TBILISI – SEPTEMBER
2012
E-GOVERNMENT
LEGISLATIVE FRAMEWORK
e-Document and e-Signature law – 2007
Law on Creation of Data Exchange Agency –2010
Law on Unified Information Registry –2011
Law on Information Security – 2012
Law on Personal Data Protection – 2012
LAW OF GEORGIA ON UNIFIED
STATE REGISTRY OF
INFORMATION
Aim of the Law: establishment of a unified state registry of registers,
databases, services and information systems within the public sector of
Georgia
A supplementary act – Instruction on standards and procedures of
working with the Registry of Registers, as well as manual on the use of
web-portal
Categories of information to be submitted:
• Establishment of a registry or service (initial registration)
• Significant amendment of a registry or service
• Merger, division, revocation, deletion, transfer or archiving a
registry or service
Data Exchange Agency as implementer
E-GOVERNMENT
STRATEGY
E-GOVERNMENT
STRATEGY
• e-Services
• e-Participation and Open Government
• e-Health
• Public Finance Management System
• e-Business
• ICT-Hub Georgia
• Infrastructure
• e-Security
• Skills and e-Inclusion
• Enabling frameworks and governance
• Awareness
INFORMATIONAL
SECURITY
AVAILABILITY INTEGRITY CONFIDENTIALITY
false information
network jamming
intrusions
information stealing
system paralyzing
CYBER SECURITY
ECOSYSTEM
Security Council
Minister of Justice Ministry of Internal Affair Minister of Defense
Data Exchange Agency 24/7 Cyber Crime Unit Military Cyber Defense Unit
LEGAL FRAMEWORK
Cyber Security Strategy E-Government Strategy Other Strategic
for 2013–2015 for 2014–2019 Documents
1. Information Security Law (2012) 1. Cyber Crime Convention 24/7
2. All Major IPR Conventions
2. Personal Data Protection ( 2012) (U 3. Processing of Personal Data Conventions (1981)
3. Cyber Crime Chapter on Crime Code.
2010)
• CERT.GOV.GE Computer emergency Response Team Charter
• Presidential Decrees Approval List of Critical Information System Subjects.
• Requirements of Information Security Officer working in Critical Information System Subjects.
• Decrees of Network Sensor Configuration.
• Decrees of Minimal Security Requirements for Critical Information System Subjects.
• Decrees of Asset Management Requirements for Critical Information System Subjects.
• Decrees of Information Security Audit Body Accreditation.
• Decrees of Information Security Audit Requirements in Critical Information System Subjects
CYBER SECURITY STRATEGY OF
GEORGIA 2013-2015
Basic Principles – Cyber Security Strategy
• Whole-of-Government Approach.
• Public-private Cooperation.
• Active International Cooperation.
Cyber Security Strategy – Main Domains
• Research and analysis
• New legislative framework
• Institutional coordination for ensuring cyber security
• Public awareness and education
• International cooperation
INFORMATION AND
CYBER SECURITY
Information Security policy development, implementation, monitoring.
CERT.GOV.GE (Computer Emergency Response Team)
Military Public Sector +
Subject of Critical
Infrastructure
Systems
State Secret
INFORMATION SECURITY
& POLICY DIVISION
Information Security CERT.GOV.GE
Team Team
All Team Members are All CERT Team members are SANS
BSI Certified Professionals: Certified Professionals:
BSI/ISO 27001 (Information Security) SANS GIAC Certified
LI/LA Professionals
BSI/ISO 22301 (Business Continuity)
LI/LA
BSI/ISO 9001 (Quality Management) LA
ISO 31000 (Risk Management)
4 Member of the team are:
CISM (Certified Information Security Manager)
2 Member of the team are:
CISA (Certified Information System Auditor)
INFORMATION 36
SECURITY
2
Management Services Consulting Service
105
Review of Information Security documentation: Policy, Plans, Audit report and etc. 40
ISMS Implementation Service
Current Projects: Service Development Agency; Public Registry of Georgia
Certified Course in Management Systems
( Introduction, Implementation and Internal Audit in Information Security Management Systems,
Certification Exam).
NATO SPS Project Trained Professionals from Moldova and Montenegro
Information Systems Audit Service
CERT.GOV.GE
CERT.GOV.GE
The Cyber security Executing The Trusted Introducer - a.k.a. FIRST is an international
Arm Of The UNITED NATIONS TI - is the trusted backbone of confederation of trusted computer
SPECIALISED AGENCY of The the Security and Incident incident response teams who
International Telecommunication Response Team community in cooperatively handle computer
Union (ITU) Europe security incidents and promote
incident prevention programs.
Partners:
CERT-EE
CERT.GOV.GE
Services and Activities Other Services:
Proactive Services: • Source and Binary Code Analyze Service.
• Incident Handling • Malware Analyze Service.
• Incident Support System • Penetration Test Service
• Detection of Infected Web Sites
• Safe DNS
Monitoring Service
• IP Monitoring Services.
• Network Monitoring System
Special Activities & Awareness • Website (dea.gov.ge),
• Facebook (certgovge)
• Cyber Security Forum • Media Campaign (TV, Internet)
• Annual GITI Regional Conference • Wall Calendar
Course in Cyber Security and Incident Handling
Basic Incident Handling 20
90
NATO SPS Project Trained Professionals from Afghan, Macedonia, Moldova and Montenegro
64
INFORMATION SECURITY
AWARENESS
GITI – GEORGIAN IT
INNOVATION EVENT 2008
THANK YOU FOR YOUR
ATTENTION!
Irakli Gvenetadze
LEPL Data Exchange Agency
Ministry of Justice of Georgia
[email protected]
www.dea.gov.ge; www.my.gov.ge; www.cert.gov.ge;