ENISA

1. ENISA

2. ENISA: European Network and Information Security Agency Headquarters: Heraklion, Crete (Greece) Staff: ~40 (…expanding to ~50) The Agency

3. Overview: ENISA’s Objectives To enhance the capability of the Commission, other EU bodies and the Member States to prevent, address and respond to NIS problems To provide assistance and deliver advice to the Commission and the MS on issues related to NIS falling within its competencies as set out in this Regulation To develop a high level of expertise and use this expertise to stimulate broad cooperation between actors from the public and private sectors To assist the Commission, where called upon, in the technical preparatory work for updating and developing Community legislation in the field of NIS.

4. Overview: ENISA’s Tasks Risk assessment and risk management Becoming a centre of expertise Track standardization Information exchange and cooperation Promote CERTs Awareness raising Giving advice and assistance to Commission and Member States Promote best practices

5. NIS Cooperation & Support Activities • Awareness Raising • Relations with Industry and International Institutions • Coordination of activities with Member States and European Bodies • CERT support • Requests from EC and Member States

6. 1. Collect Best Practice Guides, Best Practice Policies and Best Practice Controls Gen.Infosec Policy Infosec Policy Gen. Infosec Policy Infosec Policy Infosec Control Infosec Control Infosec Control Infosec Control Original Infosec Guide (e.g. Documents) Original Infosec Policy (e.g. Chapters) Original Infosec Control 2. Store Guides, Policies and Controls in the Knowledgebase Infosec Control Infosec Control Infosec Control Infosec Control Infosec Control Infosec Control Infosec Control Infosec Control Best Practice Knowledgebase 3. Extract most relevant & valuable pieces 5. Create new brief, simple, broadly accepted Guides & Policies Infosec Control Infosec Control Infosec Control Infosec Control Infosec Control Infosec Control Gen.Infosec Guide Infosec Control Infosec Control Infosec Control 4. Store these pieces of Guides, Policies and Controls also in the Knowledgebase Infosec Control Infosec Control Infosec Control Gen. Infosec Policy Infosec Control Infosec Control Infosec Control Technical Activities • Risk Management • Technical & Procedural Security Policies • Security Technologies

7. Unit in charge of the monitoring of NIS developments including standardization Focus on NIS Standardization Report: Inventory of activities and standards per body We have identified few relevant bodies to follow European Standardization ETSI, CEN, CENELEC International Standardization IETF, ITU, NIST, ISO/IEC, W3C, ANSI Others RIPE, ICANN, etc. We are observers in few standardization meetings IETF and ETSI (TISPAN) Inventory also looks at Industry Fora Including VOIPSA, CSIA, OMA, TCG, VPNC, ISACA, ISSA Research Activities Including FP6, IRTF, JRC NIS Technologies (1)

8. Report on Summary and Analysis of the major technical developments in relation with standardization and other NIS initiatives Will use the NISSG Report as input Presence of ENISA in various fora and establishment of a network of contacts in the technical, development, standardization, and research community Identify areas where security is not properly taken into account and promote it from the beginning Identify standardization gaps and opportunities NIS Technologies (2)

9. Few of the ENISA channels Go to our website: http://www.enisa.europa.eu