Week 11 - Mari Seeba
Title: Development of information security management standard and evaluation instrument, Estonian case
Abstract: In Estonia, the baseline standard for information security management has been in use since 2003. It has been mandatory for many agencies since 2005. In 2020, the first standard called ISKE (InfoSüsteemide Kolmeastmeline Etalonturve) was replaced by a new standard for information security called E-ITS (Eesti Infoturbestandard). The number of implementers increased almost tenfold. With the creation of the new standard, there was a need to evaluate information security status of the organisation in compliance with E-ITS. Also, the organisations expected the possibility of comparison with other authorities in a way that would support the implementation of the new standard. There is also an urgent need to know which security areas need coordinated support from the NCSC-EE. A framework for security level evaluation (F4SLE) based on the E-ITS was first created, then a method of updating the content of the F4SLE on an annual basis in order to preserve the possibility of comparison with previous results. In addition, a tool proof-of-concept was created to support the F4SLE evaluation process. All this has been the content of Mari Seeba's research project, which she will introduce at the seminar.
Mari Seeba is a PhD student at the University of Tartu Institute of Computer Science. Also, she is a leading cybersecurity expert in the Estonian Information System Authority's (NCSC-EE) security standard development team. In 2019, she defended her master's thesis, which focused on the specification of an ISMS management tool's integration with a workflow management tool. Her current PhD research topic is the development of information security standards, using the Estonian use case as an example, specifically focusing on how to evaluate and compare security level of organisations. Mari has expertise in information security management standards, risk analysis, controls, and auditing. Prior to joining the university, she worked at Cybernetica AS, an Estonian research and development company, as a project manager and IS auditor for security-related projects for almost 15 years.