Language switcher

You are here

RIA has compiled an information security guidebook for the public sector

The Information System Authority (RIA) and its partners have updated the Estonian information security standard (E-ITS), which contains data on information security threats and provides measures for public sector authorities to help maintain security in their systems.

Naine laob paberipakke torni

‘The public sector and local governments have numerous databases and information systems full of sensitive data. The aim of the information security standard is to give authorities a basis for handling information security that is updated regularly and suitable for the Estonian legal system. The better we can implement the standard, the better we are able to cope with unexpected circumstances, be more transparent in our activities, and ensure trust for the state information systems and the state as a whole,’ said Ilmar Toom, Head of RIA’s Standards and Supervision Department.

In 2019–2020, RIA carried out supervision proceedings in all local governments and found that many of them are significantly lacking. For example, there were issues in monitoring information security and deficiencies in reporting incidents. There were local governments where information security was the task of deputy heads or other people in the administrative unit. Precepts were issued to about a quarter of the local governments to eliminate the deficiencies.

According to Toom, the world of a public institution did not necessarily fall apart 30 years ago if the employees failed to lock their document archive for a moment. ‘However, if the systems are left defenceless today, databases can be leaked within minutes and information systems may be rendered unusable if they are encrypted. In Estonia, 3,000 automatic attempts are made every minute to access the systems of some public institution, which is why the new Estonian information security standard could be considered an information security guidebook for the public sector – abiding by it allows preventing threats and minimising risks,’ Toom noted.

Mihkel Sinisalu, a cybersecurity expert of KPMG Baltics who took part in the development of E-ITS, said that while compiling the standard was a time-consuming and highly challenging project, is was a sorely needed one. ‘By creating this new standard, we took a large and important step closer to a safer digital environment.’ Sinisalu added that this information security guidebook includes modern information security requirements for Estonian companies and organisations. This will make us all feel safer regarding the use and storage of personal data as well as data security and will hopefully help to prevent possible cyber-attacks against both the state and individuals.

The new Estonian information security standard (E-ITS) will replace the voluminous information security system ISKE. Despite the smaller volume, the standard handles sets of measures that have been sorely missed for a while. For example, the standard focuses separately on industrial automation devices and their management. The update will also provide a set of security measures for vehicles as cars have an increasing amount of information technology that can be abused.

Materials related to E-ITS can be found in the portal eits.ria.ee »

KPMG Baltics OÜ, Cybernetica AS, and the Tallinn University of Technology took part in the development of the standard in addition to RIA’s experts. The updated standard was reviewed by 20 Estonian information security practitioners.

The Estonian information security standard was created with funding from the European Regional Development Fund under the support scheme ‘Raising Public Awareness about the Information Society’.

Seiko Kuik
Press Officer of the Information System Authority

More news on the same subject

28.04.2021

The new yearbook of the Information System Authority (RIA) on cyber security summarises the most influential incidents in cyber space

28.04.2021 – In its most recent yearbook on cyber security, the Information System Authority (RIA) talks about the record number of phishing reports, denial-of-service attacks, and Emotet malware and cyber attacks against Estonian ministries that took place last year. In addition to incidents, you can read about the effect that COVID-19 had on Estonian cyber space, RIA’s larger role in elections, and the new information security standards of Estonia, as well as the most important developments in international cyber cooperation. The yearbook is available on the website of RIA (PDF).

21.04.2021

Trends and observations in the cyberspace Q4 2020

21.4.2021 – Month of open servers? Serious vulnerabilities in MS Exchange software. Look at your services through the eyes of an attacker. DDoS extortion continues. Supply chain attacks in the world as lessons of basic hygiene.