ICTWG-ECPRD SEMINAR 2006 INFORMATION SECURITY ISSUES AT THE CHAMBER OF DEPUTIES Carlo Simonelli Head...
-
Upload
charlene-lawrence -
Category
Documents
-
view
213 -
download
0
Transcript of ICTWG-ECPRD SEMINAR 2006 INFORMATION SECURITY ISSUES AT THE CHAMBER OF DEPUTIES Carlo Simonelli Head...
ICTWG-ECPRD SEMINAR 2006
INFORMATION SECURITY ISSUES AT THE
CHAMBER OF DEPUTIES
Carlo SimonelliHead of Unit – ICT Systems and User Support
ICT Department – Chamber of Deputies
Vilnius, 6th October 2006 1
OVERVIEW
Information System Security “Documento programmatico sulla
sicurezza dei dati” (Programmatic Data Security Document)
Risk analysis carried out for the Programmatic Data Security Document
Other contents of the Document Internet redundant links Projects for improving information
system security2
INFORMATION SYSTEM SECURITY
Information System Security at the Chamber of Deputies during the past years
Security procedures difficult to be implemented
3
PERSONAL DATA PROTECTION CODE
Internet, Electronic mail and always-on era required more effort in information security
Implementing “Personal Data Protection Code” (Decreto Legislativo n. 196, 2003)
4
PROGRAMMATIC DATA SECURITY DOCUMENT
First edition of “Documento programmatico sulla sicurezza dati” (Programmatic Data Security Document)
The “Register of IT systems” is a prerequisite
The two parts of the Document1. Analytic review of all data treatments
2. Rules for managing personal and sensitive data and general instruction to protect the information systems 5
RISK ANALYSIS AND ASSESSMENT
ISO/IEC 17799 (now ISO/IEC 27799:2005) and other information security standards
Risk exposure level established for 51 data bases with sensitive data and for 77 data bases with personal data
Activities this year on sensible data6
BENEFITS OF THE DOCUMENT
Joint activities improving information security
Important managing procedures Procedures for managers and employees
Duration of data stored online and offline
Who is in charge of deleting data
Managing backups and logs
Data ciphering
Password characteristics and expiration
Training of managers and employees7
IMPROVING INTERNET LINK SPEED AND AVAILABILITY
8
IMPROVING INFORMATION SYSTEM SECURITY
PKI system for digital signatures Smart cards for strong
authentication of employees New projects
MPs VPN SSL authentication and profiling; use of tokens
Protocol 802.1x for administrative user workstation connection
9