Ictwg ecprd seminar 2006
This presentation is the property of its rightful owner.
Sponsored Links
1 / 9

ICTWG-ECPRD SEMINAR 2006 PowerPoint PPT Presentation


  • 84 Views
  • Uploaded on
  • Presentation posted in: General

ICTWG-ECPRD SEMINAR 2006. INFORMATION SECURITY ISSUES AT THE CHAMBER OF DEPUTIES Carlo Simonelli Head of Unit – ICT Systems and User Support ICT Department – Chamber of Deputies Vilnius, 6t h October 200 6. 1. OVERVIEW. Information System Security

Download Presentation

ICTWG-ECPRD SEMINAR 2006

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ictwg ecprd seminar 2006

ICTWG-ECPRD SEMINAR 2006

INFORMATION SECURITY ISSUES AT THE

CHAMBER OF DEPUTIES

Carlo Simonelli

Head of Unit – ICT Systems and User Support

ICT Department – Chamber of Deputies

Vilnius, 6th October 2006

1


Overview

OVERVIEW

  • Information System Security

  • “Documento programmatico sulla sicurezza dei dati” (Programmatic Data Security Document)

  • Risk analysis carried out for the Programmatic Data Security Document

  • Other contents of the Document

  • Internet redundant links

  • Projects for improving information system security

2


Information system security

INFORMATION SYSTEM SECURITY

  • Information System Security at the Chamber of Deputies during the past years

  • Security procedures difficult to be implemented

3


Personal data protection code

PERSONAL DATA PROTECTION CODE

  • Internet, Electronic mail and always-on era required more effort in information security

  • Implementing “Personal Data Protection Code” (Decreto Legislativo n. 196, 2003)

4


Programmatic data security document

PROGRAMMATIC DATA SECURITY DOCUMENT

  • First edition of “Documento programmatico sulla sicurezza dati” (Programmatic Data Security Document)

  • The “Register of IT systems” is a prerequisite

  • The two parts of the Document

    • Analytic review of all data treatments

    • Rules for managing personal and sensitive data and general instruction to protect the information systems

5


Risk analysis and assessment

RISK ANALYSIS AND ASSESSMENT

  • ISO/IEC 17799 (now ISO/IEC 27799:2005) and other information security standards

  • Risk exposure level established for 51 data bases with sensitive data and for 77 data bases with personal data

  • Activities this year on sensible data

6


Benefits of the document

BENEFITS OF THE DOCUMENT

  • Joint activities improving information security

  • Important managing procedures

    • Procedures for managers and employees

    • Duration of data stored online and offline

    • Who is in charge of deleting data

    • Managing backups and logs

    • Data ciphering

    • Password characteristics and expiration

    • Training of managers and employees

7


Improving internet link speed and availability

IMPROVING INTERNET LINK SPEED AND AVAILABILITY

8


Improving information system security

IMPROVING INFORMATION SYSTEM SECURITY

  • PKI system for digital signatures

  • Smart cards for strong authentication of employees

  • New projects

    • MPs VPN SSL authentication and profiling; use of tokens

    • Protocol 802.1x for administrative user workstation connection

9


  • Login