national infosec organisations and infosec management in hungary

National INFOSEC Organisations and INFOSEC Management in Hungary

Upload: aubrey-richard-little

Post on 17-Jan-2018




0 download


INFOSEC based on law


Page 1: National INFOSEC Organisations and INFOSEC Management in Hungary

National INFOSEC Organisations and

INFOSEC Managementin Hungary

Page 2: National INFOSEC Organisations and INFOSEC Management in Hungary

• is the application of security measures to protect information processed, stored or transmitted in communication, information and other electronic systems against loss of confidentiality, integrity or availability, whether accidental or intentional, and to prevent loss of integrity or availability of the systems themselves.

• A set of security measures (physical, personnel, security of information and INFOSEC) shall be implemented to create a secure environment in which to operate a communication, information or other electronic system.


Page 3: National INFOSEC Organisations and INFOSEC Management in Hungary

INFOSEC based on law

Page 4: National INFOSEC Organisations and INFOSEC Management in Hungary

CONSTITUTION59. § (1) Protection of private confidentiality and data be due to every Hungarian subject.

The Act about protection of private confidentiality and publicity of data of public interest.

Act LXIII. of 1992.

Page 5: National INFOSEC Organisations and INFOSEC Management in Hungary

Data SecurityArticle 10 par 1

10. § (1) The holder of information and in the scope of his activity the user of information are obliged to take care of the security of information, to take those technical and organising measures and to elaborate those procedural rules which are necessary in order to enforce this Act and other regulations, relating to the information security and protection of classified information.

Act LXIII. of 1992

Page 6: National INFOSEC Organisations and INFOSEC Management in Hungary

Act LXIII. of 1992Data Security

Article 10 par 2

(2) Information – especially personal data, qualified as state secret and service secret, shall be particularly protected against

• illegal access,• modification,• disclosure,• deletion,• damage, and• destruction.

Page 7: National INFOSEC Organisations and INFOSEC Management in Hungary

• disclosure,• illegally obtaining and use,• transferring to unauthorised persons• the prevention of the entitled person from

accessing it,

if these occur before the termination of the validity period it can damage or endanger the interests of the Republic of Hungary.

Act LXV. of 1995 (1)Types of secret

(1) State Secret (Top Secret)

Page 8: National INFOSEC Organisations and INFOSEC Management in Hungary

if occur:• disclosure,• illegally obtaining and use,• transferring to unauthorised persons

before the termination of the validity period it can damage the working order of the state or public organisation, and hinder the exercise of their tasks and competence without improper effects.

Act LXV. of 1995 (2)Types of secret

(2) Service Secret (Secret)

Page 9: National INFOSEC Organisations and INFOSEC Management in Hungary

Protected but not classified data(nowadays these are also classified)

Confidentialis injurious (harmful) if it becomes available to the public or unauthorised persons become acquainted


is unfavourable if it becomes available to the public or unauthorised persons become acquaintedto the interested country or organisation concerned with the national agreement.

Act LXV. of 1995 (3)

Page 10: National INFOSEC Organisations and INFOSEC Management in Hungary

Governmental Decree 79 of 1995 about

handling order of classified data

Protection of classified data carrier:

• classification• registering• copying• destruction• safekeeping

• take over of data• handing over, passing• taking back• revision

Page 11: National INFOSEC Organisations and INFOSEC Management in Hungary

Governmental Decree 79 of 1995about

handling of classified data (2)

Protection of classified data-storage (27. §)

Data, containing state secret (top secret) or service secret (secret), whose reliable protection cannot be provided otherwise can be stored in computer systems in magnetic form or other types of data storage only in coded form.

on the CIS

Page 12: National INFOSEC Organisations and INFOSEC Management in Hungary

Governmental Decree 79 of 1995about handling of classified date (3)

• Transfer and forwarding of classified information.

Classified information held in a wired or wireless system of data-transition, if the data leaves the boundary of reliable protection and supervision, especially when it leaves the properly closed or protected area of the organization which is responsible for information security it must only be forwarded in coded form.

Page 13: National INFOSEC Organisations and INFOSEC Management in Hungary

Governmental Decree 43 of 1994about Crypto Activity

• Organization of Crypto Activity• Personal Conditions• Crypto equipment• Basic security rules• Tasks of National Communication Security

Authority• Inspection

Main articles of decree:

Page 14: National INFOSEC Organisations and INFOSEC Management in Hungary

Governmental Decree 43 of 1994about Crypto Activity

Organisation of crypto activity:6.§ (1)Dependent on character and measure of the

organisation pursuing crypto activity it has an interest in control and supervision to at least:

• Assign a crypto custodian or• Establish a Crypto Authority

Page 15: National INFOSEC Organisations and INFOSEC Management in Hungary

Governmental Decree 43 of 1994about Crypto Activity

Organisation of crypto activity:6.§ (2)In the case of assigning more than one crypto

custodian when establishing a Crypto Authority it has to operate Central Crypto Authority in the effected organisation.

Page 16: National INFOSEC Organisations and INFOSEC Management in Hungary

MoD Directive about Crypto Activity

Organisation of crypto activity in the MoD:Currently in operation:• a Central Crypto Authority for technical control and

technical supervision of crypto activity in the Hungarian Military Forces

• Crypto Authority in the middle level of military structure

The Central Crypto Authority is working under National Crypto Authority (National Communication Security Authority)

Page 17: National INFOSEC Organisations and INFOSEC Management in Hungary

Legal regulationParliament


Act LXIII.of 1992.

Act LXV.of 1995.

Gov. Dec. 79of 1995

Gov. Dec. 43of 1994

MoD Directive

Act IV.of 2000.

Act LXXXV.of 1998.

Gov. Dec. 56of 1999

Gov. Dec. 52of 2002

MoD Directive MoD Directive

Before to join to NATO

(all modified later)

During and after join to


Page 18: National INFOSEC Organisations and INFOSEC Management in Hungary

Act LXXXV. of 1998 decrees about the National Security Authority.

• Control: The Minister Heading thePrime Minister’s Office

• Supervision: National SecurityCommittee of the Parliament

• Information (Coverage): Defence Committee

of the Parliament

National Security Authority

National Security Committee

of the Parliament

Committee of Defence

The Minister Leading the

Prime Minister’s Office

National Security Authority

Page 19: National INFOSEC Organisations and INFOSEC Management in Hungary

Responsibilities / Carry out:• prescribe tasks for NSA in NATO and UN security directives• prescribe tasks for National Industrial Security Authority• during its tasks handle personal and special data

National Security Authority(Governmental Decree 180/2003)

Page 20: National INFOSEC Organisations and INFOSEC Management in Hungary

The main tasks are:• functions of NSA (co-operative organisations)• procedure of personal security• procedure of physical and document security• procedure of electronic information security• industrial security inspection

Governmental Decree 52 of 2002 about National Security Authority

National SecurityAuthority (NSA)

Department of Information and

Document Security of MoD

National Communication

Security Authority (NCSA)

National Security Office (NSO)

Military Security Office (NSO)

Page 21: National INFOSEC Organisations and INFOSEC Management in Hungary

Newest regulations

• Governmental Decree 179/2003 about rules of procedure of protection of classified data received by international contract or made by international commitment.

• Governmental Decree 180/2003 about detailed tasks and rules of activities of National Security Authority, together with detailed rules of industrial security inspection.

Page 22: National INFOSEC Organisations and INFOSEC Management in Hungary

Security StructureParliament

National Security Committee

Defence Committee

The Minister Heading the Prime Minister’s


National Security Authority

Department of Information and

Document Security of MoD

National Communication

Security Authority (NCSA)

National Security Office (NSO)

Military Security Office (NSO)

Central Crypto Authority of



Page 23: National INFOSEC Organisations and INFOSEC Management in Hungary

Security Organizations and Persons on the CIS System


Organizatons(NATO, EU)

NationalCommunication Security


Central Communication Security Authority of MoD (MoD GS J6)

System/NetworkSecurity Officer(MoD GS J6)

Crypto Custodian

National SecurityAuthority

INFOSEC Authority(MoD DoI&DS)

INFOSEC Operational Authority

(MoD GS J6)Security Officer(MoD GS J6)

Local Security Officer

Person in Charge of Security – (HQSO)

HQ of Communication

centralsystem administrator

Local System Administrator


Joint Logistic and Support


Site Security Officer



Page 24: National INFOSEC Organisations and INFOSEC Management in Hungary

Thank you for your attention