introduction to swedish civil contingencies agency msb
play

Introduction to Swedish Civil Contingencies Agency (MSB) - PowerPoint PPT Presentation

Jan 30, 2024 •449 likes •1.19k views

Methodilogical support Prepare Analyze Assignments References Introduction to Swedish Civil Contingencies Agency (MSB) methodological support for introducing Information Security Management Systems (ISMS). Carina Bengtsson, Daniel Bosk and

  1. Methodilogical support Prepare Analyze Assignments References Introduction to Swedish Civil Contingencies Agency (MSB) methodological support for introducing Information Security Management Systems (ISMS). Carina Bengtsson, Daniel Bosk and Lennart Franked 1 Department of Informationsystem and Technologies (IST), Mid Sweden University, Sundsvall. May 14, 2018 1 Detta verk är tillgängliggjort under licensen Creative Commons Erkännande-DelaLika 2.5 Sverige (CC BY-SA 2.5 SE). För att se en 1 sammanfattning och kopia av licenstexten besök URL

  2. Methodilogical support Prepare Analyze Assignments References Overview MSB:s methodological support 1 MSB Methodological support Prepare 2 Introduction Committed Management Project planning Analyze 3 Organisational analysis Risk analysis Examination 4 2

  3. Methodilogical support Prepare Analyze Assignments References Overview MSB:s methodological support 1 MSB Methodological support Prepare 2 Introduction Committed Management Project planning Analyze 3 Organisational analysis Risk analysis Examination 4 3

  4. Methodilogical support Prepare Analyze Assignments References MSB Swedish Civil Contingencies Agency (MSB). “MSB is responsible for issues concerning civil protection, public safety, emergency management and civil defence, as long as no other authority has responsibility[ msbse ]. .” 4

  5. Methodilogical support Prepare Analyze Assignments References Why do we as a society need this? Information is central in today’s society. Accommodates the need for both the individual and the society. Necessary to avoid disturbances in our information systems. 5

  6. Methodilogical support Prepare Analyze Assignments References Tieto-breakdown I Lindkvist [Lin12] gives the following summary: Friday afternoon Tieto notices a disruption in their IT-systems. 350 pharmacies lost contact with their IT-systems. Many larger organisations are also affected, amongst other a larger logistical company. Sunday afternoon Tieto is reporting hardware malfunction, and start the necessary steps to fix the malfunction. Monday morning The logistical company are unable to handle its operation, and cannot reach its employees. The vehicle inspection agency are unable to access their IT-system. Since they were handling over 20 000 vehicle inspections a day, it might result to a driving ban for some vehicles, since they cannot report approved inspections. Nacka municipality, have to 6

  7. Methodilogical support Prepare Analyze Assignments References Tieto-breakdown II resort to Facebook and Twitter for communicating within the municipality. Monday afternoon Social office in Nacka and Sollentuna are unable to pay child support. Stockholm City absence reporting system for the schools are down. Wednesday lunch All the pharmacies have gotten access to their IT-systems again. 11 days The logistical company can start using their IT-system. The organisation where still recovering from the disruption, two months after. 7

  8. Methodilogical support Prepare Analyze Assignments References Informationssäkerhet.se MSB ran a project called SVISA: ’Stöd för Verksamheters InformationsSäkerhetsArbete’. Resulted in informationssäkerhet.se . Is meant to give practical advice for systematically incorporate information security into an organisation. 8

  9. Methodilogical support Prepare Analyze Assignments References Methodological support Support for how to conduct work within information security in an organisation. Explains how to build an information security management system. Should be seen as a “smorgasbord”: Pick the parts that are related to the organisation. Apply them in an order that is suitable. Information security is a complex field: It is required that it is integrated in the entire organisation: From the top management to the lowest operative level. 9

  10. Methodilogical support Prepare Analyze Assignments References Methodological overview Figure: Overview over the methodological support. 10

  11. Methodilogical support Prepare Analyze Assignments References Overview MSB:s methodological support 1 MSB Methodological support Prepare 2 Introduction Committed Management Project planning Analyze 3 Organisational analysis Risk analysis Examination 4 11

  12. Methodilogical support Prepare Analyze Assignments References What is information security? Occurs together with other processes and organisations. Information security in an organisation does not have a value by itself. It needs to be integrated into the organisation to be effective. 12

  13. Methodilogical support Prepare Analyze Assignments References What is information security? Ability to preserve the requirements and expectations that exist on information in an organisation. Amongst other to protect towards disruptions, such as what happened to Tieto. 13

  14. Methodilogical support Prepare Analyze Assignments References Demands and expectations on information Confidentiality The information should only be accessible to an authorized entity. Availability The information must be accessible when it is needed. Integrity The information is exact and complete. 14

  15. Methodilogical support Prepare Analyze Assignments References Demands and expectations on information Traceability Who have taken part of, or changed the information? Non Repudiation It should not be possible to deny an act. Authentication Establish an entities identity. Authorization To give an authenticated entity certain permissions. These will be covered later in the course. 15

  16. Methodilogical support Prepare Analyze Assignments References What is information security? Figure: Structure of information security. 16

  17. Methodilogical support Prepare Analyze Assignments References Structure Figure: To work with information security 17

  18. Methodilogical support Prepare Analyze Assignments References The security isn’t stronger than the weakest link Strong password, written down on a post-it next to where it should be used. High grade lock on a regular glass door. The conditions must be there, in order to be able to work safely. 18

  19. Methodilogical support Prepare Analyze Assignments References Why protect the information? Non-mandatory “Good for business” Reputation: Who will let a company handle their information, if the company is known for treating their data carelessly. Financial: Strong reputation is better for the economy, and the cost of dealing with security incidents will be less. Internal efficiency: No loss of information or disruptions in the work. Quality: This will hopefully lead to a increase in work quality. 19

  20. Methodilogical support Prepare Analyze Assignments References Why protect the information? Mandatory Personal Data Act 1998:204 adds restrictions on how an organisation manages personal data. Public Access to Information and Secrecy Act 2009:40 Says that certain information must be available for the public, while other information should not be. The Archives Act 1990:782 says that the government needs to archive all public documents. MSBFS 2016:1 applies to governmental agency and their work with information security. 20

  21. Methodilogical support Prepare Analyze Assignments References MSBFS 2016:1 Due to increased electronic information exchange in the society, there is now demands put on how governmental agency work with information security. The code of statutes came into effect 1th of February 2010. 21

  22. Methodilogical support Prepare Analyze Assignments References MSBFS 2016:1 1 § Denna författning innehåller föreskrifter som ansluter till bestämmelserna om statliga myndigheters informationssäkerhet i 19§ förordningen (2015:1052) om krisberedskap och bevakningsansvariga myndigheters åtgärder vid höjd beredskap. 22

  23. Methodilogical support Prepare Analyze Assignments References MSBFS 2016:1 5 § Varje myndighet ska bedriva ett systematiskt och riskbaserat informationssäkerhetsarbete med stöd av ett ledningssystem för informationssäkerhet. I detta arbete ska standarderna ISO/IEC 27001:2014 och ISO/IEC 27002:2014 beaktas. Tillräckliga resurser ska tilldelas för informationssäkerhetsarbetet samt löpande och regelbunden information lämnas till myndighetsledningen. Detta innebär bland annat att en myndighet måste: 1 upprätta en informationssäkerhetspolicy och andra styrande dokument som behövs för myndighetens informationssäkerhet, 2 utse en eller flera personer som leder och samordnar arbetet med informationssäkerhet, 3 klassificera sin information med utgångspunkt i krav på konfidentialitet, riktighet och tillgänglighet, 4 utifrån risk- och sårbarhetsanalyser och inträffade incidenter avgöra hur risker ska hanteras, samt besl uta om åtgärder för myndighetens informationssäkerhet, 5 dokumentera granskningar och säkerhetsåtgärder av större 23

  24. Methodilogical support Prepare Analyze Assignments References MSBFS 2016:1 10 § Myndigheten ska ha rutiner för att identifiera, rapportera, bedöma, hantera och dokumentera incidenter som kan påverka säkerheten i den informationshantering som myndigheten ansvarar för eller i tjänster som myndigheten tillhandahåller åt en annan organisation. Myndigheten ska ha rutiner för att lära av sådana inträffade incidenter och utförda åtgärder. 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Sw edish Civil Contingencies Agency( MSB) I N A GENERAL W AY The Sw edish Civil

The Sw edish Civil Contingencies Agency( MSB) I N A GENERAL W AY The Sw edish Civil

The Sw edish Civil Contingencies Agency ( MSB) AND TSUNAMI S The Sw edish Civil Contingencies Agency( MSB) I N A GENERAL W AY The Sw edish Civil Contingencies Agency ( MSB) Mandate The entire spectrum of threats and risks, from

385 views • 17 slides
Drought Marshall Islands Environmental health expert UNDAC Swedish Civil Contingencies Agency

Drought Marshall Islands Environmental health expert UNDAC Swedish Civil Contingencies Agency

Drought Marshall Islands Environmental health expert UNDAC Swedish Civil Contingencies Agency (MSB) May 5 th June 6 th Republic of Marshall Islands ~ 54.500 people Nearly 1 million square miles (~ Europe) 180 square km landarea

244 views • 22 slides
The RoI of Simulation-Based Training* vs Live Training** of Incident Commanders Ilona Heldal

The RoI of Simulation-Based Training* vs Live Training** of Incident Commanders Ilona Heldal

The RoI of Simulation-Based Training* vs Live Training** of Incident Commanders Ilona Heldal Western Norway University of Applied Sciences Cecilia Hammar Wijkmark The Swedish Civil Contingencies Agency #ITEC2019 15 May 2019 My background

520 views • 22 slides
Response: WCC, SDC & Partners Multi-Agency Command and Control - 4 Cs - Command, Control

Response: WCC, SDC & Partners Multi-Agency Command and Control - 4 Cs - Command, Control

Emergency Planning in Stratford Scrutiny Committee Michael Enderby Head of Service, CSW Resilience 6 th September 2017 04/09/2017 Civil Contingencies Act 2004 THE 7 DUTIES A single framework for civil protection in the United Kingdom to

419 views • 4 slides
Swedish Government Mandate Electronically structured coded PI Swedish (human+veterinary) Kim

Swedish Government Mandate Electronically structured coded PI Swedish (human+veterinary) Kim

Swedish Government Mandate Electronically structured coded PI Swedish (human+veterinary) Kim Sherwood, QRD delegate PI assessor Swedish Medical Products Agency Pre study: 2018 Project start: 2020? Possibilities for new formats. Content

216 views • 6 slides
Energy- and climate advice The advice is financed through support from the Swedish Energy Agency.

Energy- and climate advice The advice is financed through support from the Swedish Energy Agency.

Energy- and climate advice The advice is financed through support from the Swedish Energy Agency. Grants from the Swedish Energy Agency 1977-1985 Energy saving plan for existing buildings 1997-2020 Energy and climate advice will

496 views • 8 slides
Swedish Environmental Protection Agency Conference on environmental economics: Practical

Swedish Environmental Protection Agency Conference on environmental economics: Practical

Swedish Environmental Protection Agency Conference on environmental economics: Practical Application of Economics in the Environment Agency in England Dr Jonathan Fisher Economics Manager, Evidence Directorate, Environment Agency England and

621 views • 22 slides
Perspectives from Sweden Oskar Ekblad, head of Swedish Resettlement Program, Swedish Migration

Perspectives from Sweden Oskar Ekblad, head of Swedish Resettlement Program, Swedish Migration

Examples of f su successful/unsuccessful str trategic res esettlement Perspectives from Sweden Oskar Ekblad, head of Swedish Resettlement Program, Swedish Migration Agency Ex Exam amples s of of succ success ssful/unsuccess ssful

92 views • 8 slides
Safe System Approach Claes Tingvall (Swedish Transport Administration) Peter Larsson (Swedish

Safe System Approach Claes Tingvall (Swedish Transport Administration) Peter Larsson (Swedish

Safe System Approach Claes Tingvall (Swedish Transport Administration) Peter Larsson (Swedish Transport Agency) 3. CONSIDERS that the level of road fatalities and injuries remain unacceptably high and STRESSES the importance of adapting motorways,

754 views • 28 slides
QA in Swedish IVET and WBL EQAVET PLA, Gteborg March 27, 2019 Hans Almgren, The Swedish

QA in Swedish IVET and WBL EQAVET PLA, Gteborg March 27, 2019 Hans Almgren, The Swedish

QA in Swedish IVET and WBL EQAVET PLA, Gteborg March 27, 2019 Hans Almgren, The Swedish National Agency for Education IVET in Sweden Education forms Number of ISCED level SeQF - EQF years level Compulsory school 9 1 and 2 2 Upper

790 views • 20 slides
SWEDISH AGENCY FOR HEALTH TECHNOLOGY ASSESSMENT AND ASSESSMENT OF SOCIAL SERVICES Collaboration

SWEDISH AGENCY FOR HEALTH TECHNOLOGY ASSESSMENT AND ASSESSMENT OF SOCIAL SERVICES Collaboration

SWEDISH AGENCY FOR HEALTH TECHNOLOGY ASSESSMENT AND ASSESSMENT OF SOCIAL SERVICES Collaboration of 9 Health Care Agencies in Sweden on User Involvement 2017 Visit our website www.sbu.se/en Follow us on Twitter @SBU_en Sophie Werk, HTAi,

505 views • 9 slides
Introducing the Innovation Office at the Swedish Medical Products Agency Lars Dagerholt, The

Introducing the Innovation Office at the Swedish Medical Products Agency Lars Dagerholt, The

Introducing the Innovation Office at the Swedish Medical Products Agency Lars Dagerholt, The Innovation Office lars.dagerholt@mpa.se @ldagerholt Opening the doors to the Agency Small companies and academia need a different kind of

415 views • 6 slides
The strengthened case for Swedish law and Swedish arbitration in times of uncertainty Swedish

The strengthened case for Swedish law and Swedish arbitration in times of uncertainty Swedish

The strengthened case for Swedish law and Swedish arbitration in times of uncertainty Swedish Embassy, Moscow, 7 December 2016 Sweden from warrior to welfare state Sweden once was one of Europes leading military powers but was

753 views • 36 slides
PA Hazards Jenny Hedman, PA Coordinator SWEDISH ENVIRONMENTAL PROTECTION AGENCY EU Strategy for

PA Hazards Jenny Hedman, PA Coordinator SWEDISH ENVIRONMENTAL PROTECTION AGENCY EU Strategy for

PA Hazards Jenny Hedman, PA Coordinator SWEDISH ENVIRONMENTAL PROTECTION AGENCY EU Strategy for the Baltic Sea Region Adopted by the European Commission in 2009 Platform for cooperation and coordination of activities PA Hazards

513 views • 16 slides
Swedish aid and Sida What is Sida? Government agency commissioned to reduce poverty in the

Swedish aid and Sida What is Sida? Government agency commissioned to reduce poverty in the

Swedish aid and Sida What is Sida? Government agency commissioned to reduce poverty in the world, implementing Sweden's Policy for Global Development The goal is to improve living conditions for people living in poverty and oppression

1.12k views • 42 slides
ATM/CM-SAF, 03-05.02.15 1. INTRODUCTION The (ICAO) International Civil Aviation Organization,

ATM/CM-SAF, 03-05.02.15 1. INTRODUCTION The (ICAO) International Civil Aviation Organization,

ATM/CM-SAF, 03-05.02.15 1. INTRODUCTION The (ICAO) International Civil Aviation Organization, created in 1944, as specialized United States Agency has about 191 members around the world. Its main objective is to develop international air

127 views • 8 slides
Procurement and State aid update Patrick Halliday 30 November 2016 Procurement & State aid

Procurement and State aid update Patrick Halliday 30 November 2016 Procurement & State aid

Procurement and State aid update Patrick Halliday 30 November 2016 Procurement & State aid smorgasbord 1. Abnormally low tenders: FP McCann 2. Disclosure of marking method: TNS Dimarso 3. Marking challenges: Energysolutions v NDA 4.

196 views • 7 slides
IP, Commercialisation and Going Global What can TTOs do to be more entrepreneurial OPTEON Philip

IP, Commercialisation and Going Global What can TTOs do to be more entrepreneurial OPTEON Philip

IP, Commercialisation and Going Global What can TTOs do to be more entrepreneurial OPTEON Philip Mendes Principal Mob + 61 414 615 345 Email philip@opteon.com.au Web www.opteon.com.au IP, Commercialisation - Going Global What is sought to be

594 views • 24 slides
Domain Event Driven Architecture Stefan Norberg, Head of Architecture at Unibet.com twitter:

Domain Event Driven Architecture Stefan Norberg, Head of Architecture at Unibet.com twitter:

Domain Event Driven Architecture Stefan Norberg, Head of Architecture at Unibet.com twitter: @stnor email: stefan.norberg@unibet.com blog: http://stnor.wordpress.com @stnor 17 years as an IT professional Has worked with most aspects

937 views • 66 slides
Precision Lepton Measurements Physics to the PeV Scale Themis Bowcock Smrgsbord srEDM

Precision Lepton Measurements Physics to the PeV Scale Themis Bowcock Smrgsbord srEDM

Precision Lepton Measurements Physics to the PeV Scale Themis Bowcock Smrgsbord srEDM muEDM* Strategic Fit UK Interest Timeline Physics eEDM (prototype pEDM) Lepton Rare Decays mu3e mu2e* Detector muEDM@FNAL

1.02k views • 37 slides
Ein Blick ins Aquarium Was gibt's Neues in Bean Validation 1.1 and CDI 1.1? Hardy Ferentschik

Ein Blick ins Aquarium Was gibt's Neues in Bean Validation 1.1 and CDI 1.1? Hardy Ferentschik

Ein Blick ins Aquarium Was gibt's Neues in Bean Validation 1.1 and CDI 1.1? Hardy Ferentschik Red Hat About me Hardy Ferentschik - hardy@hibernate.org Hibernate team member for 5 years Focus on Validator and Search Validator

743 views • 41 slides
CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer:

CSE 543 - Computer Security (Fall 2006) Lecture 25 - Cellular Network Security Guest Lecturer: William Enck November 30, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06 CSE 543 Computer (and Network) Security - Fall 2006 - Professor

677 views • 21 slides
Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com

Sergey Puzankov Mobile operators vs. Hackers: new security measures for new bypassing techniques ptsecurity.com SS7 in the 20 th century SCP STP STP SSP SCP STP STP PSTN SSP SSP SS7 Signaling System #7, a set of telephony protocols

937 views • 60 slides
1 27/02/2020 2 Cellular Connectivity Anywhere In The World (2G, 3G, 4G, LTE-M, soon NB-IoT)

1 27/02/2020 2 Cellular Connectivity Anywhere In The World (2G, 3G, 4G, LTE-M, soon NB-IoT)

1 27/02/2020 2 Cellular Connectivity Anywhere In The World (2G, 3G, 4G, LTE-M, soon NB-IoT) 180+ countries 540+ networks We are where you are In the Cloud Intra-Cloud Peering Connectivity Meta- Global Reliable and Secure for Device Data

196 views • 18 slides

More recommend