Security frameworks for Gov Clouds: A Technical Analysis
|
|
- Isabella Cook
- 6 years ago
- Views:
Transcription
1 Security frameworks for Gov Clouds: A Technical Analysis Dimitra Liveri EU Network and Information Security Agency (ENISA) Dr. Jesus Luna CSA EMEA Technical University of Darmstadt TUDA
2 Agenda Previous work on Governmental Clouds in ENISA Overview of GovClouds in the EU Governmental Clouds a definition Security Framework Methodology Structure Examples and mapping Conclusions and recommendations 2
3 ENISA work on Governmental Clouds 2010: Guide on security and resilience for Governmental Clouds Presentation of the security benefits and drawbacks for the public sector to go in the cloud First steps need to be done towards taking the decision to go cloud 2013: Good practice guide on how to securely deploy Governmental Clouds Definition of a governmental cloud (in a mature market) State of cloud computing adoption in the EU public sector Case studies of different approaches in adopting a cloud solution 3
4 Governmental Clouds in Europe September 2013 (red = private, yellow = public., blue = community) 4
5 Definition of Governmental Cloud Governmental Clouds: cloud services and systems that support public administration services General characteristics Governance and control by government or public body Ownership and management by government or public body Due diligence by government or public body Compliance with national laws 5
6 Governmental Clouds 2014 Security framework for Governmental Clouds, 2014 ENISA suggests a security (and privacy) framework for the public administration to adopt cloud computing The framework presents the 4 phases (PDCA) 9 activity domains-16 security steps from the pre-procurement phase till the finalization of the contract and exit The framework is build on 4 use cases real cases-of Cloud implementation in the EU, and provides examples of approaches for each of the phases (countries: UK, ES, GR, EE) 6
7 Methodology (1/2) 1- Desktop Research Early stage of deployment Security and Privacy are key factors for Gov Cloud adoption Shortage of pilots/practical experiences (i.e. Cloud4Europe) Security challenges include certifications, SLA s, and risk models. Lack of security frameworks. 2- Security Framework (1 st version) Based on desktop research. Initial MS Gov Cloud analysis. 7
8 Methodology 3- Security Framework (2 nd version) Surveying and identifying four Gov Cloud use cases from MS (i.e., Estonia, Greece, Spain, and United Kingdom). The use cases were selected for being representative of Gov Cloud adoption. 4- Security Framework (Final version) Organized as a security life cycle (Plan-Do- Check-Act or PDCA). Separate the phases in activities and the activities in steps 8
9 Main elements of the framework Questionnaire Templates Logic Model Reference Implementations Gov Cloud Security Framework 9
10 Roles Cloud Owner relates to the organization that legally owns the Gov Cloud and defines policies and requirements. Cloud Service Provider (CSP)is the organization that provides Cloud services to the GovCloud and takes responsibility for making them available to the Cloud Customers. Cloud Customeris the organization/public administration using the Cloud services provided by the CSP through the Cloud Owner. 10
11 Logic Model Each phase of the PDCA is sub-divided in sample tasks/actions reflecting the requirements of a country s public administration. Supported by visual workflows, and assessment questionnaires. 11
12 Questionnaire Templates Template organized in PDCA-Phases and Steps Assessment questions designed to support Gov Cloud stakeholders 12
13 Reference Implementation Our study provides empirical validation of the developed GovCloud security framework, by applying it to the selected MS use cases of: Estonia, Greece, Spain, and United Kingdom. The report visually presents the different approaches each country took according to their needs and national security requirements 13
14 Mapping Gov Clouds to the framework 14
15 Mapping Gov Clouds to the framework 15
16 Conclusions and recommendations Despite the considerable efforts (e.g., EC and ENISA), the level of MS GovCloud adoption is still low. Common security denominators exist across the MS deployed Gov Clouds e.g., defined roles, and use of standards. However, our analysis also shows different security practices in e.g., accreditation procedures, and SLA management. Analyzed GovClouds have established policies for incident management. Adopted approaches are usually covered at the design stage (PLAN-DO phase). Need to define baseline security controls based on the selected service/deployment model 16
17 Contact us Dimitra Liveri, Marnix Dekker, Cloud security at ENISA, For more information see ENISA s website: Follow ENISA s twitter Follow ENISA: European Union Agency for Network and Information Security
The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017
The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017 European Union Agency for Network and Information Security Positioning ENISA
More informationThe emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18
The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18 European Union Agency for Network and Information Security
More informationInfrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA
Security and resilience for ehealth Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA European Union Agency For Network And Information Security Securing Europe
More informationDiscussion on MS contribution to the WP2018
Discussion on MS contribution to the WP2018, 30 January 2018 European Union Agency for Network and Information Security Possibilities for MS contribution to the WP2018 Expert Groups ENISA coordinates several
More informationENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012
ENISA & Cybersecurity Steve Purser Head of Technical Competence Department December 2012 Agenda Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational
More informationNetwork and Information Security Directive
Network and Information Security Directive Provisions + ENISA s activities Dr Evangelos Ouzounis Head of Secure Infrastructure and Services Unit, ENISA European Union Agency for Network and Information
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationCyber Security in Europe
Cyber Security in Europe ENISA supporting the National Cyber Security Strategies An evaluation framework Liveri Dimitra Security and Resilience of Communication Networks Officer www.enisa.europa.eu Securing
More informationNew cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017
in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 European Union Agency for Network and Information Security Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM
More informationEnhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert
Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert European Union Agency For Network And Information Security Securing Europe s Information
More informationENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens
ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens 30.01.2018 European Union Agency for Network and Information Security What are these symbols anyway?
More informationSecuring Europe's Information Society
Securing Europe's Information Society Dr. Udo Helmbrecht Executive Director European Network and Information Security Agency 16 June 2010 FIRST AGM Miami 16/6/2010 1 Agenda ENISA overview Challenges EU
More informationWhere is the EU in cloud security certification?: Main findings
WE CAN DO SO MUCH TOGETHER Where is the EU in cloud security certification?: Main findings Certification schemes for cloud computing SMART 2016 / 0029 Leire Orue-Echevarria TECNALIA December 11 th, 2017
More informationOptimising cloud security, trust and transparency
Optimising cloud security, trust and transparency April 2013 Jim Reavis, CSA Founder and Executive Director Daniele Catteddu, CSA Managing Director EMEA About the Cloud Security Alliance! Global, not-for-profit
More informationNetworking Session - A trusted cloud ecosystem How to help SMEs innovate in the Cloud
Networking Session - A trusted cloud ecosystem How to help SMEs innovate in the Cloud ICT2015, 21 October 2015 Lisbon, Portugal Dr. Paolo Balboni, Partner at ICT Legal Consulting & Scientific Director
More informationICTLC Paolo Balboni, Ph.D.
Managing personal data protection compliance: Privacy Level Agreements (PLA V3 CoC) for cloud service providers CSA NL Summit Leiden, The Netherlands, 13 April2017 Paolo Balboni, Ph.D. - @balbonipaolo
More informationCyber Security Beyond 2020
Paulo Empadinhas Steve Purser NLO meeting ENISA Athens 26/04/2017 European Union Agency for Network and Information Security Main findings ENISA s current tasks and product portfolio shall be retained.
More informationENISA Cooperation in the EU / NIS Directive
ENISA Cooperation in the EU / NIS Directive Paulo Empadinhas Head of Administration & Stakeholders Relations IT STAR Milan, Italy 28 th October 2016 European Union Agency for Network and Information Security
More informationNIS Standardisation ENISA view
NIS Standardisation ENISA view Dr. Steve Purser Brussels, 19 th September 2017 European Union Agency for Network and Information Security Instruments For Improving Cybersecurity Policy makers have a number
More informationAchieving Global Cyber Security Through Collaboration
Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda
More informationEuropean Union Agency for Network and Information Security
Towards a Digital Single Market for NIS products and services Dr. Athanasios Drougkas and Ms. Dimitra Liveri ENISA ENISA Validation Workshop Brussels 12 October 2016 European Union Agency for Network and
More informationThe Network and Information Security Directive - ENISA's contribution
The Network and Information Security Directive - ENISA's contribution Konstantinos Moulinos Information Security Expert 3rd IMPROVER- ERNCIP Operators Workshop Lisbon 23.05.2018 European Union Agency for
More informationSTANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?
ETSI SUMMIT Releasing the Flow Data Protection and Privacy in a Data-Driven Economy 19 April 2018 STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL? Presented by
More informationPackage of initiatives on Cybersecurity
Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating
More informationCybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European
Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency for Network and Information Security Positioning
More informationENISA EU Threat Landscape
ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key
More informationTechnology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo
Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo 15.9.2017 European Union Agency for Network and Information Security Fighting fraud in school
More informationICT Legal Consulting on GDPR: the possible value of certification in data protection compliance and accountability
ICT Legal Consulting on GDPR: the possible value of certification in data protection compliance and accountability Prof. Dr. Paolo Balboni Founding Partner Professor of Privacy, Cybersecurity, and IT Contract
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationTechnical guidelines implementing eidas
Technical guidelines implementing eidas Sławek Górniak CA/Day Berlin 19 th September 2016 European Union Agency for Network and Information Security About ENISA 2 Positioning ENISA activities 3 ENISA and
More informationDirective on security of network and information systems (NIS): State of Play
Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission
More informationCSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES. Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance
CSA GUIDANCE VERSION 4 S TAT E O F T H E A R T CLOUD SECURITY AND GDPR NOTES Hing-Yan Lee (Dr.) EVP, APAC, Cloud Security Alliance ABOUT THE BUILDING SECURITY BEST PRACTICES FOR NEXT GENERATION IT CLOUD
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationMaking cloud SLAs readily usable in the EU private sector. C-SIG WG on Cloud Standards 18 January 2017 Brussels, Belgium
Making cloud SLAs readily usable in the EU private sector C-SIG WG on Cloud Standards 18 January 2017 Brussels, Belgium SLA-Ready s main outputs Educating and empowering customers and providers A Common
More informationCurrent Cloud Certification Challenges Ahead and Proposed Solutions
Current Cloud Certification Challenges Ahead and Proposed Solutions Daniele Catteddu, CTO Cloud Security Alliance AGENDA 3 Challenges 1 Framework 3 Key Requirements 3 Solutions Copyright 2011 2016 Cloud
More informationEU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017
EU Cloud Computing Policy Luis C. Busquets Pérez 26 September 2017 The digital revolution is built on data Most economic activity will depend on data within a decade Potential of the data-driven economy
More informationCloud First Policy General Directorate of Governance and Operations Version April 2017
General Directorate of Governance and Operations Version 1.0 24 April 2017 Table of Contents Definitions/Glossary... 2 Policy statement... 3 Entities Affected by this Policy... 3 Who Should Read this Policy...
More informationEuropean Cybersecurity cppp and ECSO. org.eu
European Cybersecurity cppp and ECSO www.ecs org.eu ABOUT THE EUROPEAN CYBERSECURITY PPP A EUROPEAN PPP ON CYBERSECURITY The European Commission has signed on July 2016 a PPP with the private sector for
More informationEU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationSCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationImproving Resilience in European e-communication networks MTP 1
Improving Resilience in European e-communication networks MTP 1 Dr. Vangelis OUZOUNIS Senior Expert Security Policies Technical Department ENISA 29 th of May, Athens 1 Outline ENISA s MTP 1 Work Programme
More informationFrom Cloud adoption to Cloud first Enabling effective Cloud usage
www.pwc.de/cloud From Cloud adoption to Cloud first Enabling effective Cloud usage May 2017 1 Digitalization Demand Cloud provides the foundation for the digital change in business Cloud provides adoptable
More informationENISA S WORK ON ICS AND SMART GRID SECURITY
AMSTERDAM, OCTOBER 15, 2012 ENISA S WORK ON ICS AND SMART GRID SECURITY Dr. Evangelos OUZOUNIS Head of CIIP & Resilience Unit ENISA 1 Why is it important? Industrial networks is the CI for the SCADA and
More informationINFORMATION SECURTITY POLICY IN PUBLIC SECTOR IN SLOVENIA
MINISTRY OF PUBLIC ADMINISTATION REPUBLIC OF SLOVENIA www.mju.gov.si, e: gp.mju@gov.si Tržaška cesta 21, 1000 Ljubljana t: 01 478 83 30, f: 01 478 83 31 INFORMATION SECURTITY POLICY IN PUBLIC SECTOR IN
More informationCall for Expressions of Interest
Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...
More informationENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010
ENISA & Cybersecurity Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010 Agenda Some Definitions Some Statistics ENISA & Cybersecurity Conclusions
More informationCONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE
CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 18-19 APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 At the Trieste Western Balkans Summit, we stressed the importance of the
More informationEuroCloud Europe. Key success factors for trustworthy Cloud Adoption in the EU. 16-JUNE-2015 Riga Andreas Weiss. Trust in Cloud
EuroCloud Europe a.s.b.l EuroCloud Deutschland_eco e.v. EuroCloud Europe Key success factors for trustworthy Cloud Adoption in the EU 16-JUNE-2015 Riga Andreas Weiss European Activities Expert Groups in
More informationEISAS Enhanced Roadmap 2012
[Deliverable November 2012] I About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its Member States, the private
More informationMinutes of National Laison Officer s Meeting,
Minutes of National Laison Officer s Meeting, February 2014 Draft 20 March 2014 European Union Agency for Network and Information Security www.enisa.europa.eu Document History //DRAFT ONLY - DELETE THIS
More informationOur agenda. The basics
GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially
More informationCybersecurity & Digital Privacy in the Energy sector
ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationValérie Andrianavaly European Commission DG INFSO-A3
Security and resilience in the Information Society: towards a CIIP policy in the EU Valérie Andrianavaly European Commission DG INFSO-A3 valerie.andrianavaly@ec.europa.eu Network and information security:
More information2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team
2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS ENISA Article 19 Team 23 10 2018 GENERAL MODEL SECURITY SUPERVISION Market operators/providers assess security risks, take appropriate measures, and
More informationMETHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS
METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS The cybersecurity maturity has been assessed against 25 criteria across five themes. Each of the criteria are given a Yes, No, Partial, or Not Applicable
More informationCybersecurity governance in Europe. Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus
Cybersecurity governance in Europe Sokratis K. Katsikas Systems Security Laboratory Dept. of Digital Systems University of Piraeus ska@unipi.gr Elements of a national cybersecurity strategy Set the vision,
More informationHow to Establish Security & Privacy Due Diligence in the Cloud
How to Establish Security & Privacy Due Diligence in the Cloud Presentation: Cloud Computing Expo 2015, Santa Clara, California Maria C. Horton, CISSP, ISSMP, Cloud Essentials, IAM CEO, EmeSec Incorporated
More informationThe EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018
The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018 European Union Agency for Network and Information Security Outline 1. Cybersecurity
More informationEuropean Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016
European Cybersecurity PPP European Cyber Security Organisation - ECSO November 2016 Présentation Géraud Canet geraud.canet@cea.fr ABOUT THE CYBERSECURITY cppp 3 AIM 1. Foster cooperation between public
More informationSecurity Aspects of Trust Services Providers
Security Aspects of Trust Services Providers Please replace background with image European Union Agency for Network and Information Security 24 th September 2013 www.enisa.europa.eu Today s agenda 09:30-10:00
More informationHow to work your cloud around the UK ICO s Data Protection Act
How to work your cloud around the UK ICO s Data Protection Act Paul Simmonds Co-editor - Cloud Security Alliance "Guidance" v3.0 Co-founder & Board of Management - Jericho Forum CEO, Global Identity Foundation
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationG8 Lyon-Roma Group High Tech Crime Subgroup
G8 Lyon-Roma Group High Tech Crime Subgroup In October 2009, a series of recommendations for amendments to ICANN s Registrar Accreditation Agreement (RAA) was proposed to ICANN by law enforcement agencies
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationHow to ensure control and security when moving to SaaS/cloud applications
How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk
More informationCSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8. European Union Agency for Network and Information Security
CSIRT capacity building Andrea Dufkova CSIRT-relations, COD1 NLO meeting Athens June 8 European Union Agency for Network and Information Security Capacity and community building for CSIRTs 2005 Start up
More informationERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford
Cybersecurity is a EU strategic priority DG CONNECT* > The Digital Single Market strategy aims to open up digital opportunities for people and business and enhance Europe's position as a world leader in
More informationGOVSEC - SECURE GOVERNANCE ( ) IDENTIFICATION OF THE ACTION EXECUTIVE SUMMARY. Service in charge
328 8.16 GOVSEC - SECURE GOVERNANCE (2018.09) 8.16.1 IDENTIFICATION OF THE ACTION Service in charge Associated Services DIGIT EU Institutions, Member States 8.16.2 EXECUTIVE SUMMARY With the emergence
More informationSecuring Europe s IoT Devices and Services
Securing Europe s IoT Devices and Services Dr. Evangelos OUZOUNIS Head of Unit - Secure Infrastructure and Services Validation Workshop Berlin 16 October 2015 European Union Agency for Network and Information
More informationHEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017
HEALTH IN ECSO (European Cyber Security Organisation) 18 October 2017 ABOUT THE EUROPEAN CYBERSECURITY PPP A EUROPEAN PPP ON CYBERSECURITY The European Commission has signed on July 2016 a PPP with the
More informationGeneral Framework for Secure IoT Systems
General Framework for Secure IoT Systems National center of Incident readiness and Strategy for Cybersecurity (NISC) Government of Japan August 26, 2016 1. General Framework Objective Internet of Things
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationSTORK Secure Identity Across Borders Linked
STORK Secure Identity Across Borders Linked Projekt STORK Status und Ausblick 2011 BITKOM FA eid 20. Januar 2011 / Berlin Volker Reible / T-Systems Stork is an EU co-funded project INFSO-ICT-PSP-224993
More informationEuropean Cybersecurity PPP European Cyber Security Organisation - ECSO
European Cybersecurity PPP European Cyber Security Organisation - ECSO Luigi Rebuffi CEO, EOS Secretary General, ECSO European Cyber Security Organisation Objectives of the cppp Gather industrial and public
More informationCloud Computing: A European Perspective. Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA
Cloud Computing: A European Perspective Rolf von Roessing CISA, CGEIT, CISM International Vice President, ISACA Overview Cloud Universe Definitions Cloud Risks in Europe Governance, Risk and Compliance
More informationIntroduction to the Federal Risk and Authorization Management Program (FedRAMP)
Introduction to the Federal Risk and Authorization Management Program (FedRAMP) 8/2/2015 Presented by: FedRAMP PMO 1 Today s Training Welcome! This training session is part one of the FedRAMP Training
More informationCyber Security in Europe and CEER s new PEER initiative
NARUC-CEER International Forum, 27 April 2017, Arlington, Virginia Cyber Security in Europe and CEER s new PEER initiative Lord Mogg, CEER President Outline New EU legislativedevelopments: NIS Directive
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationVersion 1.0, November 2014
www.enisa.europa.eu About ENISA The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its member states, the private
More informationΟnline privacy tools for the general public. European Union Agency for Network and Information Security 1
Οnline privacy tools for the general public European Union Agency for Network and Information Security www.enisa.europa.eu 1 Background Increasing need for preservation of online & mobile privacy. Numerous
More informationWELCOME ISO/IEC 27001:2017 Information Briefing
WELCOME ISO/IEC 27001:2017 Information Briefing Denis Ryan C.I.S.S.P NSAI Lead Auditor Running Order 1. Market survey 2. Why ISO 27001 3. Requirements of ISO 27001 4. Annex A 5. Registration process 6.
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationThird public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment
Third public workshop of the Amsterdam Group and CODECS European Framework for C-ITS Deployment 14 February 2017 Amsterdam Gerhard Menzel European Commission - DG MOVE EU Policy Tools Large-scale deployment
More informationCybersecurity Strategy of the Republic of Cyprus
Cybersecurity Strategy of the Republic of Cyprus George Michaelides Commissioner of Electronic Communications and Postal Regulation http://www.ocecpr.org.cy 12 th February 2016 Cybersecurity Strategy of
More informationIPv6 Deployment Survey. Based on responses from the RIPE community during June 2009 Maarten Botterman RIPE 59, Lisbon, 6 October 2009
IPv6 Deployment Survey Based on responses from the RIPE community during June 2009 Maarten Botterman RIPE 59, Lisbon, 6 October 2009 Why IPv6 Deployment Monitoring? The Internet has become a fundamental
More informationCTI Capability Maturity Model Marco Lourenco
1 CTI Capability Maturity Model Cyber Threat Intelligence Course NIS Summer School 2018, Crete October 2018 MARCO LOURENCO - ENISA Cyber Security Analyst Lead European Union Agency for Network and Information
More informationWorkshop on Addressing the Barriers to IPv6 Deployment Spanish use case
Workshop on Addressing the Barriers to IPv6 Deployment Spanish use case Cristina Ramos cristinapilar.ramos@correo.gob.es Agenda Agenda IPv6 addressing plan Barriers Conclusions 1 Background Digital Agenda
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationSupporting IT Security Response Teams
Supporting IT Security Response Teams 2nd ENISA Conference 24 September 2013, Athen, Greece Dr. Klaus-Peter Kossakowski kpk@pre-secure.de Agenda 1. Why was TI established? 2. What is TI? 3. Who is inside
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationGeneral Data Protection Regulation (GDPR) and the Implications for IT Service Management
General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection
More informationManaging Jurisdictional Risks for Public Cloud Services
Managing Jurisdictional Risks for Public Cloud Services Version 1.0 July 2017 1 Contents Executive summary 3 Definitions 4 Assessing jurisdictional risk 5 Commonly-used jurisdictions 8 2 Executive summary
More informationEnhancing the cyber security &
Enhancing the cyber security & resilience of transport infrastructure in Europe European Union Agency for Network and Information Security Securing Europe s Information society 2 Positioning ENISA activities
More informationD3.1 Validation workshops Workplan v.0
D3.1 Validation workshops Workplan v.0 D3.1 Validation workshops Tasks and Steps The objectives within this deliverable are: To involve relevant stakeholders in the drafting of a certification process
More informationGDPR Update and ENISA guidelines
GDPR Update and ENISA guidelines 2016 [Type text] There are two topics that should be uppermost in every CISO's mind, how to address the growing demand for Unified Communications (UC) and how to ensure
More informationPractical Guide to Cloud Computing Version 2. Read whitepaper at
Practical Guide to Cloud Computing Version 2 Read whitepaper at www.cloud-council.org/resource-hub Sept, 2015 The Cloud Standards Customer Council THE Customer s Voice for Cloud Standards! 2011/2012 Deliverables
More informationCloud28+ Compliance in Cross Border Business
Cloud28+ Compliance in Cross Border Business SPEAKER: Munir Ismet Head of Cloud, - EMEA, Public Sector, HP Cloud28+ Compliance in Cross Border Business A single European Catalogue of cloud services Munir
More information