Eesti Energia AS A State-owned International Energy Company
Outline Company Profile Services Provided Assets System Schema Risk Categories Technical Risks and Mitigation Summary
Outline
Operates in Estonia, Latvia, Lithuania, Finland, Jordan Largest employer in Estonia with over 7500 employees ~470 000 private customers ~26 000 business customers Total revenue of 796 million Euros in FY 2010 Most preferred employer in Estonia Second-best customer service in Estonia Bonds listed on the London Stock Exchange
Eesti Energia Profile
ServicesEesti Energia offers comprehensive energy solutions including: Electricity heat and fuel customer service and consulting
ENERGY SERVICES PRODUCTION&TECHNOLOGY
RESIDENTIAL BUSINESS ELECTRIC, HEAT OIL, TECHNOLOGY
The vision of Eesti Energia is to sell energy to two million customers in the Baltic Sea Region by 2015.
The mission of Eesti Energia is to devote all of their energy for the good of the people.
Mission&Vision
Information Network
Internal service hardware Internal service software Backup and restore system Firewalls and VPN tunnels systems Monitoring systems Datacenter physical Datacenter power Web access to self service systems Accounting systems Internal technical knowledge Interdepartment processes
Assets
Physical accidents Employee configuration errors Customer configuration errors Internal malicious actions External malicious actions Customer malicious actions Missing or untested procedures Interdepartment cross training Software limitation Political environment
Threats
Data Center Incidents◦ Data safety and accessibility
Software exploit◦ Risks connected with software
Network problems ◦ Computer network incidents
Human factor ◦We are not machines
Risk Categories
Description:A system cannot work without databases. All information, finance reports, billing reports, and settings are stored in database.Risks: Unauthorized access Data loss Server overwhelmed, insufficient server performance.Measures taken to prevent incidents: Increase overall database security. Backups are stored separately in several places geographically. Database servers are configured for appropriate workload.
Data Center Incidents
Description: Company tries to protect its IT property especially system, software and technology secrets. Information system is also company’s private property.Risk: Software bugs can be discovered and exploited rapidly. Software architecture cannot keep up to speed with the
changing world. New features would bring new problems, change is risky.Measures: Design good software architecture from the beginning. Overall workflow monitoring Fast response to software security incidents.
Software Exploits
Description:External and internal network security, integrity, data confidentiality are vital to company operations. Network safety and availability are the most important. Risks: Unauthorized network penetration and anti service attacks. Disrupted connections. Possible leak of sensitive information due weak network defence.Measures: Hardware: firewall, intrusion detection system, intrusion prevention
system, monitoring system with notifications. Software firewall on client machines and network flow monitoring. Strict domain policy.
Network Problems
Description:Our organization is concerned that at any time any of its employee could make a mistake. They cannot control the actions of all employees at all times. Risks: Loss of unsaved information. A spilled cup of coffee. Security accounts exchanging between employees .Measures: Ensure that corporate rules and procedures are followed. Enhance and optimize work processes. Personnel must cooperate with policy. Build up politics of loyalty in company culture.
Human Factors
Summary
Risk assurance is a fundamental concern to All organizations!
Eesti Energia is not an exception.
Summary