90 likes | 110 Views
Network and Information Security Report – ICTSB/NISSG. Dr. Angelika Plate. Background. Existing NIS-Report from 2003 The new EU Report
E N D
Network and Information Security Report –ICTSB/NISSG Dr. Angelika Plate
Background • Existing NIS-Report from 2003 • The new EU Report • Communication form the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions: A strategy for a Secure Information Society – “Dialog, partnership and empowerment” • A lot of new developments in Network and Information Security
Work Areas • Co-editorship for the new NIS-Report • The Editing Team has partitioned the work (as highlighted in the agenda), based on the expertise of the members • My responsibilities: • Critical infrastructures • Information security management • Industrial environment and manufacturing • Healthcare
Critical Infrastructure • Critical infrastructure includes • Physical facilities, supply chains, information technologies and communication networks that could cause severe problems • Plan for the NIS-Report • Identification of European issues for network and Information Security, including • Security requirements • Threats/vulnerabilities • Identification of security measures • Existing standards that support critical infrastructure • No input received yet
Information Security Management (1) • More emphasis on risk-based information security management in the new report • Sections 8 – 10 concentrate on specific topics - these security measures need a supporting environment to achieve best effects • Merging and extension of previous sections 11 and 12 • Business services • Network defence services
Information Security Management - Standardisation • ISO/IEC 27000 Family of standards • ISO/IEC 27001 – ISMS • ISO/IEC 27002 – previous ISO/IEC 17799 • ISO/IEC 27003 – ISMS Implementation guidance • ISO/IEC 27004 – ISMS measurements • ISO/IEC 27005 – IS risk assessment • Corresponding changes to Section 12 – Assurance • ISMS • Product assurance
Industrial Environment • Inclusion of the developments in industrial environment, including aerospace, car manufacturing,… • Special consideration of SMEs • Input from European Office of Crafts Trades and SMEs for Standardisation • Feedback from IFAN (International Federation of Standards Users) – currently nothing planned • Further input will be sought
Healthcare • Following the new EU report, e-health applications were included in the scope of the new NIS-Report • See Section 3 • Consideration of e-health applications in the following sections • Threats • Security solutions