e-Government Centre Moldova Digital security for better governance and public services Digital information security trainings 2013 ChisinauPresentation Title 12.03.2013
e-Government Centre Moldova Policy and legal framework development for Digital Security Hannes Astok Senior Expert eGovernmance AcademyPresentation Title 12.03.2013
Why policy framework? Growing threats and security concerns Vulnerability of the critical information systems Need for coordinated activities Clear roles and responsibilities between the institutions Better protection of information systems and critical infrastructure Estonian Cyber Security Strategy 2008-2013
Goals of the strategyEstablishment of a multilevel system of security measuresExpanding Estonia’s expertise in and awareness of information securityAdopting an appropriate regulatory framework to support the secure and extensive use of information systems
Goals of the strategy: more specifically1. Development and implementation of a system of security measures 1. Protection of the Critical Information Infrastructure (CII) 2. Development and Implementation of a System of Security Measures 3. Strengthening of Organisational Co-operation
Goals of the strategy: more specifically2. Increasing competence in information security 1. Organisation of Training in Cyber Security 2. Enhancing Research and Development3. Development of a legal framework for cybersecurity4. Development of international co-operation5. Raising awareness of cyber security
Relations to the other nationaldevelopment plansInformation Security Interoperability Framework (2007)Information Society Strategy 2013Knowledge-Based Estonia: R&D Development Strategy 2007-2013Criminal policy development strategyEducation and health development plans
Legal framework -International lawCouncil of EuropeConvention on Cybercrime 2004
EU legal frameworkAttacks against information systems: Council Framework Decision 222/2005/JHAProtection of personal data (95/46/EC and 2002/58/EC);Electronic communications (2002/58/EC);Retention of data (2006/24/EC);Re-use of public sector information (2003/98/EC; under revision) ;Information society services (2000/31/EC).
National legal frameworkPenal Code: responsibility and penalties about various types of crime and attacksElectronic Communications Act: requirements for publicly available electronic communications networks and communications services
National legal framework 2Personal Data Protection Act: clear legal basis for processing any kind of personal dataPublic Information Act: regulates the basis and procedures for the accessing of public information
National legal framework 3Information Society Services Act: limits the liability of Internet service providers for the content of their service, spam related issues and general requirements for the provision of information society services.
International CooperationUnited Nations: issues of cyber security are addressed by a high-level expert group of the Internet Governance Forum (IGF) and the International Telecommunication Union (ITU).
International Cooperation: EUEuropean CommissionThe European Network and Information Security Agency (ENISA) provides support to EU member states, institutions and entrepreneurs in the prevention and management of breaches in information security.
International Cooperation: EU 2European Programme for Critical Infrastructure Protection – EU reseach network realted to cyber security
Q&A Thank You! Hannes Astok www.ega.ee | firstname.lastname@example.org| +372 5091366 | hannesastok E-Governance Academy | Tõnismägi 2, 10112 Tallinn, EstoniaPresentation Title 12.03.2013