SlideShare a Scribd company logo

Enisa and cyber security standards

European Union Agency for Network and Information Security (ENISA)
European Union Agency for Network and Information Security (ENISA)

ENISA's work for tracking the development of standards for products and services on network and information security

Technology
1 of 10
www.enisa.europa.eu Please replace background with image ENISA and standards Sławomir Górniak Athens-Heraklion, 21st July 2014
www.enisa.europa.eu 2 ENISA and standards • Regulation (EC) 460/2004 – Art. 3 – In order to ensure that the scope and objectives set out in Articles 1 and 2 are complied with and met, the Agency shall perform the following tasks: • (g): to track the development of standards for products and services on network and information security • However – (12) The exercise of the Agency's tasks should not interfere with the competencies and should not pre-empt, impede or overlap with the relevant powers and tasks conferred on: • the European standardisation bodies, the national standardisation bodies and the Standing Committee as set out in Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society Services(14),
www.enisa.europa.eu ENISA and standards • Regulation 526/2013, Art.3.1d • Support research and development and standardisation, by: – (i) facilitating the establishment and take-up of European and international standards for risk management and for the security of electronic products, networks and services; – (ii) advising the Union and the Member States on research needs in the area of network and information security with a view to enabling effective responses to current and emerging network and information security risks and threats, including with respect to new and emerging information and communications technologies, and to using risk-prevention technologies effectively;
www.enisa.europa.eu ENISA approach to standards • Aim: promotion of best practices through SDOs • ENISA role: interface between private sector, public sector, SDOs • Short- and mid-term goals – Formal cooperation with SDOs and specific WGs – Working collaboration with SDOs • Long-term goal – Review of and participation in NIS standardisation activities – Proposal of standards, via means of proposals for standardisation mandates.
www.enisa.europa.eu ENISA and SDOs • Established collaboration agreements with: – ISO SC27 (Liaison) – ETSI (MoU) • Exchange of information of mutual interest • Organisation of joint meetings and workshops • ENISA to channel standardisation activities to ETSI, if appropriate • Exchange of working documents, within well defined frames • ENISA to nominate observers for ETSI Technical Bodies – CEN CENELEC (MoU) – ITU SG17 (MoU started!) • ENISA aligns key activities with the work of SDOs – ETSI TISPAN on CIIP, ESI on eID, CLOUD on cloud certification – CEN CENELEC on smart grids; – ISO SC 27 in the area of privacy;
www.enisa.europa.eu Challenges from EU perspective • Lack of consistent strategy towards standards • Recognized shortcomings of the current approach • Need establishing a small number of key initiatives at EU level • Improve coordination between EU funded R&D and SDOs • Possible ‘vehicles’ for such a coordination: – ETSI CEN CENELEC CSCG – Horizon 2020
www.enisa.europa.eu ETSI CEN-CENELEC Cyber Security Coordination Group (CSCG) • Give strategic advice to the technical committees of CEN, CENELEC and ETSI • Develop a gap analysis of European and International Standards on cyber security • Define of joint European requirements for European and International Standards on cyber security • Establish a European roadmap on standardization of cyber security • Act as contact point for all questions of EU institutions relating to standardization of cyber security • Suggest a joint US and European strategy for the establishment of a framework of International standards on cyber security
www.enisa.europa.eu 8 CSCG Action Plan • #1 – Governance Framework • #2 – Common Understanding Of “Cyber Security” • #3 – Trust In The European Digital Environment • #4 – European Pki And Cryptographic Capabilities • #5 – European Cyber Security Label • #6 – European Cyber Security Requirements • #7 – European Cyber Security Research • #8 – Eu Industrial Forum On Cyber Security Standards • #9 – Eu Global Initiative On Cyber Security Standards
www.enisa.europa.eu 9 2014: ETSI ESI “Algo paper” • ETSI TR 119 312 – Business Guidance on Cryptographic Suites • ETSI TS 119 312 – Cryptographic suites • ENISA reports 2013 – Recommended cryptographic measures – Algorithms, Key Sizes and Parameters • Collaboration 2014 –>
www.enisa.europa.eu 10 European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu

Recommended

Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beMichael Gough
 
Cyber Security Operations Center (C-SOC)
Cyber Security Operations Center (C-SOC) Cyber Security Operations Center (C-SOC)
Cyber Security Operations Center (C-SOC) BGA Cyber Security
 
Csslp
CsslpCsslp
CsslpSushil Shakya
 
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...Magno Logan
 
Top 10 it security architect interview questions and answers
Top 10 it security architect interview questions and answersTop 10 it security architect interview questions and answers
Top 10 it security architect interview questions and answersmikeforbush3
 
資安健檢因應配套
資安健檢因應配套資安健檢因應配套
資安健檢因應配套Galaxy Software Services
 
Enterprise Security Guided Tour
Enterprise Security Guided TourEnterprise Security Guided Tour
Enterprise Security Guided TourSplunk
 
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE - ATT&CKcon
 

Recommended

Windows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beWindows Incident Response is hard, but doesn't have to be
Windows Incident Response is hard, but doesn't have to beMichael Gough
 
Cyber Security Operations Center (C-SOC)
Cyber Security Operations Center (C-SOC) Cyber Security Operations Center (C-SOC)
Cyber Security Operations Center (C-SOC) BGA Cyber Security
 
Csslp
CsslpCsslp
CsslpSushil Shakya
 
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...DevSecOps - Integrating Security in the Development Process (with memes) - Ma...
DevSecOps - Integrating Security in the Development Process (with memes) - Ma...Magno Logan
 
Top 10 it security architect interview questions and answers
Top 10 it security architect interview questions and answersTop 10 it security architect interview questions and answers
Top 10 it security architect interview questions and answersmikeforbush3
 
資安健檢因應配套
資安健檢因應配套資安健檢因應配套
資安健檢因應配套Galaxy Software Services
 
Enterprise Security Guided Tour
Enterprise Security Guided TourEnterprise Security Guided Tour
Enterprise Security Guided TourSplunk
 
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...
MITRE ATT&CKcon 2.0: Zeek-based ATT&CK Metrics and Gap Analysis; Allan Thomso...MITRE - ATT&CKcon
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSCody Thomas
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Philip Polstra
 
OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635Mihály Mészáros
 
Nmap
NmapNmap
NmapSreekanth Narendran
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereouslySirris
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPNAbdullaziz Tagawy
 
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup0xcite
 
Information security
Information securityInformation security
Information securityAlaaMahmoud108
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisManjushree Mashal
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 
The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network InfrastructureEuropean Union Agency for Network and Information Security (ENISA)
 
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012Paris Open Source Summit
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity ContextMiguel A. Amutio
 
Priorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network TechnologiesPriorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network TechnologiesKarlos Svoboda
 

More Related Content

What's hot

Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSCody Thomas
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Philip Polstra
 
OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635Mihály Mészáros
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareTyler Borosavage
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoNCCOMMS
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereouslySirris
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE - ATT&CKcon
 
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup0xcite
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architectureijsrd.com
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Mohammad Fareed
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisManjushree Mashal
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber EssentialsJisc
 

What's hot (17)

Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new exam
 
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
Am I being spied on: Low-tech ways of detecting high-tech surveillance (DEFCO...
 
OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635OAuth and STUN, TURN in WebRTC context RFC7635
OAuth and STUN, TURN in WebRTC context RFC7635
 
Nmap
NmapNmap
Nmap
 
Countering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by MalwareCountering Innovative Sandbox Evasion Techniques Used by Malware
Countering Innovative Sandbox Evasion Techniques Used by Malware
 
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami LaihoCSF18 - Moving from Reactive to Proactive Security - Sami Laiho
CSF18 - Moving from Reactive to Proactive Security - Sami Laiho
 
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
2021/0/15 - Solarwinds supply chain attack: why we should take it sereously
 
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
MITRE ATT&CKcon 2.0: Prioritizing Data Sources for Minimum Viable Detection; ...
 
IPSec and VPN
IPSec and VPNIPSec and VPN
IPSec and VPN
 
Offline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected SetupOffline bruteforce attack on WiFi Protected Setup
Offline bruteforce attack on WiFi Protected Setup
 
Information security
Information securityInformation security
Information security
 
Next Generation Network: Security and Architecture
Next Generation Network: Security and ArchitectureNext Generation Network: Security and Architecture
Next Generation Network: Security and Architecture
 
Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018Wifi cracking Step by Step Using CMD and Kali Linux 2018
Wifi cracking Step by Step Using CMD and Kali Linux 2018
 
Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
 
An introduction to Cyber Essentials
An introduction to Cyber EssentialsAn introduction to Cyber Essentials
An introduction to Cyber Essentials
 

Similar to Enisa and cyber security standards

The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaEUBrasilCloudFORUM .
 
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012Paris Open Source Summit
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity ContextMiguel A. Amutio
 
Priorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network TechnologiesPriorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network TechnologiesKarlos Svoboda
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsBigData_Europe
 
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...Asociación XBRL España
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of SpainMiguel A. Amutio
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIJavier Tallón
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overviewElsa Prieto
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkDeutsche Telekom AG
 
1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...chronaki
 
Digital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European UnionDigital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European Unionsoranun1
 
EOSC-hub and the NGIs
EOSC-hub and the NGIsEOSC-hub and the NGIs
EOSC-hub and the NGIsOpenAIRE
 
Recommendations for ICT Standards in public administration, Andon Stefanovski
Recommendations for ICT Standards in public administration, Andon StefanovskiRecommendations for ICT Standards in public administration, Andon Stefanovski
Recommendations for ICT Standards in public administration, Andon StefanovskiMetamorphosis
 

Similar to Enisa and cyber security standards (20)

The European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agendaThe European cyber security cPPP strategic research & innovation agenda
The European cyber security cPPP strategic research & innovation agenda
 
Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure Protecting Europe's Network Infrastructure
Protecting Europe's Network Infrastructure
 
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
OWF12/Open Standards for Cloud - Eu cloud strategy_sde_20121012
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
 
Priorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network TechnologiesPriorities for Research on Current and Emerging Network Technologies
Priorities for Research on Current and Emerging Network Technologies
 
procent
procentprocent
procent
 
European priorities in information security
European priorities in information securityEuropean priorities in information security
European priorities in information security
 
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systemsSC7 Workshop 3: Enhancing cyber defence of cyber space systems
SC7 Workshop 3: Enhancing cyber defence of cyber space systems
 
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
Estándares en Unión Europea: Marco, Desafíos y Oportunidades - Francisco Garc...
 
Day 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdfDay 02 - EDPS Technology & Privacy unit.pdf
Day 02 - EDPS Technology & Privacy unit.pdf
 
The National Security Framework of Spain
The National Security Framework of SpainThe National Security Framework of Spain
The National Security Framework of Spain
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter IIIndustrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
 
Session 2.1 Martin Mühleck
Session 2.1 Martin MühleckSession 2.1 Martin Mühleck
Session 2.1 Martin Mühleck
 
H2020 project WITDOM overview
H2020 project WITDOM overviewH2020 project WITDOM overview
H2020 project WITDOM overview
 
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification FrameworkECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification Framework
 
1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...1st eStandards conference: next steps for standardization in large scale eHea...
1st eStandards conference: next steps for standardization in large scale eHea...
 
Digital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European UnionDigital Identity Standards by ENISA, European Union
Digital Identity Standards by ENISA, European Union
 
EOSC-hub and the NGIs
EOSC-hub and the NGIsEOSC-hub and the NGIs
EOSC-hub and the NGIs
 
E Society Ict En
E Society Ict EnE Society Ict En
E Society Ict En
 
Recommendations for ICT Standards in public administration, Andon Stefanovski
Recommendations for ICT Standards in public administration, Andon StefanovskiRecommendations for ICT Standards in public administration, Andon Stefanovski
Recommendations for ICT Standards in public administration, Andon Stefanovski
 

More from European Union Agency for Network and Information Security (ENISA)

More from European Union Agency for Network and Information Security (ENISA) (6)

The Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security IssuesThe Internet of Things: Privacy and Security Issues
The Internet of Things: Privacy and Security Issues
 
Power Supply Dependencies in the Electronic Communications Sector
Power Supply Dependencies in the Electronic Communications SectorPower Supply Dependencies in the Electronic Communications Sector
Power Supply Dependencies in the Electronic Communications Sector
 
Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System Resilience of the Interdomain Routing System
Resilience of the Interdomain Routing System
 
European Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challengesEuropean Critical Internet Infrastructure: past, present and future challenges
European Critical Internet Infrastructure: past, present and future challenges
 
Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management Trustworthy infrastructure for personal data management
Trustworthy infrastructure for personal data management
 
Enisa internet mapping project-20130523
Enisa internet mapping project-20130523Enisa internet mapping project-20130523
Enisa internet mapping project-20130523
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 

Enisa and cyber security standards

  • 1. www.enisa.europa.eu Please replace background with image ENISA and standards Sławomir Górniak Athens-Heraklion, 21st July 2014
  • 2. www.enisa.europa.eu 2 ENISA and standards • Regulation (EC) 460/2004 – Art. 3 – In order to ensure that the scope and objectives set out in Articles 1 and 2 are complied with and met, the Agency shall perform the following tasks: • (g): to track the development of standards for products and services on network and information security • However – (12) The exercise of the Agency's tasks should not interfere with the competencies and should not pre-empt, impede or overlap with the relevant powers and tasks conferred on: • the European standardisation bodies, the national standardisation bodies and the Standing Committee as set out in Directive 98/34/EC of the European Parliament and of the Council of 22 June 1998 laying down a procedure for the provision of information in the field of technical standards and regulations and of rules on Information Society Services(14),
  • 3. www.enisa.europa.eu ENISA and standards • Regulation 526/2013, Art.3.1d • Support research and development and standardisation, by: – (i) facilitating the establishment and take-up of European and international standards for risk management and for the security of electronic products, networks and services; – (ii) advising the Union and the Member States on research needs in the area of network and information security with a view to enabling effective responses to current and emerging network and information security risks and threats, including with respect to new and emerging information and communications technologies, and to using risk-prevention technologies effectively;
  • 4. www.enisa.europa.eu ENISA approach to standards • Aim: promotion of best practices through SDOs • ENISA role: interface between private sector, public sector, SDOs • Short- and mid-term goals – Formal cooperation with SDOs and specific WGs – Working collaboration with SDOs • Long-term goal – Review of and participation in NIS standardisation activities – Proposal of standards, via means of proposals for standardisation mandates.
  • 5. www.enisa.europa.eu ENISA and SDOs • Established collaboration agreements with: – ISO SC27 (Liaison) – ETSI (MoU) • Exchange of information of mutual interest • Organisation of joint meetings and workshops • ENISA to channel standardisation activities to ETSI, if appropriate • Exchange of working documents, within well defined frames • ENISA to nominate observers for ETSI Technical Bodies – CEN CENELEC (MoU) – ITU SG17 (MoU started!) • ENISA aligns key activities with the work of SDOs – ETSI TISPAN on CIIP, ESI on eID, CLOUD on cloud certification – CEN CENELEC on smart grids; – ISO SC 27 in the area of privacy;
  • 6. www.enisa.europa.eu Challenges from EU perspective • Lack of consistent strategy towards standards • Recognized shortcomings of the current approach • Need establishing a small number of key initiatives at EU level • Improve coordination between EU funded R&D and SDOs • Possible ‘vehicles’ for such a coordination: – ETSI CEN CENELEC CSCG – Horizon 2020
  • 7. www.enisa.europa.eu ETSI CEN-CENELEC Cyber Security Coordination Group (CSCG) • Give strategic advice to the technical committees of CEN, CENELEC and ETSI • Develop a gap analysis of European and International Standards on cyber security • Define of joint European requirements for European and International Standards on cyber security • Establish a European roadmap on standardization of cyber security • Act as contact point for all questions of EU institutions relating to standardization of cyber security • Suggest a joint US and European strategy for the establishment of a framework of International standards on cyber security
  • 8. www.enisa.europa.eu 8 CSCG Action Plan • #1 – Governance Framework • #2 – Common Understanding Of “Cyber Security” • #3 – Trust In The European Digital Environment • #4 – European Pki And Cryptographic Capabilities • #5 – European Cyber Security Label • #6 – European Cyber Security Requirements • #7 – European Cyber Security Research • #8 – Eu Industrial Forum On Cyber Security Standards • #9 – Eu Global Initiative On Cyber Security Standards
  • 9. www.enisa.europa.eu 9 2014: ETSI ESI “Algo paper” • ETSI TR 119 312 – Business Guidance on Cryptographic Suites • ETSI TS 119 312 – Cryptographic suites • ENISA reports 2013 – Recommended cryptographic measures – Algorithms, Key Sizes and Parameters • Collaboration 2014 –>
  • 10. www.enisa.europa.eu 10 European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece Follow ENISA http://www.enisa.europa.eu