nissg open meeting, 28/06/2006 1 enisa. nissg open meeting, 28/06/2006 2 the agency enisa: european...
TRANSCRIPT
1
NISSG Open Meeting, 28/06/2006
ENISA
2
NISSG Open Meeting, 28/06/2006
The Agency
• ENISA: European Network and Information Security Agency
• Headquarters: Heraklion, Crete (Greece)• Staff: ~40 (…expanding to ~50)
3
NISSG Open Meeting, 28/06/2006
Overview: ENISA’s Objectives
To provide assistance and deliver advice to the Commission and the MS on issues related to NIS falling
within its competencies as set out in this Regulation
To enhance the capability of the Commission, other EU bodies and the Member States to prevent,
address and respond to NIS problems
To develop a high level of expertise and use this expertise to stimulate broad cooperation
between actors from the public and private sectors
To assist the Commission, where called upon, in the technical preparatory work
for updating and developing Community legislation in the field of NIS.
4
NISSG Open Meeting, 28/06/2006
Overview: ENISA’s Tasks
Giving advice and assistance to
Commission andMember States
Risk assessment
and riskmanagement
Promote CERTs
Information exchange
and cooperation
Trackstandardization
Promote best practices
Awareness raising
Becoming a centre of expertise
5
NISSG Open Meeting, 28/06/2006
NIS Cooperation & Support Activities
Awareness Raising Relations with Industry and International Institutions Coordination of activities with Member States and
European Bodies CERT support
Requests from EC and Member States
6
NISSG Open Meeting, 28/06/2006
Technical Activities
Risk Management Technical & Procedural
Security Policies Security Technologies
Original Infosec Guide(e.g.
Documents)
Infosec Control
1. Collect Best Practice Guides, Best Practice Policies and Best Practice Controls
Infosec Policy
Infosec ControlInfosec
ControlInfosec Control
Infosec Policy
Infosec ControlInfosec
ControlInfosec Control
Gen.Infosec Guide
Gen. Infosec Policy
Infosec ControlInfosec
ControlInfosec Control
Gen.Infosec PolicyInfosec ControlInfosec
ControlInfosec Control
Infosec ControlInfosec ControlInfosec ControlInfosec ControlInfosec Control
Infosec ControlInfosec ControlInfosec ControlInfosec ControlInfosec ControlInfosec Control
Original Infosec Control
Original Infosec Policy(e.g.
Chapters)
Gen. Infosec Policy
Infosec ControlInfosec
ControlInfosec Control
4. Store these pieces of
Guides, Policies and Controls
also in the Knowledgebase
Best Practice Knowledgebase
2. Store Guides, Policies and Controls in the Knowledgebase
5. Create new brief, simple, broadly accepted Guides & Policies
3. Extract most relevant & valuable pieces
7
NISSG Open Meeting, 28/06/2006
NIS Technologies (1) Unit in charge of the monitoring of NIS developments including standardization Focus on NIS Standardization
• Report: Inventory of activities and standards per body We have identified few relevant bodies to follow
• European Standardization ETSI, CEN, CENELEC
• International Standardization IETF, ITU, NIST, ISO/IEC, W3C, ANSI
• Others RIPE, ICANN, etc.
We are observers in few standardization meetings• IETF and ETSI (TISPAN)
Inventory also looks at • Industry Fora
Including VOIPSA, CSIA, OMA, TCG, VPNC, ISACA, ISSA• Research Activities
Including FP6, IRTF, JRC
8
NISSG Open Meeting, 28/06/2006
NIS Technologies (2) Report on Summary and Analysis of the major technical
developments in relation with standardization and other NIS initiatives• Will use the NISSG Report as input • Presence of ENISA in various fora and establishment of a network
of contacts in the technical, development, standardization, and research community
Identify areas where security is not properly taken into account and promote it from the beginning
Identify standardization gaps and opportunities
9
NISSG Open Meeting, 28/06/2006
Few of the ENISA channels
http://www.enisa.europa.eu
Go to our website: