1 / 10

Coverage of Security Issues

Coverage of Security Issues. Pascal Jacques ESTAT B0 Local Informatics Security Officer. The Context. Regulation (EC) No 223/2009 of the European Parliament an d of the Council

zora
Télécharger la présentation

Coverage of Security Issues

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer

  2. The Context • Regulation (EC) No 223/2009 of the European Parliament and of the Council • (pream) The confidential information which the national and Community statistical authorities collect for the production of European statistics should be protected, in order to gain and maintain the confidence of the parties responsible for providing that information. The confidentiality of data should satisfy the same principles in all the Member States. • (pream) For that purpose, it is necessary to establish common principles and guidelines ensuring the confidentiality of data used for the production of European statistics and the access to those confidential data with due account for technical developments and the requirements of users in a democratic society. • The NSIs and other national authorities and the Commission (Eurostat) shall take all necessary measures to ensure the harmonisation of principles and guidelines as regards the physical and logical protection of confidential data. • COMMISSION DECISION of 17 September 2012 on Eurostat (2012/504/EU) • The Director-General of Eurostat shall, in addition, take all necessary measures to protect data whose disclosure would cause prejudice to Union interests, or to the interests of the Member State to which they relate

  3. Challenges • 4 strategicdirections of implementation of the vision • Network • Secure connection of large databases (secureddata warehousearchitecture) • Transfer/Access of confidential information between ESS partners • Secure data formats and protocols • Networks integration • Information Stores • More and more exchange of microdata sets for data linking • Combination of confidential/non confidential/administrative datasets. Security/confidentiality of the output? • ModularProduction • Towards more exchange of SW. EnsuresharedSW issecure (certification?) • Optimal Collaboration • Securedaccess to datasets/rules for validation • Procedures for collaboration/accesses/sharing/User management • AAA Protocol: Authentication/Autorisation/Auditing. Traceability/Privacy/Monitoring/Reporting Needsto increase IT security in order to build trust between ESS partners

  4. The Threats • 2012 Data Breach Investigations Report (DBIR) • 855 incidents, 174 million compromised records in 2011. • Security incidents are capable of rendering critical government functions unavailable for several days (i.e. the cyber-attacks against Estonia in 2007), which severely affected not only the provisioning of online services such as e-government and e-banking within the country, but also prevented citizens from accessing online services across borders. • Businesses and other organisations can be seriously affected if the networks and information systems underpinning their industrial processes are compromised. In 2009, 16 % of enterprises in the EU-27 had experienced some kind of NIS (Network and Information Security) incident • (http://appsso.eurostat.ec.europa.eu/nui/show.do?dataset=isoc_cisce_ic&lang=en)

  5. 2007 2008 2009 2010 2011 2012 --------------------------------------------------------------- Google --- Estonia --- Monster.com Lithuania --- Georgia --- Cablescuts in the Mediterranean Stuxnet (origin 2007) --- Verisign Emission Trading System (EU ETS) --- French Government --- EC and EEAS --- Sony --- DigiNotar Flamer --- 10% probability Of a major CII breakdown in the next 10 years – potential global economic cost of over $250B (Source WEF) EU ETS €30M $175M Global cybercrime: $388B/year

  6. The Request • Creation of a new working group "ESSSecurity and Secure exchange of data" (E4SWG) • Further discuss its mandate • Agree and comments/contribute on the list of proposed actions

  7. Role of the Working Group • Know bettereachother and ourspecificities • Exchange information and best practices on • Security measuresused in MS for data protection, running the data centre, access to microdata for researchpurposes • Projects/programmes linked to information security • IT architecture in MS to betterunderstand the MS’scapacity to join a future sharedsecureddatawarehouse • Agree on commonrules, procedures, guidelines and standards for secure communication (i.e. emails) and data storage, exchange and transfer • Agree on securitylevel of shared applications, shared services, sharedprocesses

  8. Relatedprojects • ESS-VIP projects • NAPS • Data Warehouse • SIMSTAT • EBR • ICT • FP7 projects • Data WithoutBoundaries • DASISH, ENGAGE, EUDAT • ESSnetprojects • data warehouse • decentralisedaccess • EGR • VIP projects • SICON • Data Validation • CENSUS Hub • SIMSTAT • Data Warehouse

  9. Proposed Actions • Ask opinion of ITDG on the creation of the WG • Organise « Enterprise Architecture Security Workshop » on 13-14/12/2012 to discuss further the mandate • Discuss the possibility and opportunity to use existing and under development infrastructure for exchange of secure messages like CCN/CCN 2 or sTesta/sTesta II • Visits to someNSIs to understandtheir infrastructure • Set up a sharedsecuredrepository on information on security aspects, people, roles, procedures, best practices and documentation of infrastructures in MS

  10. State of Security 2012 McAfee/Evalueserve

More Related