Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.

Slides:



Advertisements
Similar presentations
A strategy for a Secure Information Society –
Advertisements

Regional Workshop Warsaw, January 2006 STATE UNION OF SERBIA AND MONTENEGRO Basel Protocol on Liability and Compensation Questionnaire No. 2 Ratification.
Ministry of Interior of Montenegro,,The Fight against corruption and organized crime in Montenegro Ministry of Interior of Montenegro,,The Fight against.
State of play and activities in 2014 March 2014
ENISA Cyber Security Strategies Workshop November 27, 2014 Brussels
GOVERNMENT OF THE REPUBLIC OF MOLDOVA CENTRAL PUBLIC ADMINISTRATION REFORM ( ): concept and results December 2007 Chisinau.
Government of the Republic of Serbia Presentation of the Work Programme for the year 2008 Dušan Petrović, Minister of Justice Ministry of Justice December.
AGENCY FOR PREVENTION OF CORRUPTION AND COORDINATION OF FIGHT AGAINST CORRUPTION mr.sci. Vladica Babić - Assisstent.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Judicial reform in Montenegro in the scope of the European Union integration process The road forward and the steps taken Ms. Branka Lakočević Deputy Minister.
Case of Serbia: Relations between EU integration process and judiciry reform Dušan Brajković Between Transformation and Integration – South-East Europe’s.
EU: Bilateral Agreements of Member States
MINISTRY OF FINANCE Counsellor, docent, Dr Tuomas Pöysti1 The Constitutionalisation and Evolution of Penal Law and Control Policy in the European.
FIGHT AGAINST CORRUPTION November 2008.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
6 August 2015 Rule of law: implementing a comprehensive and integrated approach in prevention and fight against corruption in the Danube region,
Republic of Serbia Road Traffic Safety Agency RTSA – Belgrade.
AfDB - EBRD Joint conference in procurement reform in North Africa and SEMED Countries Marrakech 22 and 23 April 2013 Jordan Delegation 22-23/4/2013.
REPUBLIC OF ALBANIA PUBLIC PROCUREMENT AGENCY 9th Public Procurement Knowledge Exchange Platform May, 28-31, 2013 Skopje
EU Criminal Law Introduction, Lisbon Treaty. EU criminal legislation EU cannot adopt a general EU criminal code EU cannot adopt a general EU criminal.
Rule of Law: Implementing a comprehensive and integrated approach in prevention and fight against corruption in the Danube region”, November 2013.
STARTING NEGOTIATIONS – THE EXPERIENCE OF BULGARIA 7 November 2005 ZAGREB Vladimir Kissiov.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
COMMISSION FOR PERSONAL DATA PROTECTION 14 TH Meeting, CEEDPA may, Kyiv LEGAL FRAMEWORK FOR DATA PROTECTION, COMPETENCES AND PRIORITIES OF THE COMMISSION.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
1 One Stop Shop eKosova Portal Think Big, Start Small Scale Fast A Framework for Development Ministry of Transport and Communication ICT Depatment
Course: European Criminal Law SS 2009 Hubert Hinterhofer.
Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.
PANEL III: The Istanbul Convention – Objectives and Implementation Coordinated efforts - Toward new European standards in protection of women from gender.
Programming of International Development Assistance Donor Sectoral Meeting Ministry of Interior September 17, 2007.
EUROPEAN COMMISSION - DG Internal Market 1 "Reviewing the Review: The European Commission's Third Review of the Product Liability Directive"
Ministry of Waters and Environmental Protection, ROMANIA 1 BERCEN 1 st Exchange program – November 2002 Croatia PROBLEMS AND SOLUTIONS IN COOPERATION.
Moving Forward With the African Dialogue Cross-Border Principles By Mary Gurure Manager, Legal Services and Compliance COMESA Competition Commission Lilongwe,
Media Projects Marija Gaćeša and Violeta Ćorić Belgrade, 1 st October Ministry of Finance.
The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.
Confidence Building Measures Anatoly A.Streltsov D.Tech., D.J., prof. deputy director of the IPII MSU named by M.V.Lomonosov.
1 Building the Privacy culture, starts with the youngsters and their education 20 th and 21 st June 2013 Zagreb, Croatia.
1 Sibiu, Romania June 2008 Development of National IP Strategies Sibiu, Romania June 2012.
Energy Agency of the Republic of Serbia
Anti-Fraud Strategies
Acquis communautaire Community Acquis DEFINITION.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
The Principles Governing EU Environmental Law. 2 The importance of EU Environmental Law at the European and globallevel The importance of EU Environmental.
Directorate General for Enterprise and Industry European Commission The New Legislative Framework - Market Surveillance UNECE “MARS” Group meeting Bratislava,
EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.
REPUBLIC OF MACEDONIA STATUS REPORT ON MEETING THE COMMITMENTS OF THE ATHENS MOU SEEERF IV PERMANENT HIGH LEVEL GROUP MEETING Athens, Greece September.
New approach in EU Accession Negotiations: Rule of Law Brussels, May 2013 Sandra Pernar Government of the Republic of Croatia Office for Cooperation.
EPHA Presentation Healthcare and social services treated equally as estate agents or advertising companies excluded from the Directive or Healthcare and.
CYBER SECURITY Ministry of Trade, Tourism and Telecommunication Nebojsa Vasiljevic
RCC Preparations WCIT-12 Dmitry Cherkesov (Russia) Deputy Head of RCC WP for WCIT-12 Com-ITU Meeting 6 – 8 September 2011 Lisbon, Portugal.
REPUBLIC OF ALBANIA PUBLIC PROCUREMENT AGENCY Eighth Regional Public Procurement Forum May, 22-25, 2012 Tirana
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign, Security and.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 6 – Company Law Bilateral screening:
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 1 – Free movement of goods Bilateral.
Prosecution and investigative authorities in Romania Current status and future reforms Monica Otava Prosecutor Prosecutor’s Office Attached to the High.
Твининг пројекат Европске Уније Успостављање механизма за спровођење ММR *** Twinning project Establishment of a mechanism for implementation of MMR Пројекат.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign and Security Policy.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
Cyber Security and Georgia. New Challenges
The 3rd package for the internal energy market
MDTFJSS RESULTS IN 2016 Ministry of Justice.
PRESENTATION OF MONTENEGRO
Cybersecurity in Belarus a general overview of support areas
PRESENTATION OF MONTENEGRO
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
EUROPEAN PUBLIC PROSECUTOR’S OFFICE
The Treaty of Lisbon and Administrative Cooperation
UNODC and CYBERCRIME October 2009.
Presentation transcript:

Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević

Relevant EU Legislation (1) Regulation No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency 32004R0460 Council decision 2004/541/EC of 5 July 2004 on the three stakeholders’ representatives and their alternates to the Management Board of the European Network and Information Security Agency 32004D0541 Council Decision 92/242/EEC of 31 March 1992 in the field of security of information systems(OJ L 123, , p. 19–25) 31992D0242 Council Resolution of 28 January 2002 on a common approach and specific actions in the area of network and information security (OJ C 43, , p. 2–4) 32002G0216(02) Council Resolution of 18 February 2003 on a European approach towards a culture of network and information security (OJ C 48, , p. 1–2) 32003G0228(01) Council Resolution of 22 March 2007 on a Strategy for a Secure Information Society in Europe (OJ C 68, , p. 1–4) 32007G0324(01)

Relevant EU Legislation (2) Commission Communication /* COM/2006/0251 final */A strategy for a Secure Information Society - “Dialogue, partnership and empowerment” Commission Communication Commission Communication on Critical Information Infrastructure Protection -/* COM/2009/0149 final */ "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience" Commission Communication on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber- security’* COM/2011/0163 final */ Commission Communication on Critical Information Infrastructure ProtectionCommission Communication on Critical Information Infrastructure Protection Directive 2002/21/EC of the European Parliament and of the Council on a common regulatory framework for electronic communications networks and services (Framework Directive) Directive 2002/21/EC Commission Communication COM(2001) 298 final on Network and Information Security: A proposal for A European Policy Approach 52001DC0298 Commission Communication Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration 32008R1007 Regulation (EC) No 1007/2008 Regulation (EU) No 580/2011 of the European Parliament and of the Council of 8 June 2011 amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration 32011R0580 Regulation (EU) No 580/2011 Proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union - COM(2013) 48 final - 7/2/ EN

National Policy Framework Development Strategy for Information Society in the Republic of Serbia by 2020 National Security Strategy of the Republic of Serbia Strategy on Development of Electronic Communications in the Republic of Serbia for period Defense Strategy of the Republic of Serbia Action Plan ( ) on Implementation of the Development Strategy for Information Society in the Republic of Serbia by 2020 Action Plan ( ) on Implementation of the Strategy on Development of Electronic Communications in the Republic of Serbia for period

National Legal Framework Law on Electronic Communications Law on Personal Data Protection Law on Electronic Signature Law on Electronic Document Law on the organization and competences of the state authorities for the fight against cybercrime Criminal Code Criminal Procedure Code Law on Defense The Decision on the determination of large technical systems important for defense Law on Ratification of the Convention on Cybercrime Law on ratification of the CoE Convention on Cybercrime and Law on ratification of its Additional Protocol concerning the criminalization of acts of a racist and xenophobic nature committed through computer system Regulation on Specific Measures for Protection of Classified Information in Information- communications Systems

Institutional Framework Ministry of Trade, Tourism and Telecommunications Ministry of Interior Ministry of Defense Ministry of Public Administration and Local Self-Government Ministry of Justice Administrative Agency for Joint Services of Government Authorities The Academic Network of the Republic of Serbia Regulatory agency for electronic communications and postal service Higher Court in Belgrade Commissioner for Information of Public Importance and Personal Data Protection Special Prosecutor’s Office for Fight Against High-Tech Crime Office of the Council on National Security and Classified Information Protection Intelligence agencies (Security-Information Agency, Military Security Agency and Military Intelligence Agency)

Development Strategy for Information Society in the Republic of Serbia by 2020 INFORMATION SECURITY PRIORITY FIELDS LEGAL AND INSTITUTIONAL FRAMEWORK CRITICAL INFRASTRUCTURE PROTECTION FIGHT AGAINST CYBERCRIME SCIENTIFIC, RESEARCH AND DEVELOPMENT WORK

Improvement of legal and institutional framework The existing legal framework needs to be improved in these matters: Legislation – adopting relevant laws, setting out standards and areas of Information Security, as well as functions of some institutions Institutions – responsible for tasks relating to verification and certification methods, software application, devices and systems, R&D and oversight of the IS standards implementation by state authorities National CERT – Computer Emergency Response Team

Activities relating to adoption of Law on Information Security An interdepartmental work group has been set up Its task is to draft Law on Information Security Defining a national authority responsible for regulating Information Security area, its activities and competences Setting out standards and procedures at the national level and determine role of other state authorities Establishing CERT at national level.

Legal institutional framework CERT (1) Currently there is no estabilished national CERT in Serbia. There are many institutions which have departments which tasks are connected to CERT functions: Administrative Agency for Joint Service of Government Authorities – the main datacenter, network backbone and Internet gateway for State Authorities are managed by AAJS, which has department which performs the tasks of managing security risks in information-communication systems of public administration bodies, protecting the public administration network and data, cooperation and coordination related to information security; Institution`s ICT departments – many institutions have their own ICT departments, datacenters and/or computer network (for example: Ministry of Defense, Ministry of Foreign Affairs, Ministry of Finance, National Tax Agency, Ministry of Interior, Ministry of Justice, Security Information Agency etc.)

Legal institutional framework CERT (2) The Academic Network of the Republic of Serbia (AMRES) performs the CERT activities for the educational and scientific-research institutions in the Republic of Serbia. AMRES CERT team has been listed in TERENA “Trusted Introducer” Service since May AMRES team has a status of listed team, which provides basic information about the team itself as well as shows endorsement of the team by the TI community. AMRES-CERT team members participated in the TERENA’s TRANSITS-I and TRANSITS-II trainings in 2012 which are held with the financial support of ENISA and gained relevant knowledge to work in the efficient CERT environment.

Legal institutional framework Obligations of operators Obligations of operators in accordance with the Law on Electronic Communications: At the request of the regulatory body (RATEL), the operator shall supply all necessary data and information of relevance for ensuring the protection of personal data and privacy of users, and assessment of security and integrity of electronic communications networks and services, including the implementation of policies on security, continuity of work and data protection Operators are obligated to implement the adequate technical and organizational security measures In case of a particular risk related to violation of the security and integrity of public communication networks and services, the operator should inform subscribers of such risks and, in case the risk lies outside the scope of measures to be taken by the operator, of possible means of protection and costs related to the implementation of these measures

Legal institutional framework Obligations of operators Ariticle 125. of Law on Electronic Communications: operator shall inform Regulatory agency for electronic communications and postal service (RATEL) of any violations of security and integrity of public communications networks and services, that significantly affected their operation, and particularly on violations that caused infringement of the personal data protection or privacy of subscribers or users RATEL shall be authorized to inform the public on the infringement of security and integrity or to require from the operator to do it himself, when it assesses that publication of such information is in the public interest.

Fight against cybercrime Criminal Code In the Criminal Code are included criminal offences against information systems: damaging computer data and programs (art. 298) computer sabotage (art. 299) creating and introducing computer viruses (art. 300) computer fraud (art. 301) unauthorized access (art. 302) preventing or restricting access to a public computer network (art. 303) unauthorized use of a computer (art. 304) Making, purchasing and giving for use tools for committing criminal offences against security of computer data (art.304 a) child pornography (art. 185) grooming (art. 185b) criminal offences against intellectual property (art. 198 to 202)

Fight against cybercrime Institutional framework Ministry of Interior - Department for Cyber Crime Higher Court in Belgrade Special Prosecutor’s Office for Fight Against High-Tech Crime

Critical Infrastructure Protection (1) Critical Information Infrastructure Protection is covered by different strategies and laws. Development Strategy for Information Society: It is necessary to develop and improve protection from assaults that arise from the use of information technologies on critical infrastructure systems, in addition to the ICT systems themselves, it could be also the other infrastructure systems that are managed by relying on ICTs, such as the electrical and energetic system The National Security Strategy: identifies risks from cyber crime emphasizes importance of building ICT security system through a system of national security emphasizes capacity building, education, timely collection and sharing of data and information, coordination of security services and strengthen their organizational, human and material resources

Critical Infrastructure Protection (2) Law on Defense: defines that large technical systems in telecommunications and information technology are required to comply with the defense requirements of the country The Decision on the determination of large technical systems important for defense: defines large telecommunication systems important for defense purpose Liaison officer in European Defense Agency and programs regarding Cyber security and Critical information infrastructure protection

Scientific, Research & Development Work Development Strategy for Information Society in the Republic of Serbia by 2020: The dynamic changes linked to the challenges in the area of information safety, which leads to the necessity to constantly introduce new protection methods and measures in this area The necessity to follow the latest achievements in the area of information safety internationally, through the international cooperation Cryptographic techniques are the basis for establishing information safety and the weaknesses of these techniques are directly violating the information safety mechanisms. The safety levels of cryptographic techniques is, as a rule, wearing off with the passage of time due to the constant progress made in the methods for compromising practically all the cryptographic techniques. This is why it is important to constantly maintain research and development of new cryptographic techniques, as well as to constantly re-examine the existing ones.

International cooperation SEENSA workgroup On the second conference of Southeastern Europe National Security Authorities, it is established the cyber defense thematic workgroup SEENSA It is defined that the goal of workgroup is to form common concept of cyber defense and to product relevant documents with the instructions for regulating the cyber defense area Serbian NSA participated on the third conference about information security and cybernetic defense “ISCD 2013” in Hungary

International cooperation Serbia is a member of ITU and IMPACT AMRES CERT team has been listed in TERENA “Trusted Introducer” Service since May 2011

Thank you for your attention