SlideShare ist ein Scribd-Unternehmen logo

Information Security (Management) at Stake In Belgium v1.1

Als PPTX, PDF herunterladen
Dominique Volon
Dominique Volon
1 von 41
INFORMATION SECURITY (MANAGEMENT) AT STAKE IN BELGIUM DominiqueVolon Trusted Advisor – Sr Manager in IT & Information (Cyber) Security Former DG of FEDICT for Information Security Management, IT Service Management, Legal (privacy) and Public Procurement http://be.linkedin.com/pub/dominique-volon/a/440/864 A ‘long’ journey from 2003 to 2016 1Copyright 2016 Dominique Volon – IT Transforming For Benefits – V1.1 – 06-10-2016
AGENDA  Aim of presentation /We live in an Information Society !  Information Security Management :What’s in it for me ?Where it should apply ?  Protection of E-government social security assets (BCSS)  Protection of E-governement other assets (FEDICT)  Be-Aware : Evangelization of Federal Public Services  Institutional Public Lansdcape in Belgium  A glimpse at Legal contexts  Be-Networked : BelNIS Federal State Level -> Belgian Center for Cybersecurity  Epilogue, Continuum 2Copyright 2016 Dominique Volon
AIM OFTHIS PRESENTATION To relate the journey made to aware (so far) the field and political actors about Information Security Management in Belgium To give you a view of the enourmous involvement of field security actors to shape the Belgian Information Society And the need to continue ! 3Copyright 2016 Dominique Volon
WE LIVE IN AN INFORMATION SOCIETY ! Development of society’s education from the Arts, Science and Religion Speeding/spreading information and knowledge through Monks and the printed Bible  Revolution separating political power from religion (1589 - 1789)  Industrial progress : Electricity (Edison),TSF (Marconi),Telephone (Bell),TV  Faster evolution for counting machines and computers (1920’s -> now)  Digitisation of physical phenonoms (A/D, D/A converters), transporting at the speed of light and air (optical fibers, satellites)  The network is the computer, information is a valued asset -> IOT 4Copyright 2016 Dominique Volon
WE LIVE IN AN INFORMATION SOCIETY ! Information has becomed an intelligence factor for Businesses in all the sectors of Economy  We want to know the habits of consuming and living people :  To attract them and propose new services in real life :  E-banking and payment services, entertainment,  E-health and social security services, E-learning, E-commerce  Or simply make life easier through a bunch of digital channels BUT what happens if these channels and the providers at the end of it are not protected ?  Our present and forthcoming way of life will be jeopardized (privacy, denial of service !)  We need Information Security Management at mass media level ! 5Copyright 2016 Dominique Volon
INFORMATION SECURITY MANAGEMENT : WHAT’S IN IT FOR ME ? What is the value of Information Security Management at mass media level in our life ?  Known and safe usage of secured IT services over the Internet  Cyberspace that is made more safe for both consumers/providers  Trust in using Information andTelecommunication means  Chasing the Bads out of theWeb … (criminality and terrorism)  Protection for our way of life Realising it it’s : Adopting a Systems-wise protecting strategy and policy for our country- wide critical information assets Adopt an ‘enlighted’ behaviour when using Cyberspace 6Copyright 2016 Dominique Volon
WHERE INFORMATION SECURITY SHOULD APPLY? How to obtain Information Security Management at the mass media level in our life ?  Be aware ! Risk andThreat evaluation is an on-going practice for making, using and dsitribution of information on a need-to-know basis  Protecting our way of life adopting a Systems-wise approach, aVision for Information Security and protecting policies for our country-wide critical information assets Social Security, Health; Transport (Ports and Civil Aviation), Energy (Electricity, Gas, Petrol); Finances (BNB, banks) andTelecom Operators; Education (Univerisity, R&D); Economy itself ! Federal and federated public services; Political levels. 7Copyright 2016 Dominique Volon
PROTECTION OF E-GOVERNMENT SOCIAL SECURITY ASSETS (CBSS – BCSS-KSZ) Security Governance for Social Sector  Assets to be protected :  Social security rights and Health practice for the belgian population  Capacity of Information exchange through Social Security actors  Data privacy  Response :  A federated capacity of exchanging information using safe and reliable electronic means across all actors of the sector :  The Cross Bank for Social Security - CBSS - BCCS - KSZ starting early 90’s  The E-Health platform for federating health practitioners. All both implements a strong Information Security Management strategy and policy within a legal framework based on a Royal Decree of 1993 and presence of Information Security Officers. 8Copyright 2016 Dominique Volon
PROTECTION OF E-GOVERNEMENT ASSETS (CBSS – BCSS - KSZ) BCSS (E-Health) SPF Social Security & Health CPAS/OCMW INASTI OSSOM INAMI/R IZIV ONAFTS …… ONP Transformation at Stake for 6th State Reform Only a High LevelView, network of BCSS is quite larger 9Copyright 2016 Dominique Volon
PROTECTION OF E-GOVERNMENT ASSETS (FEDICT : FEDERAL PUBLIC SERVICES ICT) Security Governance for FEDICT  Assets to be protected (the catalogue of e-gov services) :  the digital identity of the belgian population using eID  the accesses to the federal portal services  the federal portal services themselves giving accesses to authentic sources such as Cross Road Bank of Enterprises, CBSS or in FPS Finances (Tax-On- Web application)  Trust has to be built when using communication services  FedMan network; Middelware(s)  Communication and services such as mail relay, file transfer, remote access. Offering a secured and reliable availaibility of 99,5% almost 24/7 a week and continuity of service. 10Copyright 2016 Dominique Volon
PROTECTION OF E-GOVERNMENT ASSETS (FEDICT) Security Governance for FEDICT  Response for digital identity:  Establishing eID pilot and roll-out programme with National Register  Royal Decree for eiD card, Governance of Certification Authority (Belgian root PKI), Service Management and monitoring, Business Continuity live- verification  Performing Risk assesment of cryptography with COSIC (KUL) and Crypto Lab (UCL)  eID proxy, eID middelware, eID card readers with IT industry actors (Microsoft)  Encouraging usage of the eID by linkin with AGORIA and Security initiatives (L-SEC) and pilot in Bank (Ethias), presentation to cities 11Copyright 2016 Dominique Volon
PROTECTION OF E-GOVERNMENT ASSETS (FEDICT) Response for protecting accesses to www.belgium.be :  Perimeter security defense in several network zones (V1,V2) for public interface  IAM (simple and strong authentication) integrated with user management, mandates and federation of identities (led to e-gov logon and CZAM federal logon)  Disaster Recovery Planning on two nodes forV1, full Business Continuity-DRP Planning forV2  FedMan protection (technical and CERT.be organization)  Regular and permanent usage of vulnerability scanning 12Copyright 2016 Dominique Volon
PROTECTION OF E-GOVERNMENT ASSETS (FEDICT) Response for portal services themselves  Escrow service for portal developped S/W  Business Impact Analysis forTax-on-Web verifying DRP  Negotiation of tight SLA and penalties with Accenture Managed secured services to protect communication channels  Secured mail relay, file transfer, Secured remote accessVPN/SSL  Additional shared firewall service  Digital certificates for critical servers  Vulnerability scanning 13Copyright 2016 Dominique Volon
BE-AWARE : EVANGELIZATION OF FEDERAL PUBLIC SERVICES  Security Governance for Federal Public Services (13)  Starts with Awareness of ISM to Chairmans about Business Continuity theme  Recruiting CISO and ISO team with focus on Risk Assessment and continuity as start of the Security expertise pole;  Organisating Infosec forum inside Federal Public Services with CISO and ISOs from the SPFs  Animating forum and adopting ISO 27k as InfoSec framework  Definining Roles & Responsibilities of ISO and organic career inside Public Services via P&O  Standards and best practices for Information Security Management 14Copyright 2016 Dominique Volon
BE-AWARE : EVANGELIZATION OF FEDERAL PUBLIC SERVICES  Security Governance for Federal Public Services (13)  Royal Decree for formal nomination of ISO reporting to chairman of FPSs.  InfoSec expertise available at Fedict Service catalogue for all FPS, OIP and Regions  Business Impact/Risk Assessment for deducting protection measures  Presence in Business Continuity Steering Commitee of Finances (BIA-DRP capabilites)  General advice to the regions for Infosec matters (governance, R&R)  Offering of Managed Security (&Secured) Services available from Fedict catalogue 15Copyright 2016 Dominique Volon
INSTITUTIONAL BELGIAN LANDSCAPE  Federal Public Services : 10 sectorial +4 horizontal (will change in 6th Reform)  FPS Interior : Registre National : accountable for manaaging the organic identification of the belgian polulation and keep it update inside a National Register  FPS Economy : Accountable for Economy, consumer regulations, …. And Crossroad Bank of enterprises  FPS Finance : Accountable for funding of the State for perceiving taxes  FPS Justice : Accountable for Justice (Courts, Prisons, Law and legal enforcement,)  FPS ICT (FEDICT) : Accountable for e-governnent (except in Social Security sector -> BCSS) -> description of the federal public services on www.belgium.be 16Copyright 2016 Dominique Volon
INSTITUTIONAL BELGIAN LANDSCAPE  Public Services nested at federal level dealing with Infosec :  ANS-NVO-[NSA] – FPS Foreign Affairs : Care for security clearance and accreditation of information systems dealing with classified information  Computer Crime Unit (federal and regional) – FPS Interior (Police) : Cares for cybercrime in civil society in general and investigates complaints  Crisis Center – FPS Interior : Cares for coordination of a crisis on the view point of emergency services when the dammage is at level 4 in the Country, Liaise with Province Governors  SGRS – [Military Intelligence] – FPS Defence : Accountable for Military Intelligence and protection of Military (Courts, Prisons, Law and legal enforcement)  State Security – FPS Justice : Civil intelligence , security clearance enquiries 17Copyright 2016 Dominique Volon
INSTITUTIONAL BELGIAN LANDSCAPE  Other legal institutions :  Commission de la Protection de laVie Privée (Data Privacy)  Parliamentary commission composed of Magistrates and experts  Issue authorisation of treatments for personal data in Information Systems according laws of 1992,1998 and 2003  Gives exemptions in case of public security / state interest  FEDICT is the Sectoral Authority for introducing the FPS authorisation files to the Privacy Commission to obtain authorisation of privacy data treatements in the Federal Information Systems 18Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS  Belgium and European Union  Identity & Signature  Protection of vital assets  Privacy  Intellectual Property  Criminality  Organisation of Federal Authorities  Outside European Union (United States)  US Safe Harbor …  US Patriot Act 19Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Identity & Signature  FPS Interior - National Register is the custodian of the Identity of the Belgian asof their birth until death – each Belgian is assigned a single and unique National Register Number whose first sequence is its birth date  Royal Decree of eID (format, information datafield, digital certificates on eID card) : the eID combines the legal definition of a document and of a digital container containing strictly the information data to identify and locate the official residence of the card holder plus two digital certificates that can be used to authenticate and signed documents as it was a qualified written signature.  Electronic Signature : EE Directive of 1999 : BelgianLaw 9/7/2001 : electronic signatures and certification services. Electronic signature : cannot be repudiated in Justice. Qualified electronic signature : usage of a digital certificate which is qualified by an accredited Certification Authority.  FPS Economy control and accredit Certification Authorities (e.g. Certipost) 20Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Protection of vital assets Classified Information  Is handled by Individuals and Information Systems  Law of 11/12/1998 pave the way for information classification and security clearance for individuals (and firms) handling this type of information, enforced by Royal Decree 24/3/2000. Classification and clearance for individuals is seen according the damage impact if the information is divulged. Royal Decree 2013 for the fees of obtaining clearance. 21Copyright 2016 Dominique Volon National Security Damage if information divulgation BE UE NATO Very Serious TRES SECRET TRES SECRET UE Cosmic Top Secret (CTS) Serious SECRET SECRET UE NATO Secret (NS) Breach CONFIDENTIEL CONFIDENTIEL UE NATO Confidential (NC) Effect (diffusion restreinte) RESTREINT UE NATO Restricted (NR) None NATO Unclassifed
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Protection of vital assets Classified Information  Security Clearance of Individuals (and firms) is handled by ANS-NVO-[NSA] - Level is based on need to know for the job - ANS asks State Security (civilians) or SGRS (military) to enquire (private life security)  Information Systems accreditation - EU regulation (2001/264) in 3 steps : Evaluation,Certification,Accreditation - Evaluation : by experts, auditors or accredited laboratory - Certification : Conformance certificates are issued by control organisms, accredited by BELAC - Accreditation Body : ANS in association with BELAC 22Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Protection of vital assets Critical Infrastructures of Belgium  2008/114 EU Directive : European Critical Infrastructures  Energy andTransport sectors  BE Law of 01/7/2011 : BelgianCritical Infrastructures, Royal Decree 27/5/2014  Adds Finance and electronic communications sectors  ScopingVital Functions, health, social, security/safety, economical prosperity  Acting through SectorialAuthorities or ‘Regulators’  Finance : National Bank of Belgium (oversight of Banks and Financial organisms)  CFMA : regulator for Insurance companies  Telecommunications : Belgian Institute for Post andTelecommuncations - Energy : CREG / AFCN - ….. - Every operator of a recognized infrastructure as critical at the level of the Country must develop and exercice a Security Plan, namely for Business Continuity 23Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS  Privacy  Electronic communications Law of 13/06/2005 concerns :  Operators constrained for :  Security measures (technical / organisational)  Free security services  Notification of Security Incidents to IBPT, Privacy Commission, Customers  AllowingAudit by BIPT or mandated independent organism  Retention of traffic data (traffic /geolocation)  IBPT as regulator accountable for :  Security of telecommunication,Coordination,Oversight of problem detection  Instructions, control and recommendations to Operators 24Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS  Privacy  EU GPDR : European Union Global Data Privacy Regulation of May 2016.  Not a Directive, replace the former EU Directive on Privacy (that needed to be ratified by each national parliament to become an in country Member State law – Subsisadirity Principle)  GDPR Regulates, thus place immediate compliance from the day it has been voted by European Parliament on all Member States and published in the L Official Journal (26 May 2016)  Imply immediate compliance exercice final for up to 2018  As of 2018, EU (EC) can audit companies and impose legally heavy financial penalties :  For light of medium infringment to GDPR, 10 millions €  For severe infringment to GDPR, 20 millions € or 4% of the turn-over of the Group of companies that an holding can detain. 25Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS  Privacy when working in private sector – CCT81 (26/4/2002) :  Controlling of communication data on workplace  End Goals : 1. Prevent illegal & illicit behaviours (hacking, racism, pedophilia,…) 2. Protection of employer’s interests 3. Technical security of systems 4. Respect of internal regulations (policy for usage of Information Systems…)  Proportionality &Tranparency:  Minimal interference in private life, Information is to be made collectively and individually  Anamoly in 1,2,3 case -> find the individual root cause  Anomaly in 4th case -> collective warning and if anomaly is repeated -> find the individual root cause  Filtering of data (journalling and random controls) 26Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Intellectual Property  Directive 91/250 : computer programs  Directive 96/9 : data bases  Directive 2001/29 : Authors rights – information society  Law(10/04/2014) : Intellectual Property  Best practices to protect critical IT assets for developed S/W by your providers :  Acquisition of a specialised escrow service;  Inclusion of IP rights clause and escrow agreement mechanism in public procurement procedures;  Verification of systems rebuild capabilities at three levels (deposit of source code, rebuild of a minimal system, rebuild of major part of the systems functions). 27Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Criminality  Directive 2013/40 – Attacks against Information Systems  Law (28/11/200) : computer criminality – ‘Code Pénal : art 116-118’  Directive 2006/24 : retention of traffic data  Law (30/7/2013) : retention of traffic data and geolocation  Court of Justice decision : abrogation of 2006 directive (you know more will come ….) Scope :  Computer forgery, Access rights abuse, Sabotage,  Distribution of illicitly acquired data, dsitribution of harmful data;  Defence / State Security : data and information communication to a foreign country  Retention of data / geolocation 28Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Organisation of Federal Authority  1990 : Organic Law constituting the CBSS – KSZ - BCSS  1993 :Royal Decree for information security in Social Security sector  1997 : Royal Decree for communicating between social institutions  2001 : Royal Decree establishing FEDICT  2007 : Modification of FEDICT Royal Decree to participate to 7th R&D Research programme of European Commission with STORK projet (interoperability of digital identities across EU)  2012 : ‘FEDICT’ or ‘Only Once’ law : FEDICT as federal services integrator acting as TrustedThird Party  2103 : Royal Decree for (Chief) Information Security Officers in FPSs  2014 : Royal Decree founding the Belgian Cybersecurity Center 29Copyright 2016 Dominique Volon
A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS United States US Safe Harbour  EU Directive 95/46 : Prohibition of transferring personal data outside EEE with exceptions (at equivalent protection level)  2001 : Agreement CEC/US Department of Commerce  Principles : Notification and freedom of choice of individual, Security,Treatment of data conformant to the declared end goal,Access Rights and Correction US Patriot Act (2001)  Reaction to 09/11 -> Mandate for numerical screening and for retaining data into custody.  Concerns hosted data in US and anywhere in the world.  Concerns any society (US, daugther companies and non-US on US ground) 30Copyright 2016 Dominique Volon
BE-NETWORKED : BELNIS PLATFORM  Initiative of FEDICT’s Minister PeterVanvelthoven (2005)  Identify major Information Security Stakeholders at the level of the State  Put them inside a round table and discuss the competences of their Insitutional mandate regarding Information Security (and available means …)  Federate the interests and form a guiding expert coalition to aware in the wider form the Belgian Governement first and the Belgian Information Society at large  Make the spirits ready for appraising the chain and the degree of Information Security maturity in Belgium o Liaise with European Security initiatives (ENISA through BIPT) o Animate working groups on security subject matters o MakeWhite Paper for Information Security and propose improvements (2007) o Goal : Make Information Security a dedicated point at the governmental agenda 31Copyright 2016 Dominique Volon
BelNIS FCCU FEDICT CERT.be Sureté de l’Etat CCB ANS DGCC Belac SGRS BelNIS & Stratégie de Cybersécurité IBPT Industries Academics International Transformation at Stake for 6th State Reform Redesign 32Copyright 2016 Dominique Volon
BE-NETWORKED : BELNIS STAKEHOLDERS Starting in 2005 :  FEDICT, actor and federator of the platform  Invited at an oval table :  FCCU : Federal Computer Crime Unit from FPS Interior  Belac : from FPS Economy – Accreditation body for Information Security  DG CC : Crisis Center – from FPS Interior  ANS : Autorité Nationale de Sécurité (habilitation et homologations des systèmes d’information classifiés) – from FPS Foreign Affairs  BIPT : Belgian Institute for Post andTelecommunications (regulator)  State Security  SGRS : Military Intelligence  Belac : accreditation of IS dealing with classified information 33Copyright 2016 Dominique Volon
BE-NETWORKED : BELNIS PLATFORM  BelNIS made himself aware of a global InfoSec situation in Belgium  BelNIS liaise with the ENISA through IBPT/FEDICT sharing 2 seats  BelNIS structured itself in subject matter workgroups and has produced :  TheWhite Paper for Information Security for Belgium in 2007  Creation of Cert.be (FEDICT funding and BELNET operations) to protect federal assets in 2009 (namely FedMan and Internet connection points)  Examination the business case for creation of a Security National Agency and deduct that such a ‘vertical response’ was not quite appropriated  National Strategy for Cybersecurity in 2012 with a push for the creation for a CyberSecurityCenter for whole Belgium (the missing ‘Core’) in 2014 34Copyright 2016 Dominique Volon
BE-NETWORKED : BELNIS PLATFORM  BeLNIS actors also participated to the first steps for creating Industry and Academy awareness  2011 KUL initiative : B-CCentre : cybercrime center for Excellence, R&D and Education (COSIC, ICRI, L-Sec members, etc.)  2014-2015 : Cybersecuritycoalition  Cybercoalition : cross-sector partnership between players from the academic world, the public authorities and the private sector to join forces in the fight against cybercrime (50 major actors … to develop further) 35Copyright 2016 Dominique Volon
BE-NETWORKED : BCC  BCC : Belgian Cybersecurity Center  Founded by Royal Decree in 2014, Headed by Miguel Debruycker  Reporting to Chancellery under PM umbrella  Operational Arm arising out of BelNIS platform  Missions :  Supervision of Infosec Strategy  Coordination of Public Authorities  Coordination public / private / academy  Proposal to adapt legal framework  Crisis management with Cert.be  Issuing standards and directives for Infosec  Evaluation and accreditation of Classified Information Systems (with BELAC)  User awareness 36Copyright 2016 Dominique Volon
THEWAY FORWARD Major actors are still lacking in this story :  FPS-Economy it self, for developping a Belgian Information Society (Policy is hardly set from the FPS Economy) that care with e-services (e-commerce, e-payment infrastruture – Worldine and others) and establish a digital security capacity in Belgium, linking with the Eurpean Union level.  Sectorial regulators :  BIPT is in it, NBB has warned the Banking sector to care for business continuity and information security practices (will it be sufficient ?)  Others ? What about CREG (energy), transport sector, etc. ?  Market leader Operators in all the Sectors (only 50 in the coalition)  Federation of providers and consumers (COMEOS) ? …..  We’ve still a huge chunk of work to aware, protect and enable growth of the complete Economy Blocks for Belgium ! 37Copyright 2016 Dominique Volon
THEWAY FORWARD  EUROPE IS MOVING ON DATA PROTECTIONAND REGULATIONSTo push Members States to Act : EU GDPR – Global with heavy fines if not compliant for May 2018 -> huge impact on Data management Lifecyle by modification of data classification meaning impact on data back-up/restore capability of Global Storage solution and DR capabilities as well as on processes  EUROPE is contraining the SectoralAuthorities with a more stringent regulations in any sector to fight against crime and to upgrade business continuity operations, there will be more in coming months and put establish the relevant governance by forcing continuity .  Namely, this is the case of Finance Sectors trough BNB and CSSF regulations in Belux context which evolves under stronger pressure of European Central Bank and force compliance through continuity and security audits by competent experts from the domain. (Banking, Insurance, Investment companies, e-payment services)  The other domains follows also:Telecoms (BIPT), Energy (CREG), etc. that shall comply Copyright 2016 Dominique Volon 38
EPILOGUE  Information Security Management relies on a federation of interests : public authorities, consumers and providers of information data and channels to do business.  Trust will be the combination of a chain of actions from all the actors of the Information Society : industry, academic, etc. But also internationally (EU, USA, Asia/Pacific, India, MiddelEast)  Information Security Management will provide protection only if a continuum of efforts and actions is continuously supported on the long run by business communities. It’s too often left to Techies people ! Think to secure and protect your business first before thinking of technologies : only business is capable of considering business risks and consequences.  Don’t leave public authorities alone in this journey, participate !  Convince your executives to fund Information Security Management for their own good, care for that the highest Executive Level invests in a regular risk management and protection practice of your business assets using information. 39Copyright 2016 Dominique Volon
CONTINUUM OFTHE JOURNEY Accountable for InfoSec Management inside your corporation ? :  Organize Security Governance (the use of it) and Management (the making of it) inside your corporation – Use recognized international standards (COBIT 5, ISO 27k, MOR-ISO31k, InfoSec, ITIL, TOGAF, SABSA and IT Best Practices standards) AND tailored them to your businesses!  Be sponsored at the highest Level by a forming a Steering Commitee (or Sponsor Group)  Ask that you report to the highest Executive level of hiearchy (must be close to the business strategies and valued assets)  As a Senior Responsible Owner, propose a 360° Vision inside the company and outside the company (look at your customers) : Enterprise Architecture, IT services.  Information Security must protect, enable and support the growth of company’s businesses. 40Copyright 2016 Dominique Volon
THANKS  To all Information Security professionals delivering ‘on top of’ their normal works sharing expertise and concerns !  For perseverance and being patient  For the audience listening or having read this journey … and this is still a ‘Hobbit Journey’ or maybe a ‘Never ending Story’ because Information Security is staying for good … Copyright 2016 Dominique Volon 41

Empfohlen

Information Security (Management) at Stake In Belgium
Information Security (Management) at Stake In BelgiumInformation Security (Management) at Stake In Belgium
Information Security (Management) at Stake In BelgiumDominique Volon
 
Information security (management) at stake in belgium 2017 v1.2
Information security (management) at stake in belgium 2017 v1.2Information security (management) at stake in belgium 2017 v1.2
Information security (management) at stake in belgium 2017 v1.2Dominique Volon
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceGareth Niblett
 
IDG Public Sector Brochure in 2013
IDG Public Sector Brochure in 2013IDG Public Sector Brochure in 2013
IDG Public Sector Brochure in 2013Annie Hoang
 
Cnil 35th activity report 2014
Cnil 35th activity report 2014Cnil 35th activity report 2014
Cnil 35th activity report 2014Market iT
 
Final projet
Final projetFinal projet
Final projetserge-parfait Goma
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalRobertPike
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016Saira Nayak, JD, CIPP/US/E
 

Empfohlen

Information Security (Management) at Stake In Belgium
Information Security (Management) at Stake In BelgiumInformation Security (Management) at Stake In Belgium
Information Security (Management) at Stake In BelgiumDominique Volon
 
Information security (management) at stake in belgium 2017 v1.2
Information security (management) at stake in belgium 2017 v1.2Information security (management) at stake in belgium 2017 v1.2
Information security (management) at stake in belgium 2017 v1.2Dominique Volon
 
Why the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceWhy the Private Sector is Key to Cyber Defence
Why the Private Sector is Key to Cyber DefenceGareth Niblett
 
IDG Public Sector Brochure in 2013
IDG Public Sector Brochure in 2013IDG Public Sector Brochure in 2013
IDG Public Sector Brochure in 2013Annie Hoang
 
Cnil 35th activity report 2014
Cnil 35th activity report 2014Cnil 35th activity report 2014
Cnil 35th activity report 2014Market iT
 
Final projet
Final projetFinal projet
Final projetserge-parfait Goma
 
CyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalCyberSecurityCompliance-Aug2016-V10 (002) final
CyberSecurityCompliance-Aug2016-V10 (002) finalRobertPike
 
GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016GDPR - Applift firstscreen june 2016
GDPR - Applift firstscreen june 2016Saira Nayak, JD, CIPP/US/E
 
The infrastructural challenge - The case for laws and regulations
The infrastructural challenge - The case for laws and regulationsThe infrastructural challenge - The case for laws and regulations
The infrastructural challenge - The case for laws and regulationsEmilioGarciaGarcia
 
Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)JNicholson
 
John Nicholson Presentation
John Nicholson PresentationJohn Nicholson Presentation
John Nicholson PresentationMediabistro
 
Matt LaVigna - Cyber Security - NCFTA 2017
Matt LaVigna - Cyber Security - NCFTA 2017Matt LaVigna - Cyber Security - NCFTA 2017
Matt LaVigna - Cyber Security - NCFTA 2017Invest Northern Ireland
 
Internet of things- GSMA Capacity Building- Eng. Maha Ziad Mouasher
Internet of things- GSMA Capacity Building- Eng. Maha Ziad MouasherInternet of things- GSMA Capacity Building- Eng. Maha Ziad Mouasher
Internet of things- GSMA Capacity Building- Eng. Maha Ziad MouasherMahaZiadMouasher
 
24227541 cyber-law
24227541 cyber-law24227541 cyber-law
24227541 cyber-lawMd Aktar
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...Δρ. Γιώργος K. Κασάπης
 
Cyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceCyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceMunich Re
 
Main task 1 deconstructon draft 3
Main task 1 deconstructon draft 3Main task 1 deconstructon draft 3
Main task 1 deconstructon draft 3JCRamsay
 
Ova will estrada
Ova will estradaOva will estrada
Ova will estradaWill Enrique Estrada Hawkins
 
dosier entero
dosier enterodosier entero
dosier enteroIvan Perez Castilla
 
IJIREEICE 45
IJIREEICE 45IJIREEICE 45
IJIREEICE 45Prerna Paliwal
 
UK Youth Beyond Current Horizons
UK Youth Beyond Current HorizonsUK Youth Beyond Current Horizons
UK Youth Beyond Current HorizonsDannno
 
Development pro forma
Development pro formaDevelopment pro forma
Development pro formaJack Head
 
Encuesta
EncuestaEncuesta
EncuestaJesús Montecristo
 
Musicograma. La tardor, VIVALDI
Musicograma. La tardor, VIVALDIMusicograma. La tardor, VIVALDI
Musicograma. La tardor, VIVALDINúria Riera
 
Ibrahim CV nz
Ibrahim CV nz Ibrahim CV nz
Ibrahim CV nz Ibrahim Khalil
 
Misa joven i. de otra manera. letras con acordes
Misa joven i. de otra manera. letras con acordesMisa joven i. de otra manera. letras con acordes
Misa joven i. de otra manera. letras con acordesMarco Mayta Lima
 
Business Referral
Business ReferralBusiness Referral
Business ReferralWeatherly Rose- Newk's Catering
 
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.Михаил Бычков
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivAmazon Web Services
 

Weitere ähnliche Inhalte

Was ist angesagt?

The infrastructural challenge - The case for laws and regulations
The infrastructural challenge - The case for laws and regulationsThe infrastructural challenge - The case for laws and regulations
The infrastructural challenge - The case for laws and regulationsEmilioGarciaGarcia
 
Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)JNicholson
 
John Nicholson Presentation
John Nicholson PresentationJohn Nicholson Presentation
John Nicholson PresentationMediabistro
 
Matt LaVigna - Cyber Security - NCFTA 2017
Matt LaVigna - Cyber Security - NCFTA 2017Matt LaVigna - Cyber Security - NCFTA 2017
Matt LaVigna - Cyber Security - NCFTA 2017Invest Northern Ireland
 
Internet of things- GSMA Capacity Building- Eng. Maha Ziad Mouasher
Internet of things- GSMA Capacity Building- Eng. Maha Ziad MouasherInternet of things- GSMA Capacity Building- Eng. Maha Ziad Mouasher
Internet of things- GSMA Capacity Building- Eng. Maha Ziad MouasherMahaZiadMouasher
 
24227541 cyber-law
24227541 cyber-law24227541 cyber-law
24227541 cyber-lawMd Aktar
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...John Nas
 
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...Δρ. Γιώργος K. Κασάπης
 
Cyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceCyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceMunich Re
 

Was ist angesagt? (9)

The infrastructural challenge - The case for laws and regulations
The infrastructural challenge - The case for laws and regulationsThe infrastructural challenge - The case for laws and regulations
The infrastructural challenge - The case for laws and regulations
 
Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)Privacy And Security Laws For Sm And Lbs (110120)
Privacy And Security Laws For Sm And Lbs (110120)
 
John Nicholson Presentation
John Nicholson PresentationJohn Nicholson Presentation
John Nicholson Presentation
 
Matt LaVigna - Cyber Security - NCFTA 2017
Matt LaVigna - Cyber Security - NCFTA 2017Matt LaVigna - Cyber Security - NCFTA 2017
Matt LaVigna - Cyber Security - NCFTA 2017
 
Internet of things- GSMA Capacity Building- Eng. Maha Ziad Mouasher
Internet of things- GSMA Capacity Building- Eng. Maha Ziad MouasherInternet of things- GSMA Capacity Building- Eng. Maha Ziad Mouasher
Internet of things- GSMA Capacity Building- Eng. Maha Ziad Mouasher
 
24227541 cyber-law
24227541 cyber-law24227541 cyber-law
24227541 cyber-law
 
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
Cloud4eu - WhitePaper - OnChallengeofAcceptanceofCloudSolutionsinEUPublicSect...
 
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...
Supporting an Effective Cyber Insurance Market (OECD Report for the G7 Presid...
 
Cyber risk challenge and the role of insurance
Cyber risk challenge and the role of insuranceCyber risk challenge and the role of insurance
Cyber risk challenge and the role of insurance
 

Andere mochten auch

Main task 1 deconstructon draft 3
Main task 1 deconstructon draft 3Main task 1 deconstructon draft 3
Main task 1 deconstructon draft 3JCRamsay
 
UK Youth Beyond Current Horizons
UK Youth Beyond Current HorizonsUK Youth Beyond Current Horizons
UK Youth Beyond Current HorizonsDannno
 
Development pro forma
Development pro formaDevelopment pro forma
Development pro formaJack Head
 
Musicograma. La tardor, VIVALDI
Musicograma. La tardor, VIVALDIMusicograma. La tardor, VIVALDI
Musicograma. La tardor, VIVALDINúria Riera
 
Misa joven i. de otra manera. letras con acordes
Misa joven i. de otra manera. letras con acordesMisa joven i. de otra manera. letras con acordes
Misa joven i. de otra manera. letras con acordesMarco Mayta Lima
 
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.Михаил Бычков
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivAmazon Web Services
 
Chapter 8: Journalism
Chapter 8: JournalismChapter 8: Journalism
Chapter 8: Journalismjbraun128
 
Скидки и акции в магазине Перекресток с 2 по 8 сентября 2015г.
Скидки и акции в магазине Перекресток с 2 по 8 сентября 2015г.Скидки и акции в магазине Перекресток с 2 по 8 сентября 2015г.
Скидки и акции в магазине Перекресток с 2 по 8 сентября 2015г.Михаил Бычков
 

Andere mochten auch (18)

Main task 1 deconstructon draft 3
Main task 1 deconstructon draft 3Main task 1 deconstructon draft 3
Main task 1 deconstructon draft 3
 
Ova will estrada
Ova will estradaOva will estrada
Ova will estrada
 
dosier entero
dosier enterodosier entero
dosier entero
 
IJIREEICE 45
IJIREEICE 45IJIREEICE 45
IJIREEICE 45
 
UK Youth Beyond Current Horizons
UK Youth Beyond Current HorizonsUK Youth Beyond Current Horizons
UK Youth Beyond Current Horizons
 
Development pro forma
Development pro formaDevelopment pro forma
Development pro forma
 
Encuesta
EncuestaEncuesta
Encuesta
 
Musicograma. La tardor, VIVALDI
Musicograma. La tardor, VIVALDIMusicograma. La tardor, VIVALDI
Musicograma. La tardor, VIVALDI
 
Ibrahim CV nz
Ibrahim CV nz Ibrahim CV nz
Ibrahim CV nz
 
Misa joven i. de otra manera. letras con acordes
Misa joven i. de otra manera. letras con acordesMisa joven i. de otra manera. letras con acordes
Misa joven i. de otra manera. letras con acordes
 
Business Referral
Business ReferralBusiness Referral
Business Referral
 
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.
Скидки и акции на автоаксессуары в METRO с 01 по 28 октября 2015г.
 
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel AvivHow to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
How to Secure your Hybrid Enviroment - Pop-up Loft Tel Aviv
 
Chapter 8: Journalism
Chapter 8: JournalismChapter 8: Journalism
Chapter 8: Journalism
 
tello resume
tello resumetello resume
tello resume
 
CIENCIAS
CIENCIAS CIENCIAS
CIENCIAS
 
Anthropology Spring 2016
Anthropology Spring 2016Anthropology Spring 2016
Anthropology Spring 2016
 
Скидки и акции в магазине Перекресток с 2 по 8 сентября 2015г.
Скидки и акции в магазине Перекресток с 2 по 8 сентября 2015г.Скидки и акции в магазине Перекресток с 2 по 8 сентября 2015г.
Скидки и акции в магазине Перекресток с 2 по 8 сентября 2015г.
 

Ähnlich wie Information Security (Management) at Stake In Belgium v1.1

GPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-OutlookGPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-OutlookHolly Richards
 
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...innovationoecd
 
Bosind ps4journeytocitizen-centricdigitalgovernmentinfinland-191106150321
Bosind ps4journeytocitizen-centricdigitalgovernmentinfinland-191106150321Bosind ps4journeytocitizen-centricdigitalgovernmentinfinland-191106150321
Bosind ps4journeytocitizen-centricdigitalgovernmentinfinland-191106150321Alaa Abo Assi
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationMark Johnson
 
Mobile Calculating And Pervasive Calculating
Mobile Calculating And Pervasive CalculatingMobile Calculating And Pervasive Calculating
Mobile Calculating And Pervasive CalculatingRachel Davis
 
20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for ComeosBart Van Den Brande
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesingsegughana
 
digital identity 2.0: how technology is transforming behaviours and raising c...
digital identity 2.0: how technology is transforming behaviours and raising c...digital identity 2.0: how technology is transforming behaviours and raising c...
digital identity 2.0: how technology is transforming behaviours and raising c...Patrick McCormick
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentEric BILLIAERT
 
deloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-riskdeloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-riskDominika Rusek
 
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlandsdeloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-NetherlandsDominika Rusek
 
Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...
Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...
Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...Vincent Mwando
 
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...Miguel A. Amutio
 
Qitcom Presentation on e-government services
Qitcom Presentation on e-government servicesQitcom Presentation on e-government services
Qitcom Presentation on e-government servicesRichard Kerby
 
Digital Wallonia. Digital Strategy for Wallonia.
Digital Wallonia. Digital Strategy for Wallonia.Digital Wallonia. Digital Strategy for Wallonia.
Digital Wallonia. Digital Strategy for Wallonia.Agence du Numérique (AdN)
 
Public safety in a multi media era facilitating incident management response
Public safety in a multi media era facilitating incident management responsePublic safety in a multi media era facilitating incident management response
Public safety in a multi media era facilitating incident management responseJack Brown
 
BT Future Cities overview - Digital Health and Well-Being Festival
BT Future Cities overview - Digital Health and Well-Being Festival BT Future Cities overview - Digital Health and Well-Being Festival
BT Future Cities overview - Digital Health and Well-Being Festival Digital Health Enterprise Zone
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Mohan C. de SILVA
 

Ähnlich wie Information Security (Management) at Stake In Belgium v1.1 (20)

GPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-OutlookGPNOct2017-Digital-Economy-Outlook
GPNOct2017-Digital-Economy-Outlook
 
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
OECD Digital Economy Outlook 2017: Presentation at Global Parliamentary Netwo...
 
Implementation in E-Government in Cameroon - Eric Sindeu
Implementation in E-Government in Cameroon - Eric SindeuImplementation in E-Government in Cameroon - Eric Sindeu
Implementation in E-Government in Cameroon - Eric Sindeu
 
Bosind ps4journeytocitizen-centricdigitalgovernmentinfinland-191106150321
Bosind ps4journeytocitizen-centricdigitalgovernmentinfinland-191106150321Bosind ps4journeytocitizen-centricdigitalgovernmentinfinland-191106150321
Bosind ps4journeytocitizen-centricdigitalgovernmentinfinland-191106150321
 
The National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through CooperationThe National Cyber Security Strategy: Success Through Cooperation
The National Cyber Security Strategy: Success Through Cooperation
 
Mobile Calculating And Pervasive Calculating
Mobile Calculating And Pervasive CalculatingMobile Calculating And Pervasive Calculating
Mobile Calculating And Pervasive Calculating
 
20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos20210526 cybersafety first! Sirius Legal webinar for Comeos
20210526 cybersafety first! Sirius Legal webinar for Comeos
 
CTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-DebeesingCTO-CybersecurityForum-2010-Trilok-Debeesing
CTO-CybersecurityForum-2010-Trilok-Debeesing
 
digital identity 2.0: how technology is transforming behaviours and raising c...
digital identity 2.0: how technology is transforming behaviours and raising c...digital identity 2.0: how technology is transforming behaviours and raising c...
digital identity 2.0: how technology is transforming behaviours and raising c...
 
National identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernmentNational identity schemes - digital identity - national ID - eGovernment
National identity schemes - digital identity - national ID - eGovernment
 
deloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-riskdeloitte-nl-fsi-cyber-value-at-risk
deloitte-nl-fsi-cyber-value-at-risk
 
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlandsdeloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
deloitte-nl-risk-cyber-value-at-Risk-in-the-Netherlands
 
Cyber Security For Businesses
Cyber Security For BusinessesCyber Security For Businesses
Cyber Security For Businesses
 
Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...
Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...
Vincent Ouma Mwando - strong encryption and protection of human rights-the vi...
 
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
Experience and strategy of Spain in eGovernment: three keys to sucess, the ba...
 
Qitcom Presentation on e-government services
Qitcom Presentation on e-government servicesQitcom Presentation on e-government services
Qitcom Presentation on e-government services
 
Digital Wallonia. Digital Strategy for Wallonia.
Digital Wallonia. Digital Strategy for Wallonia.Digital Wallonia. Digital Strategy for Wallonia.
Digital Wallonia. Digital Strategy for Wallonia.
 
Public safety in a multi media era facilitating incident management response
Public safety in a multi media era facilitating incident management responsePublic safety in a multi media era facilitating incident management response
Public safety in a multi media era facilitating incident management response
 
BT Future Cities overview - Digital Health and Well-Being Festival
BT Future Cities overview - Digital Health and Well-Being Festival BT Future Cities overview - Digital Health and Well-Being Festival
BT Future Cities overview - Digital Health and Well-Being Festival
 
Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016Compliance for Real-Time communications-June2016
Compliance for Real-Time communications-June2016
 

Information Security (Management) at Stake In Belgium v1.1

  • 1. INFORMATION SECURITY (MANAGEMENT) AT STAKE IN BELGIUM DominiqueVolon Trusted Advisor – Sr Manager in IT & Information (Cyber) Security Former DG of FEDICT for Information Security Management, IT Service Management, Legal (privacy) and Public Procurement http://be.linkedin.com/pub/dominique-volon/a/440/864 A ‘long’ journey from 2003 to 2016 1Copyright 2016 Dominique Volon – IT Transforming For Benefits – V1.1 – 06-10-2016
  • 2. AGENDA  Aim of presentation /We live in an Information Society !  Information Security Management :What’s in it for me ?Where it should apply ?  Protection of E-government social security assets (BCSS)  Protection of E-governement other assets (FEDICT)  Be-Aware : Evangelization of Federal Public Services  Institutional Public Lansdcape in Belgium  A glimpse at Legal contexts  Be-Networked : BelNIS Federal State Level -> Belgian Center for Cybersecurity  Epilogue, Continuum 2Copyright 2016 Dominique Volon
  • 3. AIM OFTHIS PRESENTATION To relate the journey made to aware (so far) the field and political actors about Information Security Management in Belgium To give you a view of the enourmous involvement of field security actors to shape the Belgian Information Society And the need to continue ! 3Copyright 2016 Dominique Volon
  • 4. WE LIVE IN AN INFORMATION SOCIETY ! Development of society’s education from the Arts, Science and Religion Speeding/spreading information and knowledge through Monks and the printed Bible  Revolution separating political power from religion (1589 - 1789)  Industrial progress : Electricity (Edison),TSF (Marconi),Telephone (Bell),TV  Faster evolution for counting machines and computers (1920’s -> now)  Digitisation of physical phenonoms (A/D, D/A converters), transporting at the speed of light and air (optical fibers, satellites)  The network is the computer, information is a valued asset -> IOT 4Copyright 2016 Dominique Volon
  • 5. WE LIVE IN AN INFORMATION SOCIETY ! Information has becomed an intelligence factor for Businesses in all the sectors of Economy  We want to know the habits of consuming and living people :  To attract them and propose new services in real life :  E-banking and payment services, entertainment,  E-health and social security services, E-learning, E-commerce  Or simply make life easier through a bunch of digital channels BUT what happens if these channels and the providers at the end of it are not protected ?  Our present and forthcoming way of life will be jeopardized (privacy, denial of service !)  We need Information Security Management at mass media level ! 5Copyright 2016 Dominique Volon
  • 6. INFORMATION SECURITY MANAGEMENT : WHAT’S IN IT FOR ME ? What is the value of Information Security Management at mass media level in our life ?  Known and safe usage of secured IT services over the Internet  Cyberspace that is made more safe for both consumers/providers  Trust in using Information andTelecommunication means  Chasing the Bads out of theWeb … (criminality and terrorism)  Protection for our way of life Realising it it’s : Adopting a Systems-wise protecting strategy and policy for our country- wide critical information assets Adopt an ‘enlighted’ behaviour when using Cyberspace 6Copyright 2016 Dominique Volon
  • 7. WHERE INFORMATION SECURITY SHOULD APPLY? How to obtain Information Security Management at the mass media level in our life ?  Be aware ! Risk andThreat evaluation is an on-going practice for making, using and dsitribution of information on a need-to-know basis  Protecting our way of life adopting a Systems-wise approach, aVision for Information Security and protecting policies for our country-wide critical information assets Social Security, Health; Transport (Ports and Civil Aviation), Energy (Electricity, Gas, Petrol); Finances (BNB, banks) andTelecom Operators; Education (Univerisity, R&D); Economy itself ! Federal and federated public services; Political levels. 7Copyright 2016 Dominique Volon
  • 8. PROTECTION OF E-GOVERNMENT SOCIAL SECURITY ASSETS (CBSS – BCSS-KSZ) Security Governance for Social Sector  Assets to be protected :  Social security rights and Health practice for the belgian population  Capacity of Information exchange through Social Security actors  Data privacy  Response :  A federated capacity of exchanging information using safe and reliable electronic means across all actors of the sector :  The Cross Bank for Social Security - CBSS - BCCS - KSZ starting early 90’s  The E-Health platform for federating health practitioners. All both implements a strong Information Security Management strategy and policy within a legal framework based on a Royal Decree of 1993 and presence of Information Security Officers. 8Copyright 2016 Dominique Volon
  • 9. PROTECTION OF E-GOVERNEMENT ASSETS (CBSS – BCSS - KSZ) BCSS (E-Health) SPF Social Security & Health CPAS/OCMW INASTI OSSOM INAMI/R IZIV ONAFTS …… ONP Transformation at Stake for 6th State Reform Only a High LevelView, network of BCSS is quite larger 9Copyright 2016 Dominique Volon
  • 10. PROTECTION OF E-GOVERNMENT ASSETS (FEDICT : FEDERAL PUBLIC SERVICES ICT) Security Governance for FEDICT  Assets to be protected (the catalogue of e-gov services) :  the digital identity of the belgian population using eID  the accesses to the federal portal services  the federal portal services themselves giving accesses to authentic sources such as Cross Road Bank of Enterprises, CBSS or in FPS Finances (Tax-On- Web application)  Trust has to be built when using communication services  FedMan network; Middelware(s)  Communication and services such as mail relay, file transfer, remote access. Offering a secured and reliable availaibility of 99,5% almost 24/7 a week and continuity of service. 10Copyright 2016 Dominique Volon
  • 11. PROTECTION OF E-GOVERNMENT ASSETS (FEDICT) Security Governance for FEDICT  Response for digital identity:  Establishing eID pilot and roll-out programme with National Register  Royal Decree for eiD card, Governance of Certification Authority (Belgian root PKI), Service Management and monitoring, Business Continuity live- verification  Performing Risk assesment of cryptography with COSIC (KUL) and Crypto Lab (UCL)  eID proxy, eID middelware, eID card readers with IT industry actors (Microsoft)  Encouraging usage of the eID by linkin with AGORIA and Security initiatives (L-SEC) and pilot in Bank (Ethias), presentation to cities 11Copyright 2016 Dominique Volon
  • 12. PROTECTION OF E-GOVERNMENT ASSETS (FEDICT) Response for protecting accesses to www.belgium.be :  Perimeter security defense in several network zones (V1,V2) for public interface  IAM (simple and strong authentication) integrated with user management, mandates and federation of identities (led to e-gov logon and CZAM federal logon)  Disaster Recovery Planning on two nodes forV1, full Business Continuity-DRP Planning forV2  FedMan protection (technical and CERT.be organization)  Regular and permanent usage of vulnerability scanning 12Copyright 2016 Dominique Volon
  • 13. PROTECTION OF E-GOVERNMENT ASSETS (FEDICT) Response for portal services themselves  Escrow service for portal developped S/W  Business Impact Analysis forTax-on-Web verifying DRP  Negotiation of tight SLA and penalties with Accenture Managed secured services to protect communication channels  Secured mail relay, file transfer, Secured remote accessVPN/SSL  Additional shared firewall service  Digital certificates for critical servers  Vulnerability scanning 13Copyright 2016 Dominique Volon
  • 14. BE-AWARE : EVANGELIZATION OF FEDERAL PUBLIC SERVICES  Security Governance for Federal Public Services (13)  Starts with Awareness of ISM to Chairmans about Business Continuity theme  Recruiting CISO and ISO team with focus on Risk Assessment and continuity as start of the Security expertise pole;  Organisating Infosec forum inside Federal Public Services with CISO and ISOs from the SPFs  Animating forum and adopting ISO 27k as InfoSec framework  Definining Roles & Responsibilities of ISO and organic career inside Public Services via P&O  Standards and best practices for Information Security Management 14Copyright 2016 Dominique Volon
  • 15. BE-AWARE : EVANGELIZATION OF FEDERAL PUBLIC SERVICES  Security Governance for Federal Public Services (13)  Royal Decree for formal nomination of ISO reporting to chairman of FPSs.  InfoSec expertise available at Fedict Service catalogue for all FPS, OIP and Regions  Business Impact/Risk Assessment for deducting protection measures  Presence in Business Continuity Steering Commitee of Finances (BIA-DRP capabilites)  General advice to the regions for Infosec matters (governance, R&R)  Offering of Managed Security (&Secured) Services available from Fedict catalogue 15Copyright 2016 Dominique Volon
  • 16. INSTITUTIONAL BELGIAN LANDSCAPE  Federal Public Services : 10 sectorial +4 horizontal (will change in 6th Reform)  FPS Interior : Registre National : accountable for manaaging the organic identification of the belgian polulation and keep it update inside a National Register  FPS Economy : Accountable for Economy, consumer regulations, …. And Crossroad Bank of enterprises  FPS Finance : Accountable for funding of the State for perceiving taxes  FPS Justice : Accountable for Justice (Courts, Prisons, Law and legal enforcement,)  FPS ICT (FEDICT) : Accountable for e-governnent (except in Social Security sector -> BCSS) -> description of the federal public services on www.belgium.be 16Copyright 2016 Dominique Volon
  • 17. INSTITUTIONAL BELGIAN LANDSCAPE  Public Services nested at federal level dealing with Infosec :  ANS-NVO-[NSA] – FPS Foreign Affairs : Care for security clearance and accreditation of information systems dealing with classified information  Computer Crime Unit (federal and regional) – FPS Interior (Police) : Cares for cybercrime in civil society in general and investigates complaints  Crisis Center – FPS Interior : Cares for coordination of a crisis on the view point of emergency services when the dammage is at level 4 in the Country, Liaise with Province Governors  SGRS – [Military Intelligence] – FPS Defence : Accountable for Military Intelligence and protection of Military (Courts, Prisons, Law and legal enforcement)  State Security – FPS Justice : Civil intelligence , security clearance enquiries 17Copyright 2016 Dominique Volon
  • 18. INSTITUTIONAL BELGIAN LANDSCAPE  Other legal institutions :  Commission de la Protection de laVie Privée (Data Privacy)  Parliamentary commission composed of Magistrates and experts  Issue authorisation of treatments for personal data in Information Systems according laws of 1992,1998 and 2003  Gives exemptions in case of public security / state interest  FEDICT is the Sectoral Authority for introducing the FPS authorisation files to the Privacy Commission to obtain authorisation of privacy data treatements in the Federal Information Systems 18Copyright 2016 Dominique Volon
  • 19. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS  Belgium and European Union  Identity & Signature  Protection of vital assets  Privacy  Intellectual Property  Criminality  Organisation of Federal Authorities  Outside European Union (United States)  US Safe Harbor …  US Patriot Act 19Copyright 2016 Dominique Volon
  • 20. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Identity & Signature  FPS Interior - National Register is the custodian of the Identity of the Belgian asof their birth until death – each Belgian is assigned a single and unique National Register Number whose first sequence is its birth date  Royal Decree of eID (format, information datafield, digital certificates on eID card) : the eID combines the legal definition of a document and of a digital container containing strictly the information data to identify and locate the official residence of the card holder plus two digital certificates that can be used to authenticate and signed documents as it was a qualified written signature.  Electronic Signature : EE Directive of 1999 : BelgianLaw 9/7/2001 : electronic signatures and certification services. Electronic signature : cannot be repudiated in Justice. Qualified electronic signature : usage of a digital certificate which is qualified by an accredited Certification Authority.  FPS Economy control and accredit Certification Authorities (e.g. Certipost) 20Copyright 2016 Dominique Volon
  • 21. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Protection of vital assets Classified Information  Is handled by Individuals and Information Systems  Law of 11/12/1998 pave the way for information classification and security clearance for individuals (and firms) handling this type of information, enforced by Royal Decree 24/3/2000. Classification and clearance for individuals is seen according the damage impact if the information is divulged. Royal Decree 2013 for the fees of obtaining clearance. 21Copyright 2016 Dominique Volon National Security Damage if information divulgation BE UE NATO Very Serious TRES SECRET TRES SECRET UE Cosmic Top Secret (CTS) Serious SECRET SECRET UE NATO Secret (NS) Breach CONFIDENTIEL CONFIDENTIEL UE NATO Confidential (NC) Effect (diffusion restreinte) RESTREINT UE NATO Restricted (NR) None NATO Unclassifed
  • 22. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Protection of vital assets Classified Information  Security Clearance of Individuals (and firms) is handled by ANS-NVO-[NSA] - Level is based on need to know for the job - ANS asks State Security (civilians) or SGRS (military) to enquire (private life security)  Information Systems accreditation - EU regulation (2001/264) in 3 steps : Evaluation,Certification,Accreditation - Evaluation : by experts, auditors or accredited laboratory - Certification : Conformance certificates are issued by control organisms, accredited by BELAC - Accreditation Body : ANS in association with BELAC 22Copyright 2016 Dominique Volon
  • 23. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Protection of vital assets Critical Infrastructures of Belgium  2008/114 EU Directive : European Critical Infrastructures  Energy andTransport sectors  BE Law of 01/7/2011 : BelgianCritical Infrastructures, Royal Decree 27/5/2014  Adds Finance and electronic communications sectors  ScopingVital Functions, health, social, security/safety, economical prosperity  Acting through SectorialAuthorities or ‘Regulators’  Finance : National Bank of Belgium (oversight of Banks and Financial organisms)  CFMA : regulator for Insurance companies  Telecommunications : Belgian Institute for Post andTelecommuncations - Energy : CREG / AFCN - ….. - Every operator of a recognized infrastructure as critical at the level of the Country must develop and exercice a Security Plan, namely for Business Continuity 23Copyright 2016 Dominique Volon
  • 24. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS  Privacy  Electronic communications Law of 13/06/2005 concerns :  Operators constrained for :  Security measures (technical / organisational)  Free security services  Notification of Security Incidents to IBPT, Privacy Commission, Customers  AllowingAudit by BIPT or mandated independent organism  Retention of traffic data (traffic /geolocation)  IBPT as regulator accountable for :  Security of telecommunication,Coordination,Oversight of problem detection  Instructions, control and recommendations to Operators 24Copyright 2016 Dominique Volon
  • 25. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS  Privacy  EU GPDR : European Union Global Data Privacy Regulation of May 2016.  Not a Directive, replace the former EU Directive on Privacy (that needed to be ratified by each national parliament to become an in country Member State law – Subsisadirity Principle)  GDPR Regulates, thus place immediate compliance from the day it has been voted by European Parliament on all Member States and published in the L Official Journal (26 May 2016)  Imply immediate compliance exercice final for up to 2018  As of 2018, EU (EC) can audit companies and impose legally heavy financial penalties :  For light of medium infringment to GDPR, 10 millions €  For severe infringment to GDPR, 20 millions € or 4% of the turn-over of the Group of companies that an holding can detain. 25Copyright 2016 Dominique Volon
  • 26. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS  Privacy when working in private sector – CCT81 (26/4/2002) :  Controlling of communication data on workplace  End Goals : 1. Prevent illegal & illicit behaviours (hacking, racism, pedophilia,…) 2. Protection of employer’s interests 3. Technical security of systems 4. Respect of internal regulations (policy for usage of Information Systems…)  Proportionality &Tranparency:  Minimal interference in private life, Information is to be made collectively and individually  Anamoly in 1,2,3 case -> find the individual root cause  Anomaly in 4th case -> collective warning and if anomaly is repeated -> find the individual root cause  Filtering of data (journalling and random controls) 26Copyright 2016 Dominique Volon
  • 27. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Intellectual Property  Directive 91/250 : computer programs  Directive 96/9 : data bases  Directive 2001/29 : Authors rights – information society  Law(10/04/2014) : Intellectual Property  Best practices to protect critical IT assets for developed S/W by your providers :  Acquisition of a specialised escrow service;  Inclusion of IP rights clause and escrow agreement mechanism in public procurement procedures;  Verification of systems rebuild capabilities at three levels (deposit of source code, rebuild of a minimal system, rebuild of major part of the systems functions). 27Copyright 2016 Dominique Volon
  • 28. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Criminality  Directive 2013/40 – Attacks against Information Systems  Law (28/11/200) : computer criminality – ‘Code Pénal : art 116-118’  Directive 2006/24 : retention of traffic data  Law (30/7/2013) : retention of traffic data and geolocation  Court of Justice decision : abrogation of 2006 directive (you know more will come ….) Scope :  Computer forgery, Access rights abuse, Sabotage,  Distribution of illicitly acquired data, dsitribution of harmful data;  Defence / State Security : data and information communication to a foreign country  Retention of data / geolocation 28Copyright 2016 Dominique Volon
  • 29. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS Organisation of Federal Authority  1990 : Organic Law constituting the CBSS – KSZ - BCSS  1993 :Royal Decree for information security in Social Security sector  1997 : Royal Decree for communicating between social institutions  2001 : Royal Decree establishing FEDICT  2007 : Modification of FEDICT Royal Decree to participate to 7th R&D Research programme of European Commission with STORK projet (interoperability of digital identities across EU)  2012 : ‘FEDICT’ or ‘Only Once’ law : FEDICT as federal services integrator acting as TrustedThird Party  2103 : Royal Decree for (Chief) Information Security Officers in FPSs  2014 : Royal Decree founding the Belgian Cybersecurity Center 29Copyright 2016 Dominique Volon
  • 30. A ‘GLIMPSE’ ATTHE LEGAL CONTEXTS United States US Safe Harbour  EU Directive 95/46 : Prohibition of transferring personal data outside EEE with exceptions (at equivalent protection level)  2001 : Agreement CEC/US Department of Commerce  Principles : Notification and freedom of choice of individual, Security,Treatment of data conformant to the declared end goal,Access Rights and Correction US Patriot Act (2001)  Reaction to 09/11 -> Mandate for numerical screening and for retaining data into custody.  Concerns hosted data in US and anywhere in the world.  Concerns any society (US, daugther companies and non-US on US ground) 30Copyright 2016 Dominique Volon
  • 31. BE-NETWORKED : BELNIS PLATFORM  Initiative of FEDICT’s Minister PeterVanvelthoven (2005)  Identify major Information Security Stakeholders at the level of the State  Put them inside a round table and discuss the competences of their Insitutional mandate regarding Information Security (and available means …)  Federate the interests and form a guiding expert coalition to aware in the wider form the Belgian Governement first and the Belgian Information Society at large  Make the spirits ready for appraising the chain and the degree of Information Security maturity in Belgium o Liaise with European Security initiatives (ENISA through BIPT) o Animate working groups on security subject matters o MakeWhite Paper for Information Security and propose improvements (2007) o Goal : Make Information Security a dedicated point at the governmental agenda 31Copyright 2016 Dominique Volon
  • 32. BelNIS FCCU FEDICT CERT.be Sureté de l’Etat CCB ANS DGCC Belac SGRS BelNIS & Stratégie de Cybersécurité IBPT Industries Academics International Transformation at Stake for 6th State Reform Redesign 32Copyright 2016 Dominique Volon
  • 33. BE-NETWORKED : BELNIS STAKEHOLDERS Starting in 2005 :  FEDICT, actor and federator of the platform  Invited at an oval table :  FCCU : Federal Computer Crime Unit from FPS Interior  Belac : from FPS Economy – Accreditation body for Information Security  DG CC : Crisis Center – from FPS Interior  ANS : Autorité Nationale de Sécurité (habilitation et homologations des systèmes d’information classifiés) – from FPS Foreign Affairs  BIPT : Belgian Institute for Post andTelecommunications (regulator)  State Security  SGRS : Military Intelligence  Belac : accreditation of IS dealing with classified information 33Copyright 2016 Dominique Volon
  • 34. BE-NETWORKED : BELNIS PLATFORM  BelNIS made himself aware of a global InfoSec situation in Belgium  BelNIS liaise with the ENISA through IBPT/FEDICT sharing 2 seats  BelNIS structured itself in subject matter workgroups and has produced :  TheWhite Paper for Information Security for Belgium in 2007  Creation of Cert.be (FEDICT funding and BELNET operations) to protect federal assets in 2009 (namely FedMan and Internet connection points)  Examination the business case for creation of a Security National Agency and deduct that such a ‘vertical response’ was not quite appropriated  National Strategy for Cybersecurity in 2012 with a push for the creation for a CyberSecurityCenter for whole Belgium (the missing ‘Core’) in 2014 34Copyright 2016 Dominique Volon
  • 35. BE-NETWORKED : BELNIS PLATFORM  BeLNIS actors also participated to the first steps for creating Industry and Academy awareness  2011 KUL initiative : B-CCentre : cybercrime center for Excellence, R&D and Education (COSIC, ICRI, L-Sec members, etc.)  2014-2015 : Cybersecuritycoalition  Cybercoalition : cross-sector partnership between players from the academic world, the public authorities and the private sector to join forces in the fight against cybercrime (50 major actors … to develop further) 35Copyright 2016 Dominique Volon
  • 36. BE-NETWORKED : BCC  BCC : Belgian Cybersecurity Center  Founded by Royal Decree in 2014, Headed by Miguel Debruycker  Reporting to Chancellery under PM umbrella  Operational Arm arising out of BelNIS platform  Missions :  Supervision of Infosec Strategy  Coordination of Public Authorities  Coordination public / private / academy  Proposal to adapt legal framework  Crisis management with Cert.be  Issuing standards and directives for Infosec  Evaluation and accreditation of Classified Information Systems (with BELAC)  User awareness 36Copyright 2016 Dominique Volon
  • 37. THEWAY FORWARD Major actors are still lacking in this story :  FPS-Economy it self, for developping a Belgian Information Society (Policy is hardly set from the FPS Economy) that care with e-services (e-commerce, e-payment infrastruture – Worldine and others) and establish a digital security capacity in Belgium, linking with the Eurpean Union level.  Sectorial regulators :  BIPT is in it, NBB has warned the Banking sector to care for business continuity and information security practices (will it be sufficient ?)  Others ? What about CREG (energy), transport sector, etc. ?  Market leader Operators in all the Sectors (only 50 in the coalition)  Federation of providers and consumers (COMEOS) ? …..  We’ve still a huge chunk of work to aware, protect and enable growth of the complete Economy Blocks for Belgium ! 37Copyright 2016 Dominique Volon
  • 38. THEWAY FORWARD  EUROPE IS MOVING ON DATA PROTECTIONAND REGULATIONSTo push Members States to Act : EU GDPR – Global with heavy fines if not compliant for May 2018 -> huge impact on Data management Lifecyle by modification of data classification meaning impact on data back-up/restore capability of Global Storage solution and DR capabilities as well as on processes  EUROPE is contraining the SectoralAuthorities with a more stringent regulations in any sector to fight against crime and to upgrade business continuity operations, there will be more in coming months and put establish the relevant governance by forcing continuity .  Namely, this is the case of Finance Sectors trough BNB and CSSF regulations in Belux context which evolves under stronger pressure of European Central Bank and force compliance through continuity and security audits by competent experts from the domain. (Banking, Insurance, Investment companies, e-payment services)  The other domains follows also:Telecoms (BIPT), Energy (CREG), etc. that shall comply Copyright 2016 Dominique Volon 38
  • 39. EPILOGUE  Information Security Management relies on a federation of interests : public authorities, consumers and providers of information data and channels to do business.  Trust will be the combination of a chain of actions from all the actors of the Information Society : industry, academic, etc. But also internationally (EU, USA, Asia/Pacific, India, MiddelEast)  Information Security Management will provide protection only if a continuum of efforts and actions is continuously supported on the long run by business communities. It’s too often left to Techies people ! Think to secure and protect your business first before thinking of technologies : only business is capable of considering business risks and consequences.  Don’t leave public authorities alone in this journey, participate !  Convince your executives to fund Information Security Management for their own good, care for that the highest Executive Level invests in a regular risk management and protection practice of your business assets using information. 39Copyright 2016 Dominique Volon
  • 40. CONTINUUM OFTHE JOURNEY Accountable for InfoSec Management inside your corporation ? :  Organize Security Governance (the use of it) and Management (the making of it) inside your corporation – Use recognized international standards (COBIT 5, ISO 27k, MOR-ISO31k, InfoSec, ITIL, TOGAF, SABSA and IT Best Practices standards) AND tailored them to your businesses!  Be sponsored at the highest Level by a forming a Steering Commitee (or Sponsor Group)  Ask that you report to the highest Executive level of hiearchy (must be close to the business strategies and valued assets)  As a Senior Responsible Owner, propose a 360° Vision inside the company and outside the company (look at your customers) : Enterprise Architecture, IT services.  Information Security must protect, enable and support the growth of company’s businesses. 40Copyright 2016 Dominique Volon
  • 41. THANKS  To all Information Security professionals delivering ‘on top of’ their normal works sharing expertise and concerns !  For perseverance and being patient  For the audience listening or having read this journey … and this is still a ‘Hobbit Journey’ or maybe a ‘Never ending Story’ because Information Security is staying for good … Copyright 2016 Dominique Volon 41