130 likes | 315 Views
WG-ALPINE: Active Loss Prevention for ICT Enabled Enterprise Thematic Network Project . Richard Sitruk ETIS. “trust is essential to business - security just gets in the way”. “trust is essential to business - security just gets in the way”. WG-ALPINE Project Goal.
E N D
WG-ALPINE: Active Loss Prevention for ICT Enabled EnterpriseThematic Network Project Richard Sitruk ETIS
“trust is essential to business - security just gets in the way” • “trust is essential to business • - security just gets in the way”
WG-ALPINE Project Goal The creation, operation and consolidation of an Active Loss Prevention Working Group to address common ICT Security problems faced by users (especially SMEs), achieve consensus on their solutions across multiple disciplines, and create a favourable e-Business market impact.
DDSI Dependability policy support WG-ALPINE Active Loss Prevention AMSD : Overall dependability e-business embedded CIP privacy AMSD Dependable embedded systems PAMPAS Mobile privacy & security ACIP Critical infrastructure protection RAPID Privacy / Identity Mgmt BVN Biometrics RESET Smart Cards STORK crypto European Roadmap Projects
The Active Loss Prevention Goal Active Loss Prevention will reduce the incidence and impact of loss that occurs as a result of unauthorized activity in information systems within and between organizations and thereby improve the protection of both industry and government from attack.
Active Loss Prevention Roadmap Actuarial Data Risk Vocabulary Insurance ‘packaged products’ Certified Practices and Components Liability (standards, contract terms, model laws, model regulations) Mitigation improvement Risk Management Methods Mitigation Effectiveness Standards of Due Care
Project Partners • The Open Group (UK) • Overall project coordinator, and managing 2 SIGs • Includes every major and many SME vendors of ICT • Large base of users concerned with interoperability/conformance • Launched first EU grouping addressing ALP topics • European Software Institute (Spain) • Development methods, best practices, and managing 2 SIGs • Process improvement and take-up of key technologies • Assessment skills and large SME constituency of ICT users • ETIS (Belgium) • Addressing inter-Telecom standards/procedures, and managing 1 SIG • Includes most European Telecom Operators • Strong participation from Telecom equipment vendors
Project approach • Analyse the market and determine topics to be addressed • Establish framework and infrastructure for SIG activities • Recruit participants and launch 5 SIG’s addressing ALP topics • Manage SIG’s and ensure significant results are achieved • Promote and disseminate results to industry bodies and larger European audience
Candidate SIG Topics • Legal issues affecting ICT Security • IPR, licensing agreements, privacy laws • Identification and management of risk • How to identify, quantify and analyse security benefits and risks • ICT Security for finance and auditing • Measuring and monitoring the financial exposure • ICT Security Standardisation • Universal plug and play of ICT Security solutions • Free Security components • Open source, public domain and shareware • Skill profile for ICT Security engineers • ICT Security quality certification • Commercial products and services, and providers
Project Actions (1) • Analyse the ICT Security situation: the current offer and demand, the mechanisms, the future trends, expected growth, etc. • Identify common problems in acquisition, management and integration of ICT Security technology, services and methods, based on an assessment of current practice. • Provide and share solutions to the identified problems.
Project Actions (2) • Co-ordinate the definition of requirements for ICT Security related projects at a European level. Identify open issues and research subjects as input for future research and development programmes. • Represent the interests of ICT users (especially SMEs) in standardisation organisations and professional associations addressing topics affecting the securing of ICT based assets.
Working Group Launch • Market Study • Recruitment • Structure Phase 1 Start-up Phase 2 Operation Phase 3 Consolidation August 2002 November 2002 August 2003 January 2004 Timeline Working Group Exploitation • Policies • Standards • Best Practices Dissemination and Infrastructure Operation • Conferences • Reports • Discussion Forums Operation of Special Interest Groups • Mobile Transaction Liability • Security Policy Management • Trust Services Mapping • Others