SlideShare una empresa de Scribd logo

Hannes astok digital_security_2012

E-Government Center Moldova
E-Government Center Moldova
1 de 24
Descargar para leer sin conexión
Policy and legal framework development for Digital Security in Estonia Hannes Astok Project Manager eGovernance Academy Estonia
Why policy framework? • Growing threats and security concerns • Vulnerability of the critical information systems • Need for coordinated activities • Clear roles and responsibilities between the institutions • Better protection of information systems and criticl infrastucture • Estonian Cyber Security Strategy 2008-2013
Goals of the strategy 1. The development and large-scale implementation of a system of security measures 2. Increasing competence in cyber security 3. Improvement of the legal framework for supporting cyber security 4. Bolstering international co-operation 5. Raising awareness on cyber security
Relations to the other national development plans • Information Security Interoperability Framework (2007) • Information Society Strategy 2013 • Knowledge-Based Estonia: R&D Development Strategy 2007-2013 • Criminal policy development strategy • Education and health development plans
Legal framework -International law Council of Europe: • Convention on Cybercrime 2004
EU legal framework • attacks against information systems: Council Framework Decision 222/2005/JHA • protection of personal data (95/46/EC and 2002/58/EC); • electronic communications (2002/58/EC); • retention of data (2006/24/EC); • re-use of public sector information (2003/98/EC); • information society services (2000/31/EC).
National legal framework • Penal Code: responsibility and penalties about various types of crime and attacks • Electronic Communications Act: requirements for publicly available electronic communications networks and communications services
National legal framework 2 • Personal Data Protection Act: clear legal basis for processing any kind of personal data • Public Information Act: regulates the basis and procedures for the accessing of public information
National legal framework 3 • Information Society Services Act: limits the liability of Internet service providers for the content of their service, spam related issues and general requirements for the provision of information society services.
International Cooperation • United Nations: issues of cyber security are addressed by a high-level expert group of the Internet Governance Forum (IGF) and the International Telecommunication Union (ITU).
International Cooperation: EU • European Commission • The European Network and Information Security Agency (ENISA) provides support to EU member states, institutions and entrepreneurs in the prevention and management of breaches in information security.
International Cooperation: EU 2 • European Programme for Critical Infrastructure Protection – EU reseach network realted to cyber security
The tool Three-level baseline security system for information systems
Information Security • Information security is an on-going process, which is aimed at ensuring the confidentiality, integrity and availability of data (data assets). Information security does not solely represent the classification of information or fitting of firewalls. The goal is to find a balance between these three components.
Data availability • Data availability represents timely and easy availability (i.e. at the necessary/required moment of time and within the necessary/required period of time that has been previously agreed upon) of data to authorised users (individuals or technical systems) during the required/agreed working time
Data integrity • Data integrity means ensuring the accuracy/completeness/up-to-date nature of data, authenticity of their origin and absence of any unauthorised modifications.
Data confidentiality • Data confidentiality means making data available only to authorised users (individuals or technical systems), while keeping them unavailable for all other entities.
What is three-level baseline security system for information systems (ISKE)? • An information security standard that is developed for the Estonian public sector. • One of the systems that is supposed to ensure the state information system • The preparation and development of ISKE is based on a German information security standard - IT Baseline Protection Manual (IT-Grundschutz in German), which has been adapted to match the Estonian situation. • ISKE has absolute nature – all the identified security measures must be applied to ensure compliance with ISKE.
ISKE or three-level baseline security system for information systems • Baseline security system – one set of developed security measures, which will be applicable to all information assets, regardless of their real security requirements. ISKE is based upon the German BSI baseline security system, which contains more than 1,000 security measures. The main disadvantage of the system is the implementation of an average set of measures to systems with different security requirements.
ISKE or three-level baseline security system for information systems • Three-level baseline security system – three different sets of security measures for three different security requirements have been developed (different databases and information systems may have different security levels). Compared to the one-level baseline security system this version is more accurate (economic), while being more inaccurate, compared to detailed risk analysis.
Identifying the security level of information assets for ISKE
ISKE or three-level baseline security system for information systems • The levelled baseline security system is more economical, as there is no need to exercise expensive security measures on data with limited security requirements. • Additional expenses on data and information system analysis and for outsourcing the required set of security measures will be applicable to the implementation of a security system of different levels.
Legislation for the implementation of ISKE • The terms and conditions for auditing the implementation of are established by the Regulation of the Government of Estonia
Hannes Astok E hannes@astok.ee M +372 5091366 S hannesastok W www.ega.ee

Recomendados

Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Editor IJCATR
 
Compliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextCompliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextATMOSPHERE .
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorPaul O'Connor
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management European Union Agency for Network and Information Security (ENISA)
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1UDCNTT
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paperWesen Tegegne
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges Behak Kangarloo
 

Recomendados

Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Information System Security Policy Studies as a Form of Company Privacy Prote...
Information System Security Policy Studies as a Form of Company Privacy Prote...Editor IJCATR
 
Compliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextCompliance of the privacy regulations in an international Europe-Brazil context
Compliance of the privacy regulations in an international Europe-Brazil contextATMOSPHERE .
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorPaul O'Connor
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management European Union Agency for Network and Information Security (ENISA)
 
60304756 whitman-ch01-1
60304756 whitman-ch01-160304756 whitman-ch01-1
60304756 whitman-ch01-1UDCNTT
 
Ethiopia reba paper
Ethiopia reba paperEthiopia reba paper
Ethiopia reba paperWesen Tegegne
 
Smart city project's Information Security challenges
Smart city project's Information Security challenges Smart city project's Information Security challenges
Smart city project's Information Security challenges Behak Kangarloo
 
Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapterisc2-hellenic
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia
[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia
[CCCJ2017] Potential of ICT in Criminal Cases in MalaysiaUniversiti Utara Malaysia
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...Miguel A. Amutio
 
Is ch1 (2)
Is ch1 (2)Is ch1 (2)
Is ch1 (2)abdallahmezher
 
Applicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsApplicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsIDES Editor
 
From Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesFrom Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesRónán Kennedy
 
Cybersecurity and Academic Research
Cybersecurity and Academic ResearchCybersecurity and Academic Research
Cybersecurity and Academic ResearchChristian Schreiber, CISM, PMP
 
Data protection and smart grids
Data protection and smart gridsData protection and smart grids
Data protection and smart gridsRónán Kennedy
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02anjalee990
 
Healthcare data and their protection in the philippines
Healthcare data and their protection in the philippinesHealthcare data and their protection in the philippines
Healthcare data and their protection in the philippinesshoei yoshida
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Ijisa
IjisaIjisa
IjisaMiajackB
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography toolsMLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework- Mark - Fullbright
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Public sector innovation lessons from E-Estonia / Siim Sikkut
Public sector innovation lessons from E-Estonia / Siim SikkutPublic sector innovation lessons from E-Estonia / Siim Sikkut
Public sector innovation lessons from E-Estonia / Siim SikkutSiim Sikkut
 
How Estonia is helping to shape cyber resilience
How Estonia is helping to shape cyber resilienceHow Estonia is helping to shape cyber resilience
How Estonia is helping to shape cyber resiliencermdesilva
 

Más contenido relacionado

La actualidad más candente

Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapterisc2-hellenic
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentIJERD Editor
 
[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia
[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia
[CCCJ2017] Potential of ICT in Criminal Cases in MalaysiaUniversiti Utara Malaysia
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1MLG College of Learning, Inc
 
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...Miguel A. Amutio
 
Applicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsApplicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsIDES Editor
 
From Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesFrom Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesRónán Kennedy
 
Data protection and smart grids
Data protection and smart gridsData protection and smart grids
Data protection and smart gridsRónán Kennedy
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02anjalee990
 
Healthcare data and their protection in the philippines
Healthcare data and their protection in the philippinesHealthcare data and their protection in the philippines
Healthcare data and their protection in the philippinesshoei yoshida
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework- Mark - Fullbright
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 

La actualidad más candente (20)

Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...Presentation on EU Directives Impacting Cyber Security for Information Securi...
Presentation on EU Directives Impacting Cyber Security for Information Securi...
 
2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter2016 02-14-nis directive-overview isc2 chapter
2016 02-14-nis directive-overview isc2 chapter
 
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security Principles
 
International Journal of Engineering Research and Development
International Journal of Engineering Research and DevelopmentInternational Journal of Engineering Research and Development
International Journal of Engineering Research and Development
 
[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia
[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia
[CCCJ2017] Potential of ICT in Criminal Cases in Malaysia
 
Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1Information Assurance And Security - Chapter 1 - Lesson 1
Information Assurance And Security - Chapter 1 - Lesson 1
 
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...20111010 The National Security Framework of Spain for Guide Share Europe, in ...
20111010 The National Security Framework of Spain for Guide Share Europe, in ...
 
Is ch1 (2)
Is ch1 (2)Is ch1 (2)
Is ch1 (2)
 
Applicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer SystemsApplicability of Network Logs for Securing Computer Systems
Applicability of Network Logs for Securing Computer Systems
 
From Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital RulesFrom Law to Code: Translating Legal Principles into Digital Rules
From Law to Code: Translating Legal Principles into Digital Rules
 
Cybersecurity and Academic Research
Cybersecurity and Academic ResearchCybersecurity and Academic Research
Cybersecurity and Academic Research
 
Data protection and smart grids
Data protection and smart gridsData protection and smart grids
Data protection and smart grids
 
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
Securityandethicalchallengesofinfornationtechnology 090902132631-phpapp02
 
Healthcare data and their protection in the philippines
Healthcare data and their protection in the philippinesHealthcare data and their protection in the philippines
Healthcare data and their protection in the philippines
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Ijisa
IjisaIjisa
Ijisa
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Security Industry Association Privacy Framework
Security Industry Association Privacy FrameworkSecurity Industry Association Privacy Framework
Security Industry Association Privacy Framework
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 

Destacado

Public sector innovation lessons from E-Estonia / Siim Sikkut
Public sector innovation lessons from E-Estonia / Siim SikkutPublic sector innovation lessons from E-Estonia / Siim Sikkut
Public sector innovation lessons from E-Estonia / Siim SikkutSiim Sikkut
 
How Estonia is helping to shape cyber resilience
How Estonia is helping to shape cyber resilienceHow Estonia is helping to shape cyber resilience
How Estonia is helping to shape cyber resiliencermdesilva
 

Destacado (7)

Public sector innovation lessons from E-Estonia / Siim Sikkut
Public sector innovation lessons from E-Estonia / Siim SikkutPublic sector innovation lessons from E-Estonia / Siim Sikkut
Public sector innovation lessons from E-Estonia / Siim Sikkut
 
How Estonia is helping to shape cyber resilience
How Estonia is helping to shape cyber resilienceHow Estonia is helping to shape cyber resilience
How Estonia is helping to shape cyber resilience
 
Elektronische identität in Estland
Elektronische identität in EstlandElektronische identität in Estland
Elektronische identität in Estland
 
Presd1 09
Presd1 09Presd1 09
Presd1 09
 
Presd2 06
Presd2 06Presd2 06
Presd2 06
 
The new era of smart
The new era of smart The new era of smart
The new era of smart
 
Cybersecurity by Mr Peter Pedak
Cybersecurity by Mr Peter PedakCybersecurity by Mr Peter Pedak
Cybersecurity by Mr Peter Pedak
 

Similar a Hannes astok digital_security_2012

Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...IJCSIS Research Publications
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Glorisosegughana
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network InfrastructureMuhammad Zeeshan
 
170131 tryggve-at ssi-biobanks-ap
170131 tryggve-at ssi-biobanks-ap170131 tryggve-at ssi-biobanks-ap
170131 tryggve-at ssi-biobanks-apanttipursula
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsBigData_Europe
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of SpainMiguel A. Amutio
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to securityMukesh Chinta
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaEvan Pathiratne
 
Information Security Aspects of the Public Safety Data Interoperability Network
Information Security Aspects of the Public Safety Data Interoperability NetworkInformation Security Aspects of the Public Safety Data Interoperability Network
Information Security Aspects of the Public Safety Data Interoperability NetworkBlaz Ivanc
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overviewali raza
 
Security Model
Security ModelSecurity Model
Security ModelSou Jana
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityLeonardo ENERGY
 
Information Society Programme - Trust & Security
Information Society Programme - Trust & SecurityInformation Society Programme - Trust & Security
Information Society Programme - Trust & SecurityFilipe Mello
 
Cyber security in israel by itsik haberberg
Cyber security in israel by itsik haberbergCyber security in israel by itsik haberberg
Cyber security in israel by itsik haberbergItsik Haberberg
 
CCNA_Security_01.ppt
CCNA_Security_01.pptCCNA_Security_01.ppt
CCNA_Security_01.pptveracru1
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organizationMohammed Mahfouz Alhassan
 

Similar a Hannes astok digital_security_2012 (20)

Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...Securing Sensitive Digital Data in Educational Institutions using Encryption ...
Securing Sensitive Digital Data in Educational Institutions using Encryption ...
 
CTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea GlorisoCTO-CybersecurityForum-2010-Andrea Gloriso
CTO-CybersecurityForum-2010-Andrea Gloriso
 
GUL Network Infrastructure
GUL Network InfrastructureGUL Network Infrastructure
GUL Network Infrastructure
 
170131 tryggve-at ssi-biobanks-ap
170131 tryggve-at ssi-biobanks-ap170131 tryggve-at ssi-biobanks-ap
170131 tryggve-at ssi-biobanks-ap
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of Spain
 
Introduction to security
Introduction to securityIntroduction to security
Introduction to security
 
Cyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri LankaCyber security , an Analysis of State Security in Sri Lanka
Cyber security , an Analysis of State Security in Sri Lanka
 
EU data protection issues in IoT
EU data protection issues in IoTEU data protection issues in IoT
EU data protection issues in IoT
 
Information Security Aspects of the Public Safety Data Interoperability Network
Information Security Aspects of the Public Safety Data Interoperability NetworkInformation Security Aspects of the Public Safety Data Interoperability Network
Information Security Aspects of the Public Safety Data Interoperability Network
 
Chapter 1 overview
Chapter 1 overviewChapter 1 overview
Chapter 1 overview
 
Security Model
Security ModelSecurity Model
Security Model
 
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide CybersecurityCybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
Cybersecurity for Smart Grids: Technical Approaches to Provide Cybersecurity
 
Information Society Programme - Trust & Security
Information Society Programme - Trust & SecurityInformation Society Programme - Trust & Security
Information Society Programme - Trust & Security
 
Cyber security in israel by itsik haberberg
Cyber security in israel by itsik haberbergCyber security in israel by itsik haberberg
Cyber security in israel by itsik haberberg
 
CCNA_Security_01.ppt
CCNA_Security_01.pptCCNA_Security_01.ppt
CCNA_Security_01.ppt
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organization
 
820 1961-1-pb
820 1961-1-pb820 1961-1-pb
820 1961-1-pb
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
 

Más de E-Government Center Moldova

The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsE-Government Center Moldova
 
Prezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucPrezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucE-Government Center Moldova
 
Can e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterCan e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterE-Government Center Moldova
 
Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...E-Government Center Moldova
 
Unleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranUnleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranE-Government Center Moldova
 
Government innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielGovernment innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielE-Government Center Moldova
 

Más de E-Government Center Moldova (20)

The nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data AnalyticsThe nexus of Social, Mobile, Cloud and Big Data Analytics
The nexus of Social, Mobile, Cloud and Big Data Analytics
 
Digital Transformation by Richard Baird
Digital Transformation by Richard BairdDigital Transformation by Richard Baird
Digital Transformation by Richard Baird
 
Mpay&Mcloud
Mpay&McloudMpay&Mcloud
Mpay&Mcloud
 
Presentation cert gov-md 05.03.2013
Presentation cert gov-md 05.03.2013Presentation cert gov-md 05.03.2013
Presentation cert gov-md 05.03.2013
 
Hannes astok data protection agency
Hannes astok data protection agencyHannes astok data protection agency
Hannes astok data protection agency
 
Prezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariucPrezentare compartiment securitatea 05 03 2013 p sincariuc
Prezentare compartiment securitatea 05 03 2013 p sincariuc
 
Hannes astok policy development
Hannes astok policy developmentHannes astok policy development
Hannes astok policy development
 
Digital security hannes astok
Digital security hannes astokDigital security hannes astok
Digital security hannes astok
 
Assessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto VeldreAssessing cybersecurity_Anto Veldre
Assessing cybersecurity_Anto Veldre
 
MCloud operational framework
MCloud operational frameworkMCloud operational framework
MCloud operational framework
 
Arhitectura de securitate_MCloud
Arhitectura de securitate_MCloudArhitectura de securitate_MCloud
Arhitectura de securitate_MCloud
 
Ibm smart cloud solutions m-cloud
Ibm smart cloud solutions m-cloudIbm smart cloud solutions m-cloud
Ibm smart cloud solutions m-cloud
 
Ibm security virtual server protection
Ibm security virtual server protectionIbm security virtual server protection
Ibm security virtual server protection
 
Can e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedterCan e government work in the cloud reichstaedter
Can e government work in the cloud reichstaedter
 
Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...Driving government efficiency and innovation through cloud computing k...
Driving government efficiency and innovation through cloud computing k...
 
Star storage m cloud week
Star storage m cloud weekStar storage m cloud week
Star storage m cloud week
 
Unleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moranUnleashing the potential of cloud computing in europe francisco garcia moran
Unleashing the potential of cloud computing in europe francisco garcia moran
 
Government innovation through cloud computing arthur riel
Government innovation through cloud computing arthur rielGovernment innovation through cloud computing arthur riel
Government innovation through cloud computing arthur riel
 
4 francisco garcia_moran_moldova_2013
4 francisco garcia_moran_moldova_20134 francisco garcia_moran_moldova_2013
4 francisco garcia_moran_moldova_2013
 
3 platforma tehnologica_m-cloud
3 platforma tehnologica_m-cloud3 platforma tehnologica_m-cloud
3 platforma tehnologica_m-cloud
 

Hannes astok digital_security_2012

  • 1. Policy and legal framework development for Digital Security in Estonia Hannes Astok Project Manager eGovernance Academy Estonia
  • 2. Why policy framework? • Growing threats and security concerns • Vulnerability of the critical information systems • Need for coordinated activities • Clear roles and responsibilities between the institutions • Better protection of information systems and criticl infrastucture • Estonian Cyber Security Strategy 2008-2013
  • 3. Goals of the strategy 1. The development and large-scale implementation of a system of security measures 2. Increasing competence in cyber security 3. Improvement of the legal framework for supporting cyber security 4. Bolstering international co-operation 5. Raising awareness on cyber security
  • 4. Relations to the other national development plans • Information Security Interoperability Framework (2007) • Information Society Strategy 2013 • Knowledge-Based Estonia: R&D Development Strategy 2007-2013 • Criminal policy development strategy • Education and health development plans
  • 5. Legal framework -International law Council of Europe: • Convention on Cybercrime 2004
  • 6. EU legal framework • attacks against information systems: Council Framework Decision 222/2005/JHA • protection of personal data (95/46/EC and 2002/58/EC); • electronic communications (2002/58/EC); • retention of data (2006/24/EC); • re-use of public sector information (2003/98/EC); • information society services (2000/31/EC).
  • 7. National legal framework • Penal Code: responsibility and penalties about various types of crime and attacks • Electronic Communications Act: requirements for publicly available electronic communications networks and communications services
  • 8. National legal framework 2 • Personal Data Protection Act: clear legal basis for processing any kind of personal data • Public Information Act: regulates the basis and procedures for the accessing of public information
  • 9. National legal framework 3 • Information Society Services Act: limits the liability of Internet service providers for the content of their service, spam related issues and general requirements for the provision of information society services.
  • 10. International Cooperation • United Nations: issues of cyber security are addressed by a high-level expert group of the Internet Governance Forum (IGF) and the International Telecommunication Union (ITU).
  • 11. International Cooperation: EU • European Commission • The European Network and Information Security Agency (ENISA) provides support to EU member states, institutions and entrepreneurs in the prevention and management of breaches in information security.
  • 12. International Cooperation: EU 2 • European Programme for Critical Infrastructure Protection – EU reseach network realted to cyber security
  • 13. The tool Three-level baseline security system for information systems
  • 14. Information Security • Information security is an on-going process, which is aimed at ensuring the confidentiality, integrity and availability of data (data assets). Information security does not solely represent the classification of information or fitting of firewalls. The goal is to find a balance between these three components.
  • 15. Data availability • Data availability represents timely and easy availability (i.e. at the necessary/required moment of time and within the necessary/required period of time that has been previously agreed upon) of data to authorised users (individuals or technical systems) during the required/agreed working time
  • 16. Data integrity • Data integrity means ensuring the accuracy/completeness/up-to-date nature of data, authenticity of their origin and absence of any unauthorised modifications.
  • 17. Data confidentiality • Data confidentiality means making data available only to authorised users (individuals or technical systems), while keeping them unavailable for all other entities.
  • 18. What is three-level baseline security system for information systems (ISKE)? • An information security standard that is developed for the Estonian public sector. • One of the systems that is supposed to ensure the state information system • The preparation and development of ISKE is based on a German information security standard - IT Baseline Protection Manual (IT-Grundschutz in German), which has been adapted to match the Estonian situation. • ISKE has absolute nature – all the identified security measures must be applied to ensure compliance with ISKE.
  • 19. ISKE or three-level baseline security system for information systems • Baseline security system – one set of developed security measures, which will be applicable to all information assets, regardless of their real security requirements. ISKE is based upon the German BSI baseline security system, which contains more than 1,000 security measures. The main disadvantage of the system is the implementation of an average set of measures to systems with different security requirements.
  • 20. ISKE or three-level baseline security system for information systems • Three-level baseline security system – three different sets of security measures for three different security requirements have been developed (different databases and information systems may have different security levels). Compared to the one-level baseline security system this version is more accurate (economic), while being more inaccurate, compared to detailed risk analysis.
  • 21. Identifying the security level of information assets for ISKE
  • 22. ISKE or three-level baseline security system for information systems • The levelled baseline security system is more economical, as there is no need to exercise expensive security measures on data with limited security requirements. • Additional expenses on data and information system analysis and for outsourcing the required set of security measures will be applicable to the implementation of a security system of different levels.
  • 23. Legislation for the implementation of ISKE • The terms and conditions for auditing the implementation of are established by the Regulation of the Government of Estonia
  • 24. Hannes Astok E hannes@astok.ee M +372 5091366 S hannesastok W www.ega.ee