www.enisa.eu.int
EU Collaboration in Network
and Information Security
Dr. Ronald de Bruin
ENISA
ISSS 2006
Hradec Králové, 3 April 2006
1
Today’s agenda
•
•
•
•
www.enisa.eu.int
Background and introduction
State of play ENISA
ENISA strategy for the future
Conclusion
2
www.enisa.eu.int
Context for ENISA
Today’s society and economy depend heavily on
networks and information systems.
Users experience serious problems
when using electronic networks
and software and find little help.
Information security is a concern
for everybody.
We need to achieve
a culture of network and
information security.
3
ENISA’s tasks
Risk
assessment
and risk
management
Promote
CERTs
Track
standardisation
Information
exchange
and
cooperation
Promote
best practices
Awareness
raising
www.enisa.eu.int
Becoming a centre
of expertise
Giving advice and
assistance to
Commission and
Member States
4
www.enisa.eu.int
Some ENISA facts
• Operational since September 2005
• Head Quarter in Heraklion, Crete, Greece
• 44 Staff, €34.8 million budget for 5 years
5
www.enisa.eu.int
State of play: Awareness Raising
• Lots of initiatives have been taken in Member
States – lot of material for selecting best
practices
• Different approaches to different target groups
necessary
• Positive message is important
• ENISA shall help Member States with
“customised information packages”
6
www.enisa.eu.int
State of play: Awareness Raising
 Managing Working Group on Awareness Raising
 Developing CD-ROM with Information Package for
Member States
 Customised information packages for different target
groups (SME, home user and media)
 Including country case studies
 Communication plan for Member States
 Disseminating the main findings among the Member
States by organising a focused workshop (Dec ’05)
Contacts:
•
Isabella Santa
•
Florent Sagaspe
7
www.enisa.eu.int
State of play: CERTs
• Most countries have some sort of CERT/CSIRT,
but not all areas are covered
• ENISA shall support and guide those who want
to set up a new CERT
• Identify simpler models where a CERT is too
advanced e.g., “WARP”
• Identify best practices for cooperation between
CERTs
8
www.enisa.eu.int
State of play: CERTs

Managing Working Group on CERTs

Developing a CD-ROM with Inventory on
CERT activities in Europe

Gap analysis of areas not covered by CERTs

Roadmap and checklist on how to establish a
CERT and of recommended training

Recommendations for enhancing cooperation between CERTs

Organising information sharing workshop to
promote best practices (Dec ’05)
Contacts:
•
Marco Thorbruegge
•
Mehis Hakkaja
9
www.enisa.eu.int
State of play: Risk Management
• Various approaches developed in Member
States, BS7799, EBIOS, IT-baseline protection,
etc.
• No one-size fits all solution – best practices have
to adapted to specific use/sector
• ENISA shall put emphasis on SMEs
• ENISA shall compare risk assessment methods
10
www.enisa.eu.int
State of play: Risk management
 Managing Working Group on Risk Management
 Compiling an inventory of methods and tools for Risk Management
 Compiling best practices for Risk Management
 Proposing interoperable Risk Management solutions
 Preparing Information packages for Risk Management at the example of
two different types of SMEs
Contacts:
•
Louis Marinos
•
Jani Arnell
11
www.enisa.eu.int
State of play: Coordination of activities with MS and EU bodies
 Managing the Network of National
Liaison Officers
 Developing the Who-is-Who
Directory
 Updating country pages
 Managing handling of requests and
calls for advice and assistance
Contacts:
•
Tim Mertens
•
Silvia Portesi
12
ENISA was called upon by …
www.enisa.eu.int
• Lithuanian government: Support in setting-up of a CERT
• Commission
– Inventory of measures that providers adopt to comply with Directive on
Electronic Communication (incl. measures against spam)
– Opinion on impact analysis for planned Communication on Secure
Communication
– Advise Commission on evaluation of eSignature Directive
– Assistance in preparing report on electronic identity management
activities in the Commission
• EDPS: Advise on how to conduct security audit on European data
protection system
13
www.enisa.eu.int
Starting points ENISA strategy for the future
• ENISA was created under the umbrella of the eEurope
2005 Action Plan
• Aim is to strive to create culture of security in Europe,
while involving all stakeholders
• eEurope 2005 followed up by i2010 initiative, supporting
the Lisbon objectives to be achieved by 2010, where
network and information security plays important role
14
www.enisa.eu.int
ENISA shall follow incremental process by ...
• setting each year new objectives to help
achieving Lisbon objectives in 2010,
• while building on 4 main orientations
– Promoting NIS to the benefit of end-users
– Contributing to improvement of risk management
capabilities in Europe
– Identifying measurement methods on maturity of NIS
in Europe
– Facing upcoming threats and risks
15
www.enisa.eu.int
ENISA strategy roadmap for Europe
Lisbon
Objectives
2010
2008:
ENISA as proposed model
in global debates ?
Face upcoming
threats and risks
2007:
• Guiding Europe toward an
enhanced level of NIS
• ENISA as point of reference
2006:
• Creating platform for EU
culture on NIS
• ENISA as centre of expertise
2005:
• Information sharing
• ENISA as start-up with
high potential
Promote NIS
to end-users
2005
Identify methods
to measure
NIS maturity
Identify methods
to measure
NIS maturity
Contribute to
improving
capabilities
Contribute to
improving
capabilities
Contribute to
improving
capabilities
Promote NIS
to end-users
Promote NIS
to end-users
Promote NIS
to end-users
2006
2007
2008
16
Odyseus
www.enisa.eu.int
17
www.enisa.eu.int
Stay in touch with ENISA !
Go to our website:
Subscribe to our Quarterly Newsletter:
http://www.enisa.eu.int
18
www.enisa.eu.int
Stay in touch with ENISA !
Visit us in Heraklion!
European Network and Information Security Agency
Science and Technology Park of Crete (ITE)
Vassilika Vouton,
70013 Heraklion, Greece
Meet us in Rome!
19