200 likes | 442 Views
Cooperation between i nstitutional and private sectors in the field of electronic information security. approach of Lithuania. Abstract.
E N D
Cooperation between institutional and private sectors in the field of electronic information security approach of Lithuania
Abstract The presentation will cover a short survey of practical cooperation between institutional and private sectors in the field of electronic information (EI) security in Republic of Lithuania.
Coordination of IT security in public sector • In accordance with decision No. 291 of Lithuania Government, Ministry of Interior is coordinating security of information technology in governmental institutions and agencies. • Minister of Interior has delegated the execution of those functions to the Security supervision division, which is a constituent part of the Information Policy department.
History • An evaluation of state information systems in Lithuania was first time completed in 2000. As the final Report stated, most measures had only temporary impact. • In consideration of final findings the first State strategy on information technologies security was adopted by the Government of the Republic of Lithuania in 2001. • Second Strategy for Electronic Information Security was adopted by the Government of the Republic of Lithuania in 2006.
EI security training programs developed together with private sector • In 2005 PHARE funded project „Technical assistance for strengthening capacities of authorities dealing with IT and electronic data security“ was completed by consortium of JSC Blue Bridge, Mykolas Romeris University and Kaunas University of Technology. • Among the results of this project are EI security training programs for: • State institution staff (users); • Head management of State institutions; • IT security officers.
EI security training programs developed together with private sector Results : • Preparation of training programs and training of State institutions staff (for on-site and distance learning options); • Prepared training materials for face-to-face and distance learning options; • Developed distance learning system scenario, web portal and content for it; • Trained 40 IT security officers (plus ~40 in 2008); • In 2008 there will be more than 3 000 users trained. Large private companies, such as JSC „Microsoft Lietuva”, JSC „Bite Lietuva”, „SEB Bankas” showed interest in these EI security training programs for their staff training purposes. Main State institutions, like Lithuania Customs, State Tax Inspectorate successfully adopted these distance training programs.
EI security training programs developed together with private sector Ministry of Interior, together with private companiesprepared EI security training materials (on-line andCD-ROM versions) for face-to-face and distance learning options: • Power Point slides; • Test questions on each topic; • Texts; • Educational films
Educational films onYouTube On February, 2008 at world’s famous internet video portal„YouTube“ (www.youtube.com/Infosauga)10 shorteducational films about EI security were upladed by MoI. Those films were created by order of Ministry of Interior, implementing PHARE funded project and in funny and visual way attracts every computer user attention to EI security threats. During this month, IT security training films link was visited more than 27.000 times.
Seminars of use of EI legal actsfor State institutions Ministry of Interior together with private companies periodically organizes practical seminars of use of EI legal acts and EI security organization and comments of EI and IT security legal acts changes. These seminars are attended by staff from: • State institutions; • Local authorities; • Private companies. IT security specialists of Ministry of Interior periodically take part on IT security seminars, organized by private sector.
Risk Assessment Manual Ministry of Interior of Lithuania as contracting authority, in cooperation with private sector (JSC „Blue Bridge“) prepared and published „Risk Assessment Manual“(author Robertas Vageris, CISM) as part of PHARE funded project in 2005. This Manual covers the popular risk analysis methods, provides examples and advices for practical application. „Risk Assessment Manual“ is suitable for application in public institutions in Lithuania, managing IT resources and dealing with data of different level of importance in the electronic form. PDF version of „Risk Assessment Manual“ is available for download from Ministry of Interior of the Republic of Lithuania home site www.vrm.lt.
Risk assessment in State IT systems Starting from 2007,Risk assessment in all State IT systems was performed. Many IT system owners contracted private companies for risk assesment. By National EI security coordination commission approvement, summarized Risk assessment report is available at MoI site www.vrm.lt
ISO 17799 audit of main State Registries As part of Government strategy for ElectronicInformation Security, ISO 17799evaluation of six State Registries in 2007 was performed. Compliance to ISO 17799 was found 78 %. State Registries owners prepared plans of dealing with incompliances and according to these plans strengthening EI security.
EI security project www.esaugumas.lt Site www.esaugumas.lt (esecurity) was launched in Ferbruary, 2006. It is joint product of State institutions and EI security private sectorcompanies. This project main partners are MoI,Communications Regulatory Authority (RRT),JSC „Microsoft Lietuva“, JSC „Blue Bridge”, SC „TEO.LT“, JSC „Pandasoftware“ and others). This site was visited more than 167.000 times, since it was created.
EI security project www.esaugumas.lt Home users Private companies State institutions • Information, provided on site, involves articles about EI security and security situation, active threats, trends, etc.
International conferences together with ENISA Lithuania’s State institutions (MoI, Communications Regulatory Authority and Ministry of Transport and Communications) along with ENISA (European Network and Information Security Agency) and private companies organizes international conference „European Network and Information Security“. These conferences are regularly held in Vilnius (2005, 2006, 2007, coming in 2008). Welcome!
State institutions and private sector cooperation project „Safe internet for all“ MoI, Communications Regulatory Authority (RRT), banks of Lithuania and IT security companies, working together, prepared and freely distributed through the Lithuania about 100.000 CD’s with antivirus, antispam and antispyware programs and leaflets with information about EI security, security threats and security measures.
Other projects, assuring EI security in Lithuania • E-Tax declaration (State Tax Inspectorate); • E-information about personal data, (State Residents' Register Service); • E-Reference of Previous convictions (IT and communications Department under the MoI); • E-public services on portal www.evaldzia.lt (e-Government) (information about person’s State social insurance (State Social Insurance Board), information about person’s obtained medical services and pharmaceuticals (State Patient Fund). All these e-Government electronic services use identification and authentication provided by Internet banking systems of Lithuania.
Other projects, assuring EI security in Lithuania „State institutions IS security“ project. Will be implemented in critical IT systems owned by: • Ministry of Interior • Lithuanian Customs • State Tax Inspectorate • State Social Insurance Board During this project will be implemented these ITsecurity measures: • Data backup; • IT infrastructure monitoring and control; • Intrusion detection and prevention; • Service level management.
Preparation of IT security study modules in Kaunas University of Technology • Project was financed by Ministry of Education and Science of Republic of Lithuania and EU Social Fund. • Results of this project are 10 new study modules for IT security students in Kaunas University of Technology : • Master’s degree study modules: • Systems of cryptograhy; • Security of e-documents and data; • Security of computers; • Security of computer networks; • Security of internet telephony and VOIP; • Management of data security; • Security of e-commerce; • Security of e-government. • Doctor’s degree study modules: • Theory of crypthography; • Network security.
? THANK YOU