SlideShare a Scribd company logo

Enisa and cyber security standards

European Union Agency for Network and Information Security (ENISA)
European Union Agency for Network and Information Security (ENISA)

ENISA's work for tracking the development of standards for products and services on network and information security

Technology
1 of 10
www.enisa.europa.eu Please replace background with image ENISA and standards Sławomir Górniak Athens-Heraklion, 21st July 2014
www.enisa.europa.eu 2 ENISA and standards • Regulation (EC) 460/2004 – Art. 3 – In order to ensure that the scope and objectives set out in Articles 1 and 2 are complied with and met, the Agency shall perform the following tasks: • (g): to track the development of standards for products and services on network and information security • However – (12) The exercise of the Agency's tasks should not interfere with the competencies and should not pre-empt, impede or overlap with the relevant powers and tasks conferred on: • the European standardisation bodies, the national standardisation bodies and the Standing Committee as set out in Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society Services(14),
www.enisa.europa.eu ENISA and standards • Regulation 526/2013, Art.3.1d • Support research and development and standardisation, by: – (i) facilitating the establishment and take-up of European and international standards for risk management and for the security of electronic products, networks and services; – (ii) advising the Union and the Member States on research needs in the area of network and information security with a view to enabling effective responses to current and emerging network and information security risks and threats, including with respect to new and emerging information and communications technologies, and to using risk-prevention technologies effectively;
www.enisa.europa.eu ENISA approach to standards • Aim: promotion of best practices through SDOs • ENISA role: interface between private sector, public sector, SDOs • Short- and mid-term goals – Formal cooperation with SDOs and specific WGs – Working collaboration with SDOs • Long-term goal – Review of and participation in NIS standardisation activities – Proposal of standards, via means of proposals for standardisation mandates.
www.enisa.europa.eu ENISA and SDOs • Established collaboration agreements with: – ISO SC27 (Liaison) – ETSI (MoU) • Exchange of information of mutual interest • Organisation of joint meetings and workshops • ENISA to channel standardisation activities to ETSI, if appropriate • Exchange of working documents, within well defined frames • ENISA to nominate observers for ETSI Technical Bodies – CEN CENELEC (MoU) – ITU SG17 (MoU started!) • ENISA aligns key activities with the work of SDOs – ETSI TISPAN on CIIP, ESI on eID, CLOUD on cloud certification – CEN CENELEC on smart grids; – ISO SC 27 in the area of privacy;
www.enisa.europa.eu Challenges from EU perspective • Lack of consistent strategy towards standards • Recognized shortcomings of the current approach • Need establishing a small number of key initiatives at EU level • Improve coordination between EU funded R&D and SDOs • Possible ‘vehicles’ for such a coordination: – ETSI CEN CENELEC CSCG – Horizon 2020
www.enisa.europa.eu ETSI CEN-CENELEC Cyber Security Coordination Group (CSCG) • Give strategic advice to the technical committees of CEN, CENELEC and ETSI • Develop a gap analysis of European and International Standards on cyber security • Define of joint European requirements for European and International Standards on cyber security • Establish a European roadmap on standardization of cyber security • Act as contact point for all questions of EU institutions relating to standardization of cyber security • Suggest a joint US and European strategy for the establishment of a framework of International standards on cyber security
www.enisa.europa.eu 8 CSCG Action Plan • #1 – Governance Framework • #2 – Common Understanding Of “Cyber Security” • #3 – Trust In The European Digital Environment • #4 – European Pki And Cryptographic Capabilities • #5 – European Cyber Security Label • #6 – European Cyber Security Requirements • #7 – European Cyber Security Research • #8 – Eu Industrial Forum On Cyber Security Standards • #9 – Eu Global Initiative On Cyber Security Standards
www.enisa.europa.eu 9 2014: ETSI ESI “Algo paper” • ETSI TR 119 312 – Business Guidance on Cryptographic Suites • ETSI TS 119 312 – Cryptographic suites • ENISA reports 2013 – Recommended cryptographic measures – Algorithms, Key Sizes and Parameters • Collaboration 2014 –>
www.enisa.europa.eu 10 European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu

Recommended

Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
ADEPT TECHNOLOGY
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
Chelsea Jarvie
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
Dhani Ahmad
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
DFS22_Main Stage_Thomas Meyer_KPMG_041022
DFS22_Main Stage_Thomas Meyer_KPMG_041022DFS22_Main Stage_Thomas Meyer_KPMG_041022
DFS22_Main Stage_Thomas Meyer_KPMG_041022
FinTech Belgium
 
The security sdlc
The security sdlcThe security sdlc
The security sdlc
Mohamed Siraj
 

Recommended

Iso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training courseIso iec 27032 foundation - cybersecurity training course
Iso iec 27032 foundation - cybersecurity training course
Mart Rovers
 
Cissp Training PPT
Cissp Training PPTCissp Training PPT
Cissp Training PPT
ADEPT TECHNOLOGY
 
Cyber security career development paths
Cyber security career development pathsCyber security career development paths
Cyber security career development paths
Chelsea Jarvie
 
Security and personnel
Security and personnelSecurity and personnel
Security and personnel
Dhani Ahmad
 
How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...How can the ISO 27701 help to design, implement, operate and improve a privac...
How can the ISO 27701 help to design, implement, operate and improve a privac...
Hernan Huwyler, MBA CPA
 
NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101 NIST Cybersecurity Framework 101
NIST Cybersecurity Framework 101
Erick Kish, U.S. Commercial Service
 
DFS22_Main Stage_Thomas Meyer_KPMG_041022
DFS22_Main Stage_Thomas Meyer_KPMG_041022DFS22_Main Stage_Thomas Meyer_KPMG_041022
DFS22_Main Stage_Thomas Meyer_KPMG_041022
FinTech Belgium
 
The security sdlc
The security sdlcThe security sdlc
The security sdlc
Mohamed Siraj
 
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Eric Vanderburg
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
Karthikeyan Dhayalan
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
Cysinfo Cyber Security Community
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
PECB
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
Eryk Budi Pratama
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
Larry Austin
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security Framework
Karthikeyan Dhayalan
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
CAS
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
James W. De Rienzo
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
Chris Sistrunk
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
CUNIX INDIA
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
Information Technology
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Security engineering
Security engineeringSecurity engineering
Security engineering
OWASP Indonesia Chapter
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
Vi Tính Hoàng Nam
 
Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001 Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001
Fabrizio Di Crosta
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
EUBrasilCloudFORUM .
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
European Union Agency for Network and Information Security (ENISA)
 

More Related Content

What's hot

ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
PECB
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
Information Technology
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 

What's hot (20)

Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric VanderburgInformation Security Lesson 11 - Policies & Procedures - Eric Vanderburg
Information Security Lesson 11 - Policies & Procedures - Eric Vanderburg
 
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to KnowISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
ISO/IEC 27701 vs. ISO/IEC 27001 vs. NIST: Essential Things You Need to Know
 
CISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security ConceptsCISSP - Chapter 1 - Security Concepts
CISSP - Chapter 1 - Security Concepts
 
Introduction to ICS/SCADA security
Introduction to ICS/SCADA securityIntroduction to ICS/SCADA security
Introduction to ICS/SCADA security
 
GDPR RACI.pdf
GDPR RACI.pdfGDPR RACI.pdf
GDPR RACI.pdf
 
Cyber Security Incident Response
Cyber Security Incident ResponseCyber Security Incident Response
Cyber Security Incident Response
 
Cybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas CompanyCybersecurity in Oil & Gas Company
Cybersecurity in Oil & Gas Company
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
 
Chapter 1 Security Framework
Chapter 1 Security FrameworkChapter 1 Security Framework
Chapter 1 Security Framework
 
IT Security management and risk assessment
IT Security management and risk assessmentIT Security management and risk assessment
IT Security management and risk assessment
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
NIST SP 800 30 Flow Chart
NIST SP 800 30 Flow ChartNIST SP 800 30 Flow Chart
NIST SP 800 30 Flow Chart
 
Hacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS securityHacker Halted 2016 - How to get into ICS security
Hacker Halted 2016 - How to get into ICS security
 
Structure of iso 27001
Structure of iso 27001Structure of iso 27001
Structure of iso 27001
 
Ch07 Access Control Fundamentals
Ch07 Access Control FundamentalsCh07 Access Control Fundamentals
Ch07 Access Control Fundamentals
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Security engineering
Security engineeringSecurity engineering
Security engineering
 
Ceh v5 module 04 enumeration
Ceh v5 module 04 enumerationCeh v5 module 04 enumeration
Ceh v5 module 04 enumeration
 
Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001 Certificazione privacy: ISO 27001
Certificazione privacy: ISO 27001
 

Similar to Enisa and cyber security standards

OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
Paris Open Source Summit
 
Priorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network TechnologiesPriorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network Technologies
Karlos Svoboda
 
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Asociación XBRL España
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of Spain
Miguel A. Amutio
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
Elsa Prieto
 

Similar to Enisa and cyber security standards (20)

The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
 
Priorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network TechnologiesPriorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network Technologies
 
procent
procentprocent
procent
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
 
Day 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdfDay 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdf
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of Spain
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification Framework
 
1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...
 
Digital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European UnionDigital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European Union
 
EOSC-hub and the NGIs
EOSC-hub and the NGIsEOSC-hub and the NGIs
EOSC-hub and the NGIs
 
E Society Ict En
E Society Ict EnE Society Ict En
E Society Ict En
 
Recommendations for ICT Standards in public administration, Andon Stefanovski
Recommendations for ICT Standards in public administration, Andon StefanovskiRecommendations for ICT Standards in public administration, Andon Stefanovski
Recommendations for ICT Standards in public administration, Andon Stefanovski
 

More from European Union Agency for Network and Information Security (ENISA)

More from European Union Agency for Network and Information Security (ENISA) (6)

The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
Power Supply Dependencies in the Electronic Communications Sector
Power Supply Dependencies in the Electronic Communications SectorPower Supply Dependencies in the Electronic Communications Sector
Power Supply Dependencies in the Electronic Communications Sector
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challenges
 
Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management
 
Enisa internet mapping project-20130523
Enisa internet mapping project-20130523Enisa internet mapping project-20130523
Enisa internet mapping project-20130523
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Recently uploaded (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 

Enisa and cyber security standards

  • 1. www.enisa.europa.eu Please replace background with image ENISA and standards Sławomir Górniak Athens-Heraklion, 21st July 2014
  • 2. www.enisa.europa.eu 2 ENISA and standards • Regulation (EC) 460/2004 – Art. 3 – In order to ensure that the scope and objectives set out in Articles 1 and 2 are complied with and met, the Agency shall perform the following tasks: • (g): to track the development of standards for products and services on network and information security • However – (12) The exercise of the Agency's tasks should not interfere with the competencies and should not pre-empt, impede or overlap with the relevant powers and tasks conferred on: • the European standardisation bodies, the national standardisation bodies and the Standing Committee as set out in Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society Services(14),
  • 3. www.enisa.europa.eu ENISA and standards • Regulation 526/2013, Art.3.1d • Support research and development and standardisation, by: – (i) facilitating the establishment and take-up of European and international standards for risk management and for the security of electronic products, networks and services; – (ii) advising the Union and the Member States on research needs in the area of network and information security with a view to enabling effective responses to current and emerging network and information security risks and threats, including with respect to new and emerging information and communications technologies, and to using risk-prevention technologies effectively;
  • 4. www.enisa.europa.eu ENISA approach to standards • Aim: promotion of best practices through SDOs • ENISA role: interface between private sector, public sector, SDOs • Short- and mid-term goals – Formal cooperation with SDOs and specific WGs – Working collaboration with SDOs • Long-term goal – Review of and participation in NIS standardisation activities – Proposal of standards, via means of proposals for standardisation mandates.
  • 5. www.enisa.europa.eu ENISA and SDOs • Established collaboration agreements with: – ISO SC27 (Liaison) – ETSI (MoU) • Exchange of information of mutual interest • Organisation of joint meetings and workshops • ENISA to channel standardisation activities to ETSI, if appropriate • Exchange of working documents, within well defined frames • ENISA to nominate observers for ETSI Technical Bodies – CEN CENELEC (MoU) – ITU SG17 (MoU started!) • ENISA aligns key activities with the work of SDOs – ETSI TISPAN on CIIP, ESI on eID, CLOUD on cloud certification – CEN CENELEC on smart grids; – ISO SC 27 in the area of privacy;
  • 6. www.enisa.europa.eu Challenges from EU perspective • Lack of consistent strategy towards standards • Recognized shortcomings of the current approach • Need establishing a small number of key initiatives at EU level • Improve coordination between EU funded R&D and SDOs • Possible ‘vehicles’ for such a coordination: – ETSI CEN CENELEC CSCG – Horizon 2020
  • 7. www.enisa.europa.eu ETSI CEN-CENELEC Cyber Security Coordination Group (CSCG) • Give strategic advice to the technical committees of CEN, CENELEC and ETSI • Develop a gap analysis of European and International Standards on cyber security • Define of joint European requirements for European and International Standards on cyber security • Establish a European roadmap on standardization of cyber security • Act as contact point for all questions of EU institutions relating to standardization of cyber security • Suggest a joint US and European strategy for the establishment of a framework of International standards on cyber security
  • 8. www.enisa.europa.eu 8 CSCG Action Plan • #1 – Governance Framework • #2 – Common Understanding Of “Cyber Security” • #3 – Trust In The European Digital Environment • #4 – European Pki And Cryptographic Capabilities • #5 – European Cyber Security Label • #6 – European Cyber Security Requirements • #7 – European Cyber Security Research • #8 – Eu Industrial Forum On Cyber Security Standards • #9 – Eu Global Initiative On Cyber Security Standards
  • 9. www.enisa.europa.eu 9 2014: ETSI ESI “Algo paper” • ETSI TR 119 312 – Business Guidance on Cryptographic Suites • ETSI TS 119 312 – Cryptographic suites • ENISA reports 2013 – Recommended cryptographic measures – Algorithms, Key Sizes and Parameters • Collaboration 2014 –>
  • 10. www.enisa.europa.eu 10 European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu