National INFOSEC Organisations and INFOSEC Management in Hungary.

Slides:



Advertisements
Similar presentations
Concept of Law and Sources of Law
Advertisements

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
PAYMENT MEDIA PROTECTION Czech National Bank, Prague Cash and Payment System Department.
Department of the Navy Information Security Program
1 Rule of Law: Implementing a Comprehensive and Integrated Approach in Prevention and Fight against Corruption in the Danube Region, Pravetz May.
Bylaw on drug demand reduction in Serbia. Bylaw(s) - principles  should be based on existing law(s)  should complement existing laws  should not be.
Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.
1.Legal basis 2.Perception of cyber defence 3.Computer Incident Response System 4.Cyber Operations 5.Protection of information 6.Summary.
TURKISH PERSPECTIVE ON LIFTING IMMIGRATION RESTRICTIONS.
SECURITY What does this word mean to you? The sum of all measures taken to prevent loss of any kind.
Europol’s tailor-made data protection framework
Hungarian Civil Liberties Union Hungarian Civil Liberties Union Ádám Földes Freedom of information in anti-corruption work the Hungarian legal.
Regulatory Body MODIFIED Day 8 – Lecture 3.
Safety and Health Programs
Prof. GAO yongfu Shanghai University of International Business and Economics May 16-17, 2013.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
Tina Kraigher and Milena Podjed-Fabjančič 18 April 2010 Processing of Telephone Traffic Data of Employees ( a Case Study )
Section Eight: Communication Security (COMSEC) Note: All classified markings contained within this presentation are for.
National Workshop on Labour Inspection and Undeclared Work Budapest, October 2009 Collaboration between the GLI EA and Other National Bodies to Address.
Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium.
ANTI-CARTEL ENFORCEMENT IN VIETNAM Presented by: Le Thanh Vinh Vietnam Competition Administration Department – Ministry of Trade Seoul, 07/04/2006.
The Data Protection Act 1998 The Eight Principles.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act - Confidentiality and Associated Problems.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
The new cyber threats in 2013 – the hungarian approach Mr. Mihály Zala, Major-general President of National Security Authority of Hungary.
Classified information in Estonia: The role of the archives Priit Pirsko EBNA meeting in Brussels 18–19 November 2010.
Presented by Dr. Kristóf Horváth Deputy Director General Hungarian Atomic Energy Authority Based on the Guideline developed by the WG on Computer Protection.
Insufficient personal data protection Personal Data protection Act.
PUBLIC INTERNAL CONTROL (PIC) SYSTEM OF HUNGARY Ms. Edit NÉMETH CENTRAL HARMONISATION UNIT FOR PUBLIC INTERNAL CONTROL, HUNGARY BUDAPEST, 25 TH OF JUNE,
Defence Standardization, Codification and Government Quality Assurance Authority Defence Standardization Department Introduction into defence standardization.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
ISO/IEC 27001:2013 Annex A.8 Asset management
Information Systems Unit 3.
An Introduction to the Privacy Act Privacy Act 1993 Promotes and protects individual privacy Is concerned with the privacy of information about people.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Defence Standardization, Codification and Government Quality Assurance Authority Defence Standardization Department DEFENCE STANDARDIZATION REGISTRY Defence.
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
ICT Legislation  Copyright, Designs and Patents Act (1988);  Computer Misuse Act (1990);  Health and Safety at Work Act (1974);  EU Health and Safety.
Lecturer: Lina Vladimirovna Zhornyak, associated professor.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 - Foreign, security and defence.
Lithuanian Water Suppliers Association LEGAL REGULATION OF WASTEWATER DISPOSAL AND TREATMENT IN LITHUANIA.
1 M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 29 – Customs union Bilateral screening:
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
The Public Tendering and Bidding (招投标) Law of the People's Republic of China Effective since January 1, 2000.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
GENERAL SYSTEM OF FINANCIAL MANAGEMENT (Including General Principles of Expenditure & Payment)
Export licensing of dual-use and military goods in the Russian Federation.
Learning Intention Legislations impact on security of information
The activities of the state tax authorities
PRESENTATION OF MONTENEGRO
Issues of personal data protection in scientific research
New challenges for archives in Iceland
General Data Protection Regulation
Parliamentary oversight in the Republic of Uzbekistan
Office of the President of the Philippines Memorandum Circular No. 78
Data Protection Legislation
G.D.P.R General Data Protection Regulations
Legal and Ethical Issues
GDPR Workshop MEU Symposium Prague 2018
Operationalizing Export Certification and Regionalization Programmes
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Article 13  The NTRA Board of Directors is the dominant authority
in the Republic of Macedonia
Presentation transcript:

National INFOSEC Organisations and INFOSEC Management in Hungary

is the application of security measures to protect information processed, stored or transmitted in communication, information and other electronic systems against loss of confidentiality, integrity or availability, whether accidental or intentional, and to prevent loss of integrity or availability of the systems themselves. A set of security measures (physical, personnel, security of information and INFOSEC) shall be implemented to create a secure environment in which to operate a communication, information or other electronic system. INFOSEC

INFOSEC based on law

CONSTITUTION 59. § (1) Protection of private confidentiality and data be due to every Hungarian subject. The Act about protection of private confidentiality and publicity of data of public interest. Act LXIII. of 1992.

Data Security Article 10 par § (1) The holder of information and in the scope of his activity the user of information are obliged to take care of the security of information, to take those technical and organising measures and to elaborate those procedural rules which are necessary in order to enforce this Act and other regulations, relating to the information security and protection of classified information. Act LXIII. of 1992

Data Security Article 10 par 2 (2) Information – especially personal data, qualified as state secret and service secret, shall be particularly protected against illegal access, modification, disclosure, deletion, damage, and destruction.

disclosure, illegally obtaining and use, transferring to unauthorised persons the prevention of the entitled person from accessing it, if these occur before the termination of the validity period it can damage or endanger the interests of the Republic of Hungary. Act LXV. of 1995 (1) Types of secret (1) State Secret (Top Secret)

if occur: disclosure, illegally obtaining and use, transferring to unauthorised persons before the termination of the validity period it can damage the working order of the state or public organisation, and hinder the exercise of their tasks and competence without improper effects. Act LXV. of 1995 (2) Types of secret (2) Service Secret (Secret)

Protected but not classified data (nowadays these are also classified) Confidential is injurious (harmful) if it becomes available to the public or unauthorised persons become acquainted Restricted is unfavourable if it becomes available to the public or unauthorised persons become acquainted to the interested country or organisation concerned with the national agreement. Act LXV. of 1995 (3)

Governmental Decree 79 of 1995 about handling order of classified data Protection of classified data carrier: classification registering copying destruction safekeeping take over of data handing over, passing taking back revision

Governmental Decree 79 of 1995 about handling of classified data (2) Protection of classified data-storage (27. §) Data, containing state secret (top secret) or service secret (secret), whose reliable protection cannot be provided otherwise can be stored in computer systems in magnetic form or other types of data storage only in coded form. on the CIS

Governmental Decree 79 of 1995 about handling of classified date (3) Transfer and forwarding of classified information. Classified information held in a wired or wireless system of data-transition, if the data leaves the boundary of reliable protection and supervision, especially when it leaves the properly closed or protected area of the organization which is responsible for information security it must only be forwarded in coded form.

Governmental Decree 43 of 1994 about Crypto Activity Organization of Crypto Activity Personal Conditions Crypto equipment Basic security rules Tasks of National Communication Security Authority Inspection Main articles of decree:

Governmental Decree 43 of 1994 about Crypto Activity Organisation of crypto activity: 6.§ (1) Dependent on character and measure of the organisation pursuing crypto activity it has an interest in control and supervision to at least: Assign a crypto custodian or Establish a Crypto Authority

Governmental Decree 43 of 1994 about Crypto Activity Organisation of crypto activity: 6.§ (2) In the case of assigning more than one crypto custodian when establishing a Crypto Authority it has to operate Central Crypto Authority in the effected organisation.

MoD Directive about Crypto Activity Organisation of crypto activity in the MoD: Currently in operation: a Central Crypto Authority for technical control and technical supervision of crypto activity in the Hungarian Military Forces Crypto Authority in the middle level of military structure The Central Crypto Authority is working under National Crypto Authority (National Communication Security Authority)

Legal regulation Parliament CONSTITUTION Act LXIII. of Act LXV. of Gov. Dec. 79 of 1995 Gov. Dec. 43 of 1994 MoD Directive Act IV. of Act LXXXV. of Gov. Dec. 56 of 1999 Gov. Dec. 52 of 2002 MoD Directive Before to join to NATO (all modified later) During and after join to NATO

Act LXXXV. of 1998 decrees about the National Security Authority. Control: The Minister Heading the Prime Minister’s Office Supervision: National Security Committee of the Parliament Information (Coverage): Defence Committee of the Parliament National Security Authority National Security Committee of the Parliament Committee of Defence The Minister Leading the Prime Minister’s Office National Security Authority

Responsibilities / Carry out: prescribe tasks for NSA in NATO and UN security directives prescribe tasks for National Industrial Security Authority during its tasks handle personal and special data National Security Authority (Governmental Decree 180/2003)

The main tasks are: functions of NSA (co-operative organisations) procedure of personal security procedure of physical and document security procedure of electronic information security industrial security inspection Governmental Decree 52 of 2002 about National Security Authority National Security Authority (NSA) Department of Information and Document Security of MoD National Communication Security Authority (NCSA) National Security Office (NSO) Military Security Office (NSO)

Newest regulations Governmental Decree 179/2003 about rules of procedure of protection of classified data received by international contract or made by international commitment. Governmental Decree 180/2003 about detailed tasks and rules of activities of National Security Authority, together with detailed rules of industrial security inspection.

Security Structure Parliament National Security Committee Defence Committee The Minister Heading the Prime Minister’s Office National Security Authority Department of Information and Document Security of MoD National Communication Security Authority (NCSA) National Security Office (NSO) Military Security Office (NSO) Central Crypto Authority of HMF NATO CIS

Security Organizations and Persons on the CIS System International Security Organizatons (NATO, EU) National Communication Security Authority Central Communication Security Authority of MoD (MoD GS J6) System/Network Security Officer (MoD GS J6) Crypto Custodian National Security Authority INFOSEC Authority (MoD DoI&DS) INFOSEC Operational Authority (MoD GS J6) Security Officer (MoD GS J6) Local Security Officer Person in Charge of Security – (HQSO) HQ of Communication central system administrator Local System Administrator Users Joint Logistic and Support Command Site Security Officer Security elements Operational elements

Thank you for your attention