Eesti Energia AS A State-owned International Energy Company

Outline Company Profile Services Provided Assets System Schema Risk Categories Technical Risks and Mitigation Summary

Outline

Operates in Estonia, Latvia, Lithuania, Finland, Jordan Largest employer in Estonia with over 7500 employees ~470 000 private customers ~26 000 business customers Total revenue of 796 million Euros in FY 2010 Most preferred employer in Estonia Second-best customer service in Estonia Bonds listed on the London Stock Exchange

Eesti Energia Profile

ServicesEesti Energia offers comprehensive energy solutions including: Electricity heat and fuel customer service and consulting

ENERGY SERVICES PRODUCTION&TECHNOLOGY

RESIDENTIAL BUSINESS ELECTRIC, HEAT OIL, TECHNOLOGY

The vision of Eesti Energia is to sell energy to two million customers in the Baltic Sea Region by 2015.

The mission of Eesti Energia is to devote all of their energy for the good of the people.

Mission&Vision

Information Network

Internal service hardware Internal service software Backup and restore system Firewalls and VPN tunnels systems Monitoring systems Datacenter physical Datacenter power Web access to self service systems Accounting systems Internal technical knowledge Interdepartment processes

Assets

Physical accidents Employee configuration errors Customer configuration errors Internal malicious actions External malicious actions Customer malicious actions Missing or untested procedures Interdepartment cross training Software limitation Political environment

Threats

Data Center Incidents◦ Data safety and accessibility

Software exploit◦ Risks connected with software

Network problems ◦ Computer network incidents

Human factor ◦We are not machines

Risk Categories

Description:A system cannot work without databases. All information, finance reports, billing reports, and settings are stored in database.Risks: Unauthorized access Data loss Server overwhelmed, insufficient server performance.Measures taken to prevent incidents: Increase overall database security. Backups are stored separately in several places geographically. Database servers are configured for appropriate workload.

Data Center Incidents

Description: Company tries to protect its IT property especially system, software and technology secrets. Information system is also company’s private property.Risk: Software bugs can be discovered and exploited rapidly. Software architecture cannot keep up to speed with the

changing world. New features would bring new problems, change is risky.Measures: Design good software architecture from the beginning. Overall workflow monitoring Fast response to software security incidents.

Software Exploits

Description:External and internal network security, integrity, data confidentiality are vital to company operations. Network safety and availability are the most important. Risks: Unauthorized network penetration and anti service attacks. Disrupted connections. Possible leak of sensitive information due weak network defence.Measures: Hardware: firewall, intrusion detection system, intrusion prevention

system, monitoring system with notifications. Software firewall on client machines and network flow monitoring. Strict domain policy.

Network Problems

Description:Our organization is concerned that at any time any of its employee could make a mistake. They cannot control the actions of all employees at all times. Risks: Loss of unsaved information. A spilled cup of coffee. Security accounts exchanging between employees .Measures: Ensure that corporate rules and procedures are followed. Enhance and optimize work processes. Personnel must cooperate with policy. Build up politics of loyalty in company culture.

Human Factors

Summary

Risk assurance is a fundamental concern to All organizations!

Eesti Energia is not an exception.

Summary