1 / 9

ICTWG-ECPRD SEMINAR 2006

ICTWG-ECPRD SEMINAR 2006. INFORMATION SECURITY ISSUES AT THE CHAMBER OF DEPUTIES Carlo Simonelli Head of Unit – ICT Systems and User Support ICT Department – Chamber of Deputies Vilnius, 6t h October 200 6. 1. OVERVIEW. Information System Security

hani
Download Presentation

ICTWG-ECPRD SEMINAR 2006

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ICTWG-ECPRD SEMINAR 2006 INFORMATION SECURITY ISSUES AT THE CHAMBER OF DEPUTIES Carlo Simonelli Head of Unit – ICT Systems and User Support ICT Department – Chamber of Deputies Vilnius, 6th October 2006 1

  2. OVERVIEW • Information System Security • “Documento programmatico sulla sicurezza dei dati” (Programmatic Data Security Document) • Risk analysis carried out for the Programmatic Data Security Document • Other contents of the Document • Internet redundant links • Projects for improving information system security 2

  3. INFORMATION SYSTEM SECURITY • Information System Security at the Chamber of Deputies during the past years • Security procedures difficult to be implemented 3

  4. PERSONAL DATA PROTECTION CODE • Internet, Electronic mail and always-on era required more effort in information security • Implementing “Personal Data Protection Code” (Decreto Legislativo n. 196, 2003) 4

  5. PROGRAMMATIC DATA SECURITY DOCUMENT • First edition of “Documento programmatico sulla sicurezza dati” (Programmatic Data Security Document) • The “Register of IT systems” is a prerequisite • The two parts of the Document • Analytic review of all data treatments • Rules for managing personal and sensitive data and general instruction to protect the information systems 5

  6. RISK ANALYSIS AND ASSESSMENT • ISO/IEC 17799 (now ISO/IEC 27799:2005) and other information security standards • Risk exposure level established for 51 data bases with sensitive data and for 77 data bases with personal data • Activities this year on sensible data 6

  7. BENEFITS OF THE DOCUMENT • Joint activities improving information security • Important managing procedures • Procedures for managers and employees • Duration of data stored online and offline • Who is in charge of deleting data • Managing backups and logs • Data ciphering • Password characteristics and expiration • Training of managers and employees 7

  8. IMPROVING INTERNET LINK SPEED AND AVAILABILITY 8

  9. IMPROVING INFORMATION SYSTEM SECURITY • PKI system for digital signatures • Smart cards for strong authentication of employees • New projects • MPs VPN SSL authentication and profiling; use of tokens • Protocol 802.1x for administrative user workstation connection 9

More Related