Post on 16-Feb-2018
transcript
www.enisa.europa.eu 1
Dr. Vangelis OUZOUNISSenior Expert Security Policies
ENISA
evangelos.ouzounis@enisa.europa.eu
5th German Anti-Spam SummitKoeln, 5th of Sept. 2007
www.enisa.europa.eu 2
Agenda
NIS a Challenge for the Internal Market
ENISA
Network Security Policies
Work Programme 2008 (draft)
Conclusions
www.enisa.europa.eu 3
NIS Challenges for the Internal Market
Communication Unlimited!ICT boosts productivity in all sectors of the economyICT a critical enabler of all services, virtual and physical Proliferation of technologies but also of disruptions,
more sophisticated and organisedtake advantage of rapid penetration of new technologies and/or improper implementation of security measuresdifferent underlying motives including moneybeyond national boarders a global phenomenonmajor threat for the proper functioning of the Internal market
NIS requires pan European (global) co-operation
www.enisa.europa.eu 4
EU NIS Policy - History
1997- COM(97) 503 on ensuring security & trust in electronic communications1999 - Electronic Signature Directive (1999/93/EC)1999 - eEurope 2002 Action Plan smart card & secure access2001- COM(2001) 298 an EU policy on NIS2002 & 2003 - Council Resolutions EU SecurityStrategy2002 - eEurope 2005 Action Plan a task force proposed2004 - ENISA is established2005 - i2010 initiative a security strategy is announced2006 - COM(2006) a new NIS strategy
www.enisa.europa.eu 5
ENISA
An EU Agency - created on 14th of March 2004
Located in Heraklion, Crete, Greece
Main Objectives
enhance the capabilities of EC and MS to address and respond to NIS problems
provide assistance and advice to the EC and MS on issues related to NIS (e.g. updating Community legislation in NIS)
develop high level of expertise building on EU and MS efforts (e.g. analyze current and emerging risks, track the development of standards, etc.)
stimulate broad cooperation between actors from public and private sectors
www.enisa.europa.eu 6
Network Security Policies 2006 & 07 Activities
best practices of security policies - knowledgebase of best practices
assessing the implementation of security and anti-spam measures
eIDs and authentication Interoperability
assessment of accreditation and certification schemes
Original InfosecGuide(e.g.
Documents)
Infosec Control
1. Collect Best Practice Guides, Best Practice Policies and Best Practice Controls
Infosec Policy
Infosec ControlInfosec
ControlInfosec Control
Infosec Policy
Infosec ControlInfosec
ControlInfosec Control
Gen.Infosec Guide
Gen. Infosec Policy
Infosec ControlInfosec
ControlInfosec Control
Gen.Infosec PolicyInfosec ControlInfosec
ControlInfosec Control
Infosec ControlInfosec ControlInfosec ControlInfosec ControlInfosec Control
Infosec ControlInfosec ControlInfosec ControlInfosec ControlInfosec ControlInfosec Control
Original InfosecControl
(e.g. Ideas)
Original Infosec Policy(e.g.
Chapters)
Gen. Infosec Policy
Infosec
Control
Infosec
Control
Infosec
Control
4. Store these pieces of
Guides, Policies and Controls
also in the Knowledgebase
Best Practice Knowledgebase
2. Store Guides, Policies and Controls (or references to them) in the Knowledgebase
5. Create new brief, simple, broadly accepted Guides and Policies
3. Extract most relevant & valuable pieces
www.enisa.europa.eu 7
Highlights Security Policies
tacit knowledge on security measures difficulty in using formal languages
SMEs lack expertise and resources to deploy tools and formal methods
security policies directly relate to the size of organisations
interoperability of security policies is a challenge mostly for chains of multi-domain networks
customisable templates of best practice security policies would be of real value
www.enisa.europa.eu 8
Highlights - eIDs
lack of interoperability of mutually recognised eIDsacross organisational boundaries
online (cross-country) eGov applications manifest the lack of interoperable eIDs
EC and MS developed a roadmap and work on cross-country interoperability pilots
availability of eID technologies - lack of standards and trust infrastructure for the real take up
ENISA works on a language for interoperable trust properties
www.enisa.europa.eu 9
New WP 2008 (draft)
Cooperation among MS
Risk Management
Resilience of Public Networks
SMEsBuilding
Confidence
Horizontal Activities (requests, media, etc.)
Build on Synergies Achieve Impact
www.enisa.europa.eu 10
WP 08 Selected Topics
Resilience of Public Communication Networkssurvey on legal and regulatory measures in MSsurvey on good practices in resilience of public networksreport(s) on resilient backbone and Internet technologies
Cooperation among MSfaster take up of interoperable eIDs in Europe
eID best practices including legal and regulatory issuesposition papers on emerging technology trends, privacy and data handling and/or usability aspects of eIDsanalysis of standards related to pan-European eID initiative
Risk ManagementEmerging Technology Threats Position Papers
Two topics (e.g. mobile eIDs, Interoperability of Policies, VOIP, IPv6, Priority Communication, ad-hoc networks, etc.)Reports produced by a group of experts using electronic means
www.enisa.europa.eu 11
Conclusions
Availability of services and integrity of networks is key to the proper functioning of the internal market
Investments in Good NIS practices is a competitive advantage, not an expenditure
Cooperation in NIS among MS and Community is necessary
ENISA, a new Agency of the EU, builds on MS and Community initiatives and expertise
New WP follows a multi-year approach, aims at achieving impact
www.enisa.europa.eu 12
Stay in Touch with ENISA
http://www.enisa.europa.eu
Go to our website Visit the Trends and Development Site
http://www.enisa.europa.eu/pages/Technologies/index.htm
Dr. Vangelis OUZOUNISSenior Expert Security Policies
ENISAevangelos.ouzounis@enisa.europa.eu
http://www.enisa.europa.eu/rmra
Visit the Risk Management Site