malta independent mita feature 10th february 2011
DESCRIPTION
The Malta Independent ICT Feature is now in its third week. In today’s edition, being the feast of St Paul's Shipwreck, we included an article on how the fishing sector, considered to be relatively traditional, is making use of innovative ICT solutions.TRANSCRIPT
since ultimately the aim of the eMallis to help its members to generatemore sales, both in the physical andthe virtual world.
14 15
ICT FeatureThe Malta Independent | Thursday 10 February 2011
The Malta Independent ICT Featureis now in its third week. In today’sedition, being the feast of St Paul'sShipwreck, we included an articleon how the fishing sector, consid-ered to be relatively traditional, ismaking use of innovative ICT solu-tions.
A report published by securityfirm McAfee a few days ago shows
that cybercrime has thrived over thepast decade and the forecast for thenext ten years is even worse. Thelargest ICT organisation in Malta,MITA, has recently been accreditedby the industry leading ISO27001security standard and today theAgency is sharing its experience inacquiring this certification.
With Valentine’s Day around the
corner, we’re looking at some sta-tistics from the newly launchedTrolleyMania virtual mall and com-pare how this fares with onlinemalls abroad. We can also readabout the outcome of the confer-ence hosted by the Malta Commu-nications Authority (MCA)regarding the next 10 years in tele-coms.
The Malta IndependentICT Feature
RoderickSpiteri
KeithCauchi
MandyCalleja
JosefVella
What do fish and fishing have to dowith computers, internet and commu-nications?
Well, on the outset, nothing... how-ever, information technology is playinga significant role in the modernisationand growth of the fishing industry.
This traditional industry is facing eco-nomic and environmental pressures, aswell as ever changing regulations. Suchpressures have led the fishing industryto invest in information technology tomaintain sustainability and streamlineits operations and be more effective andefficient. ICT is providing this industrywith new ways to effectively monitorand control fishing fleets and also withsoftware to ease catch management.Technology has also found its way tothe fish markets and supply chains. An-other important factor in which ICT ishelping in is in the collating of neces-sary information required to regulate,report and plan.
In Malta, the Fisheries Departmenthas already embraced the use of ICT.Currently the department has varioussystems to monitor, control and re-port fishing activities, including aVessel Monitoring System (VMS)which tracks vessel movements andprovides information on the vessels’location, speed and course. From theexperiences gained through the use ofthe existing information systems andthrough the advances made in tech-nology, the fisheries department hasrecently embarked on a project for theimplementation of a holistic, inte-grated, real time information system.The system shall provide real-time in-formation of catches, landings, fishingvessels whereabouts, management in-formation, administration tools aswell as a myriad of reporting func-tionalities which can be used for re-search, reporting and monitoring.
This project, which is co-financed bythe European Union, started with anoverall scope study of the fisheriesprocesses and the ICT requirements forthis industry. A call for tenders was is-sued in July 2010 and awarded in De-cember 2010. It is scheduled that themain components of this holistic infor-mation system will be in place by De-cember 2011. The benefits perceived
from this project are:• Improved management, monitoring,control and auditing;• Improved policy making and plan-ning through the available
• Administrative efficiency gainsthrough automated processes, informa-tion sharing and collaboration;• Improved services to fishermen bothadministratively as well as opera-
tionally.This project shall help the Fisheries
Department to become more efficient,organised and client (fishermen) ori-ented. It will also provide the opportu-
The role of ICT in fisheries
Josef Vella is a Project Manager at MITA
Keith Cauchi is an InformationSecurity Engineer and part of the
ISO27001 team
Mandy Calleja is Communications Co-ordinator at MCA
Implementing the ISO27001 standardAs the Agency entrusted to be thecentral driver in the evolution ofMalta into a leading information so-ciety and economy, the Malta Infor-mation Technology Agency (MITA)is very vigilant of its security aspect.
Early in 2009 MITA embarked onan agency-wide project with the aimof enhancing its security profile. Theproject consisted of various technicalinitiatives and it was felt that the bestway forward was to align these ac-tivities to an international securitybest practice. A renowned interna-tional-standard-setting body thatpromotes worldwide proprietary in-dustrial and commercial standards isthe International Organization forStandardization (ISO).
Due to its encompassing nature,MITA chose the ISO27001 securitystandard to govern its security oper-ations and information risk manage-ment and a small team within theInformation Security departmentwas set up to achieve this goal.
The approach towardsISO27001MITA tackled ISO27001 certificationin a phased approach. A decisionwas taken to seek certification on theagency’s horizontal processes whichcut across various teams. Theprocesses involved were complexand involved multiple teams fromdifferent areas. The reason for thisbold choice was to reap the full ben-efits of the ISO27001 certification andget a real and representative risk pos-ture of its operations.
The experiences gained in ISO9000and Tickit certifications helped MITAthroughout the buildup to ISO 27001certification especially in gatheringinformation required for the risk as-sessment processes. A major revampof the agency’s risk managementprocedure was carried out with theaim of reducing the amount of pa-perwork required whilst still captur-ing the salient risks the agency faced.Furthermore, a risk escalation proce-dure was defined to ensure that riskswould be channeled in a structuredway through the appropriate man-agement structures according to theirsignificance.
In the early phases of the build uptowards the audit, the team setup toachieve ISO27001 identified that the
lack of articulated security policiesand procedures was a major concernin addressing the mandatory controlsstipulated in the ISO standard. Ini-tially the Agency explored the idea ofpurchasing these policies and stan-dards from third parties but this wassoon discarded since the amount ofcustomisation required would besubstantial. Instead, the ISO27001team recommended that the neces-sary policies would be phased-in in agradual but progressive way. Thisensured that MITA does not lose per-spective and end up seeing theISO27001 accreditation as a paperbased exercise.
Among other aspects, the ISO27001accreditation process looked also athow the people behind the technol-ogy – the users – look at informationsecurity. Therefore the process insti-gated a number of initiatives. One ofthese initiatives was a tailor-madecourse for all MITA employees andChief Information Officers. This is anongoing process, as part of an em-ployee’s induction training wherebynew employees are made aware ofthe security policies and proceduresthey have to follow. Another initia-tive was the introduction of a secu-rity awareness campaign wherevarious posters highlighting differentaspects of security are issued and dis-tributed across the public sector.
During and after thecertification processDuring the certification process, twoexternal pre-audits were conductedto ensure that the approach to tacklecertification was correct and the
agency was heading in the right di-rection.
The external audit took place in July2010, a grueling one week audit thatassessed not only the Agency’s pro-file against ISO27001 controls butalso the comprehensiveness of theapproach the ISO27001 project teamadopted to certification. A big ad-vantage in MITA’s case was to in-volve MITA’s internal compliancefunction at an early stage whichshowed the auditor how MITA’schecks and balances were working topinpoint any deficiencies in theprocesses adopted.
Following the successful first audit,external surveillance audits now takeplace every six months to ensure thatthe standard is maintained. Re-certi-fication audits take place every 3years.
Teams that have been certifiedagainst ISO27001 are required tomaintain a ‘Collated Risk TreatmentLog’ listing identified risks and cho-sen controls to mitigate these risks.Risks are not only identified throughrisk assessments but also through theidentification of security weaknesses.If employees identify a securityweakness, during the course of theirduties s/he is required to report thisto the Information Security Depart-ment for further investigation.
ConclusionsGetting resources on board and hav-ing information security recognisedas a priority for teams who work todeliver a service was the main chal-lenge encountered by the projectteam throughout the process. A keyto successfully retain the certificate isthe ongoing support received by sen-ior management both at a depart-ment level but also at a CEO/boardlevel.
ISO27001 brought staff closer to se-curity than ever before. MITA clientsand suppliers see certification againstsuch a professional standard as aproof of employing good securitypractices.
Certification is valid for three years,thus the Agency will undergo a re-certification audit in 2013. In themeantime, work to certify remainingdepartments is in full swing, inpreparation for the next surveillanceaudit in June.
The next 10 years in telecomsThe next 10 years in telecoms – whatdoes the future hold? This was the un-derlying theme of a conference hostedrecently by the Malta Communica-tions Authority (MCA) in commemo-ration of its 10th anniversary ofoperations.
Without a doubt, the telecoms land-scape is changing globally. Economiesin general have adopted the digitalform – monetary transactions, report-ing, radio and television transmis-sions, maps, direct mail adverts andmany other business processes havebeen reduced to bits stored in com-puter memories, racing across net-works at incredibly fast speeds.Geographical boundaries no longerexist in this digital age. Global con-nectivity has become a critical, if notthe most important component formost businesses. Key success factorsfor businesses to survive in thesechanging times include;
1. Strong competitive stance: inorder for businesses to sustain theircompetitiveness, it is important thatthey are well equipped to cope withconsumer demand and deliver theright consumer experience;
2. Visionary government poli-cies: governments must be forwardlooking, developing policies that facil-itate continued investment by under-takings. It is essential that governmentand regulators talk, but more impor-tantly to act globally; and
3. Affordable prices: on thisnote however one may questionwhether low prices will in fact driveusage and adoption of new technolo-gies or whether this is dependent oncultural practices. The past has shownus, with some certainty, that competi-tive prices do in fact drive usage, es-pecially in the mobile market.
The future in technology lies in nextgeneration networks, capable of sup-porting ultra-fast broadband experi-ences that are essential for economicgrowth. Businesses must be open andprepared to change!
With industrial and technologicalchanges, comes regulatory change.Challenges will remain, primarily infostering infrastructural competition,facilitating investment in the essentialnext generation networks and increas-ing harmonisation and cooperation.The structure and scope of regulators
will also have to be revisited. Shouldthey specialise in a particular industryor should nations opt for multi-sectorregulators as in Australia? Shouldregulation be renounced altogetherand taken over by competition rules asin New Zealand? Should telecom reg-ulators be all encompassing and takeon consumer and broadcasting con-tent – can such issues be truly sepa-rated? Such questions remain to beaddressed in the coming years.
In the words of MCA’s Chairman,Ing. Philip Micallef, ‘The age of net-worked intelligence is an age of prom-ise. It is not simply about thenetworking of technology but aboutthe networking of humans throughtechnology. It is not an age of smartmachines, but of humans who,through networks, can combine theirintelligence, knowledge and creativityfor breakthroughs in the creation ofwealth and social development. It isnot just an age of linking computers,but of internetworking human inge-nuity. It is an age of vast change, vastnew promise and unimaginable op-portunity.’
The future is bright!
Among other aspects, theISO27001 accreditationprocess looked also at howthe people behind thetechnology – the users –look at information security
”“
Claudine Cassar
TrolleyMania (www.trolley-mania.com) is just over three monthsold. The portal, launched in October2010 now boasts over 65 eShops andover 10,000 products.
The success of the portal, however,is not limited to attracting new mer-chants. TrolleyMania consistentlyattracts between 400 and 600 uniquevisitors daily. Each visitor spends onaverage 10 minutes on the site andperuses an average of 19 pages.These figures compare well with theresults reported in the BenchmarkIndustry Report for UK Online Re-tail issued by CoreMetrics. The av-erage number of page views forTrolleyMania is 19 pages per sessionwhich is significantly higher thanthe UK average which stands at 11pages per session. The averageamounbt of time a user stays onTrolleyMania is 491 seconds whilstthe average for UK online retailers is454 seconds.
In a nutshell, it is clear that peoplevisiting the site are liking what theysee and are spending more timethan average browsing through theproducts available in TrolleyMania.This is a very positive indicator ofthe exposure that can be gained bymerchants that sell their productsthrough this eMall.
Another very important indicatorthat must be considered when as-sessing the performance of aneCommerce portal is the new visitorconversion rate – in other wordswhat percentage of new visitors ac-tually complete an order and pur-chase. TrolleyMania is currentlylogging a 1.6% conversion rate,which is just over half the UKbenchmark. When looking at thisfigure, however, it is important tokeep in mind that the 1.6% does notreflect the full picture of sales gen-erated by the portal.
The operators of the eMall have
identified a phenomenon which isthe direct result of the small size ofour country – people are identifyingthe product/s they want to purchase
from TrolleyMania and then goingto the physical store to check it outand buy it. In fact the operators ofthe eMall have received regular
feedback regarding this occurrence,particularly from artists, boutiquesand shoe shops. This is obviously apositive side effect of TrolleyMania
A local virtual shopping experience
Claudine Cassar is Managing Director ofAlert Communications Ltd
nity to further develop this industryand be able to respond faster to theever changing regulations and de-mands.