Development of the Information Security Management System Standard for Public Sector Organisations in Estonia
DOI:
https://doi.org/10.52825/bis.v1i.43Keywords:
Information Security Management System, ISMS, Public Sector, Requirements of Security Standards, EstoniaAbstract
Standardisation gives us a common understanding or processes to do something in a commonly accepted way. In information security management, it means to achieve the appropriate security level in the context of known and unknown risks. Each government’s goal should be to provide digital services to its citizens with the acceptable level of confidentiality, integrity and availability. This study elicits the EU countries’ requirements for information security management system (ISMS) standards and provides the standards’ comparison requirements. The Estonian case is an example to illustrate the method when choosing or developing the appropriate ISMS standard to public sector organisations.
Downloads
References
Purser, S., Standards for Cyber Security. In: Best Practices in Computer Network Defence: Incident Detection and Response, pp. 97–107. IOS Press, (2014), 0.3233/978-1-61499-372-8-97
Oja, T., X-Road Trust Model and Technology Threat Analysis. (2020), Master Thesis, Tallinn University of Technology
Mets, T., Parsovs, A., Time of Signing in the Estonian Digital Signature Scheme, In: Digital Evidence and Electronic Signature Law Review,16(2019), pp.40–50, https://doi.org/10.14296/deeslr.v16i0.5076
Seeba, M., A Specification of Layer-Based Information Security Management System for the Issue Tracking System (2019), Master Thesis, Institute of Computer Science University of Tartu
European Union, General Data Protection Regulation.(2018), http://eur-lex.europa.eu/. Last accessed 28 Jan 2021
European Union, Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, (2016), http://data.europa.eu/. Last accessed 22 Jan 2021
Beckers, K., Cˆ ot ´ e, I., Fenz, S., Hatebur, D., Heisel, M., A Structured Comparison of Security Standards, (2014), 10.1007/978-3-319-07452-8 1
Nabi, S., I., Al-Ghmlas, G., S., Alghathbar, K., Enterprise Information Security Policies, Standards, and Procedures: A Survey of Available Standards and Guidelines, In: Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions, pp.67–89, (2012), IGI Global, ISBN 978-1-4666-0197-0
Tofan, D., Information Security Standards. In: Journal of Mobile, Embedded and Distributed Systems (3). (2011), ISSN 2067 – 4074
Grandclaudon, J. (Ed.), D11.1 International and national cybersecurity certification initiatives. Report of SPARTA project. (2020), https://www.sparta.eu/. Last accessed 10 Jan 2021
KPMG OY Ab, Digitaalisen turvallisuuden kansainv¨ alinen vertailu Valtiovarainministeri ¨ o. (2020) https://vm.fi/documents/10623/307681/Digitaalisen+turvallisuuden+kansainv%C3%A4linen+vertailu/7aafe82e-86e7-7450-358c-f1adfeecb3e5/Digitaalisen+turvallisuuden+kansainv%C3%A4linen+vertailu.pdf. Last accessed 10 Jan 2021
ENISA, Standardisation in support of the Cybersecurity Certification, (2020), 10.2824/481787
ENISA, Good practices in innovation on cybersecurity under the NCSS, (2021), 10.2824/01007
e-Governance Academy (eGA), NCSI National Cyber Security Index, (2021), https://ncsi.ega.ee. Last accessed 10 Jan 2021
Ottis,R., Analysis of the 2007 Cyber Attacks Against Estonia from the Information Warfare Perspective, Cooperative Cyber Defence Centre of Excellence, Tallinn, Estonia, https://ccdcoe.org/uploads/2018/10/Ottis2008_AnalysisOf2007FromTheInformationWarfarePerspective.pdf. Last accessed 10 Jan 2021
Estonian Information Authority (RIA), X-tee factsheet, https://www.x-tee.ee/factsheets/EE/#eng. Last accessed 01 Nov 2020
The Ministry of Economic Affairs and Communications of Estonian Republic, Cybersecurity Strategy Republic of Estonia 2019–2022, (2018). https://www.mkm.ee/sites/default/files/kyberturvalisuse_strateegia_2022_eng.pdf. Last accessed 10 Jan 2021
The Ministry of Economic Affairs and Communications of Estonian Republic, Info¨uhiskonna arengukava 2020, (2013) https://www.mkm.ee/sites/default/files/elfinder/article_files/eesti_infouhiskonna_arengukava.pdf. Last accessed 10 Jan 2021
Estonian Information System Authority Public Procurement No. 203534. Development of the Estonian information security standard. Description of works. (2019) https://riigihanked.riik.ee/. Last accessed 1 Nov 2020
International Standardisation Organisation (ISO), ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements, (2013).https://www.iso.org/standard/54534.html. Last accessed 1 Nov 2020
Center of Internet Security (CIS), CIS Controls, 2020 hhttps://www.cisecurity.org/controls/cis-controls-list/. Last accessed 20 Nov 2020
German Federal Office for Information Security (BSI), BSI IT-Grundschutz Kompendium, 1-02-2020, https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/IT_Grundschutz_Kompendium_Edition2020.html. Last accessed 10 Jan 2021
German Federal Office for Information Security (BSI), BSI Standard 200-3: Risk Analysis based on IT-Grundschutz,(2017), https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi-standard-2003_en_pdf.html. Last accessed 10 Jan 2021
Center of Internet Security (CIS), Mapping and Compliance. Collaboration Enhances Cybersecurity Compliance, https://www.cisecurity.org/cybersecurity-tools/mapping-compliance/. Last accessed 10 Jan 2021
International Standardisation Organisation (ISO), Frequently Asked Questions (FAQS), https://www.iso.org/footer-links/frequently-asked-questions-faqs/general-faqs.html. Last accessed 20 Nov 2020
Pro Publica Inc., Center for Internet Security Inc., Full text of ”Full Filing” for fiscal year ending Dec. 2019, https://projects.propublica.org/nonprofits/organizations/522278213/202041959349302934/full. Last accessed 10 Jan 2021
Estonian Information System Authority (RIA), Three Level IT Baseline Security System ISKE, (2020), https://www.ria.ee/en/cyber-security/it-baseline-security-system-iske.html. Last accessed 10 Jan 2021
German Federal Office for Information Security (BSI), Zuordnungstabelle. Zuordnung ISO/IEC 27001 sowie ISO/IEC 27002 zum modernisierten IT-Grundschutz, (2018) https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Kompendium/Zuordnung_ISO_und_modernisierter_IT_Grundschutz.pdf?__blob=publicationFile&v=1. Last accessed 10 Jan 2021
Downloads
Published
How to Cite
Conference Proceedings Volume
Section
License
Copyright (c) 2021 Mari Seeba, Raimundas Matulevičius, Ilmar Toom
This work is licensed under a Creative Commons Attribution 4.0 International License.
