Geneva's approach to Internet voting (eVoting) certification

1

• Geneva's approachto Internet voting (eVoting)
  certification
• towards certification,
• the way of trust building
• Council of Europe
• Workshop on certification of e-voting systems
• Strasbourg 27 November 2009

2
4a ISO 27001

• General purpose of certification
• The ISO 27001 certification provides a reasonable
  insurance that the certified company is
  implementing within the pre-defined
  perimeterall good practices regarding
  security,from a organizational as well as from a
  technical point of view.
• Certification enables the company to provide a
  proof of its commitment to all stakeholders
  customers, partners, shareholders, insurances,
  etc.
• but it does NOT provide a bullet-proof
  guarantee of security
• ? This is the way the State of Geneva choseto
  achieve its aims

3
4b The State of Geneva ISMS aims

• Developing a standardized and reproducible
  approach of security governance, in order to
  create a reasonable level of trust as well as
  bringing transparency into the internet voting
  process

• Creating a system to manage the information
  securityaccording to ISO 27001 norm and the PDCA
  model
• Tailored to the eVoting domain, its challenges
  and the State context

• The audit's approach
• "Say what we do and do as we say"

• Anticipating interrogations and critics
  communicating
• Capitalizing on the acquired know how
• ? yet, our political framework is limiting
  certifications

4
5a The main steps of the project
01/02.07 06-11.07 01.08
03.08 09.08 11.08
2009
Modeling perimeter, Methodology and
tools Documentary basis Copil-1
Project's progress ? Approach's validation
Copil-3 end of the project ?
Beginning of the eVoting ISMS

• Reflections oncertification and on
• the actions
• to be
• undertaken
• to achieve it
• Presentation
• ISO 27001
• certification

• coaching contract
• constitution of the
• project team
• -
• Preparatory
• works
• -
• Project plan
• Beginning
• of the project
• -
• ISO 27001
• schooling

Classification methods Risks'
evaluation Copil-2 Security
goals and risks management?present
ationandvalidation
Copil "eVoting" presentation and
validation of the risks' evaluation and
management "who deals with
which risks and when?" audit as
exercisegt controlling that we master the
eVoting process ? successful
Maturity of the security management
5
5b ISMS and PDCA model
Model for the ISO 27001 norm compulsory clauses 4
à 8
6
5c Axis of actions of the ISMS project
Actions Commentary Réf. ISO 27001
Management and direct implication of the eVoting project management team - Project management - Methodology and risks validation - Capacity building Ch.5 Management responsibility
Documentation EDM 4.3 Documentation requirements control of documents and records
Methodology State's SGSI/ISMS method and classification model 4.2.1 c) Risk assessment approach
Risk evaluation and treatment - Definition of perimeter - Security policy - Identification, evaluation, treatment - Applicability declaration (SOA) 4.2.1 Plan Establish the ISMS 4.2.2 Do Implement and operate the ISMS
Audit Audit as exercise Ch. 6 Internal ISMS audits
End of project ? ISMS operational management
7
5d - ISMS Statement of applicability SOA
5 Security policy
6 Organization of information security
15 Compliance
7 Asset management
14 Business continuity management
13 Information security incident management
8 Human resources security
9 Physical and environmental security
12 Information systems acquisition, development
and maintenance
10 Communications and operations management
11 Access control
Best practices implementation, according to ISO
27002 (state September 2008)
8
5e Current actions
Action Commentary Réf. ISO 27001
Implementation of safety measures - Ongoing 4.2.2 Do
Management of incidents - Continuous 4.2.2 Do
Management of steps capacity building - Ongoing 4.2.2 Do
ISMS control measures - Ongoing 4.2.3 Check monitor and review ISMS
Evaluation of the measures impact reexamination of the risk assessment - Ongoing 4.2.3 Check
ISMS management and improvement - To be planned (continuous improvement, corrective and preventive actions) 4.2.3 Check 4.2.4 Act maintain and improve ISMS Ch. 8 ISMS improvement
Revue de direction - To be planned 4.2.3 Check Ch. 7 Management revue of the ISMS
Communication - To be planned 4.2.4 Act
Responsibility of the owner of the eVoting system
9
5f - Maturity/Compliance of ISMS
4 Total compliance
3 Partial compliance
2 Limited compliance
1 No compliance
ISO 27001 compliance
4.2.1 PLAN Establish the ISMS
4.2.2 DO Implement and operate the ISMS
8.2 Preventive action
8.2 Corrective action
4.2.3 Check monitor and review ISMS
4.2.4 ACT maintain and improve ISMS
8.1 ISMS improvement continual imporvement
7.3 Review output
Documentation requirements
7.2 Review input
5.1 Management commitment
5.2 Ressource management
7.1 Management review general
6 Internal ISMS audits
10

• 6 Conclusion

• The way towards certification means
• A commitment for means but not for results!
• An approach that stimulates
• The mastering of activities and the improvement
  of the maturity levelof the security and risk
  management of the information system
• The development of competencies and knowledge
• A tool for communication and understanding
• A path towards trust
• certification has however no impact on the
  opinion of skeptics ("there will always be a
  black box somewhere in the system, no matter how
  hard you try to make it transparent") ?