• Save
Allignment of CIIP Structures
Upcoming SlideShare
Loading in...5

Like this? Share it with your network


Allignment of CIIP Structures



Allignment of CIIP Structures

Allignment of CIIP Structures



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Allignment of CIIP Structures Presentation Transcript

  • 1.
    • Allignment of CIIP Structures
    Bernhard M. Hämmerli President Swiss Informatics Society & Acris GmbH May 31 Davos
  • 2. Overall Conclusions and Recommendations
    • Content:
      • Parsifal Project
      • Attack and Defence Structure
      • Centre for European Policy Studies CEPS Taskforce
      • Preparedness and Reaction Structure
      • Conclusions are taken for each part separately
  • 3. Overall Conclusions and Recommendations
    • Before Parsifal: Thematic Workshop September 2007
    • About Parsifal: P rotection a nd T r u s t i n F inanci al Infrastructure Type Co-ordination Action, Duration 18 Month, Start September 1, 2008
    • Related Projects: Comifin (Strep), Think Trust Advisory Board, RISEPTIS .
    • 5 Partner: Atos Origin SAE (Spain), Avoco Secure LTD (UK), @bc (Germany) EDGE International BV (The Netherlands), Waterford Institute of Technology (Ireland), Acris GmbH (Switzerland)
    • Parsifal Project objectives
    • Bringing together CFI and TSD research stakeholders in order to establish and nurture relationships between the financial sector stakeholders and the ICT TSD RTD communities
    • Contributing to the understanding of CFI challenges
    • Developing longer term visions, research roadmaps, CFI scenarios and best practice guides
    • Co-ordinating the relevant research work, knowledge and experiences.
  • 4. Initial Workshop: Background
    • Workshop March 16/17 in Frankfurt, Germany Many Topics: Payment, Settlement, Stocks, BCM/DRP, Identity, Rating … Participants: ca. 70% executives and experts from CFI, ca. 30% academic and research Stakeholder Group Parsifal 100 experts from very senior to topic experts
    • Market specific challenges: Identified by Parsifal / Break out group topics: Group 1: Controlling Instant On Demand Business in CFI: Authentication, Identity Management, Resilience and Denial of Service Group 2: Entitlement Management and Securing Content in the Perimeterless Financial Environment: Identity, Policy, Privacy and Audit [ 1,2 ]  Identity is a s a new currency, it is absolutely essential Group 3: Business Continuity and Control in an Interconnected and Interdependent Service Landscape: Compliance, Protecting Critical Processes
    • Description of status on international FI - Operational: Strong activities on BCM, Dependability, (Inter-)Dependencies probably not sufficient ready for new and upcoming issues - Regulation: T o o o o strong activities on regulation: Risk of conformity in risk evaluation - Strategic & Research: ???????? (not sufficiently provided)
  • 5. Conclusions on Structures
    • Attack and Defence Structure (Mapping Scenarios and Challenges) Need to align the structure, known means  Public Private Partnership integrated in a global context
  • 6. 5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape.
    • Recommendation 7/8
    • Design and implementation of secure platforms and applications
    • Secure platforms and backup platforms, including new levels of virtualized worlds
    • Secure applications (including legacy): design, implementation and operation Application performance auditing: Application foot-printing
    • Alternate secure communication channel (vs. virtualization)
    • Data centre dependencies analysis
    • Establishment of adequate and well networked coordination response teams
  • 7. 5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape.
    • Recommendation 8/8
    • Model Definition
    • Testing, design and implementation of secure platform, applications and infrastructure (including simulation) through trustworthy exercises between CIP Sector and government s
    • Extensions of BCM and DRP Models including regular tests and evaluations and simulation The extensions are amongst others: - risk sharing models - end-to-end communication models; end point security - modelling complexity and volume of transaction in a reasonable way
  • 8. Overall Conclusions and Recommendations
    • Conclusions Parsifal Project
    • Attack and Defence Structure must be aligned through Public Private Partnership, global cooperation and regulation as well inter corporation collaboration (main business competition, security is in spite of this a collaboration domain)
    • Common metrics and method to assess risks and common exercises on supra national, i.e. Regional continental and global scale are required
    • Global agreement on standards and process to face a global challenges (Airtraffic, Climate Change) are urgently needed
  • 9. CEPS I
    • Goals
    • Defining policy options on CIP
    • Shaping a public-private partnership: opportunities and challenges.
    • CI and CII: a Transatlantic perspective
    • Risk assessment and CIP and CIIP-related issues in EU policy making
    •  Increase Preparedness and Reaction Structure
  • 10. CEPS II
    • About the taskforce
    • Selected early outcome
    • Preparedness: 27 EU member states need attention of supplier
    • Reaction: 27 EU member states need attention of supplier
    • Not possible to finance for suppliers: An organized preparedness and reaction structure must be developed
    • Define CIIP exposure metrics and risk assessment which are internationally agreed on
    • Incidents are not national or regional, but global. Global entities (as e.g. In air traffic IATA ) are needed to counter fight the global challenge