Language switcher

You are here

RIA has compiled an information security guidebook for the public sector

The Information System Authority (RIA) and its partners have updated the Estonian information security standard (E-ITS), which contains data on information security threats and provides measures for public sector authorities to help maintain security in their systems.

Naine laob paberipakke torni

‘The public sector and local governments have numerous databases and information systems full of sensitive data. The aim of the information security standard is to give authorities a basis for handling information security that is updated regularly and suitable for the Estonian legal system. The better we can implement the standard, the better we are able to cope with unexpected circumstances, be more transparent in our activities, and ensure trust for the state information systems and the state as a whole,’ said Ilmar Toom, Head of RIA’s Standards and Supervision Department.

In 2019–2020, RIA carried out supervision proceedings in all local governments and found that many of them are significantly lacking. For example, there were issues in monitoring information security and deficiencies in reporting incidents. There were local governments where information security was the task of deputy heads or other people in the administrative unit. Precepts were issued to about a quarter of the local governments to eliminate the deficiencies.

According to Toom, the world of a public institution did not necessarily fall apart 30 years ago if the employees failed to lock their document archive for a moment. ‘However, if the systems are left defenceless today, databases can be leaked within minutes and information systems may be rendered unusable if they are encrypted. In Estonia, 3,000 automatic attempts are made every minute to access the systems of some public institution, which is why the new Estonian information security standard could be considered an information security guidebook for the public sector – abiding by it allows preventing threats and minimising risks,’ Toom noted.

Mihkel Sinisalu, a cybersecurity expert of KPMG Baltics who took part in the development of E-ITS, said that while compiling the standard was a time-consuming and highly challenging project, is was a sorely needed one. ‘By creating this new standard, we took a large and important step closer to a safer digital environment.’ Sinisalu added that this information security guidebook includes modern information security requirements for Estonian companies and organisations. This will make us all feel safer regarding the use and storage of personal data as well as data security and will hopefully help to prevent possible cyber-attacks against both the state and individuals.

The new Estonian information security standard (E-ITS) will replace the voluminous information security system ISKE. Despite the smaller volume, the standard handles sets of measures that have been sorely missed for a while. For example, the standard focuses separately on industrial automation devices and their management. The update will also provide a set of security measures for vehicles as cars have an increasing amount of information technology that can be abused.

Materials related to E-ITS can be found in the portal »

KPMG Baltics OÜ, Cybernetica AS, and the Tallinn University of Technology took part in the development of the standard in addition to RIA’s experts. The updated standard was reviewed by 20 Estonian information security practitioners.

The Estonian information security standard was created with funding from the European Regional Development Fund under the support scheme ‘Raising Public Awareness about the Information Society’.

Seiko Kuik
Press Officer of the Information System Authority

More news on the same subject


Trends and Challenges in the Cyberspace Q3 2021

29.10.2021 – Critical Vulnerability in Confluence Affected Three Estonian State Agencies. Legacy Systems Affect Both Public and Private Sectors. Cryptocurrency Fraud Schemes On The Rise. 24 Hours in Cyberspace: Infections, Attacks, and Vulnerabilities.


Are you ready for convenient and carefree e-voting?

1.10.2021 – E-voting lasts from 11 to 16 October. If you wish to e-vote, you must check the certificates of your ID-card or mobile-ID and use the latest software.