www.enisa.eu.int 1 eu collaboration in network and information security baltic it&t forum 2006...
TRANSCRIPT
1
www.enisa.eu.int
EU Collaboration in Network and Information Security
Baltic IT&T Forum 2006
Riga, 6 April 2006
Dr. Ronald de Bruin
ENISA
2
www.enisa.eu.int
Today’s agenda
• Background and introduction
• State of play ENISA
• ENISA strategy for the future
• Conclusion
3
www.enisa.eu.int
Context for ENISA
Today’s society and economy depend heavily on networks and information systems.
Today’s society and economy depend heavily on networks and information systems.
Users experience serious problemswhen using electronic networks and software and find little help.
Users experience serious problemswhen using electronic networks and software and find little help.
Information security is a concernfor everybody.
Information security is a concernfor everybody.
We need to achieve a culture of network and
information security.
We need to achieve a culture of network and
information security.
4
www.enisa.eu.int
ENISA’s tasks
Giving advice and assistance to
Commission andMember States
Risk assessment
and riskmanagement
Promote CERTs
Information exchange
and cooperation
Trackstandardisation
Promote best practices
Awareness raising
Becoming a centre of expertise
5
www.enisa.eu.int
Some ENISA facts
• Operational since September 2005
• Head Quarter in Heraklion, Crete, Greece
• 44 Staff, €34.8 million budget for 5 years
6
www.enisa.eu.int
State of play: Awareness Raising
• Lots of initiatives have been taken in Member States – lot of material for selecting best practices
• Different approaches to different target groups necessary
• Positive message is important• ENISA shall help Member States with
“customised information packages”
7
www.enisa.eu.int
State of play: Awareness Raising Managing Working Group on Awareness Raising
Developing CD-ROM with Information Package for Member States Customised information packages for different
target groups (SME, home user and media) Including country case studies Communication plan for Member States
Disseminating the main findings among the Member States by organising a focused workshop (Dec ’05)
Contacts: • Isabella Santa• Florent Sagaspe
8
www.enisa.eu.int
State of play: CERTs• Most countries have some sort of CERT/CSIRT,
but not all areas are covered• ENISA shall support and guide those who want
to set up a new CERT• Identify simpler models where a CERT is too
advanced e.g., “WARP” • Identify best practices for cooperation between
CERTs
9
www.enisa.eu.int
State of play: CERTs Managing Working Group on CERTs
Developing a CD-ROM with Inventory on CERT activities in Europe
Gap analysis of areas not covered by CERTs
Roadmap and checklist on how to establish a CERT and of recommended training
Recommendations for enhancing co-operation between CERTs
Organising information sharing workshop to promote best practices (Dec ’05)
Contacts: • Marco Thorbruegge• Mehis Hakkaja
10
www.enisa.eu.int
State of play: Risk Management• Various approaches developed in Member
States, BS7799, EBIOS, IT-baseline protection, etc.
• No one-size fits all solution – best practices have to adapted to specific use/sector
• ENISA shall put emphasis on SMEs• ENISA shall compare risk assessment methods
11
www.enisa.eu.int
State of play: Risk management Managing Working Group on Risk Management
Compiling an inventory of methods and tools for Risk Management
Compiling best practices for Risk Management
Proposing interoperable Risk Management solutions
Preparing Information packages for Risk Management at the example of two different types of SMEs
Contacts: • Louis Marinos• Jani Arnell
12
www.enisa.eu.intState of play: Coordination of activities with MS and EU bodies
Managing the Network of National Liaison Officers
Developing the Who-is-Who Directory
Updating country pages
Managing handling of requests and calls for advice and assistance
Contacts: • Tim Mertens• Silvia Portesi
13
www.enisa.eu.int
ENISA was called upon by …• Lithuanian government: Support in setting-up of a CERT
• Commission– Inventory of measures that providers adopt to comply with Directive on
Electronic Communication (incl. measures against spam) – Opinion on impact analysis for planned Communication on Secure
Communication– Advise Commission on evaluation of eSignature Directive– Assistance in preparing report on electronic identity management
activities in the Commission
• EDPS: Advise on how to conduct security audit on European data protection system
14
www.enisa.eu.intStarting points ENISA strategy for the future
• ENISA was created under the umbrella of the eEurope 2005 Action Plan
• Aim is to strive to create culture of security in Europe, while involving all stakeholders
• eEurope 2005 followed up by i2010 initiative, supporting the Lisbon objectives to be achieved by 2010, where network and information security plays important role
15
www.enisa.eu.intENISA shall follow incremental process by ...
• setting each year new objectives to help achieving Lisbon objectives in 2010,
• while building on 4 main orientations– Promoting NIS to the benefit of end-users– Contributing to improvement of risk management
capabilities in Europe– Identifying measurement methods on maturity of NIS
in Europe– Facing upcoming threats and risks
16
www.enisa.eu.int
ENISA strategy roadmap for Europe
Promote NIS to end-users
2005: • Information sharing• ENISA as start-up with high potential
Promote NIS to end-users
Contribute to improving
capabilities
2006: • Creating platform for EU culture on NIS• ENISA as centre of expertise
2005 2006 2007
2007:• Guiding Europe toward an enhanced level of NIS• ENISA as point of reference
Identify methodsto measure
NIS maturity
Promote NIS to end-users
Contribute toimproving
capabilities
2008:ENISA as proposed modelin global debates ?
Face upcomingthreats and risks
Promote NIS to end-users
Contribute to improving
capabilities
Identify methodsto measure
NIS maturity
2008
LisbonObjectives2010
17
www.enisa.eu.int
Odyseus
18
www.enisa.eu.int
Stay in touch with ENISA !
http://www.enisa.eu.int
Go to our website: Subscribe to our Quarterly Newsletter:
19
www.enisa.eu.int
Stay in touch with ENISA !
Meet us in Rome!
Visit us in Heraklion!
European Network and Information Security Agency
Science and Technology Park of Crete (ITE)
Vassilika Vouton,
70013 Heraklion, Greece