Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zakon o informacijskoj sigurnosti izazov informatičkoj industriji (panel) Mr. sc. Aleksandar Klaić, dipl. ing. Ured Vijeća za nacionalnu sigurnost (UVNS)

Published byArline Adams Modified over 8 years ago

Similar presentations

Presentation on theme: "Zakon o informacijskoj sigurnosti izazov informatičkoj industriji (panel) Mr. sc. Aleksandar Klaić, dipl. ing. Ured Vijeća za nacionalnu sigurnost (UVNS)"— Presentation transcript:

1

2 Zakon o informacijskoj sigurnosti izazov informatičkoj industriji (panel) Mr. sc. Aleksandar Klaić, dipl. ing. Ured Vijeća za nacionalnu sigurnost (UVNS) Dr. sc. Miroslav Mađarić, dipl. ing. INA Industrija nafte d.d. Stanko Cerin S&T Group d.d.

3 The Information Security Act – a challenge to the Information Technology Industry Mr. sc. Aleksandar Klaić, dipl. ing. Ured Vijeća za nacionalnu sigurnost (UVNS)

4 Zakon o informacijskoj sigurnosti (NN 79/2007) o U fokusu Zakona su klasificirani i neklasificirani podaci državne uprave o Temeljni smjerovi djelovanja Zakona: o Direktni o Državna tijela u širem smislu - nacionalni standardi, središnja državna tijela za informacijsku sigurnost o Indirektni o Poslovni subjekti – suradnja s državnim tijelima, međunarodni klasificirani poslovi (EU, NATO) o Strateški o Informacijsko društvo u cjelini - Nacionalni CERT, nacionalna normizacija

5 Meaning of the new Croatian legislation – information security context o Information Security Act (07/2007): o Nation-wide regulation framework - security policy (Government Regulation, NSA and NCSA Ordinances, Guidelines, …) o Nation-wide institutional framework (NSA/DSA umbrella body and technical NCSA/SAA/NDA body as state authorities, and National CERT as public authority, CIS P&I bodies, CISO/LISO) o The final aim is to cover in appropriate way all 3 pillars of authorities (executive, parliament and judiciary) and both national and local government o Data Secrecy Act (07/2007): o Contemporary definitions of classified and unclassified data domains o Fundamental principles of data security for Nation-wide approach (need-to-know, PSC, data owner, 4 grade damage based classification, …)

6 Information Security Act o Principles of data protection with a view of development of information society in Croatia: o Comprehensive information security regulation framework for sub- Acts (Government Regulations, NSA and NCSA Ordinances, Guidelines, …) o Responsible bodies and prescribed period of time for regulation to enter into force o 5 security areas (Personnel, Physical, Industrial Security, INFOSEC, Security of Information) coordinated at national level with a view to comply to NATO/EU security policy o Main national authorities: NSA, NCSA (Security Sector) o Establishment of National CERT (Public, Academic Sector) o Defined Roles of: SAA, NDA, DSA, CIS P&I, CISO/LISO o Interrelation among national authorities that have defined roles

7 Conceptual Issues Addressed by the Information Security Act o Data Owner and Infrastructure Owner o Interoperability issue o Organizational o Semantic o Technical o Information security concepts and requirements in the foundation of information society o Standardization of ICT and information security field o ISO/IEC 17799 and 27001 - Croatian National Standards from 2006 o UNCLASSIFIED and RESTRICTED infrastructure versus public and Internet infrastructure o NRoI – NATO o s-TESTA - EU o HITRONET – Croatia

8 Information Security – Process View

9 Information Security - Organizational View

10 Information Security - Regulation View

11 Information Security in INA d.d. Dr. sc. Miroslav Mađarić, dipl. ing. INA Industrija nafte d.d.

12 ZoIS i INA Ovaj zakon se primarno NE odnosi na INA, d.d., već samo u dijelu: o “Pravne i fizičke osobe koje ostvaruju pristup ili postupaju s klasificiranim i neklasificiranim podacima.” o Npr: uloga u robnim i ratnim rezervama, obrambenim pripremama zemlje, rezultati istraživanja (podzemlje i zalihe), … o Ali: o Nema zapreke primjeni ZoIS u INI kao interne regulacije o Naročito očekujemo korist od Uredbe za mjere i pripadne standarde. o Usklađeno s našim projektima.

13 Razvoj pogleda na informacijsku sigurnost Gartner CIO survey Information Security rankings: 200620052004 Business priorities (outcome)721 Technology priorities (tools)21n.a. Explanation:  3-5 yrs ago severe security breaches happened  … in between IT fixed them through governance and tools  … thus business has it in focus no more  … but IT has to take care about everyday operation by using tools.

14 INA major information security activities Last severe security crisis: mid 2003. (“Blaster”) Security incidents: 2Q2007: 2.131 3Q2007: 905 Start of ISOP (Information Security Outsourcing Project) June 2007 (King, S&T) … covering all three main areas: Confidentiality Integrity Accessibility According to ISO 27001.

15 Stanko Cerin, CISA, CISM, CBCP S&T Grupa d.o.o.

16 Aleksandar.Klaic@uvns.vlada.hr aklaic@hi.t-com.hr

17

Download ppt "Zakon o informacijskoj sigurnosti izazov informatičkoj industriji (panel) Mr. sc. Aleksandar Klaić, dipl. ing. Ured Vijeća za nacionalnu sigurnost (UVNS)"

Similar presentations

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.

International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
T HE ROLE OF GOVERNMENTS AND STAKEHOLDERS IN THE ICT PROMOTION DEVELOPMENT.

T HE ROLE OF GOVERNMENTS AND STAKEHOLDERS IN THE ICT PROMOTION DEVELOPMENT.
2006 Pan American Health Organization.... Capacity of the National Health Authority to Regulate/Enforce Health Systems Strengthening Seminar Monitoring.

2006 Pan American Health Organization.... Capacity of the National Health Authority to Regulate/Enforce Health Systems Strengthening Seminar Monitoring.
Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.

Supporting National e-Health Roadmaps WHO-ITU-WB joint effort WSIS C7 e-Health Facilitation Meeting 13 th May 2010 Hani Eskandar ICT Applications, ITU.
The International Security Standard

The International Security Standard
MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.

MINISTRY OF NATIONAL DEFENCE REPUBLIC OF POLAND CLASSIFIED INFORMATION PROTECTION DEPARTMENT COL. PIOTR GRZYBOWSKI, Director, Classified Information Protection.
The Stabilisation and Association Agreement between Montenegro and the EU signed in October 2007, entered into force in May 2010. Montenegro has been.

The Stabilisation and Association Agreement between Montenegro and the EU signed in October 2007, entered into force in May Montenegro has been.
1.Legal basis 2.Perception of cyber defence 3.Computer Incident Response System 4.Cyber Operations 5.Protection of information 6.Summary.

1.Legal basis 2.Perception of cyber defence 3.Computer Incident Response System 4.Cyber Operations 5.Protection of information 6.Summary.
Case of Serbia: Relations between EU integration process and judiciry reform Dušan Brajković Between Transformation and Integration – South-East Europe’s.

Case of Serbia: Relations between EU integration process and judiciry reform Dušan Brajković Between Transformation and Integration – South-East Europe’s.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
A regional perspective: South East European Network on QF Prof. Mile Dželalija, PhD Bologna Process: Development of Qualifications Framework Meeting of.

A regional perspective: South East European Network on QF Prof. Mile Dželalija, PhD Bologna Process: Development of Qualifications Framework Meeting of.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
S.ICZ Frantisek Vosejpka The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno,

S.ICZ Frantisek Vosejpka The enforcement of NATO INFOSEC requirements into the policy and architecture of CISs CATE 2003 Brno,
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
DSCI Framework- Pilot Implementation. Operational Locations Different project groups Different client Geographies Different services Exposes PI through.

DSCI Framework- Pilot Implementation. Operational Locations Different project groups Different client Geographies Different services Exposes PI through.
Geneva Centre for the Democratic Control of Armed Forces (DCAF) Dr. Hans Born Senior Fellow, 1 November 2005, Geneva 1. SSG:

Geneva Centre for the Democratic Control of Armed Forces (DCAF) Dr. Hans Born Senior Fellow, 1 November 2005, Geneva 1. SSG:
EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)

EU’s Information Security Expectations Aleksandar Klaić Office of the National Security Council – Croatian National Security Authority (NSA)
Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,

Critical Role of ICT in Parliament Fulfill legislative, oversight, and representative responsibilities Achieve the goals of transparency, openness, accessibility,
1 Module 4: Designing Performance Indicators for Environmental Compliance and Enforcement Programs.

1 Module 4: Designing Performance Indicators for Environmental Compliance and Enforcement Programs.

Similar presentations

Ads by Google