Ictwg ecprd seminar 2006
Download
1 / 9

ICTWG-ECPRD SEMINAR 2006 - PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on

ICTWG-ECPRD SEMINAR 2006. INFORMATION SECURITY ISSUES AT THE CHAMBER OF DEPUTIES Carlo Simonelli Head of Unit – ICT Systems and User Support ICT Department – Chamber of Deputies Vilnius, 6t h October 200 6. 1. OVERVIEW. Information System Security

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ICTWG-ECPRD SEMINAR 2006' - hani


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Ictwg ecprd seminar 2006
ICTWG-ECPRD SEMINAR 2006

INFORMATION SECURITY ISSUES AT THE

CHAMBER OF DEPUTIES

Carlo Simonelli

Head of Unit – ICT Systems and User Support

ICT Department – Chamber of Deputies

Vilnius, 6th October 2006

1


Overview
OVERVIEW

  • Information System Security

  • “Documento programmatico sulla sicurezza dei dati” (Programmatic Data Security Document)

  • Risk analysis carried out for the Programmatic Data Security Document

  • Other contents of the Document

  • Internet redundant links

  • Projects for improving information system security

2


Information system security
INFORMATION SYSTEM SECURITY

  • Information System Security at the Chamber of Deputies during the past years

  • Security procedures difficult to be implemented

3


Personal data protection code
PERSONAL DATA PROTECTION CODE

  • Internet, Electronic mail and always-on era required more effort in information security

  • Implementing “Personal Data Protection Code” (Decreto Legislativo n. 196, 2003)

4


Programmatic data security document
PROGRAMMATIC DATA SECURITY DOCUMENT

  • First edition of “Documento programmatico sulla sicurezza dati” (Programmatic Data Security Document)

  • The “Register of IT systems” is a prerequisite

  • The two parts of the Document

    • Analytic review of all data treatments

    • Rules for managing personal and sensitive data and general instruction to protect the information systems

5


Risk analysis and assessment
RISK ANALYSIS AND ASSESSMENT

  • ISO/IEC 17799 (now ISO/IEC 27799:2005) and other information security standards

  • Risk exposure level established for 51 data bases with sensitive data and for 77 data bases with personal data

  • Activities this year on sensible data

6


Benefits of the document
BENEFITS OF THE DOCUMENT

  • Joint activities improving information security

  • Important managing procedures

    • Procedures for managers and employees

    • Duration of data stored online and offline

    • Who is in charge of deleting data

    • Managing backups and logs

    • Data ciphering

    • Password characteristics and expiration

    • Training of managers and employees

7



Improving information system security
IMPROVING INFORMATION SYSTEM SECURITY

  • PKI system for digital signatures

  • Smart cards for strong authentication of employees

  • New projects

    • MPs VPN SSL authentication and profiling; use of tokens

    • Protocol 802.1x for administrative user workstation connection

9


ad