200 likes | 230 Views
ENISA: Fostering the European Cooperation on Network & Information Security. Dr. Panagiotis Trimintzios, CISSP European Network & Information Security Agency email: panagiotis.trimintzios at enisa.europa.eu. IT&T eBaltics, Riga, Latvia, 19 April 2007. Outline. ENISA Structure and Context
E N D
ENISA: Fostering the European Cooperation on Network & Information Security Dr. Panagiotis Trimintzios, CISSP European Network & Information Security Agency email: panagiotis.trimintzios at enisa.europa.eu IT&T eBaltics, Riga, Latvia, 19 April 2007 www.enisa.europa.eu
Outline • ENISA Structure and Context • Scope of ENISA and workplan • Current Projects and Activities • Awareness Raising, Risk Management, CERT Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications • Requests and Calls for Assistance • Opportunities for Cooperation with ENISA
Key facts • Created under eEurope 2005 Action Plan and set up in 2004 by EU Regulation • Mandated to enhance the capability of the EU institutions, Member States and the private sector to prevent, address, and respond to network and information security problems. • Operational since September 2005 in Heraklion, Greece • 34.8 M€ budget for 5 years • ~50 Staff
Management Board • 27 Member States Representatives • 3 European Commission Representatives • 3 Stakeholders (Industry, Academia, Consumers) • Mr. Andrea Pirotti • ~50 Staff (2006) Executive Director & Staff Permanent Stakeholders Group • 30 Members from Industry, Academia and Consumers • Comprising 5 to 9 leading NIS Experts • 3 Working Groups in 2006, several new foreseen in 2007. Ad hoc Working Groups ENISA Structure
Outline • ENISA Structure and Context • Scope of ENISA • Current Projects and Activities • Awareness Raising, Risk Management, CERT Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications • Requests and Calls for Assistance • Opportunities for Cooperation with ENISA
ENISA’s main task • to promote stakeholder cooperation Becoming a centre of expertise Track standardisation Risk assessment and risk management Promote CERTs Giving advice and assistance to European Union Institutions and the Member States Promote best practices Awareness raising
to be a … and not to be a... Scope of activities Scientific lab Catalyst Analyst service Promoter Evaluation body Stimulator CSIRT Adviser … maintain internal expertise, at the disposal for EU and Member State competent bodies (respond to Requests and Calls for Assistance)
Outline • ENISA Structure and Context • Scope of ENISA • Current Projects and Activities • Awareness Raising, Risk Management, CERT Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications • Requests and Calls for Assistance • Opportunities for Cooperation with ENISA
Awareness Raising • Information Packages for EU Member States • Customised information packages for different target groups (such as SMEs, home users, and media) • Includes country case studies • Communication plan for EU Member States • Added ISPs and local government • A Users’ Guide: How to raise information security awareness (available online at ENISA) • Delivery of Dissemination Workshops for main findings among EU Member States • Awareness Raising Campaign Key Performance Indicators • Working Group on Awareness Raising (closed)
CERT Cooperation • Inventory of CERT Activities around in Europe (available online and CD-ROM) • Developed a “Step-by-step Plan on how to set-up a CERT” • Provided a Recommendations Report on “How to Enhance Co-operation Among CERTs” • Organisation of Information sharing Workshops to promote CERTs Best Practices • Focus on quality of CERT offered Services and advanced issues • Maintain an ad hoc Working Group on CERT Cooperation and Services
Risk Management • Established the 1st European Inventory of Risk Assessment (RA) & Risk Management (RA) • Enhanced capabilities for searching, comparing, identifying methods and tools • Introduced an Information Package & Best Practices on RM/RA for SME’s • Delivered Reports on Emerging Risks • Roadmap, Information Collection/Processing • Focus on Continuity Risks • Maintain a Working Group on RM/RA view all activities at: www.enisa.europa.eu/rmra
Co-ordination Activities with Member States & EU bodies • Establish and maintain a Network of National Liaison Officers at MS • Maintain a NIS Who-is-Who Directory • Please send your information for inclusion • Maintain Member State Country Pages at ENISA’s website • Established a European NIS Best Practice Brokerage • Currently being a major activity • Manage the Requests and Calls for Advice and Assistance from Member States and EU bodies
Relations to Industry, Int’nal Organisations and Academia • Manage the Permanent Stakeholders Group (PSG) • Create a database of “NIS Experts Pool” in EU • Cooperate with “umbrella” organisations/associations on NIS-/ICT-related industry, consumer, academia • Establish the Network of national industry multipliers in Member States • Facilitate ENISA exchange with international organisations and standardisation bodies, e.g., OECD, ITU, WSIS, ETSI, CEN, W3C • Analyse the Barriers and Incentives for NIS in the Internal Market for e-Communication • Map education on NIS and establishing guidelines for educational programmes (virtual group) • Current focus is on Postgraduate (future: undergraduate, summer schools, etc) • Plans to establishENISA Awardand Foresight Forum
Security Policies and Technologies • Study of Anti-spam and SecurityMeasures by ISPs • Authentication Interoperability • Established Interest Group and organised Workshops • Electronic identity • Drafting Position Papers • Established Interest Group and organised Workshops • Major and emerging technological developments and trends • Draft Position Papers in various areas • Monitor activities of standardization, industry, research • Inventory of NIS Standards (collaborative project with ITU and NISSG) • Feasibility study for a data collection framework • Trends in security incidents and consumer confidence • Organise Workshops to Promote Certifications • Security policies best practices Knowledge base Alain
Outline • ENISA Structure and Context • Scope of ENISA • Current Projects and Activities • Awareness Raising, Risk Management, CERT Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications • Requests and Calls for Assistance • Opportunities for Cooperation with ENISA
Outline • ENISA Structure and Context • Scope of ENISA • Current Projects and Activities • Awareness Raising, Risk Management, CERT Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications • Requests and Calls for assistance • Opportunities for Cooperation with ENISA
How Can You Cooperate with ENISA? • Be an expert collaborating with ENISA in: • ad hoc Working Groups (call will open after April) • PSG (call open until 15.05.07) • NIS Experts Pool database (open call) • Participate in one of ENISA’s Virtual Expert Groups • Authentication and Interoperability • Electronic Identity • Certifications • European NIS education • Make (pilot) use of our Results and Studies, e.g., • A User’s Guide on How to Raise NIS Awareness • Step-by-step Guide to setup a CERT • Risk Management Information Package for SMEs • Online inventory of Risk Management Tools & Methods • ISP Measures on Security and Anti-Spam • …
How Can You Cooperate with ENISA? • Help to draft ENISA’s Position papers on, e.g.: • Social Networking, • Reputation and web of Trust, • Identity Management • Send a specific Request ora Call for Assistance • Applicable for EU and Member State’s competent bodies • Participate at ENISA’s dissemination Workshops • Call ENISA to Support/Co-organise Jointly Events (Conferences, Workshops) • Write an article about your activities for our magazine “ENISA Quarterly” to outreach a wide expert audience in the EU (>10000 downloads) • Visit us at our premises in Heraklion Crete to explore more opportunities for cooperation
Visit our web pages: Subscribe to our Quarterly Magazine: Stay in touch with ENISA! www.enisa.europa.eu