SlideShare ist ein Scribd-Unternehmen logo

DATA EXCHANGE AGENCY INTRODUCTION - Irakli Lomidze

D
DataExchangeAgency

• Who we are. About Data Exchange m Agency, Our Activities and responsibilities. • Shorty about cyber activities in Georgia, Legislation and Strategies and Actions. • DEA Security and E-Government Projects. • Information Security Activities. By Irakli Lomidze

TechnologieBildung
1 von 41
Georgia NATO Cyber Security Training Turkey, Ankara 2012 Irakli Lomidze www.dea.gov.ge
About Georgia Population: 4,615,807 Language: Georgian, Abkhazian Area: 69,700 sq. km Capital: T'bilisi
About Agency Georgian Delegation Irakli Lomidze Head of the Information Security and Policy Division. Vasil Tsvimitidze Information Security Policy Manager Zurab Akhvlediani CERT Leading Specialist
Agenda • INTRODUCTION About Georgia E-Development & Cyber Security • FROM STRATEGY TO ACTION • Introduction to information security. • Building blocks of information security strategy, policies and standards. • Actions, roles and responsibilities. • Our Current Projects & Future Plans • BUILDING AWARENESS AND AWARENESS PROGRAM • Common Threats and vulnerabilities • Principles of awareness • Planning and building of awareness program • Awareness program • GEORGIA CASE STUDIES • 2008 cyber attacks during Georgian Russian war • Latest incident (GEORBOT)
About Agency LEPL Data Exchange Agency Under Supervision on Ministry of Justice of Georgia Agency has been established in January 2010 Main Directions: • E-Government Development • Information Security Improvement and Development , Operate CERT.GOV.GE
6
http://www.e-government.ge/ 7 Public Registry Notary Chamber Civil Registry • Actual Status of Application • Archive of Technical Records • Notary visit online arrangement • Apostil and Legalization • Business Registry • Registry of False Documents • Applying for Citizenship • Cadastral Data • Unified Electronic Registry of Notary • Consular Registration • E-Chancellery • Electronic Registry of Applications • Lien and Tax Lien/Hypothec Registry • Georgian Passports • Pledge/Leasing Registry • Repeated Certificates of Civil Acts • Public Registry: video consultation • Registry of Applications and Rights National Bureau of Enforcement Ministry of Internal Affairs Patrol Police • Debtor Registry • Driver`s License Knowledge Test Examples • Traffic Fines • E-auction • Reservation of State License Plates • Electronic Registry of Enforcement • Validity Extension - Internal Transit Plates
http://www.e-government.ge/ 8 Civil Ministry of Finance LEPL Financial Analytics Service • Auto Customs Tariffs • Information Technology Virtual Zone • E-Auction State Procurement Agency • E-Budget • E-declaration • Unified System of State Procurement • E-Treasury Ministry of Education and Science of Georgia • Gambling Business Fees • Information on Entrepreneurs • Buki - Learn With Joy • Online Declaration for Public Employees National Examination Center • Online Payments • Online Payment: NAEC Service Fees • Property Tax Rates/Coefficients • Online Registration for College Entrants • Registry of Active Check Machines • Results: Unified Entry Examinations • Registry of Charity Organizations • Shipping Information and Customs Ministry of Labor, Health and Social Affairs of Georgia Revenue Service • Birth/Death E-certificates • Office of Revenue: E-Services • Healthcare Management Unified Information System
http://www.e-government.ge/ 9 Tbilisi City Hall Property Management Agency • Confirmation Copy of Plot`s Attest • Electronic Auction • Constructions: Determination of Permission • Land Parcel Marking/Selection Necessity • Determination of Building`s Red Lines Tbilisi Transportation Company • Determination of Parameters for Urban Development • Online Payment: Public Transportation Fines • General Statement from Tbilisi Arch. • Mark Off a Sketch Project of a Plot • Online Reply from the Office of Architecture Public Service Bureau • Preliminary Examination of Project Sketch • Employment in Public Sector • The First Stage of Construction • Online Asset Declaration • Search for Asset Declarations Tbilisi Architecture Central Election Commission • Tbilisi Architecture - Online Services • Voters: Check Your Status
e–ID Project 10 e-ID Card Features • Contact Interface • Personal Certificate for Authentication • Personal Certificate for Electronic Signature • Contactless Interface • 14 Application Storage Security Tbilisi Architecture
Current Situation 11 Ministry Of Ministry of Ministry of Justice Education Economy CRA, NAPR Se es s S c r vi c ce Service r vi er s vi vi es Se er ce S s ic es Serv Ministry of Services Ministry of Finacne Internal Affair Se r vi c Services s i ce s Services ses s es ce es ce i ce vi c vi c Servi Servi v r rv Se Ser r Se Se Ser vi ce s Services Se s Se rv Ser es i ce s ce i ce vi ic r vi r ce s Serv Ser v vi c s Se es Other Governmental Bussines Bank Citizen Agencies
Current Situation 12 Why is it bad ? Ministry of Education Ministry Of Justice CRA, NAPR Ministry of Economy Systems Integration • Needs deeper integration • They are builds on different Platforms s Se es Se ce Service r vi vi vi c r s ce vi c r Se r s Se es ic es Serv • Difficult to add new organization • Difficult to add or change service Ministry of Services Ministry of Finacne Internal Affair Se rv i ce Services s ices Services s s e s es s e i ce i ce Servic Servic vi c • … v r rv rv Ser Se Se Se Se Ser vic es s Services Communication Se Ser es s ce rv vic ic i ce vi r i ce es Serv rv vi c s Se r Se • High cost of Communication Lines es • Difficult to maintenance • No effective Security Other Governmental Bussines Bank Citizen Agencies • …
Evolution 13 So what’s Next ?? Ministry Of Ministry of Ministry of Mystery of Justice Justice Education Economy CRA, NAPR Ministry of Citizen Finance Se es es Se ic Service r vi vi c r rv s ce vi c Se r s Se es ices Serv Ministry of Ministry of Bank Ministry of Services Finacne Internal Affair Education Se rv i ce Services s ices Services s s e s es s e i ce i ce Servic Servic vi c Data Exchange Agency v r rv rv Ser Se Se Se Ser vic es Se s Services Se Ser es s ce rv vic ic i ce vi r i ce es Serv rv vi c s Se r Se es Ministry of Business health Other Ministry of Other Governmental Bussines Bank Citizen Internal Ministries Agencies Affair
Data Exchange Infrastructure 14 G3 Georgian Governmental Gateway G3 • Integration – Systems written in different platforms integrated. – Information exchange between systems are unified and standardized. – Single Place to connect to all governmental services. – Open API & Developer Portal for th-3rd Party Developers or Companies. • Sustainability – Garlanded message delivery. – Information does loose even when you are offline. – Mitigate problems when have high loads on systems. • Security – Communication Lines are Secured. (VPN, SSL, Lawyer 2) – Data Exchange Messages are Secured (Encryption, Signature, Times tamp) – Services are Secured (Access Management on Services)
Data Exchange Infrastructure 15 G3 Georgian Governmental Gateway Benefits • Better Information Management – Project RoR Unified Registry of Registries. – No Proprietary Data Traffic. – No Data Duplication . – More Effective budgeting on information system. • Transparency – Who is requiring information about you
Citizen Portal 16 G3 Georgian Governmental Gateway • Citizen Portal (www.my.gov.ge) – Single Point for Citizens get all governmental e-Services. – Getting information about your self. – Communal Payment. – Granted Mail Delivery. – News about projects in government.
Trade Netowrk 17 G3 Georgian Governmental Gateway • TradeNET Single Point for creating/exchange all necessary document for traders. – Reduce of price per container. – Reduce time of serving. – No paper works and document physical delivery needed.
Information & Information Systems 18 Information Systems need to be protected
19
Information Security & Policy Division 20 Information Security CERT Team Team Computer Emergency Response Team Development & Implementation of Handling Cyber Security Incidents Information Security Standards, Policies and Guidelines Legislation Works: Strategies, Laws, Normative Acts Awareness raising Activities
Data Exchange Agency 21 Our Responsibility Segment Information security policy development, implementation, monitoring, development. Public Sector + Critical CERT.GOV.GE (Computer Emergency Response Team) Creation Military Infrastructure Georgian Governmental Network GGN Monitoring Secret CA (Certificate Authority) –Monitoring
Cyber Space in a space that needs to be defended 22 Earth Water Air Cyber
23
24
Information Security Team 25 We are members of: The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) All our Team members are BSI/ISO trained Professionals. They have multiple year experience working on Information Security Field. All our Team members are BSI/ISO trained Professionals In ITIL. In our Team we have Professionals in MOF.
Developing, Implementing Information Security Policy 26 Legislation • Cyber Crime chapter on Crime Code. Updated in 2010 • Protecting Personal Information Law. 2012 • Drafting Information Security Law. 2012 • Cyber Security Strategy. 2012 • Normative regulations … on Going Process These legislation acts do not cover state secret of military sectors
Developing, Implementing Information Security Policy 27 Information Security Implementation • Information Security Policy for Ministry of Justice 2010 • Info Sec Policy Ministry of Economy and Ministry of Health 2011/2012 • Standards and procedures for Information Security. 2010-2012 • Operation management standards and guidelines. 2012 • Localize and adaptation ISO 27000 Series Standards. 2011 • Trainings Course for Information Security Implementation. 2012
Developing, Implementing Information Security Policy 28 Awareness • Creating Web Site with Cyber Security Articles 2011-2012 • Creating Calendar with Cyber Security Threads. 2012 • Presentations on Information Security & Risk. 2010-2012 • Project with IMPACT Planning in 2012 • Annual GITI Georgian IT Innovation Conference 2008-2012
29
CERT.GOV.GE (Computer Emergency Response Team) 30 Founded in 2011 We are members of: The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe Certifications: All Our Team members are Certified by SANS GIAC
CERT.GOV.GE (Computer Emergency Response Team) 31 Our Partners: www.impact-alliance.org www.terena.org www.nato.int www.shadowserver.org www.team-cymru.org www.arbornetworks.com www.arakis.pl www.eset.com www.microsoft.com www.symantec.com CERT-EE http://www.cert.pl/ www.cert.ee/
CERT.GOV.GE (Computer Emergency Response Team) 32 Incident Responding • Helping solve Cyber Incidents for our customers. 2011 • Incident Reporting Portal with ticking systems. 2011 • National Incident Database. 2012 on going. • Analyzing cyber resources for the vulnerabilities. 2011 • Partnership with other CERTs over the world 2011-2012
CERT.GOV.GE (Computer Emergency Response Team) 33 CERT Services • Penetration Test Service. Since 2011 • IP Monitoring Services. Since 2012 • Source Code Analyze Service. Since 2012 • Tannings for Incident Handling 2012 on going Project.
CERT.GOV.GE (Computer Emergency Response Team) 34 Other Plans for 2012. • Creating local volunteer groups for better Defense of cyber space of Georgia. • An Intrusion Detection System (IDS) and Network Monitoring Sensors
35
Next Presentations for Today 36 From strategy to action • Introduction to information security. What is information security, threat, risks, vulnerabilities, basic terms and definition? • Building blocks of information security strategy, policies and standards. Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x). • Actions, roles and responsibilities. What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals. • Our Current Projects & Future Plans About IP Monitoring Services, About Network Sensors, About Penetration Services, About Source Code Analyzes, Information security policy implementation, Information security audit, Information security trainings. By Vasil Tsvimitidze
Next Presentations for Today 37 Building awareness and awareness program • Common Threats and vulnerabilities Types and examples of information security threats: Unauthorized Access, Cyber Espionage, Malware, Data Leakage, Mobile Device Attack, Social Engineering, Insiders, Phishing, System Compromise, Spam, Denial of Service, Identity Theft. • Principles of awareness Main principles tool and techniques for awareness rising. • Planning and building of awareness program How to plan information security awareness program taking to note cultural differences, available resources and objectives • Awareness program Hands on development specific awareness program, depending on Georgian practice. Defining awareness program and identify priorities. Identification of success assessment metrics. Development or localization materials for government organizations, business companies and citizens. By Vasil Tsvimitidze
Next Presentations for Today 38 Georgia case studies • 2008 CYBER ATTACKS DURING GEORGIAN RUSSIAN WAR Facts Of The Case, Methods Of Cyber Attacks, Defacement Of Websites, Dos And DDOS Attacks, Distribution Of Instructions And Malicious Software, Cyber Blockade, Sites Providing DDOS Attack Tools, Part Of The Information War, Origin Of The Attacks, Russian Business Network, Countermeasures • LATEST INCIDENT (GEORBOT) Introduction, Identification, Attack Vectors, Malware Analysis, Bot Panel Analysis, Decrypting Communication, Cooperation with CERT/ MS /ESET, Countermeasures, Incident Responding Chronology, Methods, Origin of the Attack, Unmasking, Bot master/ Attackers By Zurab Akhvlediani
Lab for Second Day. 39 Basic incident handling • PART1 PCAP TRACE ANALYSIS – SERVER SIDE ATTACK Task 1: Introductory scenario, fake web server vulnerability exploitation step-by-step Task 2: Dabber scenario • PART 2 PCAP TRACE ANALYSIS – CLIENT SIDE ATTACK Task 1: Drive-by download without fast flux Task 2: Drive-by download with fast flux By Zurab Akhvlediani
Q/A 40 Contact Information: The Ministry of Justice Data Exchange Agency Tbilisi, Georgia 0102 Tsminda Nikolozis/Nino Chxeizis St. N2 Phone: +995 (32) 2 91 51 40 E-mail: info@dea.gov.ge Ilomidze@dea.gov.ge
Thank you for your attention

Empfohlen

The Development of Digital Economy
The Development of Digital EconomyThe Development of Digital Economy
The Development of Digital EconomyArab Federation for Digital Economy
 
The Development of a Federal Digital Identity
The Development of a Federal Digital IdentityThe Development of a Federal Digital Identity
The Development of a Federal Digital IdentityArab Federation for Digital Economy
 
Portcullis house full - 25.01.2002
Portcullis house full - 25.01.2002Portcullis house full - 25.01.2002
Portcullis house full - 25.01.2002Alan Mather
 
Palestinian Legal Environment: Challenges & Opportunities for eGovernment Ini...
Palestinian Legal Environment: Challenges & Opportunities for eGovernment Ini...Palestinian Legal Environment: Challenges & Opportunities for eGovernment Ini...
Palestinian Legal Environment: Challenges & Opportunities for eGovernment Ini...Jamil Salem
 
Trends and Development in Government Sector: Building e-Government Backbone
Trends and Development in Government Sector: Building e-Government BackboneTrends and Development in Government Sector: Building e-Government Backbone
Trends and Development in Government Sector: Building e-Government BackboneArab Federation for Digital Economy
 
Smaarter government e transformation
Smaarter government e transformationSmaarter government e transformation
Smaarter government e transformationmoldovaictsummit
 
Facing the Challenge of Enrolment
Facing the Challenge of EnrolmentFacing the Challenge of Enrolment
Facing the Challenge of EnrolmentArab Federation for Digital Economy
 
Smarter govenrment moldova's governance etransformation strategy victor bodiu...
Smarter govenrment moldova's governance etransformation strategy victor bodiu...Smarter govenrment moldova's governance etransformation strategy victor bodiu...
Smarter govenrment moldova's governance etransformation strategy victor bodiu...moldovaictsummit
 

Empfohlen

The Development of Digital Economy
The Development of Digital EconomyThe Development of Digital Economy
The Development of Digital EconomyArab Federation for Digital Economy
 
The Development of a Federal Digital Identity
The Development of a Federal Digital IdentityThe Development of a Federal Digital Identity
The Development of a Federal Digital IdentityArab Federation for Digital Economy
 
Portcullis house full - 25.01.2002
Portcullis house full - 25.01.2002Portcullis house full - 25.01.2002
Portcullis house full - 25.01.2002Alan Mather
 
Palestinian Legal Environment: Challenges & Opportunities for eGovernment Ini...
Palestinian Legal Environment: Challenges & Opportunities for eGovernment Ini...Palestinian Legal Environment: Challenges & Opportunities for eGovernment Ini...
Palestinian Legal Environment: Challenges & Opportunities for eGovernment Ini...Jamil Salem
 
Trends and Development in Government Sector: Building e-Government Backbone
Trends and Development in Government Sector: Building e-Government BackboneTrends and Development in Government Sector: Building e-Government Backbone
Trends and Development in Government Sector: Building e-Government BackboneArab Federation for Digital Economy
 
Smaarter government e transformation
Smaarter government e transformationSmaarter government e transformation
Smaarter government e transformationmoldovaictsummit
 
Facing the Challenge of Enrolment
Facing the Challenge of EnrolmentFacing the Challenge of Enrolment
Facing the Challenge of EnrolmentArab Federation for Digital Economy
 
Smarter govenrment moldova's governance etransformation strategy victor bodiu...
Smarter govenrment moldova's governance etransformation strategy victor bodiu...Smarter govenrment moldova's governance etransformation strategy victor bodiu...
Smarter govenrment moldova's governance etransformation strategy victor bodiu...moldovaictsummit
 
How to increase Retweets in twitter
How to increase Retweets in twitterHow to increase Retweets in twitter
How to increase Retweets in twitterAkash Agamya
 
Jayquan martinez 11.docx
Jayquan martinez 11.docxJayquan martinez 11.docx
Jayquan martinez 11.docxjayquan
 
Supercomputers
SupercomputersSupercomputers
SupercomputersMehmet Demir
 
Jayquan martinez 11.docx
Jayquan martinez 11.docxJayquan martinez 11.docx
Jayquan martinez 11.docxjayquan
 
Trends in applications
Trends in applicationsTrends in applications
Trends in applicationsAkash Agamya
 
Supercomputers
SupercomputersSupercomputers
SupercomputersMehmet Demir
 
Steffens Art Presentation
Steffens Art PresentationSteffens Art Presentation
Steffens Art Presentationtunabanuna
 
Petra Bosanska Fotograf
Petra Bosanska FotografPetra Bosanska Fotograf
Petra Bosanska FotografPetraBosanska
 
Георгій Клдашвіллі
Георгій КлдашвілліГеоргій Клдашвіллі
Георгій КлдашвілліSmartLviv
 
E government Development in Georgia - e-Gov Data Exchage Agency
E government Development in Georgia - e-Gov Data Exchage AgencyE government Development in Georgia - e-Gov Data Exchage Agency
E government Development in Georgia - e-Gov Data Exchage AgencyE-Government Center Moldova
 
Governance e-Transformation in Moldova
Governance e-Transformation in MoldovaGovernance e-Transformation in Moldova
Governance e-Transformation in MoldovaUSAID CEED II Project Moldova
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business Jinhwan Shin
 
eGovernment in Belgium
eGovernment in Belgium eGovernment in Belgium
eGovernment in Belgium E-Government Center Moldova
 
“The Role of National Identity System and Public-private Value-added Services...
“The Role of National Identity System and Public-private Value-added Services...“The Role of National Identity System and Public-private Value-added Services...
“The Role of National Identity System and Public-private Value-added Services...The i-Capital Africa Institute
 
Integrated Legislative Information System | Nextsense
Integrated Legislative Information System | NextsenseIntegrated Legislative Information System | Nextsense
Integrated Legislative Information System | NextsenseNextsense
 
E-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAEE-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAEThe Internet Show ME 2011
 
Basema aljaberi tra
Basema aljaberi traBasema aljaberi tra
Basema aljaberi traThe Internet Show ME 2011
 
Маріуш Пшибишевський
Маріуш ПшибишевськийМаріуш Пшибишевський
Маріуш ПшибишевськийSmartLviv
 
Real systems egovsumesys2011
Real systems egovsumesys2011Real systems egovsumesys2011
Real systems egovsumesys2011vetalyano
 
Open Data for LvBS by Denis Gursky
Open Data for LvBS by Denis GurskyOpen Data for LvBS by Denis Gursky
Open Data for LvBS by Denis GurskyDenis Gursky
 
On Line Legal Services
On Line Legal ServicesOn Line Legal Services
On Line Legal Serviceslegalwebsite
 
Tim Duggan, CMOD - Doing More with Less
Tim Duggan, CMOD - Doing More with LessTim Duggan, CMOD - Doing More with Less
Tim Duggan, CMOD - Doing More with LessIrene Dehaene
 

Weitere ähnliche Inhalte

Andere mochten auch

How to increase Retweets in twitter
How to increase Retweets in twitterHow to increase Retweets in twitter
How to increase Retweets in twitterAkash Agamya
 
Jayquan martinez 11.docx
Jayquan martinez 11.docxJayquan martinez 11.docx
Jayquan martinez 11.docxjayquan
 
Jayquan martinez 11.docx
Jayquan martinez 11.docxJayquan martinez 11.docx
Jayquan martinez 11.docxjayquan
 
Trends in applications
Trends in applicationsTrends in applications
Trends in applicationsAkash Agamya
 
Steffens Art Presentation
Steffens Art PresentationSteffens Art Presentation
Steffens Art Presentationtunabanuna
 
Petra Bosanska Fotograf
Petra Bosanska FotografPetra Bosanska Fotograf
Petra Bosanska FotografPetraBosanska
 

Andere mochten auch (8)

How to increase Retweets in twitter
How to increase Retweets in twitterHow to increase Retweets in twitter
How to increase Retweets in twitter
 
Jayquan martinez 11.docx
Jayquan martinez 11.docxJayquan martinez 11.docx
Jayquan martinez 11.docx
 
Supercomputers
SupercomputersSupercomputers
Supercomputers
 
Jayquan martinez 11.docx
Jayquan martinez 11.docxJayquan martinez 11.docx
Jayquan martinez 11.docx
 
Trends in applications
Trends in applicationsTrends in applications
Trends in applications
 
Supercomputers
SupercomputersSupercomputers
Supercomputers
 
Steffens Art Presentation
Steffens Art PresentationSteffens Art Presentation
Steffens Art Presentation
 
Petra Bosanska Fotograf
Petra Bosanska FotografPetra Bosanska Fotograf
Petra Bosanska Fotograf
 

Ähnlich wie DATA EXCHANGE AGENCY INTRODUCTION - Irakli Lomidze

Георгій Клдашвіллі
Георгій КлдашвілліГеоргій Клдашвіллі
Георгій КлдашвілліSmartLviv
 
E government Development in Georgia - e-Gov Data Exchage Agency
E government Development in Georgia - e-Gov Data Exchage AgencyE government Development in Georgia - e-Gov Data Exchage Agency
E government Development in Georgia - e-Gov Data Exchage AgencyE-Government Center Moldova
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business Jinhwan Shin
 
“The Role of National Identity System and Public-private Value-added Services...
“The Role of National Identity System and Public-private Value-added Services...“The Role of National Identity System and Public-private Value-added Services...
“The Role of National Identity System and Public-private Value-added Services...The i-Capital Africa Institute
 
Integrated Legislative Information System | Nextsense
Integrated Legislative Information System | NextsenseIntegrated Legislative Information System | Nextsense
Integrated Legislative Information System | NextsenseNextsense
 
Маріуш Пшибишевський
Маріуш ПшибишевськийМаріуш Пшибишевський
Маріуш ПшибишевськийSmartLviv
 
Real systems egovsumesys2011
Real systems egovsumesys2011Real systems egovsumesys2011
Real systems egovsumesys2011vetalyano
 
Open Data for LvBS by Denis Gursky
Open Data for LvBS by Denis GurskyOpen Data for LvBS by Denis Gursky
Open Data for LvBS by Denis GurskyDenis Gursky
 
On Line Legal Services
On Line Legal ServicesOn Line Legal Services
On Line Legal Serviceslegalwebsite
 
Tim Duggan, CMOD - Doing More with Less
Tim Duggan, CMOD - Doing More with LessTim Duggan, CMOD - Doing More with Less
Tim Duggan, CMOD - Doing More with LessIrene Dehaene
 
Zlatan Sabic ICT for Governance
Zlatan Sabic ICT for GovernanceZlatan Sabic ICT for Governance
Zlatan Sabic ICT for Governanceyahoosch
 
E goverance project
E goverance projectE goverance project
E goverance projectSaloni Garg
 
Share of Slovenian practices for building competitiveness
Share of Slovenian practices for building competitivenessShare of Slovenian practices for building competitiveness
Share of Slovenian practices for building competitivenessUSAID CEED II Project Moldova
 
Proposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government DatasetsProposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government DatasetsAravind Sesagiri Raamkumar
 

Ähnlich wie DATA EXCHANGE AGENCY INTRODUCTION - Irakli Lomidze (20)

Георгій Клдашвіллі
Георгій КлдашвілліГеоргій Клдашвіллі
Георгій Клдашвіллі
 
E government Development in Georgia - e-Gov Data Exchage Agency
E government Development in Georgia - e-Gov Data Exchage AgencyE government Development in Georgia - e-Gov Data Exchage Agency
E government Development in Georgia - e-Gov Data Exchage Agency
 
Governance e-Transformation in Moldova
Governance e-Transformation in MoldovaGovernance e-Transformation in Moldova
Governance e-Transformation in Moldova
 
SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business SG(Signgate) PKI Abroad Business
SG(Signgate) PKI Abroad Business
 
eGovernment in Belgium
eGovernment in Belgium eGovernment in Belgium
eGovernment in Belgium
 
“The Role of National Identity System and Public-private Value-added Services...
“The Role of National Identity System and Public-private Value-added Services...“The Role of National Identity System and Public-private Value-added Services...
“The Role of National Identity System and Public-private Value-added Services...
 
Integrated Legislative Information System | Nextsense
Integrated Legislative Information System | NextsenseIntegrated Legislative Information System | Nextsense
Integrated Legislative Information System | Nextsense
 
E-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAEE-Commerce Legal Framework In The UAE
E-Commerce Legal Framework In The UAE
 
Basema aljaberi tra
Basema aljaberi traBasema aljaberi tra
Basema aljaberi tra
 
Маріуш Пшибишевський
Маріуш ПшибишевськийМаріуш Пшибишевський
Маріуш Пшибишевський
 
Real systems egovsumesys2011
Real systems egovsumesys2011Real systems egovsumesys2011
Real systems egovsumesys2011
 
Open Data for LvBS by Denis Gursky
Open Data for LvBS by Denis GurskyOpen Data for LvBS by Denis Gursky
Open Data for LvBS by Denis Gursky
 
On Line Legal Services
On Line Legal ServicesOn Line Legal Services
On Line Legal Services
 
Tim Duggan, CMOD - Doing More with Less
Tim Duggan, CMOD - Doing More with LessTim Duggan, CMOD - Doing More with Less
Tim Duggan, CMOD - Doing More with Less
 
SBRA for IFC Georgia 04june2013
SBRA for IFC Georgia 04june2013SBRA for IFC Georgia 04june2013
SBRA for IFC Georgia 04june2013
 
Zlatan Sabic ICT for Governance
Zlatan Sabic ICT for GovernanceZlatan Sabic ICT for Governance
Zlatan Sabic ICT for Governance
 
E goverance project
E goverance projectE goverance project
E goverance project
 
E-government in Slovenia
E-government in SloveniaE-government in Slovenia
E-government in Slovenia
 
Share of Slovenian practices for building competitiveness
Share of Slovenian practices for building competitivenessShare of Slovenian practices for building competitiveness
Share of Slovenian practices for building competitiveness
 
Proposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government DatasetsProposed Linked Data Migration Framework for Singapore Government Datasets
Proposed Linked Data Migration Framework for Singapore Government Datasets
 

Kürzlich hochgeladen

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 

Kürzlich hochgeladen (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 

DATA EXCHANGE AGENCY INTRODUCTION - Irakli Lomidze

  • 1. Georgia NATO Cyber Security Training Turkey, Ankara 2012 Irakli Lomidze www.dea.gov.ge
  • 2. About Georgia Population: 4,615,807 Language: Georgian, Abkhazian Area: 69,700 sq. km Capital: T'bilisi
  • 3. About Agency Georgian Delegation Irakli Lomidze Head of the Information Security and Policy Division. Vasil Tsvimitidze Information Security Policy Manager Zurab Akhvlediani CERT Leading Specialist
  • 4. Agenda • INTRODUCTION About Georgia E-Development & Cyber Security • FROM STRATEGY TO ACTION • Introduction to information security. • Building blocks of information security strategy, policies and standards. • Actions, roles and responsibilities. • Our Current Projects & Future Plans • BUILDING AWARENESS AND AWARENESS PROGRAM • Common Threats and vulnerabilities • Principles of awareness • Planning and building of awareness program • Awareness program • GEORGIA CASE STUDIES • 2008 cyber attacks during Georgian Russian war • Latest incident (GEORBOT)
  • 5. About Agency LEPL Data Exchange Agency Under Supervision on Ministry of Justice of Georgia Agency has been established in January 2010 Main Directions: • E-Government Development • Information Security Improvement and Development , Operate CERT.GOV.GE
  • 6. 6
  • 7. http://www.e-government.ge/ 7 Public Registry Notary Chamber Civil Registry • Actual Status of Application • Archive of Technical Records • Notary visit online arrangement • Apostil and Legalization • Business Registry • Registry of False Documents • Applying for Citizenship • Cadastral Data • Unified Electronic Registry of Notary • Consular Registration • E-Chancellery • Electronic Registry of Applications • Lien and Tax Lien/Hypothec Registry • Georgian Passports • Pledge/Leasing Registry • Repeated Certificates of Civil Acts • Public Registry: video consultation • Registry of Applications and Rights National Bureau of Enforcement Ministry of Internal Affairs Patrol Police • Debtor Registry • Driver`s License Knowledge Test Examples • Traffic Fines • E-auction • Reservation of State License Plates • Electronic Registry of Enforcement • Validity Extension - Internal Transit Plates
  • 8. http://www.e-government.ge/ 8 Civil Ministry of Finance LEPL Financial Analytics Service • Auto Customs Tariffs • Information Technology Virtual Zone • E-Auction State Procurement Agency • E-Budget • E-declaration • Unified System of State Procurement • E-Treasury Ministry of Education and Science of Georgia • Gambling Business Fees • Information on Entrepreneurs • Buki - Learn With Joy • Online Declaration for Public Employees National Examination Center • Online Payments • Online Payment: NAEC Service Fees • Property Tax Rates/Coefficients • Online Registration for College Entrants • Registry of Active Check Machines • Results: Unified Entry Examinations • Registry of Charity Organizations • Shipping Information and Customs Ministry of Labor, Health and Social Affairs of Georgia Revenue Service • Birth/Death E-certificates • Office of Revenue: E-Services • Healthcare Management Unified Information System
  • 9. http://www.e-government.ge/ 9 Tbilisi City Hall Property Management Agency • Confirmation Copy of Plot`s Attest • Electronic Auction • Constructions: Determination of Permission • Land Parcel Marking/Selection Necessity • Determination of Building`s Red Lines Tbilisi Transportation Company • Determination of Parameters for Urban Development • Online Payment: Public Transportation Fines • General Statement from Tbilisi Arch. • Mark Off a Sketch Project of a Plot • Online Reply from the Office of Architecture Public Service Bureau • Preliminary Examination of Project Sketch • Employment in Public Sector • The First Stage of Construction • Online Asset Declaration • Search for Asset Declarations Tbilisi Architecture Central Election Commission • Tbilisi Architecture - Online Services • Voters: Check Your Status
  • 10. e–ID Project 10 e-ID Card Features • Contact Interface • Personal Certificate for Authentication • Personal Certificate for Electronic Signature • Contactless Interface • 14 Application Storage Security Tbilisi Architecture
  • 11. Current Situation 11 Ministry Of Ministry of Ministry of Justice Education Economy CRA, NAPR Se es s S c r vi c ce Service r vi er s vi vi es Se er ce S s ic es Serv Ministry of Services Ministry of Finacne Internal Affair Se r vi c Services s i ce s Services ses s es ce es ce i ce vi c vi c Servi Servi v r rv Se Ser r Se Se Ser vi ce s Services Se s Se rv Ser es i ce s ce i ce vi ic r vi r ce s Serv Ser v vi c s Se es Other Governmental Bussines Bank Citizen Agencies
  • 12. Current Situation 12 Why is it bad ? Ministry of Education Ministry Of Justice CRA, NAPR Ministry of Economy Systems Integration • Needs deeper integration • They are builds on different Platforms s Se es Se ce Service r vi vi vi c r s ce vi c r Se r s Se es ic es Serv • Difficult to add new organization • Difficult to add or change service Ministry of Services Ministry of Finacne Internal Affair Se rv i ce Services s ices Services s s e s es s e i ce i ce Servic Servic vi c • … v r rv rv Ser Se Se Se Se Ser vic es s Services Communication Se Ser es s ce rv vic ic i ce vi r i ce es Serv rv vi c s Se r Se • High cost of Communication Lines es • Difficult to maintenance • No effective Security Other Governmental Bussines Bank Citizen Agencies • …
  • 13. Evolution 13 So what’s Next ?? Ministry Of Ministry of Ministry of Mystery of Justice Justice Education Economy CRA, NAPR Ministry of Citizen Finance Se es es Se ic Service r vi vi c r rv s ce vi c Se r s Se es ices Serv Ministry of Ministry of Bank Ministry of Services Finacne Internal Affair Education Se rv i ce Services s ices Services s s e s es s e i ce i ce Servic Servic vi c Data Exchange Agency v r rv rv Ser Se Se Se Ser vic es Se s Services Se Ser es s ce rv vic ic i ce vi r i ce es Serv rv vi c s Se r Se es Ministry of Business health Other Ministry of Other Governmental Bussines Bank Citizen Internal Ministries Agencies Affair
  • 14. Data Exchange Infrastructure 14 G3 Georgian Governmental Gateway G3 • Integration – Systems written in different platforms integrated. – Information exchange between systems are unified and standardized. – Single Place to connect to all governmental services. – Open API & Developer Portal for th-3rd Party Developers or Companies. • Sustainability – Garlanded message delivery. – Information does loose even when you are offline. – Mitigate problems when have high loads on systems. • Security – Communication Lines are Secured. (VPN, SSL, Lawyer 2) – Data Exchange Messages are Secured (Encryption, Signature, Times tamp) – Services are Secured (Access Management on Services)
  • 15. Data Exchange Infrastructure 15 G3 Georgian Governmental Gateway Benefits • Better Information Management – Project RoR Unified Registry of Registries. – No Proprietary Data Traffic. – No Data Duplication . – More Effective budgeting on information system. • Transparency – Who is requiring information about you
  • 16. Citizen Portal 16 G3 Georgian Governmental Gateway • Citizen Portal (www.my.gov.ge) – Single Point for Citizens get all governmental e-Services. – Getting information about your self. – Communal Payment. – Granted Mail Delivery. – News about projects in government.
  • 17. Trade Netowrk 17 G3 Georgian Governmental Gateway • TradeNET Single Point for creating/exchange all necessary document for traders. – Reduce of price per container. – Reduce time of serving. – No paper works and document physical delivery needed.
  • 18. Information & Information Systems 18 Information Systems need to be protected
  • 19. 19
  • 20. Information Security & Policy Division 20 Information Security CERT Team Team Computer Emergency Response Team Development & Implementation of Handling Cyber Security Incidents Information Security Standards, Policies and Guidelines Legislation Works: Strategies, Laws, Normative Acts Awareness raising Activities
  • 21. Data Exchange Agency 21 Our Responsibility Segment Information security policy development, implementation, monitoring, development. Public Sector + Critical CERT.GOV.GE (Computer Emergency Response Team) Creation Military Infrastructure Georgian Governmental Network GGN Monitoring Secret CA (Certificate Authority) –Monitoring
  • 22. Cyber Space in a space that needs to be defended 22 Earth Water Air Cyber
  • 23. 23
  • 24. 24
  • 25. Information Security Team 25 We are members of: The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) All our Team members are BSI/ISO trained Professionals. They have multiple year experience working on Information Security Field. All our Team members are BSI/ISO trained Professionals In ITIL. In our Team we have Professionals in MOF.
  • 26. Developing, Implementing Information Security Policy 26 Legislation • Cyber Crime chapter on Crime Code. Updated in 2010 • Protecting Personal Information Law. 2012 • Drafting Information Security Law. 2012 • Cyber Security Strategy. 2012 • Normative regulations … on Going Process These legislation acts do not cover state secret of military sectors
  • 27. Developing, Implementing Information Security Policy 27 Information Security Implementation • Information Security Policy for Ministry of Justice 2010 • Info Sec Policy Ministry of Economy and Ministry of Health 2011/2012 • Standards and procedures for Information Security. 2010-2012 • Operation management standards and guidelines. 2012 • Localize and adaptation ISO 27000 Series Standards. 2011 • Trainings Course for Information Security Implementation. 2012
  • 28. Developing, Implementing Information Security Policy 28 Awareness • Creating Web Site with Cyber Security Articles 2011-2012 • Creating Calendar with Cyber Security Threads. 2012 • Presentations on Information Security & Risk. 2010-2012 • Project with IMPACT Planning in 2012 • Annual GITI Georgian IT Innovation Conference 2008-2012
  • 29. 29
  • 30. CERT.GOV.GE (Computer Emergency Response Team) 30 Founded in 2011 We are members of: The Cyber security Executing Arm Of The UNITED NATIONS SPECIALISED AGENCY of The International Telecommunication Union (ITU) The Trusted Introducer - a.k.a. TI - is the trusted backbone of the Security and Incident Response Team community in Europe Certifications: All Our Team members are Certified by SANS GIAC
  • 31. CERT.GOV.GE (Computer Emergency Response Team) 31 Our Partners: www.impact-alliance.org www.terena.org www.nato.int www.shadowserver.org www.team-cymru.org www.arbornetworks.com www.arakis.pl www.eset.com www.microsoft.com www.symantec.com CERT-EE http://www.cert.pl/ www.cert.ee/
  • 32. CERT.GOV.GE (Computer Emergency Response Team) 32 Incident Responding • Helping solve Cyber Incidents for our customers. 2011 • Incident Reporting Portal with ticking systems. 2011 • National Incident Database. 2012 on going. • Analyzing cyber resources for the vulnerabilities. 2011 • Partnership with other CERTs over the world 2011-2012
  • 33. CERT.GOV.GE (Computer Emergency Response Team) 33 CERT Services • Penetration Test Service. Since 2011 • IP Monitoring Services. Since 2012 • Source Code Analyze Service. Since 2012 • Tannings for Incident Handling 2012 on going Project.
  • 34. CERT.GOV.GE (Computer Emergency Response Team) 34 Other Plans for 2012. • Creating local volunteer groups for better Defense of cyber space of Georgia. • An Intrusion Detection System (IDS) and Network Monitoring Sensors
  • 35. 35
  • 36. Next Presentations for Today 36 From strategy to action • Introduction to information security. What is information security, threat, risks, vulnerabilities, basic terms and definition? • Building blocks of information security strategy, policies and standards. Identify and establish country wide information security strategy, establish policies standards and procedures, implementation of different types of control objectives: managerial, technologies, business processes. Introduction to main domains of information security management system depending on international information security standard (ISO 2700x). • Actions, roles and responsibilities. What kind of actions is needed for information security risk treatment. Roles and responsibilities of information security professionals. • Our Current Projects & Future Plans About IP Monitoring Services, About Network Sensors, About Penetration Services, About Source Code Analyzes, Information security policy implementation, Information security audit, Information security trainings. By Vasil Tsvimitidze
  • 37. Next Presentations for Today 37 Building awareness and awareness program • Common Threats and vulnerabilities Types and examples of information security threats: Unauthorized Access, Cyber Espionage, Malware, Data Leakage, Mobile Device Attack, Social Engineering, Insiders, Phishing, System Compromise, Spam, Denial of Service, Identity Theft. • Principles of awareness Main principles tool and techniques for awareness rising. • Planning and building of awareness program How to plan information security awareness program taking to note cultural differences, available resources and objectives • Awareness program Hands on development specific awareness program, depending on Georgian practice. Defining awareness program and identify priorities. Identification of success assessment metrics. Development or localization materials for government organizations, business companies and citizens. By Vasil Tsvimitidze
  • 38. Next Presentations for Today 38 Georgia case studies • 2008 CYBER ATTACKS DURING GEORGIAN RUSSIAN WAR Facts Of The Case, Methods Of Cyber Attacks, Defacement Of Websites, Dos And DDOS Attacks, Distribution Of Instructions And Malicious Software, Cyber Blockade, Sites Providing DDOS Attack Tools, Part Of The Information War, Origin Of The Attacks, Russian Business Network, Countermeasures • LATEST INCIDENT (GEORBOT) Introduction, Identification, Attack Vectors, Malware Analysis, Bot Panel Analysis, Decrypting Communication, Cooperation with CERT/ MS /ESET, Countermeasures, Incident Responding Chronology, Methods, Origin of the Attack, Unmasking, Bot master/ Attackers By Zurab Akhvlediani
  • 39. Lab for Second Day. 39 Basic incident handling • PART1 PCAP TRACE ANALYSIS – SERVER SIDE ATTACK Task 1: Introductory scenario, fake web server vulnerability exploitation step-by-step Task 2: Dabber scenario • PART 2 PCAP TRACE ANALYSIS – CLIENT SIDE ATTACK Task 1: Drive-by download without fast flux Task 2: Drive-by download with fast flux By Zurab Akhvlediani
  • 40. Q/A 40 Contact Information: The Ministry of Justice Data Exchange Agency Tbilisi, Georgia 0102 Tsminda Nikolozis/Nino Chxeizis St. N2 Phone: +995 (32) 2 91 51 40 E-mail: info@dea.gov.ge Ilomidze@dea.gov.ge
  • 41. Thank you for your attention

Hinweis der Redaktion

  1. Hallo, everyone, My Name is Irakli Lomidze, I’m represent Georgian delegation to this event. I want tell many hanks for our Turkish colleges to organize this nice event.
  2. Few Word About Country, that we represent here. We are from Georgia. Georgia is located between Black and Caspian see. Our Nabors are Turkey, Azerbaijan, Armenia and Russia. Total Population is about 4.6 Million. Official Language is Georgian and Also Abkhazian. Area is about 70 000 km sq. Capital is Tbilisi, this is very nice city I surges to visit it.We get Independence after Russian 200 year occupation in 1991. After 1991 we had 3 war with Russian federation.Last one was in 2008, in this war first time was used Cyber attach with armed attack, we have special presentation for them.
  3. I would like introduce our team.
  4. Our Sessions will continue during 2 days. And there is a our Agenda.Introduction: Who we are. Our Activities and responsibilities, Shorty about cyber activities in Georgia Legislation and Strategies.DEA Security and E-government Projects, Information Security Activities.Basic Introduction on Information Security: What is information security is, Overview Information Security Standouts, Overview Series ISO 2700x Standards,Introduction on ISO 27001. Cyber Attacks During Georgian Russian War. Facts Of The Case, Methods Of Cyber Attacks, Defacement Of Websites, Dos And DDOS Attacks, Distribution Of Instructions And Malicious Software, Cyber Blockade, Sites Providing DDOS Attack Tools, Part Of The Information War, Origin Of The Attacks, Russian Business Network,CountermeasuresLATEST INCIDENT (GEORBOT): War is not over !. Introduction, Identification, Attack Vectors, Malware Analysis, Bot Panel Analysis, Decrypting Communication, Cooperation with CERT/ MS /ESET, Countermeasures, Incident Responding Chronology, Methods, Origin of the Attack, Unmasking, Bot master/ Attackers ABOUT INCIDENTS Handling & CERT: What are cyber incidents?Incidents Types. Virus, DDOS, Exploit …Incidents Categorization (ENISA Standards, NIST Standards, ISO Standards).Identify required resources. What staff, equipment, and infrastructure are needed to operate the CERT?Determine your CERT funding. How is the CERT funded for its initial startup and its long-term maintenance and growth?BASIC INCIDENT HANDLING: This exercise provides students with experience of real-life incident reports, their ambiguity and complexity. With exercises.MALWARE: General Introduction, Types of malware, what is a virus.Examples of malware activities.Malware Types, Evolution of Malware, Malware Behavior Analyzing Techniques, Monitoring OS Changes Monitoring Malware Generated Network Traffic. Tools and Distributions for Analyzing Malware. Online Services, For Malware Analyze.NETFLOW ANALYSISThe objective of the exercise is to familiarize students with standard network monitoring tools, analysis of network security events. With exercises.FORENSIC ANALYSISLog file AnalysisBrowser History InspectionInternet Activity InvestigationRestoring Deleted FilesSecurely Wipe DataCapturing Evidence (Live CD) Using ToolsOUR CURRENT PROJECTS & FUTURE PLANSIP Monitoring Services, Network Sensors, Penetration Services, Source Code Analyzes.
  5. Name of our Agency is “Data Exchange Agency”LEPL Means, Legal Entity of Public low, I don’t know if same types of governmental structure exists in your country.But in few words this is governmental organization witch allowed to have self income. For example sell Governmental Electronic Services.This Organizations is working under supervision of Ministries, our Agency is under the Ministry of Justice of Georgia.
  6. Since 2003 year, situation on Georgia radically changed. Georgian Government Started developing E Services for Citizens and for Business. It makes life easier. All Major Governmental Structures started developing its IT infrastructures. In 2010 our agency has been lunched web site http://www.e-government.ge/ on this site there is a list of e services that Georgian governmental structures is providing.All structures is rapidly developing and this list might be not full. New e-services is coming every week.
  7. You can visit this site and see e-services that is already developed and working.
  8. You can visit this site and see e-services that is already developed and working.
  9. You can visit this site and see e-services that is already developed and working.
  10. You can visit this site and see e-services that is already developed and working.