1. e-Government Centre Moldova
Digital security for better governance
and public services
Digital information security trainings
2013
Chisinau
Presentation Title 12.03.2013
2. e-Government Centre Moldova
Policy and legal framework
development for Digital Security
Hannes Astok
Senior Expert
eGovernmance Academy
Presentation Title 12.03.2013
3. Why policy framework?
Growing threats and security concerns
Vulnerability of the critical information systems
Need for coordinated activities
Clear roles and responsibilities between the
institutions
Better protection of information systems and critical
infrastructure
Estonian Cyber Security Strategy 2008-2013
4. Goals of the strategy
Establishment of a multilevel system of security
measures
Expanding Estonia’s expertise in and awareness of
information security
Adopting an appropriate regulatory framework to
support the secure and extensive use of information
systems
5. Goals of the strategy: more specifically
1. Development and implementation of a system of
security measures
1. Protection of the Critical Information
Infrastructure (CII)
2. Development and Implementation of a System
of Security Measures
3. Strengthening of Organisational Co-operation
6. Goals of the strategy: more specifically
2. Increasing competence in information security
1. Organisation of Training in Cyber Security
2. Enhancing Research and Development
3. Development of a legal framework for cyber
security
4. Development of international co-operation
5. Raising awareness of cyber security
7. Relations to the other national
development plans
Information Security Interoperability Framework
(2007)
Information Society Strategy 2013
Knowledge-Based Estonia: R&D Development
Strategy 2007-2013
Criminal policy development strategy
Education and health development plans
9. EU legal framework
Attacks against information systems: Council
Framework Decision 222/2005/JHA
Protection of personal data (95/46/EC and
2002/58/EC);
Electronic communications (2002/58/EC);
Retention of data (2006/24/EC);
Re-use of public sector information (2003/98/EC;
under revision) ;
Information society services (2000/31/EC).
10. National legal framework
Penal Code: responsibility and penalties about
various types of crime and attacks
Electronic Communications Act: requirements for
publicly available electronic communications
networks and communications services
11. National legal framework 2
Personal Data Protection Act: clear legal basis for
processing any kind of personal data
Public Information Act: regulates the basis and
procedures for the accessing of public information
12. National legal framework 3
Information Society Services Act: limits the liability
of Internet service providers for the content of their
service, spam related issues and general
requirements for the provision of information society
services.
13. International Cooperation
United Nations: issues of cyber security are
addressed by a high-level expert group of the
Internet Governance Forum (IGF) and the
International Telecommunication Union (ITU).
14. International Cooperation: EU
European Commission
The European Network and Information
Security Agency (ENISA) provides support to
EU member states, institutions and
entrepreneurs in the prevention and
management of breaches in information security.
15. International Cooperation: EU 2
European Programme for Critical
Infrastructure Protection – EU reseach
network realted to cyber security
16. Q&A
Thank You!
Hannes Astok
www.ega.ee | hannes@astok.ee| +372 5091366 | hannesastok
E-Governance Academy | Tõnismägi 2, 10112 Tallinn, Estonia
Presentation Title 12.03.2013