Presentation is loading. Please wait.

Presentation is loading. Please wait.

S.ICZ Frantisek Vosejpka The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno,

Published byJulius Cross Modified over 8 years ago

Similar presentations

Presentation on theme: "S.ICZ Frantisek Vosejpka The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno,"— Presentation transcript:

1 S.ICZ Frantisek Vosejpka frantisek.vosejpka@i.cz The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno, 28.-30. April 2003

2 2 1. The objectives To sum up the breaches that have caused that some Czech government CISs have not reached the required functionality and failed their certification process. General INFOSEC requirements of: - Czech Act No 148/1998, and - revised NATO Security Policy. Possible „Target CIS INFOSEC architecture“ and migration steps.

3 3 2. The limitations of this presentation The content of this article is unclassified and limited by quite weak access of a civil firm (even with industrial security clearance) to the whole suite of NATO Security Policy documents.

4 4 3. NATO INFOSEC Policy within the national conditions sets out the policy and minimum standards for the protection of NATO classified information, supporting system services, and resources; addresses: - the activities in system life cycle, - security principles, - INFOSEC responsibilities, and - system interconnection requirements.

5 5 continuation NATO INFOSEC policy is: mandatory whenever the NATO CIS or its node is deployed within national conditions, recommended and very useful in many other cases within national CISs. NATO INFOSEC policy and the documents on INFOSEC Architecture contributes to compatibility and interoperability.

6 6 continuation NATO INFOSEC policy is applicable to MoD, MFA and other organizations, whose CISs should be connected to a CIS of the European Union. The Security Arrangements: All NATO classified information that is released to WEU is for official use only. It will be disseminated to individuals in WEU on a Need- To-Know basis; WEU security regulations are based on NATO regulations; NATO Unclassified information is only for official use and should be appropriately protected.

7 7 4. Current state of CISs within the CZ gov. organizations Some government organizations currently have a large deployed base of problem- oriented CISs: designed to different standards and are not interoperable, information protection at its specific classification level, use of different confidentiality algorithms. The need to develop an integrated CIS of the entire organization has arisen.

8 8 5. Problems of integration Diversity of CISs leads to difficulty in systems integration: Broad diversity of technology; Multiplicity of databases, mail and other common services; High project investment needs and their low efficiency; High operation and maintenance; requirements, lack of IT specialists; High requirements on communication infrastructure;

9 9 continuation … difficulty in systems integration: Failure to meet user requirements on the operability and information availability from a single workstation; Failure to meet security requirements necessary for issue of “Approval to Operate” classified information (the certificate); Inability to fulfil security requirements simultaneously in all sites leads to operation limited to unclassified information; “Approval to Operate” limited at one or several sites also causes failure to meet operational requirements.

10 10 The user access fails from one computer

11 11 6. Way to integrate … The analysis and design of the INFOSEC Architecture of the Target CIS Core Services; Functional Applications. Projection of a Migration Plan Definition of the Community Security Requirement Statement (CSRS); Migration of CISs into the common network of the future “Target CIS“; Smooth migration IT to common standards.

12 12 The CISs integrated within the frame of CSRS

13 13 The IT integrated within the common standards

14 14 7. Policy, classification level, and security mode of operation Requirements: Operational requirements; Classified information of different levels. Limitations Commercial Off-The-Shelf (COTS) IT; Security environment (physical, personnel); Security mode of operation; Need-to-know and other security principles.

15 15 The CISs integrated within the frame of CSRS

16 16 9. Conclusions CZ CISs that handle classified information: have to invoke minimum security requirement of Czech Act No 148/1998; should follow NATO Security Policy Directives and NATO INFOSEC Architecture to implement the detailed: security principles and minimum standards, life cycle requirements, risk evaluation and vulnerability reports, risk management procedures, security operational procedures, etc.

Download ppt "S.ICZ Frantisek Vosejpka The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno,"

Similar presentations

Migration Considerations and Techniques to MPLS-TP based Networks and Services Nurit Sprecher / Nokia Siemens Networks Yaacov Weingarten / Nokia Siemens.

Migration Considerations and Techniques to MPLS-TP based Networks and Services Nurit Sprecher / Nokia Siemens Networks Yaacov Weingarten / Nokia Siemens.
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
DR MACIEJ JUNKIERT PRACOWNIA BADAŃ NAD TRADYCJĄ EUROPEJSKĄ Guide for Applicants.

DR MACIEJ JUNKIERT PRACOWNIA BADAŃ NAD TRADYCJĄ EUROPEJSKĄ Guide for Applicants.
SL21 Information Security Board Mission, Goals and Guiding Principles.

SL21 Information Security Board Mission, Goals and Guiding Principles.
Effective Design of Trusted Information Systems Luděk Novák,

Effective Design of Trusted Information Systems Luděk Novák,
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Protection of Classified Information & Cyber Security

Protection of Classified Information & Cyber Security
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.

Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.

1 For System Administrators INFORMATION INFORMATION SYSTEM SECURITY INFORMATION INFORMATION SYSTEM SECURITY.
Information Systems Security Officer

Information Systems Security Officer
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.

Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.

DITSCAP Phase 2 - Verification Pramod Jampala Christopher Swenson.
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
PROTECTION OF NATO INFORMATION AND NATO CIS Col

PROTECTION OF NATO INFORMATION AND NATO CIS Col
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Similar presentations

Ads by Google