5 minute read
06.9 Security Governance – A compliance perspective
by MITA
The risks involved in the security of information are nowadays very real and a constant cause of concern for business executives operating in today’s cyber space. As organizations maintain their competitive edge in the global economy, they must also consider the risks involved in the number of threats that are evolving exponentially and that may be exploited at any time by malicious actors online.
One of the tools available for organisations today is enforcement, achieved through the effective and meticulous implementation of information security compliance activities which play a critical role within the Security Governance function.
The primary objective of Security Governance is to help ensure that an organisation has the proper controls in place to mitigate information security risks. These controls are at the highest level defined within structured policy documents that lay the foundations for a strong and robust security vision that are clearly communicated within the organisation.
Compliance activities are executed to continuously monitor and verify that this vision is thoroughly understood and implemented by the various business functions that are processing information that needs to be continuously protected from malicious activities, especially in instances when such information is sensitive in nature and/or relates to the processing of personal data. They also ensure that other applicable requirements stemming from international industry standards that the organisation is aligned to or certified against are continuously adhered to and pertinent legislative requirements met.
Conducting security compliance checks help organizations strengthen their commitments towards information security and provide management with visibility on what is working and what is not by determining the present state vis-à-vis the requirements of applicable controls. Such assignments outline conformities and non-conformities and identify corrective actions deemed necessary to rectify issues as per specific regulations, strategies, and policies. Something to keep in mind is that being compliant is very often not enough, organizations must also be able to provide evidence of their compliant state to external assurance bodies such as third-party auditors, implying that executed compliance checks are auditable and thus adequate evidence is required to be collected and preserved to illustrate conformance by depicting all measures taken to comply with required objectives.
Implementing Security Governance and instilling a compliance culture does not come overnight. It’s a continuous process of raising awareness and learning, revising the controls in place to ensure that these are effective in the context of the information involved and adapting to today’s changing technological landscape to protect what’s most valuable for the organisation to the best extent possible.
06.10 Malta – Europe’s Top Performer in eGovernment
Malta was reconfirmed Europe’s top performer in eGovernment, standing out with a score of 96% amongst the 27 European Union (EU) Member States, Iceland, Norway, Switzerland, the United Kingdom, Albania, Montenegro, North Macedonia, Serbia and Turkey.
The results were published in the eGovernment Benchmark 2021 reports on Friday 12th November 2021 by the European Commission.
The benchmarking study carried out by Capgemini, Sogeti, IDC, and the Politecnico di Milano for the European Commission Directorate-General for Communications Networks, Content and Technology measures four dimensions as well as compares the state of play of eGovernment services between the participating countries.
In order to assess how countries are performing in eGovernment, eight life events covering the most common domains of public services, namely setting-up a business start-up, losing and finding a job, career, family life, regular business operations, moving home, transport and starting a small claims procedure, were assessed. Each life event is associated with a journey that businesses and/or citizens experiencing this life event, will go through. For this assessment, mystery shoppers acting as prospective users, visited and assessed webpages relating to these life events, by following a detailed and objective checklist between August and September 2020.
Malta, once again, attained an exceptional result by leading in all the four dimensions and ranking first in the overall results.
Each life event is measured once every two years to allow countries to follow up on the results and to implement improvements after each measurement.
User Centricity Dimension
This dimension measures the online ‘availability’, ‘mobile friendliness’ and ‘user support’ of eGovernment services. Malta has ranked first in the online ‘availability’ and ‘user support’ of eGovernment services, leading this overall dimension with a score of 99%; 11% above the EU average.
Transparency Dimension
This dimension examines mainly the service design, delivery processes and access to personal data. Malta leads in this dimension with a score of 98% while the EU average score is 64%.
Key Enablers Dimension
This dimension measures the availability of several technical elements for the delivery of eGovernment services. Malta attained an overall score of 98%, where again it was confirmed leader. Most of the Government Departments, Entities and Agencies provide their services and Agencies provide their services online, and citizens and businesses are no longer required to physically pay a visit to get served. A citizen who needs to communicate digitally with the Government, is to authenticate themselves by using the electronic identity (eID), fill in the required application forms, and attach related documentation.
Cross Border Services Dimension
The last dimension measured in this assessment is the Cross Border Services. This dimension assesses governments’ ability to provide businesses and citizens from other European countries seamless access to online public services. Once again, Malta is the top performer with an overall score of 90%, 35 percentage points above the EU average.
The eGovernment Benchmarking assessment is key to continuous improvement. Government Departments, Entities and Agencies are implementing digitalisation and modernisation initiatives, to continue providing citizens and business best-in-class services.
Malta must be proud of this success.
The eGovernment Benchmark 2021 Insight and Background Reports are available at
06.11 Implementing the Single Digital Gateway in Malta
The Single Digital Gateway (SDG) is intended to facilitate online access to the information, procedures, and assistance services that citizens and businesses need to get active in another EU country. The Ministry for the Economy and Investment requested MITA to help with the implementation of the SDG in Malta, in line with our recently launched corporate strategy and our ambitious programmes for Digital Transformation.
The SDG envisages a once-only technical system set up for the transmission of the electronic evidence required for the fulfilment of procedures across borders. The principal benefit expected from the system is the authenticity of the evidence which will be provided by approved sources.
To illustrate the process, for an Italian citizen to access a cross-border service to register for a second degree offered by an education institute in Malta, she would first authenticate to the service with her Italian credentials using the eIDAS Node. Subsequently, the service would ask the Evidence Broker what type of evidence is required to fulfil the criterion for eligibility which in this case is the completion of a first degree. The broker would inform the service that the required evidence type is a first-degree certificate. The service would then ask the Data Services Directory from where to obtain such a certificate from Italy, and the directory would respond with the location of one or more data providers.
The service would then be required to ask the user for an explicit request to seek the evidence from the selected data providers. If such authorisation is granted by the user, the service would then use the eDelivery system to submit a request for evidence. Upon receiving the information, the service would be required to allow the user to preview the evidence prior to using this within the procedure.
It has been confirmed that the CEF eDelivery building block will be adopted as is in the SDG technical specifications. To de-risk the project, MITA immediately set out to implement this part using our Cloud-based technologies. eDelivery uses a decentralised four-corner model messaging topology, allowing communication between different parties without setting up bilateral channels.
In conclusion, the SDG represents the biggest attempt made so far by Europe to achieve widespread cross-border digital connectivity and the project presents several interesting business-related, legal and technical challenges. MITA is very well positioned to facilitate this transformational journey in Malta by providing technical expertise and building the shared services required to achieve these objectives.
