Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY

•

ENISA brings together those who establish certification schemes and those who need them, promoting the use of information security certifications in Europe

About ENISA

• current and emerging risks of electronic communications networks • authenticity, integrity and confidentiality of communications • ‘common methodologies’ to prevent security issues

ENISA

• INFORMATION SECURITY KEY ELEMENTS • raising awareness and building confidence of electronic communication users • extend the dissemination capacities of best practices • promote the security certification schemes

ENISA Permanent Stakeholders’ Group

• • • • • •

mutual communication with the relevant stakeholders on all issues related to the Agency’s work programme leading experts in network and information security representing relevant stakeholders ----information and communication technologies industry ----consumer and user organizations ----academic and research institutions

P r o m o t i n g s e c u r i t y c e r t i f i c a t i o n s c h e m e s

• Certification is an important factor of the confidence that users may have in the electronic communication tools • The use of such certificates is usually considered as one of the good indicators of the level of security achieved by a given entity

• ENISA organized an event on certification schemes for information security • ICT systems, products • IT security systems • security expertise • security management • trust for e-commerce

ENISA

• •

What can we achieve with information security certification?

“Voice your opinion on information security certifications in Europe”

ENISA Workshop on November 28th, 2006 Sofitel, Athens Airport, Greece

2007 ENISA Work program

• ENISA intends to promote certification schemes • to improve knowledge, skills and confidence of citizens (in particular non experts ) • to foster both technical and organisational interoperability on information security in Europe

FACILITATING CO-OPERATION EXISTING CERTS/CSIRTS • computer security incident response teams play a key role • limiting the damage resulting from a breach • recovering from a breach as quickly as possible • assistance to victims of attacks, • vulnerability assessments, awareness raising and promotion of best practises

ENISA

• wide recognition and an improved visibility of such schemes • assistance to providers and users of certifications • make the market more open and dynamic

• ICT Security Standards Roadmap to assist in the development of security standards by bringing together information about existing standards and standards in progress

• The initiative is a collaborative action among ENISA, the Network and Information Security Steering Group (NISSG) and the ITU-T Study Group 17 •

ICT Security Standards Roadmap (Version 2.0, May 2007)

• The Roadmap in five parts •

Part 1: ICT Standards Development Organizations and Their Work

•

Part 2: Approved ICT Security Standards Part 3: Security standards under development

•

Part 4: Future needs and proposed new security standard Part 5: Best practices

• the next generation of information technology systems:

the "embedding of intelligence"

• ARTEMIS PROPOSAL 15.5.2007

COUNCIL REGULATION on the establishment of a Joint Undertaking to implement a Joint Technology Initiative in Embedded Computing Systems

• Europe's capability to engineer domain specific solutions for embedded electronic in key areas such as the automotive, industrial and energy sectors, telecoms, or aerospace

. • more than 90% of computing devices embedded • the share of embedded systems in the value of the final product key industrial sectors • within the next 5 years 36% in automotive industry, 37% in telecommunications 41% in consumer electronics

• the Specific Programme "Cooperation" of the European Community 7th FP (2007 2013) for research, technological development and demonstration activities • Joint Technology Initiatives (JTIs) • a new way of realising public-private partnerships in research at European level

• THE END