Standardisation and regulation on information security Margus Püüa Head of Department Department of State Information Systems Ministry of Economic Affairs.

Slides:

Advertisements

Similar presentations

Internet Protocol Security (IP Sec)

Advertisements

Chapter 14 – Authentication Applications

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

SSL Protocol By Oana Dini. Overview Introduction to SSL SSL Architecture SSL Limitations.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

DNSSEC & Validation Tiger Team DHS Federal Network Security (FNS) & Information Security and Identity Management Committee (ISIMC) Earl Crane Department.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

6/4/2015National Digital Certification Agency1 Security Engineering and PKI Applications in Modern Enterprises Mohamed HAMDI National.

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

Tervisepank ® e-solution for primary care Madis Tiik, MD CEO, Estonian Society of Family Doctors

Picmet'03 System Integration Process of Government Information Systems Ahto Kalja Department of State Information Systems/ Tallinn Technical University.

Domain Name System Security Extensions (DNSSEC) Hackers 2.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems.

The Study of Security and Privacy in Mobile Applications Name: Liang Wei

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Identity Management and DNS Services Tianyi XING.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

Collaboration and Content Customer solution case study The Yaroslavl region Government creates knowledge base of public authorities of the Yaroslavl region.

CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Security and Stability of Root Name Server System Jun Murai (From the panel on Nov. 13 th by Paul Vixie, Mark Kosters, Lars-Johan Liman and Jun Murai)

X-Road – Estonian Interoperability Platform

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 - Databases, Controls, and Security.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

EIDE Design Considerations 1 EIDE Design Considerations Brian Wright Portland General Electric.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

Chapter 21 Distributed System Security Copyright © 2008.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

1 NSS DEVELOPERS. Group Members Group Members NSS DEVELOPERS2  Anurag Sharma  Devesh Kumar Gupta  Alok Gangwar  Kuldeepak Panday Project Guide: Mr.

Systems Analysis and Design in a Changing World, 6th Edition 1 Chapter 12 Databases, Controls, and Security.

Transboundary Trust Space February 16, 2012 Ensuring trust in information exchange – proposal and approaches from Russia and CIS-states (RCC states) National.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Securing Data in Transit and Storage Sanjay Beri Co-Founder & Senior Director of Product Management Ingrian Networks.

1 Chapter 1 – Background Computer Security T/ Tyseer Alsamany - Computer Security.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

P ROTOCOL FOR COLLABORATING MOBILE AGENTS IN THE NETWORK INTRUSION DETECTION SYSTEMS. By Olumide Simeon Ogunnusi Shukor Abd Razak.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

IAD 2263: System Analysis and Design Chapter 7: Designing System Databases, Interfaces and Security.

Group 9 Chapter 8.3 – 8.6. Public Key Algorithms  Symmetric Key Algorithms face an inherent problem  Keys must be distributed to all parties but kept.

By Team Trojans -1 Arjun Ashok Priyank Mohan Balaji Thirunavukkarasu.

SSL(HandShake) Protocol By J.STEPHY GRAFF IIM.SC(C.S)

1 Network Security: Introduction Behzad Akbari Fall 2009 In the Name of the Most High.

Web Database Security Session 12 & 13 Matakuliah: Web Database Tahun: 2008.

IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.

1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Network Architecture Characteristics  Explain four characteristics that are addressed by.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.

Firewalls and Tunneling Firewalls –Acts as a barrier against unwanted network traffic –Blocks many communication channels –Can change the design space.

ENCRYPTION, SSL, CERTIFICATES RACHEL AKISADA & MELANIE KINGSLEY.

Cryptography and Network Security

NETWORK SECURITY Cryptography By: Abdulmalik Kohaji.

Athith Amarnath, graduate Student Database and Security Research Group

The Secure Sockets Layer (SSL) Protocol

Module 6 Information Sharing and Communication

Electronic Payment Security Technologies

Presentation transcript:

Standardisation and regulation on information security Margus Püüa Head of Department Department of State Information Systems Ministry of Economic Affairs and Communications, Estonia

AGENDA Why standardisation and regulation? Legal acts and documentation Secure data exchange

INFORMATION SOCIETY In the information society, information is stored, changed and transmitted in a universal digital form In the information society, access to digital information is ensured for all members of society through data exchange network In the information society, routine intellectual work is left for machines In the information society, based on the above- mentioned conditions, the way of life is rational Valdo Praust „Infoühiskond ja selle teetähised” 1998 aastaraamat „Infotehnoloogia haldusjuhtimises”.

CONCLUSION: In the INFORMATION SOCIETY ordinary daily life depends, to a great extent, on the security of information systems!

OBJECTIVE: Despite the growth of cyber security problems in the world, ICT will continue to be one of the most important growth engines in Estonia

WHAT DO WE HAVE?

L EGISLATION and DOKUMENTATION Emergency Preparedness Act Estonian IT Architecture Estonian IT Interoperability Framework Information Security Interoperability Framework Government Regulation on establishing a system of security measures for information systems

X-road is software, hardware and organisational methods for standardised usage of national databases Evidentiary Value and Integrity –All outgoing messages are signed. Signing keys are registered with third party –All incoming messages are logged. The message log is cryptographically protected. The intermediate hash values are periodically time-stamped by the X-Road central agency. –Message receiver can later prove with the help of the X-Road central agency when and by whom was the message sent. Availability - X-Road is built as a distributed system, with minimal number of central services –The directory service is built on top of Secure DNS (DNS-SEC). The usage of well-proven DNS protocol and implementation provides very robust, scalable directory service with built ‑ in caching and redundancy. Security extensions of the DNS (signed zones) ensure that the data cannot be tampered. –All X-Road servers have their own local caching DNS server that ensures the availability of directory information even in case of (partial) network outage Confidentiality –SSL protocol is used as a defence mechanism against external attackers. All exchanged data is encrypted. –Two level access rights control mechanism is used as a defence mechanism against internal attackers.

Thank you for your attention!