Government Information Assurance (GIA) Policy

1. Government Information Assurance (GIA) Policy

2. Current Scenario It is a connected world! More and More services are being provided online Continuous evolving and powerful technology available to everybody at a cheap price With every opportunity come Risk. Your business is at RISK!

3. Emerging Risks • Changing Political Scenario • Arab Spring • Qatar’s prominent role in International Arena • Changing Economic Scenario • Country with highest per capita income • International Sporting Events • Hacktivism • Sophisticated Attack Vectors • Insider Threats • Changing Legislative landscape • Data Privacy Law* • Critical Information Infrastructure Protection Law*

4. Real Incidents • During Arab Games in 2011 • A number of critical sector and government organization were victim of attacks from Moroccan Hackers group • Number of sites affected: 10 • Most of the incidents involved web defacement but it could have been worse! • Duration of incident: The attack was persistent for two weeks

5. Government Information Assurance Survey The need of Information Security Management System Increasing Reliance on ICT No Security Baseline standards Insufficient trained resources New Emerging Risks Baseline Policy & Standards Auditing Model Certified Training

6. Challenges in Government Sector Business Model of Information Security • Cultural Issues • Pre-set Mindset: Peaceful and secure environment • Lack of Awareness • Lack of Support • Lack of Resources

7. Government Information Assurance Survey (2010) Government Information Assurance Survey • 30%of IT managers of Government organizations responded • Survey demonstrated the need of information security support

8. Government Information Assurance Policy

9. What is GIA Policy

10. GIA Components Government Information Assurance Survey What is GIA Government Information Classification Policy Government Information Assurance Manual Implementation Guide Security Governance & Processes Technical Control Areas Accreditation Manual Governance Structure [IG] Risk Management [RM] Third Party Security Management [TM] Data Labeling [DL] Change Management [CM] Personnel Security [PS] Security Awareness [SA] Incident Management [IM] Business Continuity Management [BC] Logging & Security Monitoring [SM] Data Retention & Archival [DR] Documentation [DC] Accreditation [AC] Communications Security [CS] Network Security [NS] Information Exchange [IE] Gateway Security [GS] Product Security [PR] Software Security [SS] System Usage Security [SU] Media Security [MS] Access Control Security [AM] Cryptographic Security [CY] Portable Devices & Working Off-Site Security [OS] Physical Security [PH] Certified Training

11. Government Information Assurance Survey Assets Classification What is GIA Step 1: Identify key processes and their owners in the organization. Step 2: Identity process dependencies: information, applications, systems, networks, etc. Step 3. Determine the security classification for each information asset using table Step 4: Apply the necessary controls

12. Approved by the Board of ictQATAR and has been sent to Council of Ministers. Government Information Assurance Survey What is GIA GIA Policy is… Formulated from most common international standards/best practices • Allows straight forward path for certification against other standards e.g. ISO27001 • Maps well with established standards such as ITIL • Adopted by MoI, ABQ

13. Thank You www.qcert.org