government information assurance (gia) policy
DESCRIPTION
Government Information Assurance (GIA) Policy. Current Scenario. It is a connected world! More and More services are being provided online Continuous e volving and powerful technology available to everybody at a cheap price With every opportunity come Risk. Your business is at RISK!. - PowerPoint PPT PresentationTRANSCRIPT
2
Current Scenario
It is a connected world! More and More services are being provided
online Continuous evolving and powerful technology
available to everybody at a cheap price With every opportunity come Risk. Your business is at RISK!
3
Emerging Risks Changing Political Scenario
Arab Spring Qatar’s prominent role in International Arena
Changing Economic Scenario Country with highest per capita income International Sporting Events
Hacktivism Sophisticated Attack Vectors Insider Threats Changing Legislative landscape
Data Privacy Law* Critical Information Infrastructure Protection Law*
4
Real Incidents
During Arab Games in 2011 A number of critical sector and government organization were victim of
attacks from Moroccan Hackers group Number of sites affected: 10 Most of the incidents involved web defacement but it could have been worse! Duration of incident: The attack was persistent for two weeks
Government Information Assurance Survey
IncreasingReliance on ICT
New Emerging Risks
No Security Baseline standards
Insufficient trained resources
Baseline Policy & Standards
Auditing Model
Certified Training
The need of Information Security Management System
Business Model of Information Security
Challenges in Government Sector Cultural Issues
Pre-set Mindset: Peaceful
and secure environment
Lack of Awareness
Lack of Support
Lack of Resources
IS Goals
IS Alignment
Budget A
llocation
IS Process
Mgmt Commitm
ent
Process
Map
ping
IS Controls
Risk M
anage
ment
Resource
Allocation
Awareness
IM Exis
tencanc
e
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5
Government Information Assurance Survey Government Information Assurance Survey (2010)
•30% of IT managers of Government organizations responded•Survey demonstrated the need of information security support
Government Information Assurance Survey
GIA ComponentsWhat is GIA Government Information Assurance Manual
Governance Structure [IG]
Risk Management [RM]
Third Party Security Management [TM]
Data Labeling [DL]
Change Management [CM]
Personnel Security [PS]
Security Awareness [SA]
Incident Management [IM]
Business Continuity Management [BC]
Logging & Security Monitoring [SM]
Data Retention & Archival [DR]
Documentation [DC]
Accreditation [AC]
Security Governance &Processes
Government Information Classification Policy
Communications Security [CS]
Network Security [NS]
Information Exchange [IE]
Gateway Security [GS]
Product Security [PR]
Software Security [SS]
System Usage Security [SU]
Media Security [MS]
Access Control Security [AM]
Cryptographic Security [CY]
Portable Devices & Working Off-Site Security [OS]
Physical Security [PH]
Technical Control Areas
Implementation Guide
Accreditation Manual
Certified Training
Government Information Assurance Survey
Assets ClassificationWhat is GIA
Step 1: Identify key processes and their owners in the organization.Step 2: Identity process dependencies: information, applications, systems, networks, etc.Step 3. Determine the security classification for each information asset using table Step 4: Apply the necessary controls
Government Information Assurance Survey
GIA Policy is…What is GIA
Formulated from most common international standards/best practices
Allows straight forward path for certification against other standards e.g. ISO27001Maps well with established standards such as ITIL
Approved by the Board of ictQATAR and has been sent to Council of Ministers.
Adopted by MoI, ABQ