Transcript Giandonato CAGGIANO Adviser of the Ministry of Communications

Giandonato CAGGIANO
ENISA MANAGEMENT BOARD REPRESENTATIVE
LEGAL ADVISER ON EUROPEAN AFFAIRS
OF THE MINISTRY OF COMMUNICATIONS
U. OF ROMA TRE LAW FACULTY
• ENISA brings together those
who establish certification
schemes and those who need
them, promoting the use of
information security
certifications in Europe
About ENISA
• current and emerging risks of electronic
communications networks
• authenticity, integrity and confidentiality of
communications
• ‘common methodologies’ to prevent
security issues
ENISA
• INFORMATION SECURITY KEY ELEMENTS
• raising awareness and building confidence
of electronic communication users
• extend the dissemination capacities of
best practices
• promote the security certification schemes
ENISA Permanent Stakeholders’ Group
• mutual communication with the relevant
stakeholders on all issues related to the
Agency’s work programme
• leading experts in network and information
security
• representing relevant stakeholders
• ----information and communication
technologies industry
• ----consumer and user organizations
• ----academic and research institutions
Promoting security certification schemes
• Certification is an important factor of the
confidence that users may have in the
electronic communication tools
• The use of such certificates is usually
considered as one of the good indicators
of the level of security achieved by a given
entity
• ENISA organized an event on certification
schemes for information security
• ICT systems, products
• IT security systems
• security expertise
• security management
• trust for e-commerce
ENISA
• What can we achieve with
information security certification?
“Voice your opinion on information
security certifications in Europe”
• ENISA Workshop on November 28th,
2006 Sofitel, Athens Airport, Greece
2007 ENISA Work program
• ENISA intends to promote certification
schemes
• to improve knowledge, skills and
confidence of citizens (in particular nonexperts )
• to foster both technical and organisational
interoperability on information security in
Europe
FACILITATING CO-OPERATION EXISTING CERTS/CSIRTS
• computer security incident response teams play
a key role
• limiting the damage resulting from a breach
• recovering from a breach as quickly as possible
• assistance to victims of attacks,
• vulnerability assessments, awareness raising
and promotion of best practises
ENISA
• wide recognition and an improved visibility
of such schemes
• assistance to providers and users of
certifications
• make the market more open and dynamic
• ICT Security Standards Roadmap to assist
in the development of security standards
by bringing together information about
existing standards and standards in
progress
• The initiative is a collaborative action
among ENISA, the Network and
Information Security Steering Group
(NISSG) and the ITU-T Study Group 17
• ICT Security Standards Roadmap (Version 2.0, May
2007)
•
The Roadmap in five parts
• Part 1: ICT Standards Development Organizations and Their
Work
Part 2: Approved ICT Security Standards
•
Part 3: Security standards under development
Part 4: Future needs and proposed new security standard
•
Part 5: Best practices
• the next generation of information technology
systems: the "embedding of intelligence"
• ARTEMIS PROPOSAL 15.5.2007
COUNCIL REGULATION on the establishment
of a Joint Undertaking to implement a Joint
Technology Initiative in Embedded
Computing Systems
• Europe's capability to engineer domainspecific solutions for embedded electronic
in key areas such as the automotive,
industrial and energy sectors, telecoms, or
aerospace
.
• more than 90% of computing devices
embedded
• the share of embedded systems in the
value of the final product key industrial
sectors
• within the next 5 years
36% in automotive industry,
37% in telecommunications
41% in consumer electronics
• the Specific Programme "Cooperation" of
the European Community 7th FP (20072013) for research, technological
development and demonstration activities
• Joint Technology Initiatives (JTIs)
• a new way of realising public-private
partnerships in research at European level
• THE END