102
(3)
(a)
If a sector fails to establish a Private Sector Security Incident
Response Team, contemplated in subsection (2), the Cabinet member responsible for
telecommunications and postal services may, after consultation with the sector,
establish a Private Sector Security Incident Response Team for that sector on such
terms and conditions as he or she deems fit to give effect to the objects of this Act.
(b)
The particular sector is responsible for the operational costs
of a Private Sector Security Incident Response Team which is established in terms of
paragraph (a).
(4)
A Private Sector Security Incident Response Team recognised in
terms of subsection (2)(b) or established under subsection (3)(a), must—
(a)
act as a point of contact between the sector entities in the sector for which it is
established and the Cyber Security Hub;
(b)
be a contact point for that specific sector on cyber security matters;
(c)
coordinate cyber security incident response activities within that sector;
(d)
facilitate information-sharing and technology-sharing within the sector;
(e)
facilitate information-sharing and technology-exchange with other Private Sector
Security Incident Response Teams established for other sectors and the Cyber
Security Hub;
(f)
establish minimum security standards and best practices for the sector for which
it is established in consultation with the Cyber Security Hub;
(g)
report all cyber security threats in the sector for which it is established and
measures which have been implemented to address such threats to the Cyber
Security Hub and Private Sector Security Incident Response Teams established
for other sectors;
(h)
immediately report new cybercrime trends which come to its attention to the
Cyber Security Hub, Private Sector Security Incident Response Teams
established for other sectors and the National Cybercrime Centre;
(i)
provide sector entities within the sector for which it is established with best
practice guidance on cyber security; and