• Save
Allignment of CIIP Structures
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Allignment of CIIP Structures

on

  • 381 views

Allignment of CIIP Structures

Allignment of CIIP Structures

Statistics

Views

Total Views
381
Views on SlideShare
381
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Allignment of CIIP Structures Presentation Transcript

  • 1.
    • Allignment of CIIP Structures
    Bernhard M. Hämmerli President Swiss Informatics Society & Acris GmbH May 31 Davos
  • 2. Overall Conclusions and Recommendations
    • Content:
      • Parsifal Project
      • Attack and Defence Structure
      • Centre for European Policy Studies CEPS Taskforce
      • Preparedness and Reaction Structure
      • Conclusions are taken for each part separately
  • 3. Overall Conclusions and Recommendations
    • Before Parsifal: Thematic Workshop September 2007
    • About Parsifal: P rotection a nd T r u s t i n F inanci al Infrastructure Type Co-ordination Action, Duration 18 Month, Start September 1, 2008
    • Related Projects: Comifin (Strep), Think Trust Advisory Board, RISEPTIS .
    • 5 Partner: Atos Origin SAE (Spain), Avoco Secure LTD (UK), @bc (Germany) EDGE International BV (The Netherlands), Waterford Institute of Technology (Ireland), Acris GmbH (Switzerland)
    • Parsifal Project objectives
    • Bringing together CFI and TSD research stakeholders in order to establish and nurture relationships between the financial sector stakeholders and the ICT TSD RTD communities
    • Contributing to the understanding of CFI challenges
    • Developing longer term visions, research roadmaps, CFI scenarios and best practice guides
    • Co-ordinating the relevant research work, knowledge and experiences.
  • 4. Initial Workshop: Background
    • Workshop March 16/17 in Frankfurt, Germany Many Topics: Payment, Settlement, Stocks, BCM/DRP, Identity, Rating … Participants: ca. 70% executives and experts from CFI, ca. 30% academic and research Stakeholder Group Parsifal 100 experts from very senior to topic experts
    • Market specific challenges: Identified by Parsifal / Break out group topics: Group 1: Controlling Instant On Demand Business in CFI: Authentication, Identity Management, Resilience and Denial of Service Group 2: Entitlement Management and Securing Content in the Perimeterless Financial Environment: Identity, Policy, Privacy and Audit [ 1,2 ]  Identity is a s a new currency, it is absolutely essential Group 3: Business Continuity and Control in an Interconnected and Interdependent Service Landscape: Compliance, Protecting Critical Processes
    • Description of status on international FI - Operational: Strong activities on BCM, Dependability, (Inter-)Dependencies probably not sufficient ready for new and upcoming issues - Regulation: T o o o o strong activities on regulation: Risk of conformity in risk evaluation - Strategic & Research: ???????? (not sufficiently provided)
  • 5. Conclusions on Structures
    • Attack and Defence Structure (Mapping Scenarios and Challenges) Need to align the structure, known means  Public Private Partnership integrated in a global context
  • 6. 5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape.
    • Recommendation 7/8
    • Design and implementation of secure platforms and applications
    • Secure platforms and backup platforms, including new levels of virtualized worlds
    • Secure applications (including legacy): design, implementation and operation Application performance auditing: Application foot-printing
    • Alternate secure communication channel (vs. virtualization)
    • Data centre dependencies analysis
    • Establishment of adequate and well networked coordination response teams
  • 7. 5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape.
    • Recommendation 8/8
    • Model Definition
    • Testing, design and implementation of secure platform, applications and infrastructure (including simulation) through trustworthy exercises between CIP Sector and government s
    • Extensions of BCM and DRP Models including regular tests and evaluations and simulation The extensions are amongst others: - risk sharing models - end-to-end communication models; end point security - modelling complexity and volume of transaction in a reasonable way
  • 8. Overall Conclusions and Recommendations
    • Conclusions Parsifal Project
    • Attack and Defence Structure must be aligned through Public Private Partnership, global cooperation and regulation as well inter corporation collaboration (main business competition, security is in spite of this a collaboration domain)
    • Common metrics and method to assess risks and common exercises on supra national, i.e. Regional continental and global scale are required
    • Global agreement on standards and process to face a global challenges (Airtraffic, Climate Change) are urgently needed
  • 9. CEPS I
    • Goals
    • Defining policy options on CIP
    • Shaping a public-private partnership: opportunities and challenges.
    • CI and CII: a Transatlantic perspective
    • Risk assessment and CIP and CIIP-related issues in EU policy making
    •  Increase Preparedness and Reaction Structure
  • 10. CEPS II
    • About the taskforce
    • Selected early outcome
    • Preparedness: 27 EU member states need attention of supplier
    • Reaction: 27 EU member states need attention of supplier
    • Not possible to finance for suppliers: An organized preparedness and reaction structure must be developed
    • Define CIIP exposure metrics and risk assessment which are internationally agreed on
    • Incidents are not national or regional, but global. Global entities (as e.g. In air traffic IATA ) are needed to counter fight the global challenge