14
15
The Malta Independent | Thursday 10 February 2011
ICT Feature
The role of ICT in fisheries Josef Vella
Josef Vella is a Project Manager at MITA
What do fish and fishing have to do with computers, internet and communications? Well, on the outset, nothing... however, information technology is playing a significant role in the modernisation and growth of the fishing industry. This traditional industry is facing economic and environmental pressures, as well as ever changing regulations. Such pressures have led the fishing industry to invest in information technology to maintain sustainability and streamline its operations and be more effective and efficient. ICT is providing this industry with new ways to effectively monitor and control fishing fleets and also with software to ease catch management. Technology has also found its way to the fish markets and supply chains. Another important factor in which ICT is helping in is in the collating of necessary information required to regulate, report and plan. In Malta, the Fisheries Department has already embraced the use of ICT. Currently the department has various systems to monitor, control and report fishing activities, including a Vessel Monitoring System (VMS) which tracks vessel movements and provides information on the vessels’ location, speed and course. From the experiences gained through the use of the existing information systems and through the advances made in technology, the fisheries department has recently embarked on a project for the implementation of a holistic, integrated, real time information system. The system shall provide real-time information of catches, landings, fishing vessels whereabouts, management information, administration tools as well as a myriad of reporting functionalities which can be used for research, reporting and monitoring. This project, which is co-financed by the European Union, started with an overall scope study of the fisheries processes and the ICT requirements for this industry. A call for tenders was issued in July 2010 and awarded in December 2010. It is scheduled that the main components of this holistic information system will be in place by December 2011. The benefits perceived
Roderick Spiteri
Claudine Cassar
Claudine Cassar is Managing Director of Alert Communications Ltd
The Malta Independent ICT Feature is now in its third week. In today’s edition, being the feast of St Paul's Shipwreck, we included an article on how the fishing sector, considered to be relatively traditional, is making use of innovative ICT solutions. A report published by security firm McAfee a few days ago shows
that cybercrime has thrived over the past decade and the forecast for the next ten years is even worse. The largest ICT organisation in Malta, MITA, has recently been accredited by the industry leading ISO27001 security standard and today the Agency is sharing its experience in acquiring this certification. With Valentine’s Day around the
corner, we’re looking at some statistics from the newly launched TrolleyMania virtual mall and compare how this fares with online malls abroad. We can also read about the outcome of the conference hosted by the Malta Communications Authority (MCA) regarding the next 10 years in telecoms.
Implementing the ISO27001 standard Keith Cauchi
from this project are: • Improved management, monitoring, control and auditing; • Improved policy making and planning through the available
• Administrative efficiency gains through automated processes, information sharing and collaboration; • Improved services to fishermen both administratively as well as opera-
tionally. This project shall help the Fisheries Department to become more efficient, organised and client (fishermen) oriented. It will also provide the opportu-
nity to further develop this industry and be able to respond faster to the ever changing regulations and demands.
A local virtual shopping experience TrolleyMania (www.trolleymania.com) is just over three months old. The portal, launched in October 2010 now boasts over 65 eShops and over 10,000 products. The success of the portal, however, is not limited to attracting new merchants. TrolleyMania consistently attracts between 400 and 600 unique visitors daily. Each visitor spends on average 10 minutes on the site and peruses an average of 19 pages. These figures compare well with the results reported in the Benchmark Industry Report for UK Online Retail issued by CoreMetrics. The average number of page views for TrolleyMania is 19 pages per session which is significantly higher than the UK average which stands at 11 pages per session. The average amounbt of time a user stays on TrolleyMania is 491 seconds whilst the average for UK online retailers is 454 seconds. In a nutshell, it is clear that people visiting the site are liking what they see and are spending more time than average browsing through the products available in TrolleyMania. This is a very positive indicator of the exposure that can be gained by merchants that sell their products through this eMall. Another very important indicator that must be considered when assessing the performance of an eCommerce portal is the new visitor conversion rate – in other words what percentage of new visitors actually complete an order and purchase. TrolleyMania is currently logging a 1.6% conversion rate, which is just over half the UK benchmark. When looking at this figure, however, it is important to keep in mind that the 1.6% does not reflect the full picture of sales generated by the portal. The operators of the eMall have
The Malta Independent ICT Feature
Keith Cauchi is an Information Security Engineer and part of the ISO27001 team
As the Agency entrusted to be the central driver in the evolution of Malta into a leading information society and economy, the Malta Information Technology Agency (MITA) is very vigilant of its security aspect. Early in 2009 MITA embarked on an agency-wide project with the aim of enhancing its security profile. The project consisted of various technical initiatives and it was felt that the best way forward was to align these activities to an international security best practice. A renowned international-standard-setting body that promotes worldwide proprietary industrial and commercial standards is the International Organization for Standardization (ISO). Due to its encompassing nature, MITA chose the ISO27001 security standard to govern its security operations and information risk management and a small team within the Information Security department was set up to achieve this goal. The approach towards ISO27001 MITA tackled ISO27001 certification in a phased approach. A decision was taken to seek certification on the agency’s horizontal processes which cut across various teams. The processes involved were complex and involved multiple teams from different areas. The reason for this bold choice was to reap the full benefits of the ISO27001 certification and get a real and representative risk posture of its operations. The experiences gained in ISO9000 and Tickit certifications helped MITA throughout the buildup to ISO 27001 certification especially in gathering information required for the risk assessment processes. A major revamp of the agency’s risk management procedure was carried out with the aim of reducing the amount of paperwork required whilst still capturing the salient risks the agency faced. Furthermore, a risk escalation procedure was defined to ensure that risks would be channeled in a structured way through the appropriate management structures according to their significance. In the early phases of the build up towards the audit, the team setup to achieve ISO27001 identified that the
“ ”
Among other aspects, the ISO27001 accreditation process looked also at how the people behind the technology – the users – look at information security
lack of articulated security policies and procedures was a major concern in addressing the mandatory controls stipulated in the ISO standard. Initially the Agency explored the idea of purchasing these policies and standards from third parties but this was soon discarded since the amount of customisation required would be substantial. Instead, the ISO27001 team recommended that the necessary policies would be phased-in in a gradual but progressive way. This ensured that MITA does not lose perspective and end up seeing the ISO27001 accreditation as a paper based exercise. Among other aspects, the ISO27001 accreditation process looked also at how the people behind the technology – the users – look at information security. Therefore the process instigated a number of initiatives. One of these initiatives was a tailor-made course for all MITA employees and Chief Information Officers. This is an ongoing process, as part of an employee’s induction training whereby new employees are made aware of the security policies and procedures they have to follow. Another initiative was the introduction of a security awareness campaign where various posters highlighting different aspects of security are issued and distributed across the public sector.
During and after the certification process During the certification process, two external pre-audits were conducted to ensure that the approach to tackle certification was correct and the
agency was heading in the right direction. The external audit took place in July 2010, a grueling one week audit that assessed not only the Agency’s profile against ISO27001 controls but also the comprehensiveness of the approach the ISO27001 project team adopted to certification. A big advantage in MITA’s case was to involve MITA’s internal compliance function at an early stage which showed the auditor how MITA’s checks and balances were working to pinpoint any deficiencies in the processes adopted. Following the successful first audit, external surveillance audits now take place every six months to ensure that the standard is maintained. Re-certification audits take place every 3 years. Teams that have been certified against ISO27001 are required to maintain a ‘Collated Risk Treatment Log’ listing identified risks and chosen controls to mitigate these risks. Risks are not only identified through risk assessments but also through the identification of security weaknesses. If employees identify a security weakness, during the course of their duties s/he is required to report this to the Information Security Department for further investigation. Conclusions Getting resources on board and having information security recognised as a priority for teams who work to deliver a service was the main challenge encountered by the project team throughout the process. A key to successfully retain the certificate is the ongoing support received by senior management both at a department level but also at a CEO/board level. ISO27001 brought staff closer to security than ever before. MITA clients and suppliers see certification against such a professional standard as a proof of employing good security practices. Certification is valid for three years, thus the Agency will undergo a recertification audit in 2013. In the meantime, work to certify remaining departments is in full swing, in preparation for the next surveillance audit in June.
The next 10 years in telecoms Mandy Calleja
identified a phenomenon which is the direct result of the small size of our country – people are identifying the product/s they want to purchase
from TrolleyMania and then going to the physical store to check it out and buy it. In fact the operators of the eMall have received regular
feedback regarding this occurrence, particularly from artists, boutiques and shoe shops. This is obviously a positive side effect of TrolleyMania
since ultimately the aim of the eMall is to help its members to generate more sales, both in the physical and the virtual world.
Mandy Calleja is Communications Coordinator at MCA
The next 10 years in telecoms – what does the future hold? This was the underlying theme of a conference hosted recently by the Malta Communications Authority (MCA) in commemoration of its 10th anniversary of operations. Without a doubt, the telecoms landscape is changing globally. Economies in general have adopted the digital form – monetary transactions, reporting, radio and television transmissions, maps, direct mail adverts and many other business processes have been reduced to bits stored in computer memories, racing across networks at incredibly fast speeds. Geographical boundaries no longer exist in this digital age. Global connectivity has become a critical, if not the most important component for most businesses. Key success factors for businesses to survive in these changing times include; 1. Strong competitive stance: in order for businesses to sustain their competitiveness, it is important that they are well equipped to cope with consumer demand and deliver the right consumer experience;
2. Visionary government policies: governments must be forward looking, developing policies that facilitate continued investment by undertakings. It is essential that government and regulators talk, but more importantly to act globally; and 3. Affordable prices: on this note however one may question whether low prices will in fact drive usage and adoption of new technologies or whether this is dependent on cultural practices. The past has shown us, with some certainty, that competitive prices do in fact drive usage, especially in the mobile market. The future in technology lies in next generation networks, capable of supporting ultra-fast broadband experiences that are essential for economic growth. Businesses must be open and prepared to change! With industrial and technological changes, comes regulatory change. Challenges will remain, primarily in fostering infrastructural competition, facilitating investment in the essential next generation networks and increasing harmonisation and cooperation. The structure and scope of regulators
will also have to be revisited. Should they specialise in a particular industry or should nations opt for multi-sector regulators as in Australia? Should regulation be renounced altogether and taken over by competition rules as in New Zealand? Should telecom regulators be all encompassing and take on consumer and broadcasting content – can such issues be truly separated? Such questions remain to be addressed in the coming years. In the words of MCA’s Chairman, Ing. Philip Micallef, ‘The age of networked intelligence is an age of promise. It is not simply about the networking of technology but about the networking of humans through technology. It is not an age of smart machines, but of humans who, through networks, can combine their intelligence, knowledge and creativity for breakthroughs in the creation of wealth and social development. It is not just an age of linking computers, but of internetworking human ingenuity. It is an age of vast change, vast new promise and unimaginable opportunity.’ The future is bright!