Top 10 Most Downloaded Games on Play Store in 2024
System of security controls
1. The System of Security Controls for
Cyber Security
October 3th , 2013
GOVERNMENT OF THE REPUBLIC OF MOLDOVA
Veaceslav PUȘCAȘU, CISM
E-Government Center / Government CIO
Government of the Republic of Moldova
2. This prezentaion is
e-Government Center2
• A summary of what was presented and discussed during
the training seminars provided by Estonian e-Governance
Academy
• A summary of ideas circulated and discussed during the
meetings of Cyber Security Roadmap focal group which
includes reprezentatives from MA, MTIC, SIS, CTS, CNPDCP,
MAI
• A summary of the experience gained by some public
institutions in Republic of Moldova
• A summary of experience gained by other countries, ex.
Estonia
3. Cyber Space
Cyber Space - an environment resulted from all types of interactions by
means of software hardware and communication infrastructure.
4. Cyber Security
e-Government Center4
Cyber Security - a normality reached as a result of applying a set of
proactive and reactive measures to ensure confidentiality, integrity,
availability, authenticity and nonrepudiation of information,
resources and services in cyber space
6. Cyber Security in Republic of Moldova
e-Government Center6
Trends
• Increasingly usage of electronic service in public sectors
including in interaction with citizens and business
• Increasingly usage of mobile device;
• Widespread of Internet and using it for business propose;
• Increasing usage of ICT in national critical infrastructure;
• Increasing usage of ICT infrastructure to launch cyber
attacks against other nations.
7. Cyber Security in Republic of Moldova
e-Government Center7
Threats
• Lack of a common approach for cyber security at the state
level;
• Lack of clear organizational structure at both the state and
institutional level;
• Lack of qualified people in the field;
• Very low level of awareness of the threats and safeguards
in cyberspace;
• Lack of an unique set of measures (system of security
baselines/controls) that should be applied according to the
criticality of the systems;
• ………
8. Standards and Technical Regulations
e-Government Center8
• Hotărârea Guvernului nr. 1123 din 14.12.2010 privind
aprobarea Cerinţelor faţă de asigurarea securităţii datelor
cu caracter personal la prelucrarea acestora în cadrul
sistemelor informaţionale de date cu caracter personal;
• Reglamentare tehnică. Asigurarea securităţii informaţiei a
infrastructurii informaţionale pentru autorităţile
administraţiei publice, anexa nr.2 la ordinul MTIC 106 din
20 decembrie 2010.
• SM SR ISO/IEC 27001:20006
9. Challenges
e-Government Center9
• Define requiremets and luck of implemenation
guidlines;
• Depend on the skills and knolwledge of the
persons involved in implemenation;
• Mostly are based on risk assesment;
• No sicronization between them;
• etc.
10. System of Cyber Security Controls – Elaboration
Process
e-Government Center10
11. System of Cyber Security Controls - ToRs
e-Government Center11
• Adopt an international best practice;
• Mandatory for public authorities;
• Compliant with current legislations framework;
• Include : Physical measures; Technical measures;
Organizational measures.
• Define security classification levels (integrity,
confidentiality, availability): Low, Medium, High;
• Free of charge and updated regularly;
• Provide requirements and clear guidance on how to
implement them;
Examples: Recommended Security Controls for Federal
Information Systems and Organizations (NIST 800-53), BSI
(IT-Grundschutz Methodology) , ISKE ,SANS TOP 20, etc.
12. Compliance Certification of Authorities
e-Government Center12
Do not invent the wheel. It has already been
invented…
• Outsource to private sector
• Define a compliance certification framework taking
into consideration:
– International experience – ex. PCI DSS
– Local experience – ex. BNM
• Require international recognized certification (ex.
CISA, CISM, CISSP, etc.)
13. System of Cyber Security Controls – Quick Wins
e-Government Center13
• Start with some simple things which can be
implemented quickly
• Develop and expand to rich a state of “normality”
• Develop cyber security guide based on SANS 20
Critical Controls for Cyber Defense
• Encourage public authorities to implement the
guide. Identify and fix the issues
• Include this guide as a part of the System of Cyber
Security Controls
14. Summary
e-Government Center14
• One of the threats to cyber security is lack of
security baselines that should be applied according
to the criticality of the systems
• Defining and implementing of a System of Cyber
Security Controls is a complex task which take time
to do it right
• We should start with something simple which can
be implemented quickly
• Further we should develop and expand to reach a
state of “normality”