Presentation is loading. Please wait.

Presentation is loading. Please wait.

Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.

Published byMyron Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations."— Presentation transcript:

1

2 Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations Hundreds of branches Thousands of users Own software developer Range of complex interconnected systems Issues Obligatory legal requirements Great number of threats, communication channels CIA balance Complementary responsibilities Complementary software testing Secure communication Enhanced legal security requirements Challenges of the Ministry of Finance

3 availability of information, data and services availability of information, data and services; data and system integrity data and system integrity; confidentiality and privacy of information confidentiality and privacy of information; compliance with national Laws and Regulations compliance with national Laws and Regulations; normal mode of exploitation information system in accordance with operation rules. Information security concept is to achieve and substantially maintain:

4 Information security objectives avoidance or mitigating the risk of unauthorized disclosure and modification of information; business continuity and disaster recovery planning; enforcing accountability;intangible assets management; creating information security culture within the Ministry of Finance.

5 The Ministry of Finance has created Information Security System including specially adapted legal, organization and technical methods and tools in order to support target level of: integrity, availability, confidentiality, authenticity, safety the data, information and services. Feasible and consistent approach is the main principle of information security framework.

6 Information security arrangements LegalOrganizationalTechnical Policies, standards and guidelinesRoles and responsibilitiesAccess controlCryptographyControlsPublic key infrastructureAuditEthics and training

7 Legal Domestic legislation National standards International standards Rules of engagements Confidentiality agreements Guidelines Baselines Roles descriptions Information security arrangements

8 Information security infrastructure Assets management HR management Mandatory access control at physical and logical layer Information system life cycle management Business continuity and disaster recovery planning Organizational Information security arrangements

9 Technical Firewalls Antiviruses Cryptography tools Intrusion detection system Traffic analyzers Anomaly detection Audit tools Data leak prevention system Information security arrangements

10 Public key infrastructure PKI is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates for Belorussian governmental organizations and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of financial information.

11 Public key infrastructure diagram

12 Certificate authority 124 Registration and Validation authorities Certified software; Licensed activity; 3000 digital certificates for internal purposes, annual output of 8000 digital certificates; experienced personnel; 24/7 technical support.

13 Thank you

Download ppt "Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations."

Similar presentations

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Protection of Information Assets I. Joko Dewanto 1.

Protection of Information Assets I. Joko Dewanto 1.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Building a Successful Security Infrastructure

Building a Successful Security Infrastructure
Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.

Developing Network Security Strategies Network Security D ESIGN Network Security M ECHANISMS.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Chapter 12 Strategies for Managing the Technology Infrastructure.

Chapter 12 Strategies for Managing the Technology Infrastructure.
Information Systems Security Officer

Information Systems Security Officer
Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
NIST framework vs TENACE Protect Function (Sestriere, 21-23 Gennaio 2015)

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Security Architecture Dr. Gabriel. Security Database security: –degree to which data is fully protected from tampering or unauthorized acts –Full understanding.

Similar presentations

Ads by Google