Presentation is loading. Please wait.

Presentation is loading. Please wait.

Legal framework of the statistical system RK Law on State statistics: the basic provisions of the Law are in line with ЕС recommendations (Model Law on.

Published bySpencer Stafford Modified over 8 years ago

Similar presentations

Presentation on theme: "Legal framework of the statistical system RK Law on State statistics: the basic provisions of the Law are in line with ЕС recommendations (Model Law on."— Presentation transcript:

1 Legal framework of the statistical system RK Law on State statistics: the basic provisions of the Law are in line with ЕС recommendations (Model Law on statistics, Doc. SG/99/10) Normative acts of the RK Statistical Agency

2 Structure and principles of State statistics 1) State statistical bodies: RK Statistical Agency and other State bodies (22) 2) The RK Statistical Agency is an RK Government body 3) RK State policy on statistics is based on the following principles: centralisation methodological unity

3 Current situation In 2002 the list of statistical forms has been adopted by the Government of the RK in order to: а) regulate the overall burden on respondents b) reinforce the coordination of statistical activity by national bodies Amendments and additions are being made to other legislative acts of the RK to harmonise them with the Law on National Statistics

4 Harmonisation of legislation and practice Making respondents and the media aware of the basic provisions of the Law Holding seminars for national bodies engaged in statistical activities Improving the statistical activity of national bodies Enhancing the image of national statistical bodies

5 Problems Respondents are often unaware of their rights and obligations with regard to statistics In other national bodies: a) the professional standard in statistical activity is low b) individual statistical data are used for verification purposes Respondents perceive the obligation to submit returns as an imposition

6 Confidentiality and protection of individual data Guiding principle of national statistics Separate article of the Law Data are collected by civil servants only The concept of the protection of individual data is incorporated into the information system of the RK Statistical Agency

7 Harmonisation of legislation on statistics A number of RK laws are at variance with the Law on National Statistics the Tax Code the Law on Individual Entrepreneurship the Law on State Aid for Smalll Business the Law on Employment the Customs Law the Law on Banks and Banking

8 Priority measures to ensure the security of information in the RK statistical information system

9 Solving problems of confidentiality:  The legal basis is the RK Law on National Statistics;  administrative measures;  security of information systems

10 General organisational and technical measures: -Organisation of a restricted access system; - Fire safety and security of technical communications; - Destruction of data waste (shredding paper and erasing magnetic media). - Coded or electronic locks on doors; - Network equipment (switchgear, routers, etc.) is located in places to which outsiders are not admitted.

11 Measures to ensure the confidentiality of individual data on natural and legal persons at the collection and transmission stages (at regional level) - Documents are kept in safely locked drawers and cupboards; - They are not left on tables when staff are absent, and outsiders are not allowed access when documents are being processed; - Transmission by fax is not permitted.

12 Organisational measures : - Rules on data access have been drawn up; - All workers have been informed (by circulation list) what data are confidential and how to handle official information; - A survey to establish how familiar employees are with limited-circulation information; - Formal undertaking by LAN users.

13 FORMAL UNDERTAKING by users of the local area network of the RK Statistical Agency I, the undersigned, ________________________________________________ Name and forenames, post, section, directorate, department hereby undertake: 1. Not to divulge, forget or pass on to others my user name (name of network user) or my password for accessing the LAN (local area network), databases or the Internet.

14 2. To take full responsibility for the computer entrusted to me and for the security of the system files contained in it, office and other applications, and applied software. 3. Not to uninstall of my own accord any drivers installed on the computer and not to install applications or software of doubtful origin not directly related to my work, since they may cause the entire computer system to break down.

15 4. To run the anti-virus program every day. 5. Not to enter the ‘Network neighbourhood’ folder unnecessarily, not to make unauthorised use of the resources of other network users, and not to access the Internet unnecessarily. When accessing the Internet, to use only sites which are listed in the RK Statistical Agency’s Website index. 6. Always to make back-up copies of personal working files and folders and to keep them in a secure place (in safes) away from the computer.

16 LAN security : security policy; organisational protective measures; organisational protective measures; technical means of protection; technical means of protection; user training. user training. Adequate protection of the LAN requires ongoing improvement of the following:

17 Application servers and file servers Work- stations Firewalls Employees of the organisation, network users Access management Database servers IT components subject to protection Linking channels

18 Tasks for protecting data in the network : - Ensuring the confidentiality of data while they are being stored, processed or transmitted on the LAN; - Ensuring that data stored in the LAN are accessible and can be processed and transmitted on time; - Identifying the sender and recipient of communications; - Ensuring the integrity of data while they are being stored, processed or transmitted on the LAN.

19 Standard corporate network Problems: Possibility of interference from the public network Possibility of interference from the public network Possibility of transmitted data being intercepted Possibility of transmitted data being intercepted Absence of monitoring of information flows Absence of monitoring of information flows Open network Central office Subsidiaries Remote workstation (mobile user)

20 Obligations of the LAN administrator 1. Preventing unauthorised access to the system. 2. Preserving the confidentiality of certain data. 3. Monitoring the use of modems. 4. Preventing the unauthorised sending of files. 5. Reducing the chances of intrusion to a minimum. 6. Identifying databases requiring a different level of protection.

21 Measures to ensure data confidentiality Measures to ensure data confidentiality - Personal passwords for PC users; - Running anti-virus programs weekly; - Making back-up copies (kept next to the workstation) and insurance copies (kept in another room, in fireproof safes); - Ban on using non-standard software. - Drawing up an inventory of information resources.

22 Centralised monitoring Subsidiary Protected sub-network Protected sub-network Protected sub-network Intruder НСД Open network Central office Аdministrator’s management console

23 Ways of ensuring network security: - Segregating access between sub-networks of different subdivisions, and isolating heavily protected circuits; - Recording and auditing the activities of the organisation’s employees involving confidential information; - Protecting users’ workstations (safeguarding passwords); - Using firewalls to filter traffic in accordance with set rules.

24 Centralised management Firewall Аdministrator’s management console Subsidiary Public network Firewall Central office

25 Ways of ensuring data security: - Active auditing and adaptive security for the real-time monitoring of negative network activity; - Introducing means of creating virtual protected networks (VPN technology) to quantify information flows.

26 - Strict delimitation of access to document archives and working information; - Isolation of outside software developers from existing databases; - Keeping and analysing a logbook of security incidents (system logs) for each work station; - Protection from former employees who may have a grievance.

Download ppt "Legal framework of the statistical system RK Law on State statistics: the basic provisions of the Law are in line with ЕС recommendations (Model Law on."

Similar presentations

Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.

Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.
Organise Workplace Information

Organise Workplace Information
Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.

Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.

BP5- METHODS BY WHICH PERSONAL DATA CAN BE PROTECTED Data Protection.
FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.

FAIR AND ACCURATE CREDIT TRANSACTIONS ACT (FACTA)- RED FLAG RULES University of Washington Red Flag Rules Protecting Against Identity Fraud.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Concepts of Database Management Seventh Edition

Concepts of Database Management Seventh Edition
Addressing Information Security at Heller October 16, 2013 secureHeller.

Addressing Information Security at Heller October 16, 2013 secureHeller.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
Administrative Practices Outcome 1

Administrative Practices Outcome 1
Higher Administration

Higher Administration
Data Security GCSE ICT.

Data Security GCSE ICT.

Similar presentations

Ads by Google