Www.enisa.europa.eu 1 ENISA: Fostering the European Cooperation on Network & Information Security...
-
Upload
percival-cameron -
Category
Documents
-
view
217 -
download
2
Transcript of Www.enisa.europa.eu 1 ENISA: Fostering the European Cooperation on Network & Information Security...
www.enisa.europa.eu 1
ENISA: Fostering the European Cooperation on Network &
Information SecurityDr. Panagiotis Trimintzios, CISSP
European Network & Information Security Agency
email: panagiotis.trimintzios at enisa.europa.eu
IT&T eBaltics, Riga, Latvia, 19 April 2007
2
Outline
• ENISA Structure and Context
• Scope of ENISA and workplan
• Current Projects and Activities– Awareness Raising, Risk Management, CERT
Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications
– Requests and Calls for Assistance
• Opportunities for Cooperation with ENISA
3
Key facts
• Created under eEurope 2005 Action Plan and set up in 2004 by EU Regulation
• Mandated to enhance the capability of the EU institutions, Member States and the private sector to prevent, address, and respond to network and information security problems.
• Operational since September 2005 in Heraklion, Greece
• 34.8 M€ budget for 5 years• ~50 Staff
4
Management BoardManagement Board
Executive Director & StaffExecutive Director & Staff
Permanent Stakeholders Group
Permanent Stakeholders Group
Ad hoc Working GroupsAd hoc Working Groups
• 27 Member States Representatives• 3 European Commission Representatives• 3 Stakeholders (Industry, Academia, Consumers)
• Mr. Andrea Pirotti• ~50 Staff (2006)
• 30 Members from Industry, Academia and Consumers
• Comprising 5 to 9 leading NIS Experts• 3 Working Groups in 2006, several new foreseen in 2007.
ENISA Structure
5
Outline
• ENISA Structure and Context
• Scope of ENISA
• Current Projects and Activities– Awareness Raising, Risk Management, CERT
Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications
– Requests and Calls for Assistance
• Opportunities for Cooperation with ENISA
6
ENISA’s main task
• to promote stakeholder cooperation
Giving advice and assistance to
European Union Institutions
and the Member States
Risk assessment and risk
management
Promote CERTs
Trackstandardisation
Promote best practices
Awareness raising
Becoming a centre of expertise
7
Catalyst
Stimulator
Adviser
Promoter
Scientificlab
Evaluationbody
CSIRT
Analystservice
… maintain internal expertise, at the disposal for EU and Member State competent bodies
(respond to Requests and Calls for Assistance)
Scope of activities
to be a … and not to be a...
8
Outline
• ENISA Structure and Context
• Scope of ENISA
• Current Projects and Activities– Awareness Raising, Risk Management, CERT
Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications
– Requests and Calls for Assistance
• Opportunities for Cooperation with ENISA
9
Awareness Raising
Information Packages for EU Member States Customised information packages for
different target groups (such as SMEs, home users, and media)
Includes country case studies Communication plan for EU Member States Added ISPs and local government
A Users’ Guide: How to raise information security awareness (available online at ENISA)
Delivery of Dissemination Workshops for main findings among EU Member States
Awareness Raising Campaign Key Performance Indicators
Working Group on Awareness Raising (closed)
10
CERT Cooperation
Inventory of CERT Activities around in Europe (available online and CD-ROM)
Developed a “Step-by-step Plan on how to set-up a CERT”
Provided a Recommendations Report on “How to Enhance Co-operation Among CERTs”
Organisation of Information sharing Workshops to promote CERTs Best Practices
Focus on quality of CERT offered Services and advanced issues
Maintain an ad hoc Working Group on CERT Cooperation and Services
11
Risk Management
• Established the 1st European Inventory of Risk Assessment (RA) & Risk Management (RA)– Enhanced capabilities for searching, comparing,
identifying methods and tools
• Introduced an Information Package & Best Practices on RM/RA for SME’s
• Delivered Reports on Emerging Risks– Roadmap, Information Collection/Processing
• Focus on Continuity Risks• Maintain a Working Group on RM/RA
view all activities at: www.enisa.europa.eu/rmra
12
Co-ordination Activities with Member States & EU bodies
Establish and maintain a Network of National Liaison Officers at MS
Maintain a NIS Who-is-Who Directory Please send your information
for inclusion Maintain Member State Country
Pages at ENISA’s website Established a European NIS
Best Practice Brokerage Currently being a major activity
Manage the Requests and Calls for Advice and Assistance from Member States and EU bodies
13
Relations to Industry, Int’nal Organisations and Academia
• Manage the Permanent Stakeholders Group (PSG)• Create a database of “NIS Experts Pool” in EU• Cooperate with “umbrella” organisations/associations on
NIS-/ICT-related industry, consumer, academia• Establish the Network of national industry multipliers in
Member States• Facilitate ENISA exchange with international
organisations and standardisation bodies, e.g., OECD, ITU, WSIS, ETSI, CEN, W3C
• Analyse the Barriers and Incentives for NIS in the Internal Market for e-Communication
• Map education on NIS and establishing guidelines for educational programmes (virtual group)– Current focus is on Postgraduate (future: undergraduate, summer
schools, etc)
• Plans to establish ENISA Award and Foresight Forum
14
Security Policies and Technologies
• Study of Anti-spam and Security Measures by ISPs• Authentication Interoperability
– Established Interest Group and organised Workshops• Electronic identity
– Drafting Position Papers– Established Interest Group and organised Workshops
• Major and emerging technological developments and trends– Draft Position Papers in various areas– Monitor activities of standardization, industry, research– Inventory of NIS Standards (collaborative project with ITU and
NISSG)• Feasibility study for a data collection framework
– Trends in security incidents and consumer confidence• Organise Workshops to Promote Certifications• Security policies best practices Knowledge base
Alain
15
Outline
• ENISA Structure and Context
• Scope of ENISA
• Current Projects and Activities– Awareness Raising, Risk Management, CERT
Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications
– Requests and Calls for Assistance
• Opportunities for Cooperation with ENISA
16
1) EDPS2) Commission
3) NRA Lithuania
4) Commission
5) Commission6) Commission7) Czech Republic
8) Commission
9) Commission
….
Facilitating audit of EURODAC SystemAssessment of Security Measures taken by Electronic Communication ProvidersAssistance in Setting-up of CERTs through Organising a CERT Training in LithuaniaProviding Feedback on Impact Assessment on planned CommunicationAdvice on Mid-term Review of Directive on Electronic SignaturesAdvice on eID Management in Commission ServicesAssessment of Security Requirements for Public Administration Information Systems (PAIS)Feasibility Study on a trusted Partnership for a Data Collection FrameworkExamining the Feasibility of a EU-wide Information and Alert System…..
Example Requests to ENISA
17
Outline
• ENISA Structure and Context
• Scope of ENISA
• Current Projects and Activities– Awareness Raising, Risk Management, CERT
Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications
– Requests and Calls for assistance
• Opportunities for Cooperation with ENISA
18
How Can You Cooperate with ENISA?
• Be an expert collaborating with ENISA in:– ad hoc Working Groups (call will open after April)– PSG (call open until 15.05.07)– NIS Experts Pool database (open call)
• Participate in one of ENISA’s Virtual Expert Groups – Authentication and Interoperability– Electronic Identity– Certifications– European NIS education
• Make (pilot) use of our Results and Studies, e.g., – A User’s Guide on How to Raise NIS Awareness– Step-by-step Guide to setup a CERT– Risk Management Information Package for SMEs– Online inventory of Risk Management Tools & Methods– ISP Measures on Security and Anti-Spam – …
19
How Can You Cooperate with ENISA?
• Help to draft ENISA’s Position papers on, e.g.:– Social Networking, – Reputation and web of Trust, – Identity Management
• Send a specific Request or a Call for Assistance – Applicable for EU and Member State’s competent bodies
• Participate at ENISA’s dissemination Workshops• Call ENISA to Support/Co-organise Jointly Events
(Conferences, Workshops)• Write an article about your activities for our magazine
“ENISA Quarterly” to outreach a wide expert audience in the EU (>10000 downloads)
• Visit us at our premises in Heraklion Crete to explore more opportunities for cooperation