<ul><li>Allignment of CIIP Structures </li></ul>Bernhard M. Hämmerli President Swiss Informatics Society  & Acris GmbH May...
Overall Conclusions and Recommendations <ul><li>Content: </li></ul><ul><ul><li>Parsifal Project  </li></ul></ul><ul><ul><l...
Overall Conclusions and Recommendations <ul><li>Before Parsifal: Thematic Workshop September 2007 </li></ul><ul><li>About ...
Initial Workshop: Background <ul><li>Workshop March 16/17 in Frankfurt, Germany Many Topics: Payment, Settlement, Stocks, ...
Conclusions on Structures <ul><li>Attack and Defence Structure (Mapping Scenarios and Challenges) Need to align the struct...
5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape.  <ul><li>Recommendation 7/8 ...
5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape.  <ul><li>Recommendation 8/8 ...
Overall Conclusions and Recommendations <ul><li>Conclusions Parsifal Project  </li></ul><ul><li>Attack and Defence Structu...
CEPS I <ul><li>Goals </li></ul><ul><li>Defining policy options on CIP </li></ul><ul><li>Shaping a public-private partnersh...
CEPS II <ul><li>About the taskforce </li></ul><ul><li>Selected early outcome </li></ul><ul><li>Preparedness: 27 EU member ...
Upcoming SlideShare
Loading in …5
×

Allignment of CIIP Structures

368 views

Published on

Allignment of CIIP Structures

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
368
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Allignment of CIIP Structures

  1. 1. <ul><li>Allignment of CIIP Structures </li></ul>Bernhard M. Hämmerli President Swiss Informatics Society & Acris GmbH May 31 Davos
  2. 2. Overall Conclusions and Recommendations <ul><li>Content: </li></ul><ul><ul><li>Parsifal Project </li></ul></ul><ul><ul><li>Attack and Defence Structure </li></ul></ul><ul><ul><li>Centre for European Policy Studies CEPS Taskforce </li></ul></ul><ul><ul><li>Preparedness and Reaction Structure </li></ul></ul><ul><ul><li>Conclusions are taken for each part separately </li></ul></ul>
  3. 3. Overall Conclusions and Recommendations <ul><li>Before Parsifal: Thematic Workshop September 2007 </li></ul><ul><li>About Parsifal: P rotection a nd T r u s t i n F inanci al Infrastructure Type Co-ordination Action, Duration 18 Month, Start September 1, 2008 </li></ul><ul><li>Related Projects: Comifin (Strep), Think Trust Advisory Board, RISEPTIS . </li></ul><ul><li>5 Partner: Atos Origin SAE (Spain), Avoco Secure LTD (UK), @bc (Germany) EDGE International BV (The Netherlands), Waterford Institute of Technology (Ireland), Acris GmbH (Switzerland) </li></ul><ul><li>Parsifal Project objectives </li></ul><ul><li>Bringing together CFI and TSD research stakeholders in order to establish and nurture relationships between the financial sector stakeholders and the ICT TSD RTD communities </li></ul><ul><li>Contributing to the understanding of CFI challenges </li></ul><ul><li>Developing longer term visions, research roadmaps, CFI scenarios and best practice guides </li></ul><ul><li>Co-ordinating the relevant research work, knowledge and experiences. </li></ul>
  4. 4. Initial Workshop: Background <ul><li>Workshop March 16/17 in Frankfurt, Germany Many Topics: Payment, Settlement, Stocks, BCM/DRP, Identity, Rating … Participants: ca. 70% executives and experts from CFI, ca. 30% academic and research Stakeholder Group Parsifal 100 experts from very senior to topic experts </li></ul><ul><li>Market specific challenges: Identified by Parsifal / Break out group topics: Group 1: Controlling Instant On Demand Business in CFI: Authentication, Identity Management, Resilience and Denial of Service Group 2: Entitlement Management and Securing Content in the Perimeterless Financial Environment: Identity, Policy, Privacy and Audit [ 1,2 ]  Identity is a s a new currency, it is absolutely essential Group 3: Business Continuity and Control in an Interconnected and Interdependent Service Landscape: Compliance, Protecting Critical Processes </li></ul><ul><li>Description of status on international FI - Operational: Strong activities on BCM, Dependability, (Inter-)Dependencies probably not sufficient ready for new and upcoming issues - Regulation: T o o o o strong activities on regulation: Risk of conformity in risk evaluation - Strategic & Research: ???????? (not sufficiently provided) </li></ul>
  5. 5. Conclusions on Structures <ul><li>Attack and Defence Structure (Mapping Scenarios and Challenges) Need to align the structure, known means  Public Private Partnership integrated in a global context </li></ul>
  6. 6. 5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape. <ul><li>Recommendation 7/8 </li></ul><ul><li>Design and implementation of secure platforms and applications </li></ul><ul><li>Secure platforms and backup platforms, including new levels of virtualized worlds </li></ul><ul><li>Secure applications (including legacy): design, implementation and operation Application performance auditing: Application foot-printing </li></ul><ul><li>Alternate secure communication channel (vs. virtualization) </li></ul><ul><li>Data centre dependencies analysis </li></ul><ul><li>Establishment of adequate and well networked coordination response teams </li></ul>
  7. 7. 5. Business Continuity and Control in an Interconnected and Interdependent Service Landscape. <ul><li>Recommendation 8/8 </li></ul><ul><li>Model Definition </li></ul><ul><li>Testing, design and implementation of secure platform, applications and infrastructure (including simulation) through trustworthy exercises between CIP Sector and government s </li></ul><ul><li>Extensions of BCM and DRP Models including regular tests and evaluations and simulation The extensions are amongst others: - risk sharing models - end-to-end communication models; end point security - modelling complexity and volume of transaction in a reasonable way </li></ul>
  8. 8. Overall Conclusions and Recommendations <ul><li>Conclusions Parsifal Project </li></ul><ul><li>Attack and Defence Structure must be aligned through Public Private Partnership, global cooperation and regulation as well inter corporation collaboration (main business competition, security is in spite of this a collaboration domain) </li></ul><ul><li>Common metrics and method to assess risks and common exercises on supra national, i.e. Regional continental and global scale are required </li></ul><ul><li>Global agreement on standards and process to face a global challenges (Airtraffic, Climate Change) are urgently needed </li></ul>
  9. 9. CEPS I <ul><li>Goals </li></ul><ul><li>Defining policy options on CIP </li></ul><ul><li>Shaping a public-private partnership: opportunities and challenges. </li></ul><ul><li>CI and CII: a Transatlantic perspective </li></ul><ul><li>Risk assessment and CIP and CIIP-related issues in EU policy making </li></ul><ul><li> Increase Preparedness and Reaction Structure </li></ul>
  10. 10. CEPS II <ul><li>About the taskforce </li></ul><ul><li>Selected early outcome </li></ul><ul><li>Preparedness: 27 EU member states need attention of supplier </li></ul><ul><li>Reaction: 27 EU member states need attention of supplier </li></ul><ul><li>Not possible to finance for suppliers: An organized preparedness and reaction structure must be developed </li></ul><ul><li>Define CIIP exposure metrics and risk assessment which are internationally agreed on </li></ul><ul><li>Incidents are not national or regional, but global. Global entities (as e.g. In air traffic IATA ) are needed to counter fight the global challenge </li></ul>

×