SlideShare una empresa de Scribd logo

System of security controls

S.E. CTS CERT-GOV-MD
S.E. CTS CERT-GOV-MD

The System of Security Controls for Cyber Security Veaceslav PUȘCAȘU E-Government Center Government of the Republic of Moldova

Tecnología
1 de 15
Descargar para leer sin conexión
The System of Security Controls for Cyber Security October 3th , 2013 GOVERNMENT OF THE REPUBLIC OF MOLDOVA Veaceslav PUȘCAȘU, CISM E-Government Center / Government CIO Government of the Republic of Moldova
This prezentaion is e-Government Center2 • A summary of what was presented and discussed during the training seminars provided by Estonian e-Governance Academy • A summary of ideas circulated and discussed during the meetings of Cyber Security Roadmap focal group which includes reprezentatives from MA, MTIC, SIS, CTS, CNPDCP, MAI • A summary of the experience gained by some public institutions in Republic of Moldova • A summary of experience gained by other countries, ex. Estonia
Cyber Space Cyber Space - an environment resulted from all types of interactions by means of software hardware and communication infrastructure.
Cyber Security e-Government Center4 Cyber Security - a normality reached as a result of applying a set of proactive and reactive measures to ensure confidentiality, integrity, availability, authenticity and nonrepudiation of information, resources and services in cyber space
Cyber Security Threats e-Government Center5
Cyber Security in Republic of Moldova e-Government Center6 Trends • Increasingly usage of electronic service in public sectors including in interaction with citizens and business • Increasingly usage of mobile device; • Widespread of Internet and using it for business propose; • Increasing usage of ICT in national critical infrastructure; • Increasing usage of ICT infrastructure to launch cyber attacks against other nations.
Cyber Security in Republic of Moldova e-Government Center7 Threats • Lack of a common approach for cyber security at the state level; • Lack of clear organizational structure at both the state and institutional level; • Lack of qualified people in the field; • Very low level of awareness of the threats and safeguards in cyberspace; • Lack of an unique set of measures (system of security baselines/controls) that should be applied according to the criticality of the systems; • ………
Standards and Technical Regulations e-Government Center8 • Hotărârea Guvernului nr. 1123 din 14.12.2010 privind aprobarea Cerinţelor faţă de asigurarea securităţii datelor cu caracter personal la prelucrarea acestora în cadrul sistemelor informaţionale de date cu caracter personal; • Reglamentare tehnică. Asigurarea securităţii informaţiei a infrastructurii informaţionale pentru autorităţile administraţiei publice, anexa nr.2 la ordinul MTIC 106 din 20 decembrie 2010. • SM SR ISO/IEC 27001:20006
Challenges e-Government Center9 • Define requiremets and luck of implemenation guidlines; • Depend on the skills and knolwledge of the persons involved in implemenation; • Mostly are based on risk assesment; • No sicronization between them; • etc.
System of Cyber Security Controls – Elaboration Process e-Government Center10
System of Cyber Security Controls - ToRs e-Government Center11 • Adopt an international best practice; • Mandatory for public authorities; • Compliant with current legislations framework; • Include : Physical measures; Technical measures; Organizational measures. • Define security classification levels (integrity, confidentiality, availability): Low, Medium, High; • Free of charge and updated regularly; • Provide requirements and clear guidance on how to implement them; Examples: Recommended Security Controls for Federal Information Systems and Organizations (NIST 800-53), BSI (IT-Grundschutz Methodology) , ISKE ,SANS TOP 20, etc.
Compliance Certification of Authorities e-Government Center12 Do not invent the wheel. It has already been invented… • Outsource to private sector • Define a compliance certification framework taking into consideration: – International experience – ex. PCI DSS – Local experience – ex. BNM • Require international recognized certification (ex. CISA, CISM, CISSP, etc.)
System of Cyber Security Controls – Quick Wins e-Government Center13 • Start with some simple things which can be implemented quickly • Develop and expand to rich a state of “normality” • Develop cyber security guide based on SANS 20 Critical Controls for Cyber Defense • Encourage public authorities to implement the guide. Identify and fix the issues • Include this guide as a part of the System of Cyber Security Controls
Summary e-Government Center14 • One of the threats to cyber security is lack of security baselines that should be applied according to the criticality of the systems • Defining and implementing of a System of Cyber Security Controls is a complex task which take time to do it right • We should start with something simple which can be implemented quickly • Further we should develop and expand to reach a state of “normality”
Thank you ! e-Government Center15

Recomendados

Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
S.E. CTS CERT-GOV-MD
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Ahmed Al Enizi
 

Recomendados

Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeter
S.E. CTS CERT-GOV-MD
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
Vijilan IT Security solutions
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
IBM Security
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
Shah Sheikh
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Ignyte Assurance Platform
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeter
Ben Rothke
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data Breach
Anchises Moraes
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Ahmed Al Enizi
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
Muhammad Sahputra
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
Ben Rothke
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
Ben Rothke
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
CMR WORLD TECH
 
Soc
SocSoc
Soc
Mukesh Chaudhari
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
AlienVault
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
Infosec
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Ahmed Al Enizi
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
Ahmad Haghighi
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
Ben Rothke
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security Team
Rishabh Gupta
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture,
MITDaveMillaar
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
S.E. CTS CERT-GOV-MD
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
MDS CS
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj Purandare ☁
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
Matt Tortora
 
Security operation center
Security operation centerSecurity operation center
Security operation center
MuthuKumaran267
 
Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)
S.E. CTS CERT-GOV-MD
 
Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)
S.E. CTS CERT-GOV-MD
 

Más contenido relacionado

La actualidad más candente

Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
Sirius
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
Aparajita Banerjee
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
at MicroFocus Italy ❖✔
 

La actualidad más candente (20)

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Soc
SocSoc
Soc
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security Team
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture,
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 

Destacado

Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
NetSPI
 
Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security
USAID CEED II Project Moldova
 
cyber security and impact on national security (3)
cyber security and impact on national security (3)cyber security and impact on national security (3)
cyber security and impact on national security (3)
Tughral Yamin
 
Unified Payment Interface
Unified Payment InterfaceUnified Payment Interface
Unified Payment Interface
Akash Chandra
 

Destacado (17)

Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)
 
Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...
Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...
Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Trends in Banking Part vII
Trends in Banking Part vIITrends in Banking Part vII
Trends in Banking Part vII
 
Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick Survey
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep Badgujar
 
cyber security and impact on national security (3)
cyber security and impact on national security (3)cyber security and impact on national security (3)
cyber security and impact on national security (3)
 
Unified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banksUnified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banks
 
Bhim app case study.ppt
Bhim app case study.pptBhim app case study.ppt
Bhim app case study.ppt
 
Unified Payment Interface
Unified Payment InterfaceUnified Payment Interface
Unified Payment Interface
 
BHIM app
BHIM appBHIM app
BHIM app
 
Bhim app
Bhim appBhim app
Bhim app
 

Similar a System of security controls

ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
Kyle Lai
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
Paul O'Connor
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
Ulf Mattsson
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'Connor
Paul O'Connor
 

Similar a System of security controls (20)

Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'Connor
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
eDem&eGov 2014
eDem&eGov 2014eDem&eGov 2014
eDem&eGov 2014
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organization
 
820 1961-1-pb
820 1961-1-pb820 1961-1-pb
820 1961-1-pb
 
IT Security Services
IT Security ServicesIT Security Services
IT Security Services
 

Más de S.E. CTS CERT-GOV-MD

Más de S.E. CTS CERT-GOV-MD (13)

Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
 
SIS PREZENTARE CTS
SIS PREZENTARE CTSSIS PREZENTARE CTS
SIS PREZENTARE CTS
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or Opportunities
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională de
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rr
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?
 
Cisco Secure X
Cisco Secure XCisco Secure X
Cisco Secure X
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
 
Symantec
SymantecSymantec
Symantec
 

Último

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 

Último (20)

08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 

System of security controls

  • 1. The System of Security Controls for Cyber Security October 3th , 2013 GOVERNMENT OF THE REPUBLIC OF MOLDOVA Veaceslav PUȘCAȘU, CISM E-Government Center / Government CIO Government of the Republic of Moldova
  • 2. This prezentaion is e-Government Center2 • A summary of what was presented and discussed during the training seminars provided by Estonian e-Governance Academy • A summary of ideas circulated and discussed during the meetings of Cyber Security Roadmap focal group which includes reprezentatives from MA, MTIC, SIS, CTS, CNPDCP, MAI • A summary of the experience gained by some public institutions in Republic of Moldova • A summary of experience gained by other countries, ex. Estonia
  • 3. Cyber Space Cyber Space - an environment resulted from all types of interactions by means of software hardware and communication infrastructure.
  • 4. Cyber Security e-Government Center4 Cyber Security - a normality reached as a result of applying a set of proactive and reactive measures to ensure confidentiality, integrity, availability, authenticity and nonrepudiation of information, resources and services in cyber space
  • 6. Cyber Security in Republic of Moldova e-Government Center6 Trends • Increasingly usage of electronic service in public sectors including in interaction with citizens and business • Increasingly usage of mobile device; • Widespread of Internet and using it for business propose; • Increasing usage of ICT in national critical infrastructure; • Increasing usage of ICT infrastructure to launch cyber attacks against other nations.
  • 7. Cyber Security in Republic of Moldova e-Government Center7 Threats • Lack of a common approach for cyber security at the state level; • Lack of clear organizational structure at both the state and institutional level; • Lack of qualified people in the field; • Very low level of awareness of the threats and safeguards in cyberspace; • Lack of an unique set of measures (system of security baselines/controls) that should be applied according to the criticality of the systems; • ………
  • 8. Standards and Technical Regulations e-Government Center8 • Hotărârea Guvernului nr. 1123 din 14.12.2010 privind aprobarea Cerinţelor faţă de asigurarea securităţii datelor cu caracter personal la prelucrarea acestora în cadrul sistemelor informaţionale de date cu caracter personal; • Reglamentare tehnică. Asigurarea securităţii informaţiei a infrastructurii informaţionale pentru autorităţile administraţiei publice, anexa nr.2 la ordinul MTIC 106 din 20 decembrie 2010. • SM SR ISO/IEC 27001:20006
  • 9. Challenges e-Government Center9 • Define requiremets and luck of implemenation guidlines; • Depend on the skills and knolwledge of the persons involved in implemenation; • Mostly are based on risk assesment; • No sicronization between them; • etc.
  • 10. System of Cyber Security Controls – Elaboration Process e-Government Center10
  • 11. System of Cyber Security Controls - ToRs e-Government Center11 • Adopt an international best practice; • Mandatory for public authorities; • Compliant with current legislations framework; • Include : Physical measures; Technical measures; Organizational measures. • Define security classification levels (integrity, confidentiality, availability): Low, Medium, High; • Free of charge and updated regularly; • Provide requirements and clear guidance on how to implement them; Examples: Recommended Security Controls for Federal Information Systems and Organizations (NIST 800-53), BSI (IT-Grundschutz Methodology) , ISKE ,SANS TOP 20, etc.
  • 12. Compliance Certification of Authorities e-Government Center12 Do not invent the wheel. It has already been invented… • Outsource to private sector • Define a compliance certification framework taking into consideration: – International experience – ex. PCI DSS – Local experience – ex. BNM • Require international recognized certification (ex. CISA, CISM, CISSP, etc.)
  • 13. System of Cyber Security Controls – Quick Wins e-Government Center13 • Start with some simple things which can be implemented quickly • Develop and expand to rich a state of “normality” • Develop cyber security guide based on SANS 20 Critical Controls for Cyber Defense • Encourage public authorities to implement the guide. Identify and fix the issues • Include this guide as a part of the System of Cyber Security Controls
  • 14. Summary e-Government Center14 • One of the threats to cyber security is lack of security baselines that should be applied according to the criticality of the systems • Defining and implementing of a System of Cyber Security Controls is a complex task which take time to do it right • We should start with something simple which can be implemented quickly • Further we should develop and expand to reach a state of “normality”