SlideShare une entreprise Scribd logo

System of security controls

S.E. CTS CERT-GOV-MD
S.E. CTS CERT-GOV-MD

The System of Security Controls for Cyber Security Veaceslav PUȘCAȘU E-Government Center Government of the Republic of Moldova

Technologie
1  sur  15
Télécharger pour lire hors ligne
The System of Security Controls for Cyber Security October 3th , 2013 GOVERNMENT OF THE REPUBLIC OF MOLDOVA Veaceslav PUȘCAȘU, CISM E-Government Center / Government CIO Government of the Republic of Moldova
This prezentaion is e-Government Center2 • A summary of what was presented and discussed during the training seminars provided by Estonian e-Governance Academy • A summary of ideas circulated and discussed during the meetings of Cyber Security Roadmap focal group which includes reprezentatives from MA, MTIC, SIS, CTS, CNPDCP, MAI • A summary of the experience gained by some public institutions in Republic of Moldova • A summary of experience gained by other countries, ex. Estonia
Cyber Space Cyber Space - an environment resulted from all types of interactions by means of software hardware and communication infrastructure.
Cyber Security e-Government Center4 Cyber Security - a normality reached as a result of applying a set of proactive and reactive measures to ensure confidentiality, integrity, availability, authenticity and nonrepudiation of information, resources and services in cyber space
Cyber Security Threats e-Government Center5
Cyber Security in Republic of Moldova e-Government Center6 Trends • Increasingly usage of electronic service in public sectors including in interaction with citizens and business • Increasingly usage of mobile device; • Widespread of Internet and using it for business propose; • Increasing usage of ICT in national critical infrastructure; • Increasing usage of ICT infrastructure to launch cyber attacks against other nations.
Cyber Security in Republic of Moldova e-Government Center7 Threats • Lack of a common approach for cyber security at the state level; • Lack of clear organizational structure at both the state and institutional level; • Lack of qualified people in the field; • Very low level of awareness of the threats and safeguards in cyberspace; • Lack of an unique set of measures (system of security baselines/controls) that should be applied according to the criticality of the systems; • ………
Standards and Technical Regulations e-Government Center8 • Hotărârea Guvernului nr. 1123 din 14.12.2010 privind aprobarea Cerinţelor faţă de asigurarea securităţii datelor cu caracter personal la prelucrarea acestora în cadrul sistemelor informaţionale de date cu caracter personal; • Reglamentare tehnică. Asigurarea securităţii informaţiei a infrastructurii informaţionale pentru autorităţile administraţiei publice, anexa nr.2 la ordinul MTIC 106 din 20 decembrie 2010. • SM SR ISO/IEC 27001:20006
Challenges e-Government Center9 • Define requiremets and luck of implemenation guidlines; • Depend on the skills and knolwledge of the persons involved in implemenation; • Mostly are based on risk assesment; • No sicronization between them; • etc.
System of Cyber Security Controls – Elaboration Process e-Government Center10
System of Cyber Security Controls - ToRs e-Government Center11 • Adopt an international best practice; • Mandatory for public authorities; • Compliant with current legislations framework; • Include : Physical measures; Technical measures; Organizational measures. • Define security classification levels (integrity, confidentiality, availability): Low, Medium, High; • Free of charge and updated regularly; • Provide requirements and clear guidance on how to implement them; Examples: Recommended Security Controls for Federal Information Systems and Organizations (NIST 800-53), BSI (IT-Grundschutz Methodology) , ISKE ,SANS TOP 20, etc.
Compliance Certification of Authorities e-Government Center12 Do not invent the wheel. It has already been invented… • Outsource to private sector • Define a compliance certification framework taking into consideration: – International experience – ex. PCI DSS – Local experience – ex. BNM • Require international recognized certification (ex. CISA, CISM, CISSP, etc.)
System of Cyber Security Controls – Quick Wins e-Government Center13 • Start with some simple things which can be implemented quickly • Develop and expand to rich a state of “normality” • Develop cyber security guide based on SANS 20 Critical Controls for Cyber Defense • Encourage public authorities to implement the guide. Identify and fix the issues • Include this guide as a part of the System of Cyber Security Controls
Summary e-Government Center14 • One of the threats to cyber security is lack of security baselines that should be applied according to the criticality of the systems • Defining and implementing of a System of Cyber Security Controls is a complex task which take time to do it right • We should start with something simple which can be implemented quickly • Further we should develop and expand to reach a state of “normality”
Thank you ! e-Government Center15

Recommandé

Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 

Recommandé

Solvit identity is the new perimeter
Solvit identity is the new perimeterSolvit identity is the new perimeter
Solvit identity is the new perimeterS.E. CTS CERT-GOV-MD
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...Building a Next-Generation Security Operation Center Based on IBM QRadar and ...
Building a Next-Generation Security Operation Center Based on IBM QRadar and ...IBM Security
 
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...
National Oil Company Conference 2014 - Evolving Cyber Security - A Wake Up Ca...Shah Sheikh
 
Laying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingLaying the Foundation: The Need for Cybersecurity in U.S. Manufacturing
Laying the Foundation: The Need for Cybersecurity in U.S. ManufacturingIgnyte Assurance Platform
 
Securing your presence at the perimeter
Securing your presence at the perimeterSecuring your presence at the perimeter
Securing your presence at the perimeterBen Rothke
 
A Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachA Case Study of the Capital One Data Breach
A Case Study of the Capital One Data BreachAnchises Moraes
 
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...
Dubai Cyber Security 02 Ics Scada Cyber Security Standards, Solution Tips...Ahmed Al Enizi
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Soc
SocSoc
SocMukesh Chaudhari
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains Aparajita Banerjee
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security TeamRishabh Gupta
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&AMatt Tortora
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 
Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)S.E. CTS CERT-GOV-MD
 
Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)S.E. CTS CERT-GOV-MD
 

Contenu connexe

Tendances

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessSirius
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuideAlienVault
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureInfosec
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Ahmed Al Enizi
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsBen Rothke
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security TeamRishabh Gupta
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, MITDaveMillaar
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation CenterS.E. CTS CERT-GOV-MD
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations CenterMDS CS
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&AMatt Tortora
 
Security operation center
Security operation centerSecurity operation center
Security operation centerMuthuKumaran267
 

Tendances (20)

Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Rothke secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
Soc
SocSoc
Soc
 
Optimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to SuccessOptimizing Security Operations: 5 Keys to Success
Optimizing Security Operations: 5 Keys to Success
 
PCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step GuidePCI DSS Implementation: A Five Step Guide
PCI DSS Implementation: A Five Step Guide
 
Top 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure InfrastructureTop 20 Security Controls for a More Secure Infrastructure
Top 20 Security Controls for a More Secure Infrastructure
 
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
Dubai Cyber Security 01 Ics Scada Cyber Security Solutions and Challenges...
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Cyber risks in supply chains
Cyber risks in supply chains Cyber risks in supply chains
Cyber risks in supply chains
 
Rothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizationsRothke rsa 2013 - the five habits of highly secure organizations
Rothke rsa 2013 - the five habits of highly secure organizations
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
Proposal for IT Security Team
Proposal for IT Security TeamProposal for IT Security Team
Proposal for IT Security Team
 
Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture, Assessing Risk: Developing a Client/Server Security Architecture,
Assessing Risk: Developing a Client/Server Security Architecture,
 
Building Security Operation Center
Building Security Operation CenterBuilding Security Operation Center
Building Security Operation Center
 
Security Operations Center
Security Operations CenterSecurity Operations Center
Security Operations Center
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
 
Identifying Code Risks in Software M&A
Identifying Code Risks in Software M&AIdentifying Code Risks in Software M&A
Identifying Code Risks in Software M&A
 
Security operation center
Security operation centerSecurity operation center
Security operation center
 

En vedette

Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...
Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...
Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...Maurice Dawson
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2NetSPI
 
Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security USAID CEED II Project Moldova
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical HackingS.E. CTS CERT-GOV-MD
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)Gopal Choudhary
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick SurveyArindam Sarkar
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarVishwadeep Badgujar
 
cyber security and impact on national security (3)
cyber security and impact on national security (3)cyber security and impact on national security (3)
cyber security and impact on national security (3)Tughral Yamin
 
Unified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banksUnified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banksCA Janardhana Gouda
 
Bhim app case study.ppt
Bhim app case study.pptBhim app case study.ppt
Bhim app case study.ppt99tests
 
Unified Payment Interface
Unified Payment InterfaceUnified Payment Interface
Unified Payment InterfaceAkash Chandra
 

En vedette (17)

Symantec (2)
Symantec (2)Symantec (2)
Symantec (2)
 
Symantec (3)
Symantec (3)Symantec (3)
Symantec (3)
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...
Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...
Cyber Security Research: Exploring Opportunities with Open Source Tools, Indu...
 
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
Application Risk Prioritization - Overview - Secure360 2015 - Part 1 of 2
 
Trends in Banking Part vII
Trends in Banking Part vIITrends in Banking Part vII
Trends in Banking Part vII
 
Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security Best practices and Government role in Cyber Security
Best practices and Government role in Cyber Security
 
Penetration testing & Ethical Hacking
Penetration testing & Ethical HackingPenetration testing & Ethical Hacking
Penetration testing & Ethical Hacking
 
National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)National Cyber Security Policy 2013 (NCSP)
National Cyber Security Policy 2013 (NCSP)
 
Cyber crime: A Quick Survey
Cyber crime: A Quick SurveyCyber crime: A Quick Survey
Cyber crime: A Quick Survey
 
Cyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep BadgujarCyber security government ppt By Vishwadeep Badgujar
Cyber security government ppt By Vishwadeep Badgujar
 
cyber security and impact on national security (3)
cyber security and impact on national security (3)cyber security and impact on national security (3)
cyber security and impact on national security (3)
 
Unified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banksUnified Payments Interface (UPI) - easy way to transfer money through banks
Unified Payments Interface (UPI) - easy way to transfer money through banks
 
Bhim app case study.ppt
Bhim app case study.pptBhim app case study.ppt
Bhim app case study.ppt
 
Unified Payment Interface
Unified Payment InterfaceUnified Payment Interface
Unified Payment Interface
 
BHIM app
BHIM appBHIM app
BHIM app
 
Bhim app
Bhim appBhim app
Bhim app
 

Similaire à System of security controls

Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineAlexey Yankovski
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorKhalizan Halid
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceNISIInstituut
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Miguel A. Amutio
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorPaul O'Connor
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Great Wide Open
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasEmyana Ruth
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115James Bryce Clark
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorPaul O'Connor
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...Vsevolod Shabad
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherEOTSS
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security FrameworkNorbi Hegedus
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeDeepak Kumar (D3)
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organizationMohammed Mahfouz Alhassan
 
IT Security Services
IT Security ServicesIT Security Services
IT Security ServicesOmar Toor
 

Similaire à System of security controls (20)

Existing situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in UkraineExisting situation and proposed solutions to improve Cybersecurity in Ukraine
Existing situation and proposed solutions to improve Cybersecurity in Ukraine
 
Cybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditorCybersecurity environment in malaysia and the function of internal auditor
Cybersecurity environment in malaysia and the function of internal auditor
 
Cybersecurity and continuous intelligence
Cybersecurity and continuous intelligenceCybersecurity and continuous intelligence
Cybersecurity and continuous intelligence
 
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Akolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'ConnorAkolade data presentation by Paul O'Connor
Akolade data presentation by Paul O'Connor
 
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
Open Source and Cyber Security: Open Source Software's Role in Government Cyb...
 
NGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNasNGN integrated information security v3 DetikNas
NGN integrated information security v3 DetikNas
 
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
Rutkowski OASIS CTI F2F Cybersecurity Act Preso 20160115
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
ICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'ConnorICAANZ VPDSS presentation by Paul O'Connor
ICAANZ VPDSS presentation by Paul O'Connor
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...
 
Securing and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better TogetherSecuring and Modernizing Technology in the Commonwealth: Better Together
Securing and Modernizing Technology in the Commonwealth: Better Together
 
OEB Cyber Security Framework
OEB Cyber Security FrameworkOEB Cyber Security Framework
OEB Cyber Security Framework
 
Tyler Technology Expo
Tyler Technology ExpoTyler Technology Expo
Tyler Technology Expo
 
Cyber Security India & Cyber Crime
Cyber Security India & Cyber CrimeCyber Security India & Cyber Crime
Cyber Security India & Cyber Crime
 
eDem&eGov 2014
eDem&eGov 2014eDem&eGov 2014
eDem&eGov 2014
 
Paper Titled Information Security in an organization
Paper Titled Information Security in an organizationPaper Titled Information Security in an organization
Paper Titled Information Security in an organization
 
820 1961-1-pb
820 1961-1-pb820 1961-1-pb
820 1961-1-pb
 
IT Security Services
IT Security ServicesIT Security Services
IT Security Services
 

Plus de S.E. CTS CERT-GOV-MD

Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiS.E. CTS CERT-GOV-MD
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of viewS.E. CTS CERT-GOV-MD
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)S.E. CTS CERT-GOV-MD
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesS.E. CTS CERT-GOV-MD
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională deS.E. CTS CERT-GOV-MD
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrS.E. CTS CERT-GOV-MD
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIS.E. CTS CERT-GOV-MD
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?S.E. CTS CERT-GOV-MD
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesS.E. CTS CERT-GOV-MD
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesS.E. CTS CERT-GOV-MD
 

Plus de S.E. CTS CERT-GOV-MD (13)

Criminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legiiCriminalitatea cibernetică – provocare pentru aplicarea legii
Criminalitatea cibernetică – provocare pentru aplicarea legii
 
SIS PREZENTARE CTS
SIS PREZENTARE CTSSIS PREZENTARE CTS
SIS PREZENTARE CTS
 
Cyber security from military point of view
Cyber security from military point of viewCyber security from military point of view
Cyber security from military point of view
 
Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)Prezentare compartiment securitatea (2)
Prezentare compartiment securitatea (2)
 
CLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or OpportunitiesCLOUD COMPUTING Security Risks or Opportunities
CLOUD COMPUTING Security Risks or Opportunities
 
Operarea md cert în reţea naţională de
Operarea md cert în reţea naţională deOperarea md cert în reţea naţională de
Operarea md cert în reţea naţională de
 
Moldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rrMoldova cyber security 02.10.2013 rr
Moldova cyber security 02.10.2013 rr
 
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEIGESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
GESTIONAREA RISCURILOR DE SECURITATE A INFORMAȚIEI
 
Киберпреступность отступает?
Киберпреступность отступает?Киберпреступность отступает?
Киберпреступность отступает?
 
Cisco Secure X
Cisco Secure XCisco Secure X
Cisco Secure X
 
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and ResponsesCERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
CERT-GOV-MD: Cyber Security in Moldova: Challenges and Responses
 
Aare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activitesAare reintam estonia_ciip_activites
Aare reintam estonia_ciip_activites
 
Symantec
SymantecSymantec
Symantec
 

Dernier

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Skynet Technologies
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FIDO Alliance
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideStefan Dietze
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?Paolo Missier
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform EngineeringMarcus Vechiato
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxFIDO Alliance
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxFIDO Alliance
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfFIDO Alliance
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Patrick Viafore
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024Stephen Perrenod
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctBrainSell Technologies
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPTiSEO AI
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...FIDO Alliance
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfUK Journal
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfFIDO Alliance
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxFIDO Alliance
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingScyllaDB
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...marcuskenyatta275
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxFIDO Alliance
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jNeo4j
 

Dernier (20)

Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
Human Expert Website Manual WCAG 2.0 2.1 2.2 Audit - Digital Accessibility Au...
 
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
FDO for Camera, Sensor and Networking Device – Commercial Solutions from VinC...
 
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The InsideCollecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
Collecting & Temporal Analysis of Behavioral Web Data - Tales From The Inside
 
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
(Explainable) Data-Centric AI: what are you explaininhg, and to whom?
 
Working together SRE & Platform Engineering
Working together SRE & Platform EngineeringWorking together SRE & Platform Engineering
Working together SRE & Platform Engineering
 
Intro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptxIntro to Passkeys and the State of Passwordless.pptx
Intro to Passkeys and the State of Passwordless.pptx
 
Introduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptxIntroduction to FIDO Authentication and Passkeys.pptx
Introduction to FIDO Authentication and Passkeys.pptx
 
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdfThe Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
The Value of Certifying Products for FDO _ Paul at FIDO Alliance.pdf
 
Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024Extensible Python: Robustness through Addition - PyCon 2024
Extensible Python: Robustness through Addition - PyCon 2024
 
TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024TopCryptoSupers 12thReport OrionX May2024
TopCryptoSupers 12thReport OrionX May2024
 
ERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage IntacctERP Contender Series: Acumatica vs. Sage Intacct
ERP Contender Series: Acumatica vs. Sage Intacct
 
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
1111 ChatGPT Prompts PDF Free Download - Prompts for ChatGPT
 
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
Choosing the Right FDO Deployment Model for Your Application _ Geoffrey at In...
 
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdfBreaking Down the Flutterwave Scandal What You Need to Know.pdf
Breaking Down the Flutterwave Scandal What You Need to Know.pdf
 
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdfIntroduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
Introduction to FDO and How It works Applications _ Richard at FIDO Alliance.pdf
 
ADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptxADP Passwordless Journey Case Study.pptx
ADP Passwordless Journey Case Study.pptx
 
Event-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream ProcessingEvent-Driven Architecture Masterclass: Challenges in Stream Processing
Event-Driven Architecture Masterclass: Challenges in Stream Processing
 
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
TEST BANK For, Information Technology Project Management 9th Edition Kathy Sc...
 
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptxHarnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
Harnessing Passkeys in the Battle Against AI-Powered Cyber Threats.pptx
 
Your enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4jYour enemies use GenAI too - staying ahead of fraud with Neo4j
Your enemies use GenAI too - staying ahead of fraud with Neo4j
 

System of security controls

  • 1. The System of Security Controls for Cyber Security October 3th , 2013 GOVERNMENT OF THE REPUBLIC OF MOLDOVA Veaceslav PUȘCAȘU, CISM E-Government Center / Government CIO Government of the Republic of Moldova
  • 2. This prezentaion is e-Government Center2 • A summary of what was presented and discussed during the training seminars provided by Estonian e-Governance Academy • A summary of ideas circulated and discussed during the meetings of Cyber Security Roadmap focal group which includes reprezentatives from MA, MTIC, SIS, CTS, CNPDCP, MAI • A summary of the experience gained by some public institutions in Republic of Moldova • A summary of experience gained by other countries, ex. Estonia
  • 3. Cyber Space Cyber Space - an environment resulted from all types of interactions by means of software hardware and communication infrastructure.
  • 4. Cyber Security e-Government Center4 Cyber Security - a normality reached as a result of applying a set of proactive and reactive measures to ensure confidentiality, integrity, availability, authenticity and nonrepudiation of information, resources and services in cyber space
  • 6. Cyber Security in Republic of Moldova e-Government Center6 Trends • Increasingly usage of electronic service in public sectors including in interaction with citizens and business • Increasingly usage of mobile device; • Widespread of Internet and using it for business propose; • Increasing usage of ICT in national critical infrastructure; • Increasing usage of ICT infrastructure to launch cyber attacks against other nations.
  • 7. Cyber Security in Republic of Moldova e-Government Center7 Threats • Lack of a common approach for cyber security at the state level; • Lack of clear organizational structure at both the state and institutional level; • Lack of qualified people in the field; • Very low level of awareness of the threats and safeguards in cyberspace; • Lack of an unique set of measures (system of security baselines/controls) that should be applied according to the criticality of the systems; • ………
  • 8. Standards and Technical Regulations e-Government Center8 • Hotărârea Guvernului nr. 1123 din 14.12.2010 privind aprobarea Cerinţelor faţă de asigurarea securităţii datelor cu caracter personal la prelucrarea acestora în cadrul sistemelor informaţionale de date cu caracter personal; • Reglamentare tehnică. Asigurarea securităţii informaţiei a infrastructurii informaţionale pentru autorităţile administraţiei publice, anexa nr.2 la ordinul MTIC 106 din 20 decembrie 2010. • SM SR ISO/IEC 27001:20006
  • 9. Challenges e-Government Center9 • Define requiremets and luck of implemenation guidlines; • Depend on the skills and knolwledge of the persons involved in implemenation; • Mostly are based on risk assesment; • No sicronization between them; • etc.
  • 10. System of Cyber Security Controls – Elaboration Process e-Government Center10
  • 11. System of Cyber Security Controls - ToRs e-Government Center11 • Adopt an international best practice; • Mandatory for public authorities; • Compliant with current legislations framework; • Include : Physical measures; Technical measures; Organizational measures. • Define security classification levels (integrity, confidentiality, availability): Low, Medium, High; • Free of charge and updated regularly; • Provide requirements and clear guidance on how to implement them; Examples: Recommended Security Controls for Federal Information Systems and Organizations (NIST 800-53), BSI (IT-Grundschutz Methodology) , ISKE ,SANS TOP 20, etc.
  • 12. Compliance Certification of Authorities e-Government Center12 Do not invent the wheel. It has already been invented… • Outsource to private sector • Define a compliance certification framework taking into consideration: – International experience – ex. PCI DSS – Local experience – ex. BNM • Require international recognized certification (ex. CISA, CISM, CISSP, etc.)
  • 13. System of Cyber Security Controls – Quick Wins e-Government Center13 • Start with some simple things which can be implemented quickly • Develop and expand to rich a state of “normality” • Develop cyber security guide based on SANS 20 Critical Controls for Cyber Defense • Encourage public authorities to implement the guide. Identify and fix the issues • Include this guide as a part of the System of Cyber Security Controls
  • 14. Summary e-Government Center14 • One of the threats to cyber security is lack of security baselines that should be applied according to the criticality of the systems • Defining and implementing of a System of Cyber Security Controls is a complex task which take time to do it right • We should start with something simple which can be implemented quickly • Further we should develop and expand to reach a state of “normality”