Download presentation
Presentation is loading. Please wait.
Published bySpencer Stafford Modified over 8 years ago
1
Legal framework of the statistical system RK Law on State statistics: the basic provisions of the Law are in line with ЕС recommendations (Model Law on statistics, Doc. SG/99/10) Normative acts of the RK Statistical Agency
2
Structure and principles of State statistics 1) State statistical bodies: RK Statistical Agency and other State bodies (22) 2) The RK Statistical Agency is an RK Government body 3) RK State policy on statistics is based on the following principles: centralisation methodological unity
3
Current situation In 2002 the list of statistical forms has been adopted by the Government of the RK in order to: а) regulate the overall burden on respondents b) reinforce the coordination of statistical activity by national bodies Amendments and additions are being made to other legislative acts of the RK to harmonise them with the Law on National Statistics
4
Harmonisation of legislation and practice Making respondents and the media aware of the basic provisions of the Law Holding seminars for national bodies engaged in statistical activities Improving the statistical activity of national bodies Enhancing the image of national statistical bodies
5
Problems Respondents are often unaware of their rights and obligations with regard to statistics In other national bodies: a) the professional standard in statistical activity is low b) individual statistical data are used for verification purposes Respondents perceive the obligation to submit returns as an imposition
6
Confidentiality and protection of individual data Guiding principle of national statistics Separate article of the Law Data are collected by civil servants only The concept of the protection of individual data is incorporated into the information system of the RK Statistical Agency
7
Harmonisation of legislation on statistics A number of RK laws are at variance with the Law on National Statistics the Tax Code the Law on Individual Entrepreneurship the Law on State Aid for Smalll Business the Law on Employment the Customs Law the Law on Banks and Banking
8
Priority measures to ensure the security of information in the RK statistical information system
9
Solving problems of confidentiality: The legal basis is the RK Law on National Statistics; administrative measures; security of information systems
10
General organisational and technical measures: -Organisation of a restricted access system; - Fire safety and security of technical communications; - Destruction of data waste (shredding paper and erasing magnetic media). - Coded or electronic locks on doors; - Network equipment (switchgear, routers, etc.) is located in places to which outsiders are not admitted.
11
Measures to ensure the confidentiality of individual data on natural and legal persons at the collection and transmission stages (at regional level) - Documents are kept in safely locked drawers and cupboards; - They are not left on tables when staff are absent, and outsiders are not allowed access when documents are being processed; - Transmission by fax is not permitted.
12
Organisational measures : - Rules on data access have been drawn up; - All workers have been informed (by circulation list) what data are confidential and how to handle official information; - A survey to establish how familiar employees are with limited-circulation information; - Formal undertaking by LAN users.
13
FORMAL UNDERTAKING by users of the local area network of the RK Statistical Agency I, the undersigned, ________________________________________________ Name and forenames, post, section, directorate, department hereby undertake: 1. Not to divulge, forget or pass on to others my user name (name of network user) or my password for accessing the LAN (local area network), databases or the Internet.
14
2. To take full responsibility for the computer entrusted to me and for the security of the system files contained in it, office and other applications, and applied software. 3. Not to uninstall of my own accord any drivers installed on the computer and not to install applications or software of doubtful origin not directly related to my work, since they may cause the entire computer system to break down.
15
4. To run the anti-virus program every day. 5. Not to enter the ‘Network neighbourhood’ folder unnecessarily, not to make unauthorised use of the resources of other network users, and not to access the Internet unnecessarily. When accessing the Internet, to use only sites which are listed in the RK Statistical Agency’s Website index. 6. Always to make back-up copies of personal working files and folders and to keep them in a secure place (in safes) away from the computer.
16
LAN security : security policy; organisational protective measures; organisational protective measures; technical means of protection; technical means of protection; user training. user training. Adequate protection of the LAN requires ongoing improvement of the following:
17
Application servers and file servers Work- stations Firewalls Employees of the organisation, network users Access management Database servers IT components subject to protection Linking channels
18
Tasks for protecting data in the network : - Ensuring the confidentiality of data while they are being stored, processed or transmitted on the LAN; - Ensuring that data stored in the LAN are accessible and can be processed and transmitted on time; - Identifying the sender and recipient of communications; - Ensuring the integrity of data while they are being stored, processed or transmitted on the LAN.
19
Standard corporate network Problems: Possibility of interference from the public network Possibility of interference from the public network Possibility of transmitted data being intercepted Possibility of transmitted data being intercepted Absence of monitoring of information flows Absence of monitoring of information flows Open network Central office Subsidiaries Remote workstation (mobile user)
20
Obligations of the LAN administrator 1. Preventing unauthorised access to the system. 2. Preserving the confidentiality of certain data. 3. Monitoring the use of modems. 4. Preventing the unauthorised sending of files. 5. Reducing the chances of intrusion to a minimum. 6. Identifying databases requiring a different level of protection.
21
Measures to ensure data confidentiality Measures to ensure data confidentiality - Personal passwords for PC users; - Running anti-virus programs weekly; - Making back-up copies (kept next to the workstation) and insurance copies (kept in another room, in fireproof safes); - Ban on using non-standard software. - Drawing up an inventory of information resources.
22
Centralised monitoring Subsidiary Protected sub-network Protected sub-network Protected sub-network Intruder НСД Open network Central office Аdministrator’s management console
23
Ways of ensuring network security: - Segregating access between sub-networks of different subdivisions, and isolating heavily protected circuits; - Recording and auditing the activities of the organisation’s employees involving confidential information; - Protecting users’ workstations (safeguarding passwords); - Using firewalls to filter traffic in accordance with set rules.
24
Centralised management Firewall Аdministrator’s management console Subsidiary Public network Firewall Central office
25
Ways of ensuring data security: - Active auditing and adaptive security for the real-time monitoring of negative network activity; - Introducing means of creating virtual protected networks (VPN technology) to quantify information flows.
26
- Strict delimitation of access to document archives and working information; - Isolation of outside software developers from existing databases; - Keeping and analysing a logbook of security incidents (system logs) for each work station; - Protection from former employees who may have a grievance.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.