-Crime Action Plan. The Unit will eitherperform a supporting role, geared to implementing actions that require development work, or an organisationalrole, depending on the Action area and circumstances.

The Unit will consist of five permanent posts, created to support day-to-day management and implementationof the e-Crime Action Plan. The team will be led by an e-Crime Project Manager, who will report back intothe Steering Group and have overall responsibility for managing the Action Plan. The Project Manager will be

supported by a team of Executives and an administrator who will each be responsible for specific actionsfrom the plan.

Key activities

Development of job specifications and roles

Recruitment of an e-Crime Wales Unit

General organisational and development work

Action 1.2: Providing field resources

Up to five police officers will be resourced to support implementation of the e-Crime Wales Action Plan.

There will be one e-Crime Team Supervisor, who will be seconded to the Welsh Assembly Government andbased within the e-Crime Wales Unit, and four Regional Business e-Crime Officers, each based in one of thefour Welsh police forces.

Role of the e-Crime Team Supervisor

The e-Crime Team Supervisor will be a Police Sergeant who will be seconded into the e-Crime Wales Unit

from one of the Welsh police forces for the duration of the Action Plan. The e-Crime Supervisor willstrengthen the profile of the Unit by bringing to the team their knowledge of the law, police policy andprocedure, and their experience of identifying and co-ordinating criminal investigations.


8/32


The presence of a Police Sergeant at the heart of the e-Crime Wales Unit also sends a strong message tobusinesses and other organisations across Wales that the Welsh Assembly Government and the four Police

forces in Wales takes e-Crime seriously and is prepared to deploy resources to deal with it.The e-Crime Team Supervisor will co-ordinate the activities of the Regional Business e-Crime Officers,and act as the link between these Officers and the rest of the e-Crime Wales Unit. As such, the e-Crime

Team Supervisor will play an important role in ensuring that the Unit operates as a Wales-wide, cohesive,and focused whole.

Role of the Regional Business e-Crime Officers

The four Regional Business e-Crime Officers will be appointed to this role from within their

home police forces.

The Regional Business e-Crime Officers will act as a Single Point Of Contact (SPOC) on e-Crime to businessesin their areas. There are three elements to this role: the Officers will record - and if appropriate, investigate - incidents of e-Crime occurring in Wales; they will provide a focal point for e-Crime awareness-raising activities among their police forces and the local

community, and they will supply the e-Crime Wales Unit with intelligence and up-to-date information on e-Crime,

including any new areas of activity by e-criminals and emerging threats.

This information will be shared with a wide audience via the e-Crime Wales website 1

Reporting lines

The e-Crime Team Supervisor will be responsible for the day-to-day management and co-ordination of thefour Regional Business e-Crime Officers, and will report into the e-Crime Project Manager. However, the fourRegional Business e-Crime Officers will have line managers within their home force structures, as well asreporting centrally into the e-Crime Team Supervisor.

Key activities

Identify and appoint to 5 police officers

Deliver e-Crime awareness activities to police forces and community organisations

Feed back field intelligence to the e-Crime Wales Unit for dissemination via e-Crime Wales website


1. See Action 1.3 opposite


9/32


Action 1.3: Creating the e-Crime Wales Website

A vital action for the success and sustainability of e-Crime Wales is the creation of a central information websiteto ensure that information on e-Crime is made accessible to Welsh businesses and to provide a repository forcapturing the new information that will be produced as a result of improved monitoring and awareness ofe-Crime activities.

The e-Crime Wales Steering Group will take a strategic leadership role in developing and maintaining thecentral information website, ensuring that it serves the needs of all stakeholders in e-Crime Wales and is able toinfluence organisations in the field, from businesses needing to access information to ICT professionals whohave information to contribute to the resource. The Steering Group will also be responsible for forging clearlinkages and co-operating with other development bodies that have similar roles both locally and nationally.

The e-Crime Wales Unit will assume overall responsibility for the day-to-day management of the e-Crime

Wales website. This will involve overseeing the functioning of the website, and promoting and maintaining anymaterial placed in it.

The e-Crime Wales website will have 3 objectives:

to act as a co-ordinating point for those agencies involved in developing e-Business skills andtackling related issues;

to act as a conduit for the Welsh business community, both gathering information and providing it tothose seeking advice and direction on issues relating to e-Crime;

to act as a resource for the dissemination of new developments and relevant up-to-date information.

The e-Crime Wales website will not replace UK and Wales-wide programmes and information networks that

already target businesses in Wales2

but will work alongside these, providing a single point for co-ordinatingactivities relevant to e-Crime.

The e-Crime Wales website will be a repository of information and will ensure that e-Crime issues arecommunicated to other networks and activities at Wales and UK level. It will also input into other relevante-business activities alongside these other organisations.

For businesses, the e-Crime Wales website will have a dual function. It will be a place where they can accessclear, up-to-date information about e-Crime threats and how to prevent them and, more specifically, a placewhere they can be signposted towards the specific forms of support provided by the various agencies involvedin e-Crime Wales.

From the perspective of the members of e-Crime Wales, the e-Crime Wales website will function as astrategic, central location for the gathering and dissemination of new information and intelligence. As anaccessible repository of information about e-Crime activity and prevention it will have a cumulative aspectthat will be invaluable in the drive to prevent e-Crime. As businesses begin to feed their needs back into it,the e-Crime Wales website will provide fresh ideas and rationale for the development of innovative businesssupport programmes and other interventions.


2. For example, the all-Wales information service provided by Business Eye, or the work of e-Skills Wales (part of e-Skills UK). (e-Skills Wales isresponsible for the Sector Skills Agreement for IT: Action Plan for Wales 2005-2008).


10/32


Implementation tasks

Phase 1: Current Activity Audit

The first step in creating the e-Crime Wales website will be an audit of existing e-Crime information sourcesand supports. These may be either internal or external to Wales; the objective here is to assess the qualityand quantity of the information resources and infrastructures currently available to the business communityin Wales. The audit will identify what activities are currently underway or anticipated at UK level in terms ofe-Crime, what agencies are involved in tackling e-Crime and who the key personnel within these agencies are.Later, e-Crime Wales will seek to build relationships with these individuals for the purposes of co-operation andco-ordination. The audit will also review what e-Business support and advice activities are currently underwayin Wales, and will identify any gaps that the e-Crime Wales website could fill by developing and makingavailable new material.

Phase 2: Design and population of e-Crime Wales website

The e-Crime Wales website (www.ecrimewales.com) will provide the initial point of contact for businessesand social enterprises with e-Crime issues. The e-Crime Wales Unit has already commissioned the design ofthe website, which will connect and integrate e-Crime related activity in Wales and become the backbone ofthe e-Crime support infrastructure.

The website will be a trusted, reliable and relevant source of information for Welsh businesses and othere-Crime Wales stakeholders to turn to for e-Crime advice, information and guidance.

Once the website is fully operational, a number of issues need to be addressed in relation to its populationwith information. Where the audit identifies schemes and materials already in existence, the e-Crime Wales

Unit will contact the owners or authors and obtain their permission to use materials directly, with relevantco-branding from e-Crime Wales. If the audit identifies areas where information or advice on a particular topicis missing, the e-Crime Wales Steering Group will be able to commission any work needed to fill the gaps,provided it deems this relevant and useful to Welsh businesses.

Information gathered during the audit of current activities in Phase 1 will be translated into a format that isaccessible for general business users of the e-Crime Wales website. The information gathered from anyresearch and development exercises commissioned to fill gaps will be added incrementally to the e-Crime

Wales website, becoming available to anyone wishing to access it.

The e-Crime Wales Unit will be responsible for maintaining and updating information in the e-Crime Wales website.This will involve: providing support during the development of the website, ensuring the co-ordination of thewebsite with other UK activities and with general business support activities in Wales (notably via Business Eye),and sign-posting businesses to relevant sources of information.

Finally, the Unit will continue to support the e-Crime Wales Steering Group by bringing to its attention any newareas in the e-Crime Wales website that could benefit from the addition of new, or more detailed, information.If the e-Crime Wales Steering Group approves further work, the Unit will be responsible for commissioning thenew projects.



11/32


Phase 3: Maintaining a feedback loop

A further task for the e-Crime Wales Unit will be the facilitation of a feedback loop amongst businesses,business support providers, the Welsh police forces, economic development agencies and ICT professionals.

The feedback loop will allow organisations to obtain new information and intelligence on e-Crime in Wales as itbecomes available.

It is crucial that this information is well-maintained and regularly updated and therefore the e-Crime Waleswebsite will need to be constantly refreshed and supplemented with new information as this emerges fromother Actions in this Plan. Feedback information will include new intelligence from police forces, new supportmeasures aimed at meeting specific business needs, information on e-Crime legislation and regulation, data onemerging trends as observed by ICT professionals in the field, and solutions resulting from innovative practicesdeveloped by businesses themselves.

Key activities Development of a brief for tender of current activity audit Commission audit of current activity and identify gaps in provision Finalise specification for the e-Crime Wales website (www.ecrimewales.com) Populate www.ecrimewales.com with initial resources Market and publicise launch of e-Crime Wales website Commission e-marketing campaign to direct relevant traffic towards the website. Maintain and update content and functionality to aid the ongoing quality of the website as a trusted

and relevant source of information.

Action 1.4: Organising the Annual e-Crime Summit

The e-Crime Wales Unit will assume responsibility for organising and delivering a major annual e-CrimeSummit. This will require the Unit to identify speakers, book venues, and work with the e-Crime WalesSteering Group and other stakeholders to decide the thematic focus and appropriate content for eachSummit.

The e-Crime Wales Unit will liaise with appropriate members of the Steering Group and other experts in orderto develop material for use at the Summits.

The e-Crime Wales Unit will have key responsibilities in terms of developing material for use at the otherworkshops and training events highlighted in the Actions of this Plan3. In addition, the Unit will be responsible

for managing workshop and event logistics in general. This will involve ensuring that venues are booked,workshop material is produced and sent out, and that the appropriate businesses and other participants areidentified and invited to attend.

Key activities

Organisation of annual e-Crime Summit Commissioning and dissemination of e-Crime Workshop materials


3. See primarily Action 3 (page 14) and Action 4 (page 20)


12/32




13/32



www.ecrimewales.com

2. Supporting businesses to combat e-Crime

The e-Crime Wales Action Plan sets out the steps needed to improve the amount and the quality of the intelligenceavailable on e-Crime, and to strengthen the feedback loops that link companies, business advisors, the police,and other public agencies. The presence of readily-available information and open lines of communication is

particularly important for the success of this Action, which is concerned with ensuring that businesses have theadvice and support they need to combat e-Crime. This is a particularly pressing need since experience suggeststhat, due to limited knowledge and resources, the majority of businesses - and many other organisations as well -are inclined to assess and manage their IT risks inadequately, preferring to hope that a problem will not arise.

Businesses need to be helped to overcome their limitations and placed in a position to deal with the e-Crimechallenges that they face on a daily basis. A well-developed and well-managed support programme providingaccess to information, advice and practical support tools is therefore a key action.

A certain level of IT-security support provision already exists in Wales, but it is often delivered as part of broader andmore generic IT advice and support. There is room to improve the co-ordination of different approaches andproviders, and to ensure that any changes made are based on a robust understanding of e-Crime levels and impacts.

A single point of initial contact for those providing, and those seeking information and support about e-Crime, is anessential first step. This will allow companies and individuals to access up-to-date information and get referrals tospecialist advice and support. Providers of business and IT support also need accurate and reliable information one-Crime prevention so that they can deal adequately with their client businesses. Information, knowledge, supporttools, and approaches that build on existing experience and good practice will therefore be a priority.

Action 2.1: Development of business support resourcesAdvice on how to identify and report e-Crime is essential for businesses. However, support that will allowbusinesses in Wales to take action to prevent e-Crime is also vital. When businesses have identified potentialproblems, they seek to deal with them quickly and effectively but often they lack the resources and guidanceto do this properly.

The actions here are therefore about connecting users of e-Crime resources and guidance materials with theproviders. The e-Crime prevention measures must be easily absorbed and trusted by businesses, and publicagencies must further stimulate demand for acceptable e-Crime prevention practices by, for example,building e-Crime standards into their own e-procurement practices.

The following resources and guidance are required and will be developed or integrated into awide-ranging resource kit of business support:

Easy-to-follow ICT security and e-security guidelines and standards for Welsh SMEs will be made widelyavailable to small and medium-sized businesses.

Fact sheets will be made available through the e-Crime Wales website and at awareness raising activities andinformation days. ICT management and business risk management tools (linked to existing business supporttools around use of ICT4)

The incorporation of e-Crime skills into appropriate accreditation systems for Welsh ICT professionals. Guide to sources of support for implementation of effective e-security.

The Department for the Economy and Transport of the Welsh Assembly Government will take the lead in

ensuring the delivery of this action. However, it will work in partnership with other ICT and e-Crime agencies 5.

Supporting businesses to combat e-Crime

4. Building on but simplifying existing standards such as BS7799 (now ISO27001:2005 and ISO27002:2005).


14/32



Phase 1: Research and definition

As part of the audit carried out under Action 1.3, the existing support offer, both from Wales-based initiativesand UK-wide schemes that are accessible in Wales, will be analysed. The results will inform the refinement anddevelopment of new support resources and guidance to be offered to Welsh businesses. A small workinggroup will be established to assist in defining the resources and guidance to be developed.

Phase 2: Refinement and verification

The resources that are defined by the working group will be developed either by allocating responsibility tovarious ICT practitioners within the organisations represented on the working group or, in exceptionalcircumstances, by commissioning external experts to design specific elements.

Prior to completing the development of the resources and supports, it will be important to verify them with apanel of public and private sector business intermediaries to ensure that they are relevant, effective andcapable of being efficiently delivered by a wide range of support providers.

Phase 3: Packaging

Following verification, the resources and guidance will be assembled, branded and packaged as a coherentresource kit for combating e-Crime in Wales. This will require professional marketing and design input.

Phase 4: Training & dissemination

The resource kit will be made available for delivery by the business support community across Wales aftersuitable training. The kit will be available to both private and public enterprises in order to foster universalapplication of good practice.

The e-Crime Wales website created in Action 1.3 will be used to direct businesses to appropriate businessadvice and support that uses the kit.

Phase 5: Stimulating demand for e-security

Following the dissemination of the resource kit to businesses, e-security standards will be embedded asminimum requirements in e-procurement procedures by public bodies in Wales. This will directly stimulatedemand from businesses for e-security investments and will also contribute to the e-Crime prevention

programme in Wales. The resource kit will offer support and signpost companies to funding mechanismsintended to help small firms meet these standards, thereby helping to make Wales a better place to dobusiness.


5. Including, as appropriate, the Serious Organised Crime Agency (SOCA) or the Police Central e-Crime Unit (PCeU) currently proposed by theMetropolitan Police. Within Wales, e-Crime Wales will work with the ICT and business support structures established by the Welsh AssemblyGovernment.


15/32



www.ecrimewales.com

Key activities

The following outlines the key activities associated with the implementation of this action.

Research and definition Establishment of a business support services working group Development of support resources and guidance Identification of e-security standards within existing e-procurement standards Commissioning of development work (if required) Launch of new e-security standards or re-launch of existing standards

Action 2.2: e-Security training for ICT professionals

The Department for the Economy and Transport has principal responsibility for providing ICT support to

businesses in Wales. The programmes managed by the Department typically operate using independent ICTprofessionals who act as consultants to companies, analysing their needs and assist them to select solutionsthat are appropriate to their business. Many small and medium-sized companies also employ their own ICTmanagers, who also need to keep their skills and knowledge up-to-date. Only where ICT professionalsthemselves have advanced e-security skills and knowledge can they adequately consider the security aspectsof businesses ICT operations.

The Department for the Economy and Transport will use its leadership in managing the provision of ICT advicein Wales to encourage ICT professionals - both external consultants and those employed within companiesand other organisations - to review their existing skill levels. This will be done by capitalising on work alreadyundertaken to categorise skill requirements such as the National Occupational Standards that have been

developed for IT users and IT professionals by e-Skills UK6

, and using these to design a skills audit. Once theaudit has been completed, suitable training opportunities will be identified, or developed if necessary.

While general training goals and workforce development are not a core part of Department for the Economyand Transport responsibility, the Department is responsible for ensuring that ICT advice provided underpublic sector business support schemes is sound and incorporates adequate levels of e-Crime prevention.Drawing on the expertise of relevant organisations and the work undertaken in Wales already, the Departmentfor the Economy and Transport, with support from the e-Crime Wales Unit7, will take on the mainresponsibility for encouraging ICT professionals to upgrade their skills.


6. The Sector Skills Council for IT and Telecoms

7. For example, the Welsh Assembly Government Department for Children, Education, Lifelong Learning and Skills (DCELLS), and e-Skills UK


16/32



Phase 1: Internal e-security skills audit

The Department for the Economy and Transport will initially establish the need for e-security training on thepart of the ICT professionals by commissioning an audit and assessment of the e-Crime skills needs of ICTprofessionals in Wales. This assessment will be informed by the National Occupational Standards and theNational Vocational Qualification for IT Users (known as the ITQ), which have both been developed by e-Skills UK8

, and by any relevant material that has been collected as part of preparations for the annual e-Crime Summit.Members of the e-Crime Wales Steering Group will also contribute their expertise where relevant, for exampleon technical aspects, risk management and compliance issues.

Phase 2: Setting up of e-security skills working group

The task of auditing the skill needs of ICT professionals will be used as an opportunity to set up a working groupto deal with all e-Crime skills and training aspects. Representatives from the Department for Children,Education, Lifelong Learning and Skills who are members of the e-Crime Wales Steering Group will engagewith key Welsh ICT training organisations to form a working group charged with taking workforce developmentactivities forward. The working group will develop a methodology to identify exact skill needs. It will alsohighlight the extent to which e-security-related ICT knowledge is already embedded in the e-skills activitiesthat are part of wider ICT training provision in Wales.

Phase 3: Training plan implementation

Following the audit, individual and joint training plans for use by their own professionals and advisers will be

developed by the ICT training organisations participating in the working group. These plans will take account ofthe potential for joint training activities to be organised - either by private sector ICT training organisations, or byinstitutional providers of formal training opportunities. Regular auditing of e-Crime skills will subsequently beembedded in staff appraisal processes of all participating organisations.

Where a fundamental need for training is identified, the Department for the Economy and Transport will takethe lead in identifying exact skill needs in collaboration with the Department for Children, Education, LifelongLearning and Skills. In view of the link between this e-Crime prevention work and broader activities arounddevelopment of IT skills in the workforce, expertise will be sought from ICT training experts in Wales.

Phase 4: Promoting e-security training to external ICT professionals

A series of information days will be organised for ICT professionals. This target group encompasses consultants,who provide advice through other public sector schemes and organisations or work independently withbusinesses, and ICT managers who are employed within companies. The objectives here are to raise awarenessof the need for specific training and to make support and guidance available to companies so that they canundertake an internal audit of employees e-skills. Other ICT skills initiatives sponsored by the public sector willalso be used to encourage a wider group of ICT professionals (both external consultants and company ICTmanagers) to review and enhance their e-security skills.


8. e-Skills UK (www.e-skills.com) has also developed several tools to help employers and individuals identify IT skills and competencies, and to assess whereskills or development gaps lie. For example, the e-Skills Passport, which supports the development of IT users, and the Skills Framework for theInformation Age (SFIA) Profiler, which is aimed at IT professionals. These tools may also offer useful frameworks to inform the analysis of broad skill needs.


17/32


Key activities

Verification of training needs

Development of detailed skills audit Skills audit Establishment of e-Crime Wales working group on e-security skills Training plan development Joint training workshops Off-the-shelf training Information days for a wider audience of ICT professionals

Action 2.3: Developing the Welsh workforce

General ICT skills have consistently been identified as a key skills area by various studies and strategy documents 9.ICT learning opportunities for the Welsh workforce are thus already an integral part of the training portfoliooverseen by the Department for Children, Education, Lifelong Learning and Skills. The task of the e-Crime

Wales Steering Group is therefore to work with the Department for Children, Education, Lifelong Learning andSkills to:

Ensure adequate integration of e-security skills provision in this wider portfolio of learning opportunities; and

Put in place appropriate access routes for companies by including ICT risk management and relatede-security skills in the audits carried out by business advisers.

In addition, e-Crime Wales will use the working group set up as part of Action 2.2 to explore the scope for

further co-operation with relevant ICT training organisations in Wales and to anchor ICT risk management ande-security skills in the training agendas of Welsh companies in the medium and long term.

The stakeholders in e-Crime Wales generally and the Department for the Economy and Transport in particularhave realised that e-security skills above and beyond general ICT skills are a fundamental prerequisite forcompanies to thrive in the Information Society. As European Structural Funds for 2007-2013 come on streamin Wales, the Department for the Economy and Transport will contract with external organisations for deliveryof ICT and other business advice services for small and medium-sized businesses. As such, the Departmentwill be responsible for ensuring that the skills of individuals working on its programmes are of appropriatestandard and quality. Other stakeholders in e-Crime Wales, particularly the Department for Children,Education, Lifelong Learning and Skills which is responsible for delivering workforce training goals, fulfil a similar

quality assurance role as part of their programme management responsibilities. Representatives of theDepartment for Children, Education, Lifelong Learning and Skills at the Welsh Assembly Government willtherefore take the lead in extending the training element of e-Crime Wales to the wider ICT skills agenda .


9. A Winning Wales Future Skills Wales, Skills and Employment Action Plan 200410. The working group set up under Action 2.2 will bring together the structures and expertise available through the Department for Children, Education,

Lifelong Learning and Skills, e-skills UK and other relevant Sector Skills Councils. Members of the group will work together to carry out any developmentneeded to reinforce structures, or to integrate provision of specialised e-security training with wider ICT skills development.


18/32




Phase 1: Review and upgrading of current e-security skills

The WAG representatives of the e-Crime Wales Steering Group will initiate exchanges with the Department forChildren, Education, Lifelong Learning and Skills and training organisations with a view to conducting a reviewof current provision in Wales of ICT risk management and e-security skills training for Welsh workforces.

The information already available in Wales via e-Skills UK, together with any additional material gathered as partof the development work for the e-Crime Wales website will form the basis for deliberations in a workinggroup. Where gaps in provision are identified, e-Crime Wales will work with the Department for Children,Education, Lifelong Learning and Skills to facilitate any necessary development work.

Phase 2: Integration of e-security audit in business support services

The Department for the Economy and Transport and the Department for Children, Education, LifelongLearning and Skills will review existing referral mechanisms with a view to including audit tools that can be usedto identify ICT risk management and e-security skill needs.

Phase 3: Joint e-security developments with ICT training organisations

Building on these concrete steps, e-Crime Wales through the e-Crime Wales Unit will consider joint activitieswith ICT training organisations to promote e-Crime prevention. The e-Skills Wales group within e-Skills UK maybe a useful forum for co-operating on this, since the third strategic objective of the e-skills Wales Action Plan,Developing adults and the existing workforce; focuses on the development and uptake of work-based ITskills development.

Key activities

Review of current provision

Course development work

Review and refine new Department for the Economy and Transport-Department for Children, Education,Lifelong Learning and Skills referral mechanisms

Integration of ICT risk management and e-security aspects in existing training tools

Integration of accreditation with e-business network activities

Promotion of ITQ (the National Vocational Qualification in IT) and accompanying e-Skills Passport tool,

together with any other relevant accreditations.


19/32



www.ecrimewales.com

3. Raising awareness of e-Crime

e-Crime is a relatively new phenomenon and many simple steps that could be taken to protect against itremain unknown or unused by the majority of ICT users. A degree of basic understanding of technologicaldevelopments and their impact on businesses will often be sufficient to prompt businesses into actionand change their routine behaviours. Although e-Crime affects all parts of society, arguably it is thebusiness community - both large and small companies, that feels the greatest impact from e-Crime.

Whilst premeditated attacks carried out by hackers and viruses are clearly of great concern for all businesses,more often than not these attacks are targeted at well-known, large, corporate companies. It is rarer for smalland medium sized enterprises to be singled out for a targeted, malicious attack; more frequently it is humanerror, or a collective failure by the organisation to protect itself that is the root cause of a security breach.

Awareness-raising is thus needed at many different levels and should be tailored to suit the information needsof different target groups. Research has shown that businesses are inclined to give credence to the impact thatserious breaches of security could have on their organisation, but despite this the majority of businesses remainconfident that their current technical security processes, often based on conventional, off-the-shelf anti-virusand firewall software, provide sufficient protection11 . Sole reliance on these systems is, however, not sufficientto provide comprehensive protection from attacks by increasingly sophisticated hackers and virus designerswho are able to bypass traditional security programmes.

Making available up-to-date information and general guidance on how to tackle the latest threats is thereforenecessary to overcome the dangerous over-reliance by businesses on conventional programmes. Added tothis, while human error is responsible for most breaches in IT-security, only a limited number of businesseshave a defined security policy for dealing with the potential threats posed by e-Crime through the back door12.Furthermore, if they are serious, security breaches may have consequences for compliance and companyliability, but many companies are not aware of these risks and so do nothing to mitigate them.

In order to improve the overall e-security situation in Wales, employees as well as their managers need to bemade aware of the basic steps to protect electronic information, avoid security breaches and meetcompliance requirements.

The law enforcement agencies in Wales also need to be made aware of their vital role in combating e-Crime.Awareness-raising activities for law enforcement staff are therefore also required to foster a climate of mutualunderstanding in dealing with e-Crime.

Action 3.1 Over-arching PR & Communications StrategyThe e-Crime Wales Unit, in consultation with the e-Crime Wales Steering Group, will be responsible fordeveloping and implementing an over-arching public relations and communications strategy. The aim of thestrategy is to ensure that e-Crime Wales creates and takes advantage of all opportunities to make businessesand other organisations aware of the threats posed by e-Crime, and of the activities being undertaken underthis Action Plan to combat it. The e-Crime Wales Steering Group will steer the communications strategy byensuring that the activities and materials produced send a consistent and compelling message to targetaudiences in business, community, police, and government.

Raising awareness of e-Crime

11. DTI: Information Security Breaches Survey 2004, p.3

12. DTI: Information Security Breaches Survey 2004, p.9


20/32


Key activities

Ensure e-Crime Wales is understood by influential and relevant opinion formers, and has the platform to

articulate its activities and viewpoints Encourage and influence relevant organisations, including e-Crime Wales stakeholders, to reinforce/echo

the messages developed for e-Crime Wales Generate compelling and informative content for the Welsh business community via the e-Crime Wales

website, newsletter and other vehicles Provide concise and consistent materials to stakeholders for use in other forums

Action 3.2: e-Security Business Awareness Campaign

A campaign to raise awareness of e-Crime is key to combating e-Crime in businesses in Wales. The campaignwill target business leaders and employers across Wales - particularly within SMEs, but also the employees of

Welsh SMEs.An important issue, debated at successive e-Crime Summits, is the lack of awareness among companies of therisks involved in periodic online working, which can expose them to overt attempts to extract informationfraudulently, such as phishing e-mails, and to less immediately-evident threats, such as viruses or the activitiesof hackers. Firms also need to be aware of the security issues that arise as technological advances make itcheaper and easier for them to conduct business via dispersed, on-line collaborative networks, or digitalbusiness eco-systems. Currently the majority of small and medium-sized firms are relying on off-the-shelfsecurity software to protect their data and systems from e-Crime. The business awareness-raising campaign willtackle this misconception by alerting the workforce and employers to the increased risk of e-Crime that comeswith greater and more sophisticated use of on-line working. The campaign will help organisations understand

the threats posed by e-Crime, and will advise on what measures can be taken to combat them.Among SMEs, lack of awareness of the risks leads to reluctance to commit resources to tackling the problem.

Without hard facts and figures, and evidence detailing the impact that e-Crime may have on a company, it isdifficult for SME owners and managers to justify investing additional resources in e-security. The campaign willtherefore also impress on SMEs the urgency of making e-security an issue for senior management, and willprovide companies with the evidence they need to push e-Crime and e-security up the strategic managementagenda.

In terms of overall responsibility, the e-Crime Wales Steering Group will oversee the campaign at a strategiclevel. The Steering Group will be responsible for the strategic aspects of raising awareness, such as which typesof companies are targeted and which information is presented, ensuring that the information provided to

companies is correct, up-to-date and relevant.

At a more operational level, the e-Crime Wales Unit will be responsible for negotiating with e-Crime Walesstakeholders to secure e-Crime Wales branding of all information used for the campaign, managing theproduction and distribution of material, organising and staging the awareness-raising workshops, and generallyraising the profile of e-Crime Wales and its activities.



21/32

www.ecrimewales.com 21www.ecrimewales.com


Phase 1: Development of material for use in the campaign

Before embarking on the campaign itself, to complement Phase 1 of the e-Crime Wales website, the e-CrimeWales Steering Group will commission a review of awareness-raising activities currently in place andopportunities for developing new material targeted at Welsh businesses. This will require a mapping exerciseto identify all relevant awareness-raising material currently produced for businesses by support organisationsworking either within Wales or across the UK. The Unit will ensure that this information is made available

via the e-Crime Wales website.

Any new information, guidance and advice developed will be made easily accessible by displaying hard-copiesat strategic locations13 and making it available on-line via the e-Crime Wales website. New material is likely toinclude fact sheets and case studies, and it will be produced in a range of formats to ensure the e-Crime Wales

website is publicised widely as the first port of call for information and advice.

Phase 2: Workshops and Information Days

In the second phase of the campaign, the e-Crime Wales Unit will organise a series of regular themedworkshops and information days for managers and employees within Welsh businesses. The workshops willtake place on a bi-monthly basis and will run for the duration of half a day. The Unit will undertake all thenecessary organisation for these events and be responsible for advertising and publicising them accordingly.

The workshops and information days will address key e-Crime issues14 relevant to businesses and will ensurethat, by the time they leave each event, companies have a better understanding of what e-security is and whatthe implications are for the way they do business. Participants should also be able to make a strong case to their

colleagues for treating e-security as a strategic issue that requires oversight by senior management andadequate investment.

The e-Crime Wales Unit will refresh the programme of events and general awareness-raising material regularly,taking into account any new information and points of debate. The e-Crime Wales website is expected tobecome an important source of information and opinion in this regard, particularly as greater numbers oforganisations begin to use and contribute to it. Likewise, the Unit will encourage support organisations and ICTprofessionals working with businesses to contribute their ideas and experiences.

At a strategic level, the e-Crime Wales Steering Group will monitor the operational activities of the e-CrimeWales Unit to ensure that the awareness-raising programme continues to grow and remains relevant to theneeds of companies.

13. For example, at meetings of business fora, or at specific locations such as Business Advice Centres

14. Issues covered will include legal obligations and liability risks in e-security; data protection advice; strategic importance of e-Security for businesses; theuse of risk management and information security protocols.

Raising awareness of e-Crime


22/32


Timescales and Responsibilities

Commission and carry out a mapping exercise of relevant awareness raising sources to identify gaps in provision

Negotiate usage rights and branding with owners of current e-Crime material Develop new material to fill gaps identified in mapping study Identify strategic locations for placement of hard-copy information Develop information material in both hard-copy and electronic format Feed information electronically into e-Crime Wales website Develop material for use at workshops and information days Organise workshop series

Action 3.3: Law Enforcement Awareness Programme

The e-Crime Wales Unit, supported by the e-Crime Wales Steering Group, will work with the Welsh policeforces and the National Policing Improvement Agency (NPIA) to develop an awareness-raising programme forPolice Officers and Police Staff. The programme is intended to prepare the ground for more focused activitiesat a later stage, such as provision of training for police officers and staff on how to deal with e-Crimes, and stepsto improve the recording of e-Crime in police reporting systems.

The awareness-raising programme will have two objectives:

to raise police force awareness of the size of the threat of e-Crime; and to heighten police officers and staff members awareness of the sensitive nature of their interactions with

companies.

The awareness-raising programme will be tailored so that it is relevant to all Police Officers and Staff, from thoseworking in front desk or call centre roles to senior personnel. The programme is expected to include a seriesof e-learning modules, enabling Police Officers and Police Staff to fit learning around their main duties.

Where necessary, the e-learning modules may be complemented by face-to-face workshops.

Using existing research results, the programme will raise police force awareness of the size of the threat and itspotential impact on the Welsh economy. The programme will also emphasise the important contribution thataccurate police reporting of e-Crime makes to ensuring Wales is a safe place to do business online, explainingthat the statistics help improve overall understanding of e-Crime and its effects..

As well as equipping police officers with the necessary skills and knowledge about e-Crime, the programmewill raise their awareness of the difficulties and sensitivities that businesses face when considering whether to

report e-Crime. Case studies of Welsh companies affected by incidents of e-Crime will be developed foruse alongside existing police materials in order ensure that police officers who deal with e-Crime understandthe concerns that businesses are likely have, for example about preserving customer and supplier trust,or protecting commercially sensitive information .

The e-Crime Wales Steering Group will be responsible for ensuring that all stakeholders in e-Crime Wales havean opportunity to contribute to development of the awareness-raising programme, and that the goals of thisAction are met.



23/32


e-Crime Wales Action PlanRaising awareness of e-Crime

Within the Steering Group, representatives of the law enforcement bodies will be actively involved in thisAction. They will work closely with the e-Crime Wales Unit, and be responsible for the specific operational

elements of the awareness-raising programme. This will include organising the production and disseminationof awareness-raising information across the police forces in Wales. This may take the form of e-learningmodules developed in collaboration with the NPIA, or workshops arranged directly for Police Officers andPolice Staff in the Welsh police forces.


Phase 1: Design of the awareness-raising programme

A key initial action will be organising the most appropriate content and delivery formats for the awareness-raising programme. This process will be led by the e-Crime Wales Unit and police force representatives of thee-Crime Steering Group, who will draw on the expertise of the NPIA and that of the High Tech Crime Unitswithin the Welsh police forces.

The e-learning modules will cover themes and topics relevant to police officers in their day-to-day contact withbusinesses and e-Crime, and will include case studies that highlight the experiences of Welsh companiesaffected by e-Crime. Any workshops organised will also include case studies, but will be structured aroundspeakers, presentations, and discussion groups that will allow Police Officers and Police Staff to raise concernsand issues relevant to them.

Phase 2: Conducting activities within the community

Building on this basic awareness, individual police officers will progress to being actively involved in conducting

awareness-raising activities for businesses and communities, including schools. The aim of these sessions willbe to reinforce police officers own understanding of the issues surrounding e-Crime and business and to usecontact with businesses to upgrade police officers first-hand knowledge and experience of the issues.

This will also allow useful links to be built up with the local business communities in which the officers operate,fostering the trust relationships crucial for effective tackling of e-Crime issues amongst businesses.

Key activities

The key activities that are shown below outline the steps required for implementation of this action. Develop material for use in e-learning modules and workshops Research and develop case studies for e-learning modules and workshops

Make e-learning modules available to Police Officers and Police Staff Organise and stage workshops for Police Officer and Police Staff Identify police officers and/or staff suitable for a community-awareness raising role Identify communities, businesses and schools suitable to participate in Community Events Develop material for use at community events


24/32




25/32



www.ecrimewales.com

4. Reporting and monitoring of e-Crime

Accurate reporting of e-Crime is crucial for creating an impetus for action by a wide range of organisations,and for providing data to inform their activities. Many organisations will benefit from improved data one-Crime including companies that deliver services via the Internet and need e-Crime information in order toprevent service disruptions, software developers who need to identify security weaknesses in their software,and businesses that need information to guide their interactions with customers and structure their internal ITsafety procedures. Individuals, including entrepreneurs and business intermediaries, also need to appreciatethe size of the threat from e-Crime in order to motivate them to take steps to prevent it. Last but not least,policy makers and law enforcement agencies need detailed information in order to help them decide howmuch resource is required to create an adequate framework for preventing and combating e-Crime.

Reporting is also crucial to developing a monitoring environment capable of measuring progress in preventingand combating e-Crime. In a performance assessment culture, the selection and definition of appropriatetargets for performance assessment will influence decisions on the ground. Improved reporting of e-Crimeis therefore a prerequisite for successful crime prevention and investigation.

Creating appropriate channels for the reporting of e-Crime is not a straightforward process, however.A multitude of organisations and interests have diverse reporting requirements and often face considerable

conceptual barriers and sensitivities when it comes to reporting incidents of e-Crime. This creates substantialoperational and technical complexities when it comes to processing reports of e-Crime. Identifying synergiesbetween reporting requirements and embedding them in the wider framework of e-Crime Wales is thuscrucial to make real progress on preventing e-Crime.

Work in these areas is underway, but it has to a large extent been instigated by organisations operating at a UKnational level and is often quite London-centric. A partnership initiative such as e-Crime Wales is a uniqueopportunity to create the momentum for the staged development of reporting practices that are graduallyembedded into the day-to-day routines of different organisations.

Policy in law enforcement and crime prevention is increasingly established on the basis of evidence-basedassessments. However, incidents of e-Crime often go unrecorded, which means that resources are notmade available due to lack of evident need. Limited resources mean that adequate reporting structures arenot created, which limits the evidence available and leads potential victims to underestimate the immediatethreat from e-Crime. There is something of a vicious circle at work, since the absence of adequate reportingstructures also means that those businesses that do become victims are not able to report incidents that

would provide evidence of need in the first place. By levering existing sources of information and intelligencee-Crime Wales will help create a strong rationale for a more thorough overhaul of e-Crime reportingprocedures in the medium term.

Reporting and monitoring of e-Crime


26/32


Action 4.1: Undertaking an e-Crime Impact Study

The main rationale behind the e-Crime Wales and the Action Plan is to ensure that Welsh businesses getmaximum benefit from the application of ICTs without e-Crime hampering their success, and to make Walesa safer place to do business online. Without coherent reporting structures, there is currently a pronouncedgap in the understanding of e-Crime patterns in Wales and of the impact that e-Crime has on Welsh business.In order for e-Crime Wales to accurately target those sectors and companies that are most at risk, a dedicatedstudy will be commissioned at the outset of this Action Plan. The study, to be repeated in January/Februaryeach year, will build a detailed picture of the current impact of e-Crime on businesses in Wales.

The study will provide an initial assessment of the impact of e-Crime on the Welsh economy, providingbaseline information to guide and monitor activities and preparing the ground for more sophisticated reportingstructures to be implemented at the Welsh level. The findings of the study will be used to lever the resourcesrequired to create improved reporting practices.

The study will also inform several other strands of work to be undertaken in support of e-Crime Wales.Responsibility for undertaking the study therefore rests with the e-Crime Wales Steering Group as a whole,since all the organisations represented on the Group have a stake in particular aspects of the impact of e-Crime.

The first task for members of the Steering Group will therefore be to develop and agree a research specificationfor the study.


Phase 1: Commissioning of research

The e-Crime Wales Steering Group will develop a specification for a study of the impact of e-Crime on the

Welsh economy. The e-Crime Wales Unit will take the lead in developing a first draft of the specification,and commission with the support of the e-Crime Steering Group

Drawing on existing research resources at Welsh universities, the study will investigate the impact of e-Crimeon the Welsh economy and how businesses in Wales assess this impact. Furthermore, it will consider howbusinesses identify and protect themselves against e-Crime, looking in at the risk assessment proceduresbusinesses have in place concerning e-Crime, and identifying those that could be shared as best practiceexamples. The study will also consider the tools businesses use to report incidents of e-Crime, looking bothat the reporting tools operated internally by some of the larger companies, and at the tools used by SMEs andlarger companies that do not have their own internal reporting instruments.

Phase 2: Reporting and further analysis

The results of the e-Crime impact study will feed into several other strands of the Action Plan. The datacollected will be used to refine approaches and target groups for the awareness-raising materials, help designbusiness support tools, and inform workforce development activities. The study will also be used to developan initial understanding of e-Crime reporting in Wales; it will identify what activities are currently undertaken bydifferent organisations, what tools and processes these organisations use to collect information, and whatincentives exist for them to contribute to a reporting partnership.

These results will be achieved through the analysis of actual research results on the one hand and a series ofexchanges with relevant stakeholders using the research results as a stimulus for discussion. These discussions

will create the momentum to further bind different organisations into the e-Crime process.



27/32



www.ecrimewales.com

Phase 3: Refreshment of the Study

The e-Crime Wales Unit will ensure that the study is refreshed in years 2 and 3 in order to update stakeholdersunderstanding on the threat posed by e-Crime and to inform the design and delivery of activities taking placein these years.

Key activities

Commission e-Crime Impact Study Analyse implications of study findings for task of identifying target audiences and developing materials for

awareness-raising Analyse implications of study findings for development of business support tools and advice services Analyse implications of study findings for development of workforce training Workshops with reporting stakeholders to refine and verify understanding

Commission annual updates of the e-Crime Impact study

Action 4.2: Cross-Sector Reporting Partnerships

The focus of activity under the e-Crime Action Plan is on e-Crime prevention. Effective reporting structures willplay an important part in ensuring that the Actions set out in this Plan are a success. The reporting structuresthat are developed to support the Plan must spring from a sound appreciation of what motivates privatecompanies to participate in activities intended to improve the quality of e-Crime data.

Welsh police forces have limited scope to act improve the reporting of e-Crime in the short term becauseexisting reporting structures are not currently flexible enough to capture all incidents of e-Crime. In order

to allow the true picture of e-Crime to emerge, police intelligence and information systems need to befurther developed alongside those of new and existing partners. The Regional Business e-Crime Officers15 willhelp in achieving this by improving the collation and analysis of information about e-Crime. They will gatherinformation directly from their interactions with businesses, supplement this with data from police reportingsystems, and be responsible for sharing this with the e-Crime Team Supervisor. Working with the e-Crime

Team Supervisor, the Regional Business e-Crime Officers will also act as a channel for cultivating innovativecrime prevention and detection practices across the Welsh police forces, for example by identifying wherepolice forces could quickly improve the quality of their e-Crime data by making simple changes to reportingand recording procedures. Over time, the Regional Business e-Crime Officers will become a valuable sourceof evidence on e-Crime, providing information to ensure appropriate police training, resources and responseare made to problems.

The development of integrated reporting procedures will need to take a phased approach, beginning with basicco-ordination of current activities and progressing towards more sophisticated technological and conceptualintegration. This process will involve creating joint working platforms to bring together the diverse organisationsinvolved, and forging consistent approaches to overcoming specific barriers to reporting e-Crime.


15. Created in Action 1.2


28/32


The partnership approach adopted by the e-Crime Action Plan will build on the existing activities andrelationships of stakeholders. For example, the High Tech Crime Units of the four Welsh police forces will bring

their knowledge and understanding of e-Crime as experienced at Wales and UK level; the Department forChildren, Education, Lifelong Learning and Skills brings its understanding of skills needs, whilst the Departmentfor the Economy and Transport contributes its close links with the business community in Wales and inparticular its portfolio of e-business support schemes.

Each member of the e-Crime Wales Steering Group will provide leadership in its own constituency and willidentify members for a working group charged with taking forward the joint reporting activities. In addition,members of the working group will be responsible for ensuring two-way communication between thoseregional-level organisations with strong knowledge of businesses and others needs, and those organisationsresponsible for ensuring that such needs and activities are integrated at pan-Wales level. Once established, theworking group will be responsible for carrying out the actual development work and will report on a regular

basis to the e-Crime Wales Steering Group.


Phase 1: Development of a model for the creation of reporting partnerships

Drawing on the research results obtained from the e-Crime Impact study, the first step towards developingreporting partnerships will consist of stimulating regular exchanges between the different organisationsinvolved. The initial meetings will be used to secure the commitment of organisations with a stake in reportingto participate in a working group that will oversee reporting tasks.

The initial task for this working group will be to develop a conceptual model for joint reporting activities taking

into account aspects such as each partners exact information needs and reasons for reporting; the incentivesfor and barriers to reporting, and potential ways of integrating reporting processes conceptually andtechnologically. The resulting model will be tested and refined by comparing and contrasting it with detailedinformation on current reporting structures and procedures and their underlying rationale, and with goodpractice examples in the development and use of joint reporting tools. This process will allow the workinggroup to identify potential synergies between existing and desired reporting procedures and to assess thefeasibility of developing joint integrated reporting frameworks that build on different target groups owninterests in reporting e-Crime.

Phase 2: Rationalisation and expansion of existing reporting mechanisms

The conceptual model will be used to engage all relevant organisations16

in the reporting actions17

and toembed the common reporting framework in each organisations reporting structures and procedures.

This will lead to the integration of individual reporting structures and procedures at a pan-Wales level.


16. To include large and multi-national businesses and organisations with a presence in Wales

17. Although the awareness-raising activities will go a long way towards achieving buy-in, ultimate success in securing participation by companies and otherorganisations in the task of reporting e-Crime will depend on being able to allay their concerns around issues of privacy, data protection, etc.


29/32



www.ecrimewales.com

Phase 3: Integration of reporting structures

Once a coherent framework has been developed and implemented in all participating organisations, theintegration of these reporting building blocks will be piloted. At this stage, simple solutions will be sought, forexample, the exchange of information by e-mail, collection of information in simple databases and manualfeedback loops. These will all serve to test the coherence of reporting relationships and to pilot particularprocedures. This trial will be limited in size, for example to a particular category of e-Crime, or to a geographicalarea, or to a sample of organisations from target groups.

Phase 4: Development of e-reporting tools

Following the pilot phase, more sophisticated e-reporting tools will be developed that will allow all associatedorganisations in Wales to adopt and integrate these reporting procedures. The working group will develop atechnical specification for the systems architecture of the e-reporting tools to be used and will commissiondevelopment work, giving due consideration to synergies between the e-reporting tool and the e-Crime

Wales website.

The results of this second development phase will be piloted for one year, during which time the workinggroup will collect feedback and respond to any technological or structural problems that may occur.

The aim here is to ensure that businesses and other stakeholders are able to recognise what constitutes ane-Crime and understand what steps they have to take to report e-Crime to the relevant authorities. When fullyup and running, the reporting tool will operate alongside the e-Crime Wales website, which will be the placewhere all stakeholders can share their experiences of e-Crime, find out what to do to avoid becoming a victimof e-Crime, and find out how to access any further support they may need.

Phase 5: E-reporting operations

Following the pilot phase, systems for the continuing operation of the e-reporting tool will be put in place.Operational responsibility may be transferred in a number of ways. For example, it could be passed to a groupof public sector organisations, a separate public organisation could be created specifically for the purpose, or itcould be contracted to a commercial provider.

Key activities

Formation of working group Development of conceptual model and work programme

Development of reporting structure and procedures Dissemination of guidelines and implementation in individual organisations Awareness-raising vis--vis customers and partners Development of integration tools for reporting structures and procedures Piloting of integrated reporting procedures Development of e-reporting tool Piloting of e-reporting tool Assessment of options for operation of e-reporting tool Contracting of e-reporting tool operation



30/32




31/32


32/32

www.ecrimewales.com

C8531 E-crime Action Plan Eng WEB

Documents

Transcript of C8531 E-crime Action Plan Eng WEB