Estonia launches a national information security policy

The Estonian Ministry of Economic Affairs and Communications has prepared a nation-wide information security policy that specifies and coordinates the e-security related initiatives. 

The main goal of the Estonian information security policy is a secure, security-aware, internationally cooperating, and enabling Estonian information society. Specific goals include elimination of non-acceptable risks, defence of basic human rights, information security awareness and training, participation in international e-security related initiatives, as well as competitiveness of the economy. 

The policy comprises five domains. The Estonian Ministry of Economic Affairs and Communications (MEAC) is coordinating the domain of e-security cooperation and coordination. The domain covers initiatives such as coordination of the Estonian information and communication technology environment risk analysis, establishment and operation of the Estonian Computer Emergency Response Team, participation in the activities of the European Network and Information Security Agency, coordination of the cross-border initiatives. 

The Ministry of Internal Affairs together with the Ministry of Defence serves the domain of crisis management and cybercrime. It includes preparation of the state crisis management plan, coordination of the work of the state and local crisis committees, as well as coordination of the international cybercrime related initiatives. 

The Ministry of Education and Research, the Ministry of Defence, the MEAC, and the State Chancellery are responsible for the domain of education and training. The initiatives include public relations activities, training, awareness websites, cooperation with the (high) schools, and satisfaction research. 

Secure e-Government must be based on appropriate legislation, standards, and procedures, such as security requirements for databases, services, and state procurement. The domain of regulations is coordinated by the MEAC together with the Ministry of Internal Affairs. 

Both people and assets must be protected while using the e-Government applications. Coordination of e-security related tasks within applications, such as distributing the ID card solutions and using the Trans European Services for Telematics between Administrations network, is performed in the application domain. The domain is assigned to the Ministry of Internal Affairs together with the Ministry of Defence.  

To implement the information security policy, development and adoption of the annual action plan for the Estonian information and security policies is each year coordinated by the MEAC. Further information: 

• Principles of the Estonian Information Policy 2004–2006
• IT in Public Administration of Estonia 2007
• Estonian Information Society Strategy 2013