Text size

Spacing

Contrast
Settings

 

Information security directors to increase the security level of state authorities

02.01.2013

The regulation of the Government of the Republic that entered into force as of this year obligates governmental authorities to engage in information security more systematically than before, including the appointment of persons responsible for security: information security directors.

Their task is to ensure that the principal work of the authority is performed smoothly and only the authorised persons are able to access the information systems.

"The state administers hundreds of databases that include personal data, information necessary for the operation of enterprises as well as information related to the foreign and security policies of the state. It is therefore essential that the operation of the information systems and the protection of the data contained therein be organised well in state authorities and assigned to the sphere of responsibility of a specialist. It is also critical that the directors of the authorities receive information concerning security issues in the authority from the direct source: the information security director," explained Jaan Priisalu, Director General of the Estonian Information System's Authority.

As of now, all the ministries and the major authorities responsible for the operation of national information systems have appointed the information security specialists. A mere year ago, few authorities had an information security director. The information security level of the authorities has therefore been very different and the managements have had no overview of the sufficiency and implementation of security measures.

The information security directors of state authorities must, for example, observe that audit trails (logs) be recorded of actions and queries in state databases. Every person has the right to know what is being done with the data gathered about them. Without an audit trail, however, it is not possible to identify why and how personal data is processed. It is also the duty of the information security director to ensure that state e-services are always accessible or, in the event of an unexpected disruption, the authority is prepared and the e-services are restored as quickly as possible. Information security is ensured with organisational, physical and IT resources.

The directors of authorities often consider assigning the function of information security to IT specialists. However, global practice indicates that it is reasonable to distinguish opposite roles: the role of the creator and administrator of information systems must be kept separate from the role of the person inspecting the security of these systems.

Topic: Cyber Security, RIA

Added 24.07.2013

Back to page "News"