European Union Agency for Network and Information Security

“Digital Single Market for All”: 5th and final week of #CyberSecMonth 2015

Mon, 10/26/2015 - 08:10

“Bringing down barriers to unlock online opportunities” is an objective of the European Commission (EC) initiative on the Digital Single Market (DSM). More information on the subject is available through the following links:

 

More on the topic from EC Vice – President Ansip’s blog and Commissioner Oettinger’s blog .

Also today:

1. Official launch for the NIS Quiz today!

ENISA has further developed a quiz to enhance user’s knowledge in network and information security (NIS) while at the same time disseminate best practice and knowledge from its reports.

Users can choose the difficulty level, and select to test their cyber knowledge between two topics: “privacy” or “general security”. Furthermore, users are asked to reply to 10 scenarios by making a choice among a preselection of answers. Each answer comes with an explanation and the award of the Cyber Security Month badge at the end.

To play the quiz click here!

Users can obtain the Cyber Security Month badge by completing the quiz.


2. Invitation to participate at the cyber security education seminar: ECSM2015 Evaluation on November 5th, 2015 in Vienna

This cyber security education seminar is organized under the European Cyber Security Month advocacy campaign. The objective is the evaluation of the ECSM2015 and to offer networking opportunities for partners. At the same time it marks the initiation of the planning for ECSM2016. The event is co-organized with the Austrian Federal Chancellery and the ENISA-NLO network.

Seminar agenda is available here

To Register

Please confirm your interest to participate no later than the 28th October, 2015 by contacting: stakeholderrelations@enisa.europa.eu 


3. International Launch today #CyberAware #CyberSecMonth!

ENISA has joined the Department of Homeland Security (DHS) and the National Cyber Security Alliance in releasing the 'International Mobile Security Tips'. The DHS has coordinated the development of this document with Australia, the Asia Pacific Economic Cooperation group, the Organization of American States, and ENISA.

The 'International Mobile Security Tips' are also available through the STOP.THINK.CONNECT. website:

 

Background: European Cyber Security Month (ECSM) is an EU advocacy campaign that promotes cyber security among citizens and advocates for change in the perception of cyber-threats by promoting data and information security, education, sharing of good practices and competitions. The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and Partners are deploying the European Cyber Security Month every October. Metrics: 30 countries involved in the initiative in 2014, displaying an increase from 2013 with 24 countries participating.

 

European Cyber Security Month: during October, find out how to be safe online

 

October is Cyber Security Month! Follow #CyberSecMonth #ENISA

Visit: www.cybersecuritymonth.eu

 

For more on the subject areas and press enquiries please contact press@enisa.europa.eu Tel. 2814 409 576

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA workshop on IoT Security for Smart Home environments

Tue, 10/20/2015 - 15:46

On October 6th 2015, ENISA organised a workshop to validate its study on IoT (internet of things) security for smart home environments in Berlin. The workshop gathered over twenty participants with various backgrounds including product manufacturers, solution vendors, developers, academia and researchers, CERTs, and policy makers.

ENISA presented its project and good security practices to secure IoT in smart home environments. The Agency’s work has been validated based on participants’ input, and will be contributing further in the field by providing guidance.

Participants also presented their work in the IoT security domain. This included:

  • EU policy and research aspects (Dr Thibaut Kleiner, European Commission, DG CONNECT)
  • firmware security (Dr Andrei Costin, Eurecom / Firmware.RE)
  • IoT security and privacy framework (Mr Craig Spiezle, OTAlliance.org)
  • CERT for IoT (Mr Cédric Messeguer,Digital Security and Mr.Thomas Gayet, CERT UBIK).

 

Key conclusions, in consensus, show:

  • IoT security is needed during the whole lifecycle of devices and services (starting at the early stages of a project, for their implementation and up to their end of life).
  • Collaboration of all stakeholders is required to harmonise the definition of security for IoT
  • Awareness raising is important, both for decision-makers and end-users

 

Workshop presentations are now available here.

October is Cyber Security Month! Follow #CyberSecMonth #ENISA

Visit: www.cybersecuritymonth.eu


 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

"Understanding Cloud Solutions for All": 4th week of #CyberSecMonth

Mon, 10/19/2015 - 09:15

This week the following related material is provided for all:  

 

1. ENISA’s work on secure Cloud adoption

This year ENISA published a set of guidelines to help SMEs make an informed decision before choosing a cloud service, which is also provided as a tool! For more information please visit here.

For short recommendations and the essential questions to ask before 'going cloud' visit the following link.

The information is available in all EU 23 languages. ENISA plays an important role in giving stakeholders an overview of the information security risks when ‘going cloud’. ENISA’s Cloud Security Risk Assessment is widely referred to across EU Member States and outside the EU. ENISA follows up on this by focusing on procurement and criticality of cloud services.

2. Published today #CyberSecMonth

Just released: report on the “Status of privacy and NIS course curricula in Member States

The work in this report follows up on previous efforts and suggested recommendations from 2013- 2014 by ENISA. Objectives of this report are:

  • to identify gaps between available training courses, certifications and NIS education needs with particular emphasis on ePrivacy
  • to suggest further actions based on the analysed needs of NIS communities in Europe

 

From the desktop research, the focus for most of the courses that included privacy appeared to be in computer science, computer security, information security, cybercrime and the cyber security area. However there were a number of courses which included privacy law (Information Technology, Commercial, Corporate, Communications and Property), marketing and ethics. For several reasons, it may be, that privacy is an area that only relatively lately is gathering attention, compared for example to Network and Information Security. However this idea would require further future research to be proved.

Within this context, existing Massive Open Online Courses (MOOCs) were also looked into. In terms of MOOCs, the offer around the subject of privacy and data protection is limited in general, and there is a particular lack of MOOCs in the European context both in terms of delivery by European Universities/Institutes and covering privacy and data protection legislations and debates at a European level. Furthermore, MOOCs and serious games are a path which is being explored as a practical way to transfer knowledge, support learning, raise awareness, offer professional training and unveil controversial issues and practices surrounding privacy and data protection. 

ENISA’s recommendations on MOOCs courses

In the final section of the report, recommendations are provided for EU level organisations, e.g. University networks, users’ coalitions and multipliers, education institutions, and also at the Member State level organisations e.g. education institutions, NGOs, think tanks, governments.

Key recommendations include:

  • Consider exploring serious games not only for raising awareness but also as a training ground for first-responders and other professionals.
  • The report has highlighted that privacy does not seem to feature in titles of undergraduate degree courses and further research would be required to understand why.
  • Consider to invest in MOOCs with a NIS focus, in particular addressing the issue of privacy-by-design and European legislation. We highlighted that some of the existing MOOCs are available in national languages, this is clearly an advantage and a best practice. The report has highlighted that there is scope for some specific MOOCs relating with issues currently debated at a European level. There is a general lack on privacy and data protection MOOCs in the EU context, however this delivery opportunity could be better exploited also via existing supported platforms (i.e. OpenUpEd and EMMA).
  • Consider promoting the creation of multiple such quizzes using as basis or parts of the ENISA quiz in order to raise awareness by participating in the spread of general quizzes and awareness month.

 

User education is key in cyber security

At the same time, ENISA has further developed a quiz  to test user’s knowledge in network and information security while at the same time to disseminate best practices and knowledge from all its reports. The version 1.0 will use a better gamified approach. A relevant addition to this year’s quiz are the Cyber Security Month badges, following the model from serious games, which are awarded upon completion of the quiz and which participants can share on social media. The use of badges is also one of the measures adopted for supporting the full completion of the quiz by a larger number of participants.  


For more on the subject areas and press enquiries please contact press@enisa.europa.eu Tel. 2814 409 576

European Cyber Security Month: during October, find out how to be safe online

 

Background: European Cyber Security Month (ECSM) is an EU advocacy campaign that promotes cyber security among citizens and advocates for change in the perception of cyber-threats by promoting data and information security, education, sharing of good practices and competitions. The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and Partners are deploying the European Cyber Security Month every October. Metrics: 30 countries involved in the initiative in 2014, displaying an increase from 2013 with 24 countries participating.

 

 

October is Cyber Security Month! Follow #CyberSecMonth #ENISA

Visit: www.cybersecuritymonth.eu

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Joint ENISA - EBA Workshop

Fri, 10/16/2015 - 09:10

ENISA and the European Banking Authority (EBA) hosted a workshop on the use of cloud computing in the finance sector in London on October 14th 2015.

This invitation only event, welcomed participants from EU National financial supervisory Authorities, banks and cloud service providers. ENISA’s Head of Secure Infrastructures and Services Dr Evangelos Ouzounis and EBA Head of Unit Oversight, Mario Quagliariello, gave the welcoming notes. Speakers included colleagues from the European Commission DG Connect, DG FISMA, ENISA experts, as well as representatives from banks and the cloud service providers.

The workshop aimed at providing valuable insights on the current status and potential ways to address supervisory or bank concerns and risks when using cloud in the finance sector. ENISA’s experts gave an overview of the findings identified in its upcoming report on ‘Secure use of cloud in the finance sector’ and held an open discussion on the identified topics.


For more on the subject and interviews please contact press@enisa.europa.eu, Tel. 2814 409576

 

October is Cyber Security Month! Follow #CyberSecMonth #ENISA 

Visit: www.cybersecuritymonth.eu

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Cybersecurity Standards from an EU perspective at Secure Conference Warsaw

Fri, 10/16/2015 - 08:28

© copyright: secure.edu.pl

ENISA’s Executive Director, Udo Helmbrecht, is participating at the 19th Security Conference on Telecommunications and IT Security in Warsaw on the 14th and 15th October 2015, at the Copernicus Science Centre, Warszawa. ENISA is proudly an honorary patron of this year’s event.

On day two of the conference, Prof Helmbrecht spoke about cybersecurity standards giving an insight from the EU perspective. The subject area is continuously under the microscope as the community tries to define the term ‘cybersecurity’, ‘and what is expected with the definition of ‘cybersecurity standards’ (classification, who participates, how).

Udo Helmbrecht explained the objectives towards a coordinated approach to standardisation based on consensus and approved in a recognised body. The sector’s status, the current regulation and ENISA’s role in the process for standardising cybersecurity was presented.

ENISA’s role to cybersecurity standards in the EU

The aim of the Agency is to promote best practices through Standards Developing Organisations (SDOs) and to act as an interface between them and the public and private sector. The goal is on the one hand to establish a formal and working collaboration with SDOs and related Working groups while on the other to review and include standards in the NIS activities and formulate proposals for standards.

ENISA acts as a liaison with ISO SC27, is an active member of CSCG, has MoUs with ETSI, CEN CENELEC is in the process for a MoU with ITU, while it aligns key activities of its own with the work of SDOs in the areas of smart grids, privacy and cloud certification. In 2015 the Agency is elaborating the studies, which:

  • will contribute to a more concrete definition of cybersecurity and identify gaps and overlaps, areas covered, and organisations involved in standardisation process
  • presents the current governance framework of the EU standardisation, finding ways to align policy, industry and research
  • promotes security and privacy standardisation for the SME community, through listing existing ICT S&P standards that can be used by SMEs, and recommendations to increase their adoption, and the status on of standardisation for SMEs.

 

“The challenge we face is lack of a consistent strategy towards standards. Shortcomings of the current approach are well recognised. At the EU level we need to improve coordination between EU funded Research and Development (R&D) and Standards Developing Organisations (SDOs). As drivers of such coordination existing initiatives could be used, such as ‘Horizon 2020’ and ETSI/CEN/CENEEC Cybersecurity Coordination Group). A concrete strategy for the ‘European Standardisation Organisations’ (ESOs) is an insisting need” said Udo Helmbrecht. “I am happy that today we are patrons of this event and I hope in the near future we will have substantial actions taking place which will decipher the sector and see the tangible results of everyone’s efforts to standardising EU cybersecurity”

 

Follow the event @securepl

Background: The conference presented state-of-the-art solutions, analysis of the current threats, latest trends in ICT security as well as important legal issues. Participants have a unique opportunity to gain the latest knowledge, improve their qualifications and exchange experience with experts (source Secure 2015)


For more on the subject and interviews please contact press@enisa.europa.eu , Tel. 2814 409576

 

October is Cyber Security Month! Follow #CyberSecMonth #ENISA 

Visit: www.cybersecuritymonth.eu

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA at #ITUWORLD

Wed, 10/14/2015 - 14:14

© copyright:ITU/R.Farrell

Prof. Udo Helmbrecht, the Executive Director of the European Union Agency for Network Security and Information (ENISA), participated at the ITU Telecom World 2015 event in Budapest on the 12th-15th October 2015. Prof. Helmbrecht participated in the panel discussion ‘Accelerating Digital Innovation for Social Impact’ along with three other panellists representing the private and telecommunication sector.

During the discussion, Prof Helmbrecht spoke on the need for a close collaboration between policy initiatives and technology innovation, providing notable examples of areas which offer such a potential. ENISA’s Executive Director elaborated on how the EU needs an industry policy approach to create a competitive EU based ICT industry which can be based on a variety of different ‘tools’:

  • Promoting cooperation of EU SMEs
  • Using public procurement to foster EU based ICT industry
  • Further strengthening the EU leading position in relevant areas such as business software or smart cards

 

ENISA uniquely positioned to assist EU institutions in promoting cybersecurity as a competitive advantage

There is an opportunity to use the area of cybersecurity as an economic enabler, providing EU industry with a competitive advantage in the global market. In order to do this, we need to recognize the differentiating factors that could be the basis for new business models. ENISA is uniquely positioned to assist in this direction” said Udo Helmbrecht.

As ICT is the backbone of every modern society, the EU needs to become the single market of preference for governments and industry for trusted EU products and services. At another end, e-Government services have significant potential, to make public services more efficient for the benefit of citizens and businesses in terms of ‘time and money’. It is evident that as we progress into the era of IoT, all e-aspects may it be e-banking, e-health, e-commerce, e- education, will be totally dependent on an open, safe and secure cyberspace.

ENISA continues its work in sector and develops a culture of information exchange among communities through studies and workshops and continuously engages with the Internet operational community through the relevant reference groups.

Follow the discussions on #ITUWORLD

About ITU world: The event brings together influential figures from government and industry and focuses on accelerating the digital transformation for economic growth and social good through three major tracks of debate in the Forum: accelerating digital transformation, extending digital opportunities, and building trust in the connected future*(source ITU World 2105).

 

For more on the subject and press enquiries please contact press@enisa.europa.eu Tel. 2814 409 576

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

2015 Annual Privacy Forum focusing on Privacy Enhancing Technologies

Tue, 10/13/2015 - 14:20

The European Union Agency for Network and Information Security (ENISA) jointly with the European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), and as local host, the University of Luxemburg organised the 3rd Annual Privacy Forum (APF) on the 7th and 8th October 2015, in Luxembourg.

The two-day event brought together academia, industry and regulators with the aim of bringing research and policy together in the area of privacy and data protection.

Prof Thomas Engel (University of Luxembourg), Raffaele Di Giovanni Bezzi (policy officer EC DG CONNECT) and Dr Demosthenes Ikonomou (Head of Information Security & Data Protection, ENISA) gave the welcoming notes. The meeting looked into the technical aspects and approaches to privacy, ethics, and transparency behind data processing. Privacy Enhancing Technologies (PETs) that could support users’ needs while safeguarding their personal data were put forward to policy makers, academia and industry, as a tool for more transparent and safeguarded data analysis in the age of IoT (Internet of Things) and Big Data. In this context, ‘privacy by design’ (PbD) was examined as the element which can bring together the technical, legal and business aspects of IT, promoting it as culture (operational framework) on privacy.

Key note speeches were presented by: Giovanni Buttareli (EDPS), Naomi Lefkovitz (National Institute of Standards and Technology- NIST, US Department of Commerce), Charles Raab (University of Edinburgh), Marit Hansen (Privacy & Information Commissioner of the State of Schleswig-Holstein, Germany), Paul Nemitz (DG Justice, EC), Gwendal le Grand (CNIL), Bart Preneel (KU Leuven).

Safeguarding privacy, data protection in the era of big data and privacy economics: the ethical approach

Prof Thomas Engel from University of Luxembourg and General Co -Chair Annual Privacy Forum 2015 said: “There are at least two perspectives: protecting the individual citizen against attacks and the interest of a society to make sure that safety is guaranteed. We are convinced that practical solutions for privacy will need multidisciplinary efforts. The Annual Privacy Forum offers an ideal platform for discussing these issues with experts from industry, data protection agencies, academia, ENISA and the European Commission. Particularly the format of the forum combines practitioners’ views with a scientific track based on peer-reviewed paper submissions and published in Springer. A number of follow-up activities have been agreed upon to further demonstrate and show-case open issues and potential solutions. I am extremely satisfied with this years’ edition of the APF.”

ENISA’s Dr Demosthenes Ikonomou Head of Information Security & Data Protection, said: This forum has brought together for yet another year diverse communities to look into state of the art approaches towards privacy, data protection and the technologies surrounding the field. ENISA places an emphasis on Privacy Enhancing Technologies (PETs) that could support users’ needs while safeguarding their personal data. A typical example of our work is  privacy by design’ (PbD) which in this forum was examined as the element which can bring together the technical, legal and business aspects of IT, promoting it as culture (operational framework) on privacy. At the same time the Agency supports the Commission on the policy process currently under way. This two day event has been an excellent platform for the community to discuss and respond in a more efficient manner to the challenges on the subject and we are eager to start preparing next year's edition”.

The APF took place during the Luxembourg Presidency of the Council of the EU, and was made possible with the contribution of the APF partners, EDPS and KU Leuven, and the APF sponsors, ISACA and Symantec. For details and the full programme please check here. News about the upcoming 2016 edition will be soon announced by ENISA.

 

Follow the forum on twitter @PrivacyForum_EU and the dedicated hashtag #APF15

For event pictures: Annual Privacy Forum 2015

For interviews on the subject and press enquiries please contact press@enisa.europa.eu

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

‘Code Week for all’: 3rd week of The European Cyber Security Month!

Mon, 10/12/2015 - 08:45

Europe Code Week is a grassroots initiative which aims to bring coding and digital literacy to everybody in a fun and engaging way. The activity runs from 10th- 18th October 2015.  Details are available at the dedicated webpage www.codeweek.eu , while learning resources on how to code are available at the link provided: http://codeweek.eu/resources/

Launching today #CyberSecMonth:

1. Case studies from Member States

The case studies focus on best practices brokerage between the public and private sectors. The activity is aimed at all members of the educational community on Network and Information Security in Europe. Check out the initiatives in the links below:

Austria

 

Spain

 

ENISA is committed to taking the lead in encouraging the exchange of NIS best practices, and it follows a strong community-building process for NIS education stakeholders.

2. Infographics

NIS data for general use presented in the form of infographics:

 

Stay up to date with #CyberSecMonth!

 

Background: European Cyber Security Month (ECSM) is an EU advocacy campaign that promotes cyber security among citizens and advocates for change in the perception of cyber-threats through = data and information security, education, sharing of good practices and competitions. The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and Partners are deploying the European Cyber Security Month every October. Metrics: 30 countries involved in the initiative in 2014, displaying an increase from 2013 with 24 countries participating.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

4th joint ENISA - EC3 workshop between CSIRTs and Law Enforcement

Thu, 10/08/2015 - 14:30

© Copyright Europol

On 8 and 9 October 2015 more than 40 representatives from national / governmental EU CSIRTs (Computer Security Incident Response Teams) and their law enforcement counterparts convened at Europol's headquarters in The Hague for the 4th joint ENISA - EC3 workshop. The two-day event focused on the exchange of information between CSIRTs and law enforcement placing a particular emphasis on the common taxonomies and methods to information sharing.

Wil van Gemert, Europol's Deputy Director Operations, and Dr Steve Purser, Head of ENISA Core Operations, gave the keynote speeches.

In his speech Wil van Gemert said: "Law enforcement - CSIRTs cooperation is essential in bringing two of the most relevant professional communities together to tackle cybercrime. One side protects infrastructures, communities and businesses from cyber threats, while the other looks at perpetrators and enablers who are behind this crime. Working together in an efficient and effective manner is a fundamental backbone of ensuring the safety of the societies we are entrusted to protect. This event, which epitomises the excellent collaboration between Europol and ENISA, is a valuable opportunity for concrete output, providing ample possibilities to learn from practical experiences".

Dr Steve Purser underlined: "Defining a common taxonomy between CSIRTs and Law Enforcement is an important step forward to facilitate information sharing between these two communities. Today's meeting is an important step in this direction. The feedback from the communities is fundamental in order to proceed and set the appropriate framework. ENISA and Europol are in close collaboration in their common efforts to counter cybercrime, which is to be fought from different angles. The workshop serves as an excellent platform to share viewpoints and develop a common understanding and we aim to deepen this collaboration"

ENISA and Europol have a Memorandum of Understanding for strategic cooperation and exchange of expertise supporting the EU Member States and institutions in the fight against cybercrime. The event follows the 2014 ENISA-EC3 workshop.


 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

‘Creating a Culture of Cyber Security at Work’, second week of The European Cyber Security Month running through October

Mon, 10/05/2015 - 08:40

The 3rd consecutive year, celebrating the European Cyber Security Month (ECSM) through-out October, has just been kicked-off in Brussels. The topic during the second week of the ECSM from October 5th- 11th, 2015 is ‘Creating a Culture of Cyber Security at Work’.

The message is also shared at an international level, with the US National Cyber Security Month. In addition, a twitter chat will be held by our US counterparts on Thursday October 8th at 22.00 CET. Follow the chat on #CyberSecMonth or #ChatSTC.

Launching today!

An ‘Awareness Calendar’ is launched today for use in organizations and users all over the world. A common effort, from all participating partners: US National Cyber Security Month, ITU and the European Cyber Security Month by ENISA with many partners from the Member States.

Join a Cyber Seminar in Athens on 6th October!

Join the “Cyber Security education seminar: innovation” taking place at ENISA on 6th October. For the agenda and details please visit the dedicated webpage here.

Given its position, ENISA is active in the area of education and awareness, using its knowledge to promote NIS skills and supporting the European Commission in enhancing the skills and competence of professionals in the area. This seminar continues work from previous activities by inviting stakeholders to meet and share best practices.

The seminar is organised with educators for educators. The primary targets are professors and trainers that have daily activities in NIS education. Secondary targets are innovators in the field of technology and policy-makers.

 

Background: European Cyber Security Month (ECSM) is an EU advocacy campaign that promotes cyber security among citizens and advocates for change in the perception of cyber-threats by promoting data and information security, education, sharing of good practices and competitions. The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and Partners are deploying the European Cyber Security Month every October. Metrics: 30 countries involved in the initiative in 2014, displaying an increase from 2013 with 24 countries participating.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

E-CODEX Representatives meet with ENISA

Mon, 09/21/2015 - 16:34

Representatives of the e-Codex project visited ENISA’s premises in Athens today September 21st, 2015.

E-Codex is a Europe wide project aiming at improving the cross-border access of citizens and businesses to legal means, as well as increasing the interoperability between legal authorities within the EU.

The e-Codex representatives had a meeting with ENISA’s management and experts, exchanging ideas and discussing on areas of common interest including among others e-signatures, trust services, security and interoperability of document exchange in the area of justice .The discussion explored opportunities for further co-operation between the e-Codex partners and ENISA, especially in the context of follow-up activities for developed project components.

 

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA’s Udo Helmbrecht at the 10th Future Security Event in Berlin

Wed, 09/16/2015 - 13:22

ENISA’s Executive Director, Udo Helmbrecht, is participating at the 10th Future Security Conference taking place in Berlin from 15th -17th September 2015, at the Representation of the State of North Rhine-Westphalia in Berlin.

The event hosts high-level panellists mainly from Ministries, institutions and academia. ENISA’s Executive Director Prof. Helmbrecht, delivered the keynote address on “Privacy and Data protection: an EU Perspective”, where he mentioned the latest developments in the area and spoke about how the Agency has become a point of reference on eIDAS.

The Agency supports and provides guidelines for trust service providers (TSPs) on risk assessment and recommendations for incident risk mitigation, and provides guidelines on an auditing framework for trust services. Other ongoing activities the Agency is involved in include analysis of relevance and compliance of standards related to TSPs (Covering mandate M460 "Rationalised Framework for electronic signature”), assisting the European commission (EC) in the developing implementing acts; Incident reporting for Trust Service Providers (Article 19 of Regulation 910/2014); and a strategy analysis for the introduction of qualified website authentication certificates (QWACs) promoting consumer confidence in the web authentication market. ENISA also supports the creation of a Trust Services Forum explaining to stakeholders the developments in the area of eIDAS, while offering the opportunity to discuss with regulators on important areas.

Our goal is to explain the developments on eIDAS and bring together stakeholders including regulators, and National authorities while developing non-binding technical guidelines supporting their work. Similarly with industry we aim to liaise and facilitate their involvement in the process especially in view of the upcoming entry into force of the trust services provisions of the eIDAS Regulation.

Protecting data is a multi-faceted challenge. Organizational measures are needed such as access control, privacy and security policies. DPA, member states authorities, service providers need to collaborate to implement security measures”

Prof Helmbrecht illustrated how ENISA supports the public sector in policy implementation through its work in the eIDAS regulation and promoting ‘privacy by design’. “We see that the research community has developed many mechanisms to implement specific privacy properties, but which don’t always match the requirements of the regulation. Privacy by design can be the tool to help make this match”.

The Agency also provides its recommendations and guidelines for data protection measures to the private sector, and raises citizens’ awareness with its involvement to the European Cyber Security Month (ECSM) – a joint initiative with DG CONNECT and the Member States and which will be running throughout October - advocating cybersecurity education, and the upcoming Annual Privacy Forum.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Udo Helmbrecht discusses cyber cooperation at New York Summit

Thu, 09/10/2015 - 13:50

The Executive Director of ENISA, Udo Helmbrecht, is currently participating at the Global Cyberspace Cooperation Summit taking place on the 9th and 10th September, in New York, hosted by the EastWest Institute.

Along with representatives from the public and private sectors, Prof. Helmbrecht spoke on the panel "Is Cooperation Possible in Cyberspace?” discussing the challenges to protecting critical assets from cyber-attacks at a global level while minimising threats to IT security.

Professor Helmbrecht presented some of ENISA’s current work in the field and contributions that will support the proposed NIS directive. Reference was made to EU cyber cooperation through the facilitation of the pan-European cyber exercises, capacity building and the exchange of experience and expertise while developing ‘baseline capabilities’ with CERT teams. The Agency is a recognised 'liaison member' in the CERT community and has developed training resources. ENISA further assists Member States on incident reporting, which all use ENISA’s technical guidelines and recommendations, enhancing baseline security measures.

“Cyber cooperation is fundamental to ensure the protection of critical assets and infrastructure across the EU. Our efforts are ongoing for responding to the evolving cyber threat landscape, for building  the community and supporting the current EU legislative process” said Udo Helmbrecht.

Background info:

The EastWest Institute brings together policymakers, business leaders, technical experts and civil society, at this invitation only event (#EWIcyber), providing a forum showcasing results and promoting collective action.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Information security insights at ENISA workshop

Wed, 09/09/2015 - 12:40

This invitation only event, welcomed participants from EU Agencies such as Europol, CEPOL, BEREC, ECHA, eu-LISA, CEDEFOP, EFCA, OHIM, ERA, EEA, EMSA, FRONTEX, FRA, IMI, EIGE, the Translation Centre of the European Bodies, and FCH.

ENISA’s Head of Administration Mr Paulo Epandinhas and the Head of the Core Operations Department, Dr Steve Purser gave the welcoming notes. Speakers included Rogero Vincitore from the European Commission Internal Audit Service and ENISA experts.

The workshop aimed at providing valuable insights on information security at the highest operational level. ENISA experts gave an overview on the cyber threat landscape, risks and considerations for Cloud platforms, as well as an inside look at ENISA’s technical trainings and the Cyber Europe Exercises.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

German Ministry of Interior visits ENISA

Fri, 09/04/2015 - 16:05

Several experts from the German Ministry of Interior visited ENISA's premises in Athens today. The German Ministry officials had meetings with ENISA's management and experts, exchanging ideas and discussing on areas of shared interest, such as Critical Information Infrastructure Protection, Threat landscape, Data Protection and other.

The discussion revealed opportunities for further co-operation between the two organisations especially in policy implementation where ENISA has significant experience at an EU level. 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

National Cyber Security Strategies global newsflash

Thu, 09/03/2015 - 14:20

ENISA releases a new version of the National Cyber Security Strategies (NCSS) interactive map.

NCSS news in the European Union

Luxembourg publishes NCSS v2 focusing on:        

  • Definition of cybersecurity
  • Dialogue initiation with the academic and industrial world
  • Cyberdefence introduction
  • Formal instruction of a body to handle the coordination of the new strategy’s implementation
  • Establishment of action plans

                                         

NCSS news in the World

Check out the new entries in South America and Africa at ENISAs new interactive NCSS map.

 

The next ENISA NCSS event will take place on the 29th September 2015, in Luxembourg during the Presidency of the Council of the European Union.    

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Udo Helmbrecht at the ‘Information security for public sector’ conference in Stockholm

Wed, 09/02/2015 - 14:55

Prof Udo Helmbrecht is participating at the ‘Information security for public sector’ conference taking place on the 1st and 2nd September 2015, in Stockholm where he  delivers the keynote speech on ‘Guiding EU Cybersecurity from policy to implementation’.

Prof. Helmbrecht presented some of ENISA’s current work in the field contributing to both EU policy discussions and ongoing efforts to implement existing policy. Examples of the latter include incident reporting, the implementation of the eIDAS regulation, the proposed data protection regulation and NIS directive.

For example, the Agency’s recommendations on incident reporting help Member States and the private sector to enhance baseline security measures through a better understanding of the root causes and potential solutions.

Similarly on the eIDAS regulation, the Agency supports and provides guidelines for trust service providers on risk assessment and recommendations for incident risk mitigation, and provides guidelines on an auditing framework for trust services. Other activities in this area include analysis of relevance and compliance of standards related to TSPs; Incident reporting for Trust Service Providers; and a Strategy analysis for introduction of qualified website authentication certificates (QWACs) promoting consumer confidence in the web authentication market. ENISA also supports the creation of a Trust Services Forum explaining to stakeholders the developments in the area of eIDAS, while offering the opportunity to discuss with regulators on important areas.

ENISA works closely with MS and the EU Institutions and the results produced rely on the collaboration with all NIS stakeholders. ‘ENISA is in the unique position to transfer the lessons learned across different operational communities, while promoting approaches to NIS that support economic growth’ said Udo Helmbrecht.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

COINS Summer School visit at ENISA

Wed, 08/26/2015 - 10:41

ENISA hosted a visit for the COINS Research School of Computer and Information Security on August 21st, 2015. A group of eleven students, led by Prof. Hanno Langweg, had the opportunity to visit the agency premises and gain insights into its work and role on cybersecurity for the EU, and in particular on topics such as:

  • What ENISA is doing in the field of Cloud and Big Data
  • ENISA’s contribution to Smart Cities
  • The EU Cyber Security Challenges organized by ENISA
  • Cyber Crisis management
  • Security Awareness


The visit, took place as part of COINS Summer school programme on cloud security.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

National Cyber Security Strategies: the latest news

Fri, 08/21/2015 - 10:50

In July 2015, Ireland published its National Cyber Security Strategy for 2015 – 2017. The strategy highlights the Government’s approach in facilitating resilient, safe and secure operations of networks, infrastructures and digital technologies used by the Irish citizens.

The strategy focuses on the following key actions:

  • Formal establishment of CSIRT-IE with focus on protection of CII’s in energy and telcos.
  • Improved security delivery in the areas of situational awareness and incident management.
  • Introduction of primary legislation in compliance with EU requirements.
  • Local and international PPPs in the interest of Critical Infrastructure Protection by improving situational awareness, incidents management, education, training and public awareness.

 

For more information on National Cyber Security Strategies in Europe and Worldwide, please visit: National Cyber Security Strategies in the World 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA accredited as TF-CSIRT Liaison Member

Tue, 07/21/2015 - 11:06

ENISA has been recognised as a 'liaison member' of the Computer Security Incident Response Team task force (TF-CSIRT), in July 2015.

ENISA’s CERT- related deliverables have been either developed or validated in collaboration with the CERT (Computer Emergency Response Teams) community. TF-CSIRT’s training program is partly based on ENISA material, and the Agency regularly sponsors and contributes to these trainings. In addition, the Agency’s workshops and trainings for CSIRTs are often held back-to-back with TF-CSIRT meetings.

ENISA’s Executive Director said: “TF-CSIRT is a very important community for ENISA, and this recognition hails 10 years of close collaboration. ENISA is honoured to be awarded this status, and is looking forward to contributing further to the CERT community”. 

“Liaison members” are organisations that are not CSIRTs, but which the community trusts and deems important.  Several ENISA staff members are already part of the community as ‘Individual Members’ contributing through their skills and experience, and are regularly invited to TF-CSIRT meetings.

Background:

TF-CSIRT was created in Europe in 2000. It's a forum for CSIRTs to exchange experiences, forge relationships and to allow efficient handling of cross-border information security incidents. CSIRTs have extended their capacities throughout the years from a “reaction force” to complete security service providers, including proactive services such as alerts, security advisories, training and security management services.

 

For more information on ENISA's CERT activities visit the dedicated section.

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages