1 / 14

Eesti Energia AS A S tate - owned I nternational E nergy C ompany

Eesti Energia AS A S tate - owned I nternational E nergy C ompany . Outline. Outline Company P rofile Services P rovided Assets System Schema Risk Categories Technical R isks and M itigation Summary. Eesti Energia Profile.

jalen
Download Presentation

Eesti Energia AS A S tate - owned I nternational E nergy C ompany

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Eesti Energia ASA State-owned International Energy Company

  2. Outline Outline • Company Profile • Services Provided • Assets • System Schema • Risk Categories • Technical Risks and Mitigation • Summary

  3. EestiEnergiaProfile • Operates in Estonia, Latvia, Lithuania, Finland, Jordan • Largest employer in Estonia with over 7500 employees • ~470 000 private customers • ~26 000 business customers • Total revenue of 796 million Euros in FY 2010 • Most preferred employer in Estonia • Second-best customer service in Estonia • Bonds listed on the London Stock Exchange

  4. Services • Eesti Energia offers comprehensive energy solutions including: • Electricity • heat and fuel • customer service and consulting ENERGY SERVICES PRODUCTION&TECHNOLOGY RESIDENTIAL BUSINESS ELECTRIC, HEAT OIL, TECHNOLOGY

  5. Mission&Vision • The vision of EestiEnergia is to sell energy to two million customers in the Baltic Sea Region by 2015. • The mission of EestiEnergia is to devote all of their energy for the good of the people.

  6. Information Network

  7. Assets • Internal service hardware • Internal service software • Backup and restore system • Firewalls and VPN tunnels systems • Monitoring systems • Datacenter physical • Datacenter power • Web access to self service systems • Accounting systems • Internal technical knowledge • Interdepartment processes

  8. Threats • Physical accidents • Employee configuration errors • Customer configuration errors • Internal malicious actions • External malicious actions • Customer malicious actions • Missing or untested procedures • Interdepartment cross training • Software limitation • Political environment

  9. Risk Categories • Data Center Incidents • Data safety and accessibility • Software exploit • Risks connected with software • Network problems • Computer network incidents • Human factor • We are not machines

  10. Data Center Incidents • Description: • A system cannot work without databases. All information, finance reports, billing reports, and settings are stored in database. Risks: • Unauthorized access • Data loss • Server overwhelmed, insufficient server performance. Measures taken to prevent incidents: • Increase overall database security. • Backups are stored separately in several places geographically. • Database servers are configured for appropriate workload.

  11. Software Exploits Description: Company tries to protect its IT property especially system, software and technology secrets. Information system is also company’s private property. Risk: • Software bugscan be discoveredand exploited rapidly. • Softwarearchitecture cannot keep up to speed with the changing world. • New features would bring new problems, change is risky. Measures: • Design good software architecture from the beginning. • Overall workflow monitoring • Fast response to software security incidents.

  12. Network Problems • Description: • External and internal network security, integrity, data confidentiality are vital to company operations. Network safety and availability are the most important. • Risks: • Unauthorized network penetration and anti service attacks. • Disrupted connections. • Possible leak of sensitive information due weak network defence. • Measures: • Hardware: firewall, intrusion detection system, intrusion prevention system, monitoring system with notifications. • Software firewall on client machines and network flow monitoring. • Strict domain policy.

  13. Human Factors • Description:Our organization is concerned that at any time any of its employee could make a mistake. They cannot control the actions of all employees at all times. • Risks: • Loss of unsaved information. • A spilled cup of coffee. • Security accounts exchanging between employees . • Measures: • Ensure that corporate rules and procedures are followed. • Enhance and optimize work processes. • Personnel must cooperate with policy. • Build up politics of loyalty in company culture.

  14. Summary Summary • Risk assurance is a fundamental concern to All organizations! • Eesti Energia is not an exception.

More Related