Digital information security trainings

2013

Chisinau

Digital security for better governance and public services

12.03.2013 Presentation Title

e-Government Centre Moldova

Hannes Astok

Senior Expert

eGovernmance Academy

Policy and legal framework development for Digital Security

12.03.2013 Presentation Title

e-Government Centre Moldova

Why policy framework?

Growing threats and security concerns

Vulnerability of the critical information systems

Need for coordinated activities

Clear roles and responsibilities between the

institutions

Better protection of information systems and critical

infrastructure

Estonian Cyber Security Strategy 2008-2013

Goals of the strategy

Establishment of a multilevel system of security measures

Expanding Estonia’s expertise in and awareness of information security

Adopting an appropriate regulatory framework to support the secure and extensive use of information systems

Goals of the strategy: more specifically

1. Development and implementation of a system of security measures

1. Protection of the Critical Information Infrastructure (CII)

2. Development and Implementation of a System of Security Measures

3. Strengthening of Organisational Co-operation

Goals of the strategy: more specifically

2. Increasing competence in information security

1. Organisation of Training in Cyber Security

2. Enhancing Research and Development

3. Development of a legal framework for cyber security

4. Development of international co-operation

5. Raising awareness of cyber security

Relations to the other national development plans

Information Security Interoperability Framework (2007)

Information Society Strategy 2013

Knowledge-Based Estonia: R&D Development Strategy 2007-2013

Criminal policy development strategy

Education and health development plans

Legal framework -International law

Council of Europe

Convention on Cybercrime 2004

EU legal framework

Attacks against information systems: Council Framework Decision 222/2005/JHA

Protection of personal data (95/46/EC and 2002/58/EC);

Electronic communications (2002/58/EC);

Retention of data (2006/24/EC);

Re-use of public sector information (2003/98/EC; under revision) ;

Information society services (2000/31/EC).

National legal framework

Penal Code: responsibility and penalties about various types of crime and attacks

Electronic Communications Act: requirements for publicly available electronic communications networks and communications services

National legal framework 2

Personal Data Protection Act: clear legal basis for processing any kind of personal data

Public Information Act: regulates the basis and procedures for the accessing of public information

National legal framework 3

Information Society Services Act: limits the liability of Internet service providers for the content of their service, spam related issues and general requirements for the provision of information society services.

International Cooperation

United Nations: issues of cyber security are

addressed by a high-level expert group of the

Internet Governance Forum (IGF) and the

International Telecommunication Union (ITU).

International Cooperation: EU

European Commission

The European Network and Information

Security Agency (ENISA) provides support to

EU member states, institutions and

entrepreneurs in the prevention and

management of breaches in information security.

International Cooperation: EU 2

European Programme for Critical

Infrastructure Protection – EU reseach

network realted to cyber security

Q & A

Thank You!

Hannes Astok www.ega.ee | hannes@astok.ee| +372 5091366 | hannesastok

E-Governance Academy | Tõnismägi 2, 10112 Tallinn, Estonia

12.03.2013 Presentation Title