Date post: | 02-Apr-2015 |
Category: |
Documents |
Upload: | stephanie-reade |
View: | 212 times |
Download: | 0 times |
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Unification of information security policies towards a
NATO-wide Information Security Scheme
Arturo Herrera Colmenero
Risk Analysis Consultants
Prague, Czech Republic
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
DOCHECK
PLAN
ACT
DocumentedGui del i nes,
standards, etc.
Typical Approach
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Objectives and Planning
Strategic IT PlanISMS
NATIONAL SECURITY PLAN
Financial Goals
Research and Development
Peace missions
Other goals
NATO (regional) SECURITY PLAN
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
New challenges, Prague Summit, 2002
NATO Requirements
Co-operation
IT based defence
technology
Reliable informatio
n
Accesible informatio
n
Accurate informatio
n
Interoperability
NATO enlargemen
t
Network centric warfare, cyber attacks
NATO Response Force
New Military Command Structure
Civil emergency planing action
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Planning and
preparation
Policy
Components
Types of
Policies
Co-operation
Principles
NATO standards
NATO
Interoperability
Platform
NATO-wide perspective
Member states efforts
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Planning and Preparation problems
Sponsor’s politicaly, legaly,
technicaly unaware
Uncompatible Risk Analysis
methods
Uncompatible Interviews
Omited or unaccesible references
Personnel Unawarenes
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Policy Components problemsUnclear
Statements
Insufficient Management commitment
Uncomparable evaluation indicators
Similar roles with unequal
responsibilities
Contradictory reactions upon violations
Unmatching starting and revision dates
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Types of Policies
Regul at or y Advi sor y I nf ormat i ve
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Lack of interoperability
Distribution
?
?? ?
?
???
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Co-operation Principles
Sharing resources
Muttual Support
Common interests
Bigger goals
Resources efficiency
Sturdier achievements
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
NATO Standards
NATO AdvancedData StorageInterface
NATO StandardImage LibraryInterface
NATO PrimaryImage Format
NATO SecondaryImage Format
NATO C3TechnicalArqhitecture
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Planning and Preparation Advantages
Homologous sponsorship
Compatible Risk Assessments
Development team with sufficient “Know-how”
Compatible interviews outputs
Common Definitions
Similar Personnel Awareness programs
Statement in focus
Bigger references bank
Common evaluation indicators
Even Sanctions
Exceptions tolerance
Coordinated dates
Policy Components Advantages
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Final remarks
Network centric warfare for fighting new international threats depends on reliable IT systems’ interoperability.
NATO-wide Information Security Scheme will enhance the overall organization’s capabilities.
Interoperability will never be achieved if ISMS’s lead to divergent objectives.
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Final remarks
NATO spirit is to unite efforts for collective defence and for the preservation of peace and security. (North Atlantic Treaty, 1949)
Existing standardization work in NATO provides a set of useful tools.
Sec
urity
and
Pro
tect
ion
of I
nfor
mat
ion
Con
fere
nce
Apr
il 28
– 3
0,
2003
Brn
o, C
zech
Rep
ubl
ic
Thank you for your timeArturo Herrera Colmenero
Risk Analysis Consultants
www.rac.cz
Španělská 2
120 00 Prague 2
Czech Republic