Zakon o informacijskoj sigurnosti izazov informatičkoj industriji (panel) Mr. sc. Aleksandar Klaić, dipl. ing. Ured Vijeća za nacionalnu sigurnost (UVNS)

Slides:

Advertisements

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

Advertisements

T HE ROLE OF GOVERNMENTS AND STAKEHOLDERS IN THE ICT PROMOTION DEVELOPMENT.

2006 Pan American Health Organization.... Capacity of the National Health Authority to Regulate/Enforce Health Systems Strengthening Seminar Monitoring.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

The International Security Standard

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

The Stabilisation and Association Agreement between Montenegro and the EU signed in October 2007, entered into force in May Montenegro has been.

1.Legal basis 2.Perception of cyber defence 3.Computer Incident Response System 4.Cyber Operations 5.Protection of information 6.Summary.

Case of Serbia: Relations between EU integration process and judiciry reform Dušan Brajković Between Transformation and Integration – South-East Europe’s.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

First Practice - Information Security Management System Implementation and ISO Certification.

A regional perspective: South East European Network on QF Prof. Mile Dželalija, PhD Bologna Process: Development of Qualifications Framework Meeting of.

Session 3 – Information Security Policies

S.ICZ Frantisek Vosejpka The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno,

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

DSCI Framework- Pilot Implementation. Operational Locations Different project groups Different client Geographies Different services Exposes PI through.

Geneva Centre for the Democratic Control of Armed Forces (DCAF) Dr. Hans Born Senior Fellow, 1 November 2005, Geneva 1. SSG:

EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)

Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,

1 Module 4: Designing Performance Indicators for Environmental Compliance and Enforcement Programs.

Getting the Core Government Functions Right Annie Demirjian Bratislava Regional Centre.

IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.

Standards and innovation What is a standard? How do standards promote innovation? What is the role of governments and the UN?

Croatian Report on new Environmental Protection Law Josipa Blažević-Perušić, B.Sc. Arch. State Secretary Anita Pokrovac-Patekar, B.Sc. Pharm. Senior Environmental.

Thriving Third Sector: Vision for Civil Society Les Hems GuideStar Data Services.

The Global Centre for Information and Communication Technologies in Parliament 14 June 2006 V Legislative XML Workshop Towards European Standards for Legislative.

IEEE Systems Council Technical Operations Current Status and Future Opportunities Theodora Saunders VP, Technical Operations.

Draft Model Rules for EU Administrative Procedures – History, Concept, Principles and Scope Book I – General Provisions Presentation for the EU Ombudsman.

1 February 2005 Briefing Sessions Draft Regulations Using Water for Recreational Purposes.

Implementation of 3 rd Energy Package: latest developments in Lithuania 1 Kęstutis Žilėnas Ministry of Energy, Lithuania 11 th Baltic Electricity Market.

Rome, September 25th 2007 Security and Certification in the Public Sector – Claudio Manganelli Security and Certification in the Public Sector Ing. Claudio.

Halifax, 31 Oct – 3 Nov 2011ICT Accessibility For All SMART GRID ICT: SECURITY, INTEROPERABILITY & NEXT STEPS John O’Neill, Senior Project Manager CSA.

DICOM and ISO/TC215 Hidenori Shinoda Charles Parisot.

1 BORDER SECURITY AND MANAGEMENT Intra-service co-operation Inter-agency co-operation Presented by: Visiting expert Goran Krsteski Geneva.

1 “Energy Security dimension in EU CSDP: Guidelines for the Future” RADM Bruce Williams CBE Deputy Director General EU Military Staff.

ANA AGÊNCIA NACIONAL DE ÁGUAS SESSION 5 - WATER GOVERNANCE IN BRAZIL Gisela Forattini Voorburg, the Netherlands May 2006 USER-PRODUCER CONFERENCE:

Open Discussion on : Future Development of HIA in ASEAN Community 1 st HIA for ASEAN Workshop “Understanding HIA : A Foundation for the Well-being of the.

National Information Communication Technologies Strategy Vasif Khalafov “National strategy” working group - Web -

The Post-MiFID Financial World László Seregdi June 15, 2007 Split.

ICZM Guidelines for Dubrovnik-Neretva County. Regional MedPartnership workshop on harmonising the national legal and institutional framework with the.

Health Management Information Systems Unit 3 Electronic Health Records Component 6/Unit31 Health IT Workforce Curriculum Version 1.0/Fall 2010.

CYBER SECURITY in UKRAINE NATO LIAISON OFFICE, KYIV

National INFOSEC Organisations and INFOSEC Management in Hungary.

Chapter 1: Security Governance Through Principles and Policies

19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.

“DEVELOPMENT OF A NATIONAL ICT POLICY ICT Policy in the ECTEL Member States Mr. Donnie Defreitas MSc, (Hav.), ECTEL Caribbean Internet Forum Bay Gardens.

Information Security tools for records managers Frank Rankin.

New approach in EU Accession Negotiations: Rule of Law Brussels, May 2013 Sandra Pernar Government of the Republic of Croatia Office for Cooperation.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 - Foreign, security and defence.

SETTING SECURITY AND DEFENSE R&T POLICY Sofia, UNWE, June 28, 2007 Nikolay Pavlov Centre for National Security and Defense Research – Bulgarian Academy.

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

STUDY VISIT ON 'EVIDENCE-BASED POLICY MAKING IN EDUCATION AND TRAINING‘, SWEDEN MAY 2012.

Thomas Kramler DG Competition, European Commission (The views expressed are not necessarily those of the European Commission) E-commerce and EU competition.

United Nations Statistics Division Developing a short-term statistics implementation programme Expert Group Meeting on Short-Term Economic Statistics in.

Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.

Unclassified MG. L. HOXHA Skopje, 21 st of June 2005 REPUBLIC OF ALBANIA MINISTRY OF DEFENCE GENERAL STAFF OF THE ARMED FORCES.

Office of the National Security Council Republic of Croatia Cyber Security, Cyber Defence and Cyber Operations - National Framework and International Cooperation.

Norms and Standards for eHealth (Standardisation and Certification) W.J. Meijer Quality Assurance E health EPSO Conference 2 June 2016.

Thoughts on IT Enterprise Architecture Maturity Models for the

Right to good administration

The Charter of Fundamental Rights of the EU

WHAT IS BEHIND GEORGIA’S RAPID CYBERSECURITY DEVELOPMENT

Nuclear and Treaty Law Section Office of Legal Affairs

Nuclear and Treaty Law Section Office of Legal Affairs

IS4680 Security Auditing for Compliance

RACVIAC SEE Centre for Security Cooperation &

National Mechanisms for Reporting and Follow-up

ICT Policy سياسات تكنولوجيا المعلومات والاتصالات

Workshop on Continental Strategy for Data Collection and Validation SRO-EA’s activities on Statistics Mr. Mactar Seck Economic Affairs Officer ICT Policies.

Security Policies and Implementation Issues

Presentation transcript:

Zakon o informacijskoj sigurnosti izazov informatičkoj industriji (panel) Mr. sc. Aleksandar Klaić, dipl. ing. Ured Vijeća za nacionalnu sigurnost (UVNS) Dr. sc. Miroslav Mađarić, dipl. ing. INA Industrija nafte d.d. Stanko Cerin S&T Group d.d.

The Information Security Act – a challenge to the Information Technology Industry Mr. sc. Aleksandar Klaić, dipl. ing. Ured Vijeća za nacionalnu sigurnost (UVNS)

Zakon o informacijskoj sigurnosti (NN 79/2007) o U fokusu Zakona su klasificirani i neklasificirani podaci državne uprave o Temeljni smjerovi djelovanja Zakona: o Direktni o Državna tijela u širem smislu - nacionalni standardi, središnja državna tijela za informacijsku sigurnost o Indirektni o Poslovni subjekti – suradnja s državnim tijelima, međunarodni klasificirani poslovi (EU, NATO) o Strateški o Informacijsko društvo u cjelini - Nacionalni CERT, nacionalna normizacija

Meaning of the new Croatian legislation – information security context o Information Security Act (07/2007): o Nation-wide regulation framework - security policy (Government Regulation, NSA and NCSA Ordinances, Guidelines, …) o Nation-wide institutional framework (NSA/DSA umbrella body and technical NCSA/SAA/NDA body as state authorities, and National CERT as public authority, CIS P&I bodies, CISO/LISO) o The final aim is to cover in appropriate way all 3 pillars of authorities (executive, parliament and judiciary) and both national and local government o Data Secrecy Act (07/2007): o Contemporary definitions of classified and unclassified data domains o Fundamental principles of data security for Nation-wide approach (need-to-know, PSC, data owner, 4 grade damage based classification, …)

Information Security Act o Principles of data protection with a view of development of information society in Croatia: o Comprehensive information security regulation framework for sub- Acts (Government Regulations, NSA and NCSA Ordinances, Guidelines, …) o Responsible bodies and prescribed period of time for regulation to enter into force o 5 security areas (Personnel, Physical, Industrial Security, INFOSEC, Security of Information) coordinated at national level with a view to comply to NATO/EU security policy o Main national authorities: NSA, NCSA (Security Sector) o Establishment of National CERT (Public, Academic Sector) o Defined Roles of: SAA, NDA, DSA, CIS P&I, CISO/LISO o Interrelation among national authorities that have defined roles

Conceptual Issues Addressed by the Information Security Act o Data Owner and Infrastructure Owner o Interoperability issue o Organizational o Semantic o Technical o Information security concepts and requirements in the foundation of information society o Standardization of ICT and information security field o ISO/IEC and Croatian National Standards from 2006 o UNCLASSIFIED and RESTRICTED infrastructure versus public and Internet infrastructure o NRoI – NATO o s-TESTA - EU o HITRONET – Croatia

Information Security – Process View

Information Security - Organizational View

Information Security - Regulation View

Information Security in INA d.d. Dr. sc. Miroslav Mađarić, dipl. ing. INA Industrija nafte d.d.

ZoIS i INA Ovaj zakon se primarno NE odnosi na INA, d.d., već samo u dijelu: o “Pravne i fizičke osobe koje ostvaruju pristup ili postupaju s klasificiranim i neklasificiranim podacima.” o Npr: uloga u robnim i ratnim rezervama, obrambenim pripremama zemlje, rezultati istraživanja (podzemlje i zalihe), … o Ali: o Nema zapreke primjeni ZoIS u INI kao interne regulacije o Naročito očekujemo korist od Uredbe za mjere i pripadne standarde. o Usklađeno s našim projektima.

Razvoj pogleda na informacijsku sigurnost Gartner CIO survey Information Security rankings: Business priorities (outcome)721 Technology priorities (tools)21n.a. Explanation:  3-5 yrs ago severe security breaches happened  … in between IT fixed them through governance and tools  … thus business has it in focus no more  … but IT has to take care about everyday operation by using tools.

INA major information security activities Last severe security crisis: mid (“Blaster”) Security incidents: 2Q2007: Q2007: 905 Start of ISOP (Information Security Outsourcing Project) June 2007 (King, S&T) … covering all three main areas: Confidentiality Integrity Accessibility According to ISO

Stanko Cerin, CISA, CISM, CBCP S&T Grupa d.o.o.