1 / 20

Cyber security implementation - MIA

Cyber security implementation - MIA. Ag u Kivimägi Head of Department for Cybersecurity , Strategy Division 8.11.2012. SMIT – IT and Development Centre, Ministry of Interior, Estonia. Ca 10 000 end users, 3 4 0 different locations, 50 server rooms ca 1200 servers

tomas
Download Presentation

Cyber security implementation - MIA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber security implementation - MIA Agu Kivimägi Head ofDepartmentforCybersecurity, StrategyDivision 8.11.2012

  2. SMIT – IT and Development Centre, Ministry of Interior, Estonia • Ca 10 000 end users, • 340different locations, • 50server rooms • ca 1200 servers • We provide 180 ICT services Operative radio communication,passport printing, e-police information system, 112-emergency call system, border guard information system, visa- Schengen-, EURODAC, geo-informationsystem forrescue services …

  3. Director Assistant Support Division Infrastructure Division Strategy Division Development Division Administrative Division Data Services Division Cyber Security Department Department of Analysis Finance and Foreign Aid Department Department of Administration Server Services Department Project Management Department Legal and Procurement Department Special Projects Department Department of Software Development Quality Department Communications Department Department of General Administration Computer Workstation Services Division

  4. Cybersecurity Department • Risk management • Security organisation • Policys, - requirements, securitydocumentation • Awareness, training, education • Supervision • Recommendations, improvements

  5. Questions to answer • How secure is our institution? • When top management could be satisfied with the security situation? • How to measure the security level? • How to define where to invest?

  6. What is the objective of cyber security To protect IT system against cyber attacks OR Capability to manage ICT services

  7. ISO 27 000 seires ITIL ISM 3

  8. ITIL - Information Technology Infrastructure Library

  9. Service design 1.Design coordination 2.Service Catalogue 3.Service level Management 4.Availability Management 5.Capacity Management 6.IT Service Continuity Management 7.Information Security Management System 8.Supplier Management

  10. Service transition 1.Transition planning and support 2.Change management 3.Service asset and configuration management 4.Release and deployment management 5.Service validation and testing 6.Change evaluation 7.Knowledge management

  11. Service operation 1.Event management 2.Incident management 3.Request fulfillment 4.Problem management 5.Access management

  12. ISO 27000 series • ISO 27001 – Information security management systems (ISMS) Requirements • specification for an ISMS • ISO 27002 – Code of practice for information security management • guidelines for implementing, maintaining ISMS • ISO 27003 – PDCA (plan-do-check-act) • ISO 27004 - metrics • ISO 27005 - information security risk management • ….

  13. Gartner ICT maturity model

  14. ISM3 - Information Security Management Maturity Model

  15. ISM3 processes • Generic Processes (3) • Strategic Processes (4) • Tactical Processes (12) • Operational Processes (26)

  16. Processcapabilitylevels

  17. Capabilitylevel => maturity

  18. Goals and objective for cybersecurity

  19. Investment

  20. Thankyou!

More Related