Presentation is loading. Please wait.

Presentation is loading. Please wait.

Government Information Assurance (GIA) Policy. 2 Current Scenario  It is a connected world!  More and More services are being provided online  Continuous.

Published byAracely Coleman Modified over 9 years ago

Similar presentations

Presentation on theme: "Government Information Assurance (GIA) Policy. 2 Current Scenario  It is a connected world!  More and More services are being provided online  Continuous."— Presentation transcript:

1 Government Information Assurance (GIA) Policy

2 2 Current Scenario  It is a connected world!  More and More services are being provided online  Continuous evolving and powerful technology available to everybody at a cheap price  With every opportunity come Risk.  Your business is at RISK!

3 3 Emerging Risks  Changing Political Scenario  Arab Spring  Qatar’s prominent role in International Arena  Changing Economic Scenario  Country with highest per capita income  International Sporting Events  Hacktivism  Sophisticated Attack Vectors  Insider Threats  Changing Legislative landscape  Data Privacy Law*  Critical Information Infrastructure Protection Law*

4 4 Real Incidents  During Arab Games in 2011  A number of critical sector and government organization were victim of attacks from Moroccan Hackers group  Number of sites affected: 10  Most of the incidents involved web defacement but it could have been worse!  Duration of incident: The attack was persistent for two weeks

5 Government Information Assurance Survey Increasing Reliance on ICT New Emerging Risks No Security Baseline standards Insufficient trained resources Baseline Policy & Standards Auditing Model Certified Training The need of Information Security Management System

6 Business Model of Information Security Challenges in Government Sector  Cultural Issues  Pre-set Mindset: Peaceful and secure environment  Lack of Awareness  Lack of Support  Lack of Resources

7 Government Information Assurance Survey Government Information Assurance Survey (2010) 30% of IT managers of Government organizations responded Survey demonstrated the need of information security support

8 8 Government Information Assurance Policy

9 What is GIA Policy

10 Government Information Assurance Survey GIA Components What is GIA Government Information Assurance Manual Governance Structure [IG] Risk Management [RM] Third Party Security Management [TM] Data Labeling [DL] Change Management [CM] Personnel Security [PS] Security Awareness [SA] Incident Management [IM] Business Continuity Management [BC] Logging & Security Monitoring [SM] Data Retention & Archival [DR] Documentation [DC] Accreditation [AC] Security Governance & Processes Government Information Classification Policy Communications Security [CS] Network Security [NS] Information Exchange [IE] Gateway Security [GS] Product Security [PR] Software Security [SS] System Usage Security [SU] Media Security [MS] Access Control Security [AM] Cryptographic Security [CY] Portable Devices & Working Off-Site Security [OS] Physical Security [PH] Technical Control Areas Implementation GuideAccreditation Manual Certified Training

11 Government Information Assurance Survey Assets Classification What is GIA Step 1: Identify key processes and their owners in the organization. Step 2: Identity process dependencies: information, applications, systems, networks, etc. Step 3. Determine the security classification for each information asset using table Step 4: Apply the necessary controls

12 Government Information Assurance Survey GIA Policy is… What is GIA Formulated from most common international standards/best practices Allows straight forward path for certification against other standards e.g. ISO27001 Maps well with established standards such as ITIL Approved by the Board of ictQATAR and has been sent to Council of Ministers. Adopted by MoI, ABQ

13 Thank You www.qcert.org

Download ppt "Government Information Assurance (GIA) Policy. 2 Current Scenario  It is a connected world!  More and More services are being provided online  Continuous."

Similar presentations

Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
PhoenixPro Procurement. technology. contracts. projects.

PhoenixPro Procurement. technology. contracts. projects.
Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, 2007. This work is the intellectual property rights of the author.

Lynn Ray ISO Towson University Strategic Planning for IT Security Copyright Lynn Ray, This work is the intellectual property rights of the author.
David A. Brown Chief Information Security Officer State of Ohio

David A. Brown Chief Information Security Officer State of Ohio
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.

Enterprise security How to bring security transparency into your organization ISSA EDUCATIONAL SESSION Nicklaus Schleicher, VP Support & Customer Service.
S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,

S5-1 © 2001 Carnegie Mellon University OCTAVE SM Process 5 Identify Key Components Software Engineering Institute Carnegie Mellon University Pittsburgh,
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
Information Systems Security Officer

Information Systems Security Officer
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
The Role of Security & Privacy in EA Program

The Role of Security & Privacy in EA Program
Stephen S. Yau CSE 465-591, Fall 2006 1 Security Strategies.

Stephen S. Yau CSE , Fall Security Strategies.
Preparing Scotland’s first Records Management Plan Ava Wieclawska Records Manager.

Preparing Scotland’s first Records Management Plan Ava Wieclawska Records Manager.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Similar presentations

Ads by Google