Information Security
As cyber threats are evolving quickly, an information security roadmap was prepared and was presented in January 2019 to propose a continuously improving and holistic information security programme which focuses on improving the information security management system (ISMS), including security incident management, vulnerability management, awareness, and training for ICAO staff. On the tactical level, the annual 2019 penetration testing was completed and mitigation measures to harden ICT assets were proposed. On the strategic level, an independent review by the United Nations International Computing Centre (UNICC) was completed to measure the progress of the former Cyber Security Action Plan, to assess whether actions taken are sufficient to reduce cyber risks, and in addition, to assess ICAO’s ICT governance and skills in order to ensure it can properly implement its action plan.
