Standardization of Knowledge and Skills for IT Security

Similar documents
CEN and CENELEC Position Paper on the draft regulation ''Cybersecurity Act''

Friedrich Smaxwil CEN President. CEN European Committee for Standardization

European Standards- preparation, approval and role of CEN. Ashok Ganesh Deputy Director - Standards

EN 50600, EU COC, EMAS AND EUROPEAN DATA CENTRE ENERGY EFFICIENCY MANAGEMENT

NSAI s ICT standardization participation and consultation system and operation as ETSI/NSO. Dr. Ian J. Cowan, Technical Secretary, NSAI/ICTSCC

Introduction to the European Standardization System

New CEN-CENELEC Technical Committees for Infosec and Data Protection Standardization (TC8) Brussels - 19 September 2017 Alessandro GUARINO Chair,

The European approach of using standards in support of regional legislation and free circulation of goods/services

NIS Standardisation ENISA view

Towards a European e-competence Framework

The European System of Standardization in the Globalized Economy. AFSEC General Assembly Johannesburg, 10 August 2010

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

DIGITIZING INDUSTRY, ICT STANDARDS TO

EUROPEAN ACCREDITATION LEGAL FRAMEWORK

DATA CENTRE CODES AND STANDARDS

BS EN :2017. Electronic Invoicing and associated PDs (TSs and TRs) Copyright 2017 BSI. All rights reserved 06/10/2017

First Set of Standards for the grid. ISGF Webinar : 11th July 2013 Dinesh Chand Sharma Director Standardization, Policy and Regulation

Some keynote messages on standardization and trade between US and EU

Conformity Assessment Schemes and Interoperability Testing (1) Keith Mainwaring ITU Telecommunication Standardization Bureau (TSB) Consultant

The role of Standardization in support of harmonization

ENISA s Position on the NIS Directive

Recent developments CEN and CENELEC

Standardization and Regulations in the EU/EFTA

UK-led international standards for BIM

EU EHEALTH INTEROPERABILITY,

Standardization mandate addressed to CEN, CENELEC and ETSI in the field of Information Society Standardization

EC Mandate: Adaptation to climate change use of standards to make key infrastructures more resilient. Ab de Buck/ Caroline van Hoek

Workshop IT Star IT Security Professional Positioning and Monitoring: e-cfplus support

EUROPEAN DATA CENTRE STANDARDS

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Electronic Commerce Working Group report

New ETSI-CEN-CENELEC approach for rapid SG deployments. Jean-Pierre Mennella CIM User Group, Oslo 18 June, 2014

ITU Asia-Pacific Centres of Excellence Training on Conformity and Interoperability. Session 2: Conformity Assessment Principles

Status of activities Joint Working Group on standards for Smart Grids in Europe

RESOLUTION 47 (Rev. Buenos Aires, 2017)

13967/16 MK/mj 1 DG D 2B

WORLD TELECOMMUNICATION STANDARDIZATION ASSEMBLY Hammamet, 25 October 3 November 2016

EUROPEAN COMMISSION DIRECTORATE GENERAL FOR INTERPRETATION

ETSI Introduction. Dr. Carmine Rizzo CISA, CISM, CISSP, ITIL, PRINCE2. ETSI Technical Officer ETSI Standardisation Projects

EUROPEAN COMMISSION Enterprise Directorate-General

Package of initiatives on Cybersecurity

ENISA Cooperation in the EU / NIS Directive

Information technology Security techniques Code of practice for personally identifiable information protection

Information technology Security techniques Information security controls for the energy utility industry

Cloud Computing Standards C-SIG Plenary Brussels, 15 February Luis C. Busquets Pérez DG CONNECT E2

The ISO/TMB Smart Cities Strategic Advisory Group (S_Cities SAG)

This document is a preview generated by EVS

Discussion on MS contribution to the WP2018

ERCI cybersecurity seminar Guildford ERCI cybersecurity seminar Guildford

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

Fostering Competitiveness, Growth and Jobs. Wrocław, Poland, 15 October 2014

European Standards - Supporting sustainable development. Ashok Ganesh CEN CENELEC Management Centre

This document is a preview generated by EVS

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

RESOLUTION 130 (Rev. Antalya, 2006)

Cyber risk resilience

AUTOMOTIVE FUNCTIONAL SAFETY: ACCELERATING INNOVATION THROUGH COOPERATION AND CONSENSUS IN STANDARDS

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

13303/17 CB/ek 1 DGE 2B

Information technology Security techniques Telebiometric authentication framework using biometric hardware security module

Directive on security of network and information systems (NIS): State of Play

ISO/IEC ISO/IEC

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

International Standards and Guidelines Implementation Framework

INTERNATIONAL STANDARD

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Training Program 2018

ehealth Interoperability Workshop the Government and Expert View CEN/ISSS ehealth Standardization Focus Group, targets and work plan

ISO/IEC TR TECHNICAL REPORT. Software Engineering Guide to the Software Engineering Body of Knowledge (SWEBOK) IEEE

ACCREDITATION COMMISSION FOR CONFORMITY ASSESSMENT BODIES

Call for Expressions of Interest

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management systems Overview and vocabulary

NIS-Directive and Smart Grids

SMART ICT STANDARDS ANALYSIS

ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

European Union Agency for Network and Information Security

ACCREDITATION: A BRIEFING FOR GOVERNMENTS AND REGULATORS

ENISA EU Threat Landscape

European Standardization

INTERNATIONAL STANDARD

ROLLING PLAN FOR ICT STANDARDISATION EXECUTIVE SUMMARY. Grow. GROW_Rolling_Plan_ICT_2018_180321_Executive.indd 1 23/03/18 12:43

ISO/IEC INTERNATIONAL STANDARD

Comments of the American National Standards Institute Regarding Docket DOC , Administration Report on Significant Trade Deficits

CONTINUOUS PROFESSIONAL DEVELOPMENT (CPD) POLICY

Internet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement

ITU CoE Center of Excellence in Portugal

Raising standards for consumers

Standardization for DRR: Opportunities or barriers?

ISO/IEC INTERNATIONAL STANDARD

ISO/IEC INTERNATIONAL STANDARD. Information technology JPEG 2000 image coding system: Motion JPEG 2000

DESCRIBING, DEVELOPING & CERTIFYING DIGITAL COMPETENCE

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Industry 4.0 and the importance of norms and standards within collaborative, digitized process networks

10025/16 MP/mj 1 DG D 2B

Joint ITU-UNIDO Forum on Sustainable Conformity Assessment for Asia-Pacific Region (Yangon City, Republic of Union of Myanmar November 2013)

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

Regional Workshop for CIS on Conformance and Interoperability. ITU C&I Programme Pillars 3 and 4. Moscow, Russian Federation, August 2014

Standardization supporting innovation and growth

Chemical Regulations. Reducing Duplication and Proliferation in Standards Development

Transcription:

Standardization of Knowledge and Skills for IT Security Milan Friday, October 28th 2016 Veronica Salsano

Overview Standardization in general Legislation Technical foundations Actors Current situation Security The way forward Conclusions 2

Standardization in General (1) According to Regulation UE 1025/2012 The primary objective of standardization is the definition of voluntary technical or quality specifications with which current or future products, production processes or services may comply Standards Promote interoperability of products and services Improve safety, reliability and in general quality of products Allow scale economies Foster competition Facilitate trade and commerce by removing barriers Promote the sharing of knowledge 3

Standardization in General (2) International Standard Setting Organizations Electrotechnical IEC JTC/1 All-others ISO Telecommunication ITU European Standard Setting Organizations CENELEC CEN ETSI National Standard Bodies

Standardization in General (3) Technical Committees Managed by NBs (National Bodies) Produce EN, CEN/TS (Technical Specification), CEN/TR (Technical Report); ISO IS (ISO Standard) - EN and CEN/TS cogent when published Workshops Private agreement among participants Produce CWA (CEN/CENELEC Workshop Agreement) 5

Legislation Italy In Italy two national laws have been issued, reinforcing the role of technical standards for regulating professionalism matters: Law n 4, January 14th 2013 Legislative Decree n 13, January 16th 2013 The qualification of professional performance is based on its conformity with the technical standards UNI ISO, UNI EN ISO, UNI EN e UNI, in the next sections called «UNI technical standards», following Directive 98/34/CE of the European Parlament and of the Council of 22nd June 1998, and on the basis on the guidelines CEN 14 of 2010" Europe Annual Union Work Programme (AUWP) the EU Rolling plan for ICT Standardization (Rolling Plan in short) The Communication on the Digital Single Market (DSM) Strategy of 6 May 2015 6

Technical foundations (1) Overall Model A horizontal framework standard (i.e. the CEN/CWA e-cf «European Competence Framework») Sectorial profiles (vertical, based on the framework) Support tools 7

Technical foundations (2) Framework e-cf COMPETENCE is demonstrated ability to apply knowledge, skills and attitudes for achieving observable results SKILL is the ability to carry out managerial or technical tasks KNOWLEDGE represents the set of know-what and can be described by operational descriptions (e.g. programming languages, design tools...) ATTITUDE means in this context the cognitive and relational capacity (e.g. analysis capacity, synthesis capacity, flexibility, pragmatism...) [incorporated in Competences] 8

Technical foundations (3) Competences from a library are selected, when appropriate completed with ad hoc definitions, and combined to define professional profiles. Professional profiles are the subject of certification. Profiles are classified in levels of generality (generations) by providing increasing refinements an details inheritance.

Consortia Actors In house developments In house developments Commission UNINFO APNR-ICT CEN/TC 428 Digital competences and ICT Professionalism WG PPSI WG PPP Liaison Liaison Other WGs ISO/IEC JTC 1 SC 27/WG 1 Other WGs 10

Current Situation (1) Framework (e-cf v3) and methodology are European Standards, and consequently they are also national standards Europewide The security profile (as well as the Web Manager profile) is an Italian national standards. Italy intends to present them to CEN for adoption as European standards Work is ongoing in Italy on privacy and several other profiles Work in ISO/JTC1 is ongoing in security profiles independently of the CEN endeavours, some form of light collaboration is in place through liaisons. 11

Current Situation (2) Italian Standards UNI 11506:2013 Unregulated professional activities- Professions in the ICT sector. Definition of the rerquirements of knowledge, ability and competences. UNI 11621 «Unregulated professional activities- Professions in the ICT sector. Part 1 Methodology for the construction of professional profiles based on ecf - published Part 2 Second generation professional profiles - published. Part 3 Professional profiles for professions operating in the web published. Part 4 Professional profiles for information security - published Part 5 Professional profiles for privacy - ongoing Part 6 Professional profiles for geographical information - ongoing Other parts (Communicator, Project manager, Legacy manager) onging 12

Current Situation (3) CEN standards EN 16234-1:2016 e e-competence Framework (e-cf) - A common European Framework for ICT Professionals in all industry sectors - Part 1: Framework CEN/TR 16234-2:2016 e-competence Framework (e-cf) - A common European Framework for ICT Professionals in all industry sectors - Part 2: User Guide WI TR 16234-3 e-competence Framework (e-cf) - A common European Framework for ICT Professionals in all industry sectors - Part 3: Methodology. ISO standards ISO/IEC 27021 - Competence requirements for information security management systems professionals. 13

Security (1) UNI 11621-2 1 & 2 generation profiles 14

Security (2) UNI 11621-4 IS professional profiles ACTIVITY MANAGEMENT CONTROL DIRECTION Information security top manager (CISO) ORGANIZATION Information security manager Information security process analyst CONTEXT PROCESSES APPLICATIONS INFRASTRUCTURES Information security process specialist Information security application specialist Information security infrastructures specialist Information security technical analyst INCIDENTS Incident response specialist Forensics analyst 15

UNI 11621-4 IS professional profiles Relationships between second (right) and new third generation profiles (left) Third generation profile Information security top manager (CISO) Information security manager Information security process analyst Information security technical analyst Forensics analyst Information security process specialist Information security infrastructures specialist Information security applications specialist Incident response specialist Related second generation profile ICT Security Manager ICT Security Manager ICT Security Specialist ICT Security Specialist ICT Security Specialist ICT Security Specialist ICT Security Specialist ICT Security Specialist ICT Security Specialist 16

Other professional profiles Defined in other national or international standards Third generation profile ICT Security manager Digital data conservation manager Specialist for coninuing operations Related second generation profile ICT Security Manager ICT Security Manager ICT Security Specialist 17

Hot topics Profiles Breack even between detail and breadth of applicability Multi part standards? Multidisciplinarity Certifiers as final customers EN 16234-1 revision Quality evaluation Methods (Quality Label) CEN/TC 428 Work plan 18

Strategy Complete the offer Methodology Quality Dissemination 19

Areas of envisaged activity Profiles Quality Other standard bodies Best practice Curricula Quality assurance Other areas (robotics, health care..) 20

UNINFO s contacts http://www.uninfo.it uninfo@uninfo.it Veronica Salsano - salsano@uninfo.it https://www.facebook.com/uninfo.it https://twitter.com/uninfo_it http://www.slideshare.net/uninfoit This work is licensed under the Creative Commons Attribution- NonCommercial-NoDerivs 3.0 Unported License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/ 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback