government information assurance (gia) policy. 2 current scenario it is a connected world! more...
TRANSCRIPT
![Page 1: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/1.jpg)
Government Information Assurance (GIA) Policy
![Page 2: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/2.jpg)
2
Current Scenario
It is a connected world! More and More services are being provided
online Continuous evolving and powerful technology
available to everybody at a cheap price With every opportunity come Risk. Your business is at RISK!
![Page 3: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/3.jpg)
3
Emerging Risks
Changing Political Scenario Arab Spring Qatar’s prominent role in International Arena
Changing Economic Scenario Country with highest per capita income International Sporting Events
Hacktivism Sophisticated Attack Vectors Insider Threats Changing Legislative landscape
Data Privacy Law* Critical Information Infrastructure Protection Law*
![Page 4: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/4.jpg)
4
Real Incidents
During Arab Games in 2011 A number of critical sector and government organization were victim of
attacks from Moroccan Hackers group Number of sites affected: 10 Most of the incidents involved web defacement but it could have been worse! Duration of incident: The attack was persistent for two weeks
![Page 5: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/5.jpg)
Government Information Assurance Survey
IncreasingReliance on ICT
New Emerging Risks
No Security Baseline standards
Insufficient trained resources
Baseline Policy & Standards
Auditing Model
Certified Training
The need of Information Security Management System
![Page 6: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/6.jpg)
Business Model of Information Security
Challenges in Government Sector Cultural Issues
Pre-set Mindset: Peaceful
and secure environment
Lack of Awareness
Lack of Support
Lack of Resources
![Page 7: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/7.jpg)
IS Goals
IS Alignment
Budge
t Alloc
ation
IS Process
Mgmt C
ommitmen
t
Process
Mapping
IS Controls
Risk M
anagem
ent
Resource
Allocation
Awarene
ss
IM Exis
tencan
ce
0
0.5
1
1.5
2
2.5
3
3.5
4
4.5
5
Government Information Assurance Survey
Government Information Assurance Survey (2010)
•30% of IT managers of Government organizations responded•Survey demonstrated
the need of information security support
![Page 8: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/8.jpg)
8
Government Information Assurance Policy
![Page 9: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/9.jpg)
What is GIA Policy
![Page 10: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/10.jpg)
Government Information Assurance Survey
GIA ComponentsWhat is GIA Government Information Assurance Manual
Governance Structure [IG]
Risk Management [RM]
Third Party Security Management [TM]
Data Labeling [DL]
Change Management [CM]
Personnel Security [PS]
Security Awareness [SA]
Incident Management [IM]
Business Continuity Management [BC]
Logging & Security Monitoring [SM]
Data Retention & Archival [DR]
Documentation [DC]
Accreditation [AC]
Security Governance &Processes
Government Information Classification Policy
Communications Security [CS]
Network Security [NS]
Information Exchange [IE]
Gateway Security [GS]
Product Security [PR]
Software Security [SS]
System Usage Security [SU]
Media Security [MS]
Access Control Security [AM]
Cryptographic Security [CY]
Portable Devices & Working Off-Site Security [OS]
Physical Security [PH]
Technical Control Areas
Implementation Guide
Accreditation Manual
Certified Training
![Page 11: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/11.jpg)
Government Information Assurance Survey
Assets ClassificationWhat is GIA
Step 1: Identify key processes and their owners in the organization.
Step 2: Identity process dependencies: information, applications, systems, networks, etc.
Step 3. Determine the security classification for each information asset using table
Step 4: Apply the necessary controls
![Page 12: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/12.jpg)
Government Information Assurance Survey
GIA Policy is…What is GIA
Formulated from most common international standards/best practices
Allows straight forward path for certification against other standards e.g. ISO27001Maps well with established standards such as ITIL
Approved by the Board of ictQATAR and has been sent to Council of Ministers.
Adopted by MoI, ABQ
![Page 13: Government Information Assurance (GIA) Policy. 2 Current Scenario It is a connected world! More and More services are being provided online Continuous](https://reader038.vdocuments.site/reader038/viewer/2022110319/56649c785503460f9492e1e3/html5/thumbnails/13.jpg)
Thank Youwww.qcert.org