EU Collaboration in Network and Information Security

1. EU Collaboration in Network and Information Security Baltic IT&T Forum 2006 Riga, 6 April 2006 Dr. Ronald de Bruin ENISA

2. Background and introduction State of play ENISA ENISA strategy for the future Conclusion Today’s agenda

3. Today’s society and economy depend heavily on networks and information systems. Information security is a concern for everybody. Users experience serious problems when using electronic networks and software and find little help. We need to achieve a culture of network and information security. Context for ENISA

4. ENISA’s tasks Risk assessment and risk management Becoming a centre of expertise Track standardisation Information exchange and cooperation Promote CERTs Awareness raising Giving advice and assistance to Commission and Member States Promote best practices

5. Operational since September 2005 Head Quarter in Heraklion, Crete, Greece 44 Staff, €34.8 million budget for 5 years Some ENISA facts

6. Lots of initiatives have been taken in Member States – lot of material for selecting best practices Different approaches to different target groups necessary Positive message is important ENISA shall help Member States with “customised information packages” State of play: Awareness Raising

7. State of play: Awareness Raising • Managing Working Group on Awareness Raising • Developing CD-ROM with Information Package for Member States • Customised information packages for different target groups (SME, home user and media) • Including country case studies • Communication plan for Member States • Disseminating the main findings among the Member States by organising a focused workshop (Dec ’05) Contacts: • Isabella Santa • Florent Sagaspe

8. Most countries have some sort of CERT/CSIRT, but not all areas are covered ENISA shall support and guide those who want to set up a new CERT Identify simpler models where a CERT is too advanced e.g., “WARP” Identify best practices for cooperation between CERTs State of play: CERTs

9. State of play: CERTs • Managing Working Group on CERTs • Developing a CD-ROM with Inventory on CERT activities in Europe • Gap analysis of areas not covered by CERTs • Roadmap and checklist on how to establish a CERT and of recommended training • Recommendations for enhancing co-operation between CERTs • Organising information sharing workshop to promote best practices (Dec ’05) Contacts: • Marco Thorbruegge • Mehis Hakkaja

10. Various approaches developed in Member States, BS7799, EBIOS, IT-baseline protection, etc. No one-size fits all solution – best practices have to adapted to specific use/sector ENISA shall put emphasis on SMEs ENISA shall compare risk assessment methods State of play: Risk Management

11. State of play: Risk management • Managing Working Group on Risk Management • Compiling an inventory of methods and tools for Risk Management • Compiling best practices for Risk Management • Proposing interoperable Risk Management solutions • Preparing Information packages for Risk Management at the example of two different types of SMEs Contacts: • Louis Marinos • Jani Arnell

12. State of play: Coordination of activities with MS and EU bodies • Managing the Network of National Liaison Officers • Developing the Who-is-Who Directory • Updating country pages • Managing handling of requests and calls for advice and assistance Contacts: • Tim Mertens • Silvia Portesi

13. Lithuanian government: Support in setting-up of a CERT Commission Inventory of measures that providers adopt to comply with Directive on Electronic Communication (incl. measures against spam) Opinion on impact analysis for planned Communication on Secure Communication Advise Commission on evaluation of eSignature Directive Assistance in preparing report on electronic identity management activities in the Commission EDPS: Advise on how to conduct security audit on European data protection system ENISA was called upon by …

14. ENISA was created under the umbrella of the eEurope 2005 Action Plan Aim is to strive to create culture of security in Europe, while involving all stakeholders eEurope 2005 followed up by i2010 initiative, supporting the Lisbon objectives to be achieved by 2010, where network and information security plays important role Starting points ENISA strategy for the future

15. setting each year new objectives to help achieving Lisbon objectives in 2010, while building on 4 main orientations Promoting NIS to the benefit of end-users Contributing to improvement of risk management capabilities in Europe Identifying measurement methods on maturity of NIS in Europe Facing upcoming threats and risks ENISA shall follow incremental process by ...

16. Lisbon Objectives 2010 2008: ENISA as proposed model in global debates ? Face upcoming threats and risks • 2007: • Guiding Europe toward an • enhanced level of NIS • ENISA as point of reference Identify methods to measure NIS maturity Identify methods to measure NIS maturity Contribute to improving capabilities • 2006: • Creating platform for EU • culture on NIS • ENISA as centre of expertise Contribute to improving capabilities Contribute to improving capabilities • 2005: • Information sharing • ENISA as start-up with • high potential Promote NIS to end-users Promote NIS to end-users Promote NIS to end-users Promote NIS to end-users ENISA strategy roadmap for Europe 2005 2006 2007 2008

17. Odyseus

18. Stay in touch with ENISA ! Go to our website: Subscribe to our Quarterly Newsletter: http://www.enisa.eu.int

19. Stay in touch with ENISA ! Visit us in Heraklion! European Network and Information Security Agency Science and Technology Park of Crete (ITE) Vassilika Vouton, 70013 Heraklion, Greece Meet us in Rome!