www.enisa.europa.eu 1

ENISA: Fostering the European Cooperation on Network &

Information SecurityDr. Panagiotis Trimintzios, CISSP

European Network & Information Security Agency

email: panagiotis.trimintzios at enisa.europa.eu

IT&T eBaltics, Riga, Latvia, 19 April 2007

2

Outline

• ENISA Structure and Context

• Scope of ENISA and workplan

• Current Projects and Activities– Awareness Raising, Risk Management, CERT

Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications

– Requests and Calls for Assistance

• Opportunities for Cooperation with ENISA

3

Key facts

• Created under eEurope 2005 Action Plan and set up in 2004 by EU Regulation

• Mandated to enhance the capability of the EU institutions, Member States and the private sector to prevent, address, and respond to network and information security problems.

• Operational since September 2005 in Heraklion, Greece

• 34.8 M€ budget for 5 years• ~50 Staff

4

Management BoardManagement Board

Executive Director & StaffExecutive Director & Staff

Permanent Stakeholders Group

Permanent Stakeholders Group

Ad hoc Working GroupsAd hoc Working Groups

• 27 Member States Representatives• 3 European Commission Representatives• 3 Stakeholders (Industry, Academia, Consumers)

• Mr. Andrea Pirotti• ~50 Staff (2006)

• 30 Members from Industry, Academia and Consumers

• Comprising 5 to 9 leading NIS Experts• 3 Working Groups in 2006, several new foreseen in 2007.

ENISA Structure

5

Outline

• ENISA Structure and Context

• Scope of ENISA

• Current Projects and Activities– Awareness Raising, Risk Management, CERT

Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications

– Requests and Calls for Assistance

• Opportunities for Cooperation with ENISA

6

ENISA’s main task

• to promote stakeholder cooperation

Giving advice and assistance to

European Union Institutions

and the Member States

Risk assessment and risk

management

Promote CERTs

Trackstandardisation

Promote best practices

Awareness raising

Becoming a centre of expertise

7

Catalyst

Stimulator

Adviser

Promoter

Scientificlab

Evaluationbody

CSIRT

Analystservice

… maintain internal expertise, at the disposal for EU and Member State competent bodies

(respond to Requests and Calls for Assistance)

Scope of activities

to be a … and not to be a...

8

Outline

• ENISA Structure and Context

• Scope of ENISA

• Current Projects and Activities– Awareness Raising, Risk Management, CERT

Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications

– Requests and Calls for Assistance

• Opportunities for Cooperation with ENISA

9

Awareness Raising

Information Packages for EU Member States Customised information packages for

different target groups (such as SMEs, home users, and media)

Includes country case studies Communication plan for EU Member States Added ISPs and local government

A Users’ Guide: How to raise information security awareness (available online at ENISA)

Delivery of Dissemination Workshops for main findings among EU Member States

Awareness Raising Campaign Key Performance Indicators

Working Group on Awareness Raising (closed)

10

CERT Cooperation

Inventory of CERT Activities around in Europe (available online and CD-ROM)

Developed a “Step-by-step Plan on how to set-up a CERT”

Provided a Recommendations Report on “How to Enhance Co-operation Among CERTs”

Organisation of Information sharing Workshops to promote CERTs Best Practices

Focus on quality of CERT offered Services and advanced issues

Maintain an ad hoc Working Group on CERT Cooperation and Services

11

Risk Management

• Established the 1st European Inventory of Risk Assessment (RA) & Risk Management (RA)– Enhanced capabilities for searching, comparing,

identifying methods and tools

• Introduced an Information Package & Best Practices on RM/RA for SME’s

• Delivered Reports on Emerging Risks– Roadmap, Information Collection/Processing

• Focus on Continuity Risks• Maintain a Working Group on RM/RA

view all activities at: www.enisa.europa.eu/rmra

12

Co-ordination Activities with Member States & EU bodies

Establish and maintain a Network of National Liaison Officers at MS

Maintain a NIS Who-is-Who Directory Please send your information

for inclusion Maintain Member State Country

Pages at ENISA’s website Established a European NIS

Best Practice Brokerage Currently being a major activity

Manage the Requests and Calls for Advice and Assistance from Member States and EU bodies

13

Relations to Industry, Int’nal Organisations and Academia

• Manage the Permanent Stakeholders Group (PSG)• Create a database of “NIS Experts Pool” in EU• Cooperate with “umbrella” organisations/associations on

NIS-/ICT-related industry, consumer, academia• Establish the Network of national industry multipliers in

Member States• Facilitate ENISA exchange with international

organisations and standardisation bodies, e.g., OECD, ITU, WSIS, ETSI, CEN, W3C

• Analyse the Barriers and Incentives for NIS in the Internal Market for e-Communication

• Map education on NIS and establishing guidelines for educational programmes (virtual group)– Current focus is on Postgraduate (future: undergraduate, summer

schools, etc)

• Plans to establish ENISA Award and Foresight Forum

14

Security Policies and Technologies

• Study of Anti-spam and Security Measures by ISPs• Authentication Interoperability

– Established Interest Group and organised Workshops• Electronic identity

– Drafting Position Papers– Established Interest Group and organised Workshops

• Major and emerging technological developments and trends– Draft Position Papers in various areas– Monitor activities of standardization, industry, research– Inventory of NIS Standards (collaborative project with ITU and

NISSG)• Feasibility study for a data collection framework

– Trends in security incidents and consumer confidence• Organise Workshops to Promote Certifications• Security policies best practices Knowledge base

Alain

15

Outline

• ENISA Structure and Context

• Scope of ENISA

• Current Projects and Activities– Awareness Raising, Risk Management, CERT

Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications

– Requests and Calls for Assistance

• Opportunities for Cooperation with ENISA

16

1) EDPS2) Commission

3) NRA Lithuania

4) Commission

5) Commission6) Commission7) Czech Republic

8) Commission

9) Commission

….

Facilitating audit of EURODAC SystemAssessment of Security Measures taken by Electronic Communication ProvidersAssistance in Setting-up of CERTs through Organising a CERT Training in LithuaniaProviding Feedback on Impact Assessment on planned CommunicationAdvice on Mid-term Review of Directive on Electronic SignaturesAdvice on eID Management in Commission ServicesAssessment of Security Requirements for Public Administration Information Systems (PAIS)Feasibility Study on a trusted Partnership for a Data Collection FrameworkExamining the Feasibility of a EU-wide Information and Alert System…..

Example Requests to ENISA

17

Outline

• ENISA Structure and Context

• Scope of ENISA

• Current Projects and Activities– Awareness Raising, Risk Management, CERT

Cooperation, Relations, Authentication, Electronic Identity, Emerging Technologies, Education, Certifications

– Requests and Calls for assistance

• Opportunities for Cooperation with ENISA

18

How Can You Cooperate with ENISA?

• Be an expert collaborating with ENISA in:– ad hoc Working Groups (call will open after April)– PSG (call open until 15.05.07)– NIS Experts Pool database (open call)

• Participate in one of ENISA’s Virtual Expert Groups – Authentication and Interoperability– Electronic Identity– Certifications– European NIS education

• Make (pilot) use of our Results and Studies, e.g., – A User’s Guide on How to Raise NIS Awareness– Step-by-step Guide to setup a CERT– Risk Management Information Package for SMEs– Online inventory of Risk Management Tools & Methods– ISP Measures on Security and Anti-Spam – …

19

How Can You Cooperate with ENISA?

• Help to draft ENISA’s Position papers on, e.g.:– Social Networking, – Reputation and web of Trust, – Identity Management

• Send a specific Request or a Call for Assistance – Applicable for EU and Member State’s competent bodies

• Participate at ENISA’s dissemination Workshops• Call ENISA to Support/Co-organise Jointly Events

(Conferences, Workshops)• Write an article about your activities for our magazine

“ENISA Quarterly” to outreach a wide expert audience in the EU (>10000 downloads)

• Visit us at our premises in Heraklion Crete to explore more opportunities for cooperation

20

Stay in touch with ENISA!

Visit our web pages: Subscribe to our Quarterly Magazine:

www.enisa.europa.eu