European Union Agency for Network and Information Security

ENISA study looks into the adoption of security and privacy standards by SMES

Fri, 06/17/2016 - 13:45

An extensive analysis was conducted for the study, in order to investigate the perceived adoption of security and privacy standards in European SMEs; as well as the main drivers and barriers that can affect the level of adoption of these standards. The methodology consisted of interviews with subject matter experts and analysis of available studies in the area.

As European SMEs are increasingly dependent on their information systems to provide services to customers and meet business objectives, the use of new technologies brings new opportunities for enhanced business performance and operations but also introduces several information security and privacy risks. New information security and privacy standards are being drafted and proposed to support organizations to mitigate these associated risks.

Within this context, a wide and effective adoption of information security and privacy related standards by SMEs across Europe can be a beneficial factor for fostering their growth, competitiveness and innovation. The recommendations on how to increase adoption are targeted to EU and MS policy makers, standards developing organizations, and professional, industry and small businesses associations.

For the full report: Information security and privacy standards for SMEs

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Free online tool for the notification of personal data breaches

Fri, 06/17/2016 - 10:12

The purpose of the tool is to allow data controllers to complete and submit online a personal data breach notification to the competent authority (DPA/NRA).

The tool covers all types of personal data breaches and business sectors, whether public or private. Based on the input of the notification, the tool also provides to the competent authority an assessment of the severity of the breach.

The tool is free for use by any interested party.  The tool aims to facilitate the notification of personal data breaches by data controllers, which may be used by national competent authorities, in their respective countries.

For more information visit the link

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA at CODE conference: we need to build on trust and security for a connected world

Thu, 06/16/2016 - 16:13

The high-level meeting of the research centre Cyber Defence (CODE) hosted discussions on current cyber challenges in IoT, eHealth, privacy, and industry 4.0 with key representatives of the German government and industry, including Secretary of State Dr Katrin Suder (BMVG) and Klus Vitt (BMI).

An eHealth session presented by ENISA focused on a real use case in a German hospital. The specific constraints and benefits of using cloud computing in the healthcare environment were discussed in a panel - moderated by the Head of Secure Infrastructures and Services Dr E. Ouzounis (ENISA) - together with panellists from the public and private sector, including Ing. Gerald Götz (Munich Municipal Hospital), Bernd Kowalski (BSI), Marcus Neumann (Capnopy), and Carlos Arglebe (Siemens). NIS expert, Dimitra Liveri (ENISA), gave an overview on issues related to accessibility, sharing and storage of information, availability and reliability, geo-boundaries, and the particularities of healthcare as a critical information infrastructure.

ENISA's Executive Director moderated discussion panels during the two-day event. Udo Helmbrecht said: “The annual meeting organised by the Unversity of Bundeswehr is an excellent opportunity to discuss on trending topics looking into how we can take the next step in a connected world while being securely connected during any online activity. The uptake of digitisation of industry sees many applications in critical infrastructures – from smart transport to eHealth - but foremost requires trust. ENISA through its studies in these areas, promotes standardisation, privacy by design and interoperability, for secure systems and infrastructures benefiting EU industry and citizens”.

Udo Helmbrecht, is an Honorary Professor at the Bundeswehr University.

 



 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA survey: Security requirements of online search engines and market places

Thu, 06/16/2016 - 08:50

Take part!

If you are directly involved in Information Security in the above mentioned categories of your organization, and you wish to contribute to ENISA’s survey, please follow the outlined steps to get in touch with the team:

Step 1: To acquire the appropriate credentials to participate, please contact  dsp-security-requirements@enisa.europa.eu  stating:

a)      the type of digital service you provide

b)      professional email address,

c)      the position you hold in your organisation

 

Step 2: Visit the following link to fill in the survey. The time required to complete the survey is twenty minutes.

https://ec.europa.eu/eusurvey/runner/EnisaDSPsSecurityRequirements

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Estonia - Cryptographic Algorithms Lifecycle Report 2016 published

Wed, 06/15/2016 - 18:01

This is the fourth report in the series of cryptographic algorithms reports, started in 2011 by a scientific task force assembled with the mission to analyse the problems and risks that reliance on cryptography is posing on the sustainable functioning of Estonian society.

ENISA's "Algorithms, key size and parameters report" has provided useful input to Estonia's national study.

For the full report: Cryptographic Algorithms Lifecycle Report 2016

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Estonia - 2015 Annual Report of the Estonian Information System Authority now available in English

Wed, 06/15/2016 - 13:35

The 2015 annual report of the Estonian Information System Authority’s (RIA) Cyber Security Branch concludes that, for Estonia, another year has passed without incidents that had
major consequences.

Estonia’s cyber security is born out of the daily cooperation between companies and the state, and this cooperation has produced good results.

To read the full report: 2015 RIA Annual Report



 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

National Liaison Officers meet at ENISA

Thu, 06/09/2016 - 15:25

Developments in NIS during the Dutch Presidency, the upcoming contractual Public Private Partnership (cPPP), Critical Information Infrastructure Protection in France and the newly adopted NIS Directive were extensively discussed.

National Liaison Officers are the first point of contact of ENISA in the Member States, acting as ‘facilitators’ for ENISA activities within their countries. The Network currently comprises thirty-five members of the EU Member States, EEA countries and the European Institutions.

For more information visit ENISA NLOs Network page.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA Management Board elects Jean-Baptiste Demaison as its new chair

Thu, 06/09/2016 - 13:10

from left to right: ENISA's Head of Stakeholder Relations and Administration Department, Paulo Empandinhas, New Vice-Chair of the MB, Krzysztof Silicki, ENISA Executive Director, Udo Helmbrecht, Newly elected MB chair, Jean-Baptiste Demaison, and ENISA's

Newly elected chair, Jean-Baptiste Demaison is Senior Advisor on International and European cyber policies within the French Cybersecurity Agency (ANSSI) and has been alternate and member of the Management Board of ENISA since 2011. Previously, Demaison worked for the Strategic-Research Institute of the French Military Academy (IRSEM) and as Deputy Director of the French department of the Faculty of Political Science and Economics of the Cairo University. Demaison holds a Master's degree in International Affairs and is specialized on global technological security challenges.

New Vice-Chair of the Management Board has been appointed Krzysztof Silicki, (PL). Silicki has been a member of the ENISA MB since 2004. He is an advisor to the Director of NASK Institute (Research and Academic Computer Network) while also serving as Technical Director from 2001-2013. Founder of the first incident response team in Poland, acting as today’s CERT Polska, and organiser of Poland’s ‘SECURE’, the first conference devoted to IT security issues.

“Today, ENISA’s key role in supporting the reinforcement of cybersecurity capabilities and cooperation across Europe is unanimously recognized. In a spirit of consensus and ambition, France and Poland wish to work with all Member States, the European Commission and ENISA in order to support the Agency face the many thrilling challenges ahead – starting with the NIS directive implementation – and set the path for the successful renewal of its mandate” said in a joint statement Jean-Baptiste Demaison and Krzysztof Silicki.

ENISA Executive Director Udo Helmbrecht welcomes both chair and vice-chair of ENISA’s Management Board. The Director said: “Both members have extensive experience on the technical and policy aspects of cybersecurity, while being active members of the NIS community. I wish them every success in their positions and look forward to a close and fruitful collaboration, to deliver trusted cybersecurity services for Europe’s citizens and industry”. Udo Helmbrecht also highlighted the commitment and contribution of Jörgen Samuelsson and Ferenc Suba, throughout these years supporting the Agency’s operations.

ENISA’s Management Board defines the general direction of the operation of the Agency. The elected Chair and Vice-Chair serve for a term of three years, which may be renewed. ENISA's structure and Management Board members is available online. Jean-Baptiste Demaison’s mandate will be effective starting October 18th 2016.

 

*Picture, from left to right: ENISA's Head of Stakeholder Relations and Administration Department, Paulo Empadinhas, new Vice-Chair of the MB, Krzysztof Silicki, ENISA's Executive Director, Udo Helmbrecht, new Chair of the MB, Jean-Baptiste Demaison, and ENISA's Head of Core Operations Department, Steve Purser.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Overview from ENISA's Trust Services Forum 2016

Fri, 06/03/2016 - 16:05

The forum organised by ENISA  in collaboration with the European Commission eIDAS Task Force, the Trust Services Forum 2016, for the second consecutive year, aims to provide an annual opportunity for exchange of ideas to the communities closely related to the eIDAS Regulation, namely Trust Service Providers, Conformity Assessment Bodies and Supervisory Authorities.

The agenda consisted of a series of presentations, panels and open sessions set in place to discuss the latest developments in the regulatory framework, to exchange views on identified implementation and operational issues of qualified trust services and to discuss strategies to strengthen the position of Qualified Trust Service Providers in the Digital Single Market. 

On the eve of the entry in force of the provisions related to trust services of the eIDAS Regulation, Member States’ authorities and European Trust Service Providers are confident that a smooth transition from the previous regulatory framework will take place. However, more guidance on many areas is still needed, the experience acquired from the provision of electronic signatures under Directive 1999/93/EC has set up an important basis for the provision of new trust services under eIDAS Regulation. 

The Forum was established as a periodic event following the positive feedback received from participants of the first edition, which took place in June 2015.With this event, complementing other activities in the area of trust services, ENISA continues its efforts to achieve a successful implementation of the eIDAS provisions for qualified trust services in Europe. The Agency is supporting the European market of trust services, which are a basic pillar to build a secure digital Europe.

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Exploring Cloud Incidents

Wed, 06/01/2016 - 15:20

ENISA identifies the multidimensional challenges of cloud forensic investigations by signifying the most common problems experts are facing when needed to investigate a cyber incident in cloud. The analysis and the recommendations are divided into three different axes: technical, legal and organisational.

The main objective of this paper is:

  • To identify the main challenges of post analysis of cloud incidents,mainly in referce to technical, organisational and legal aspects.
  • To produce an overview of the techniques, approaches and good practices for the analysis of incidents in the cloud, based on a desk research.
  • To provide recommendations and suggestions - in particular related to SLAs, security measures, and policies - in order to make the post analysis activity more effective.

Furthermore, key recommendations are proposed to cloud providers, law enforcement agencies and forensic experts as a result of this analysis.

Read the full paper here

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Highlights of Secure Cloud 2016

Thu, 05/26/2016 - 08:40

During the first day important topics discussed focused on the future of cloud security, in the era of IoT. Highlights of the day include the announcement, for the first time, of the French Cloud security framework by ANSSI, and the presentation of the common label for cloud providers produced by ANSSI and BSI Germany.

European Commission also shared its activities on the free flow of data, while the DSPs shared their views on the implementation of the NIS Directive for incidents reporting and baseline security measures, in a panel moderated by ENISA.

On day two, ENISA’s Head of Secure Infrastructures and Services Dr Evangelos Ouzounis, challenged the audience on cloud computing supporting critical sectors, and how is this perceived by the CSPs.  Special focus was placed in the finance sector, with numerous presentations and a panel comprised by financial regulatory authorities, banks and ENISA shedding light on the specific challenges that limit cloud adoption. Standardization, cloud security certification and data protection were among the themes discussed.

To have a look and what took place during these two days at Secure Cloud check #SecureCloudEU

Event agenda

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Highlights of Secure Cloud 2016

Thu, 05/26/2016 - 08:40

During the first day important topics discussed focused on the future of cloud security, in the era of IoT. Highlights of the day include the announcement, for the first time, of the French Cloud security framework by ANSSI, and the presentation of the common label for cloud providers produced by ANSSI and BSI Germany.

European Commission also shared its activities on the free flow of data, while the DSPs shared their views on the implementation of the NIS Directive for incidents reporting and baseline security measures, in a panel moderated by ENISA.

On day two, ENISA’s Head of Secure Infrastructures and Services Dr Evangelos Ouzounis, challenged the audience on cloud computing supporting critical sectors, and how is this perceived by the CSPs.  Special focus was placed in the finance sector, with numerous presentations and a panel comprised by financial regulatory authorities, banks and ENISA shedding light on the specific challenges that limit cloud adoption. Standardization, cloud security certification and data protection were among the themes discussed.

To have a look and what took place during these two days at Secure Cloud check #SecureCloudEU

Event agenda

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA at EIF meeting on Trust & Cybersecurity

Wed, 05/25/2016 - 14:41

ENISA as a key player in the NIS stakeholders’ constellation promotes the exchange of good practices, consensus building and sharing experiences, which are key factors to enhancing cooperation among Member States and properly implementing the requirements of the common EU framework in Network and Information Security. Paulo Empadinhas highlighted the ten key points which ENISA  advises Member States’ authorities, on how they can continue to improve their cybersecurity capabilities, especially with regards to meeting the requirements of the NIS Directive. These include to:

  • Develop clear and coherent information sharing schemes. Member States should therefore work together with ENISA to ensure that national schemes can be combined in a sensible manner to support information exchange across the EU
  • Foster public - private collaboration on cyber security
  • Use cybersecurity as an economic enabler
  • Develop and maintain clear cybersecurity strategies
  • Develop awareness and training in the area of cybersecurity
  • Continue to develop and empower national CSIRTs
  • Develop and implement effective incident reporting schemes for cyber security incidents.
  • Use risk-based approaches to securing governmental services
  • Improve cooperation between communities and across national borders to improve threat intelligence and promote the application of good practices, and
  • Ensure smooth implementation of the General Data Protection Regulation (GDPR)

In his interview Paulo Empadinhas said: “More cooperation is needed along with a higher level of awareness of all levels of society without forgetting the EU citizens”. He highlighted the work ENISA - the EU cyber security Agency - is delivering for Europe, gaining ground in some areas where Member States understand the need of adequate legislation, with the good examples of the NIS Directive and the General Data Protection Regulation (GDPR). He added: “Europe is growing more and more digital, with the next generation of citizens, politicians and entrepreneurs thinking more about security and privacy by design at the stage of the development of new products and services."

More about the event  
More about EIF  
and #EIFonline

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA Cloud Security and Resilience experts meet in Dublin

Tue, 05/24/2016 - 10:55

The agenda included topics such as the implementation of the NIS Directive for DSP, the Digital Single Market strategy and Cloud supporting the critical sectors.

The main focus was were the NISD the provisions of incident reporting and baseline security requirements. Within this scope cloud service providers provided valuable feedback for better harmonisation in adopting the Directive.

ENISA is collaborating with the European Commission in facilitating the process of the Implementing Acts. The agency presented the recently launched work both in the finance sector - including blockchain technologies security and mobile banking - and in the healthcare sector, on cloud security in eHealth implementations.

ENISA's Cloud Security and Resilience group experts will participate at the Secure Cloud 2016 conference in Dublin on May 24th and 25th, 2016. 

Follow #SecureCloudEU

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

National coordinators meet to prepare for ECSM launch

Mon, 05/23/2016 - 11:35

The meeting focused on finalizing this year’s weekly cyber security themes and the corresponding activities that will be taking place during the European Cyber Security Month (ECSM) running through the four weeks of October.

Coordinators also worked on the organization the kick-off event that will be taking place in Brussels on the 30th of September at the premises of the European Banking Federation (EBF).

For more information and updates on the ECSM, visit the official website.


About ECSM
: ECSM is the annual EU advocacy campaign which takes place in October and aims to promote cyber security among citizens, to change their perception of cyber-threats and provide up to date security information, through education and sharing good practices.

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA- Europol issue joint statement

Mon, 05/23/2016 - 08:43

This joint statement is presented as a contribution from ENISA and Europol to the on-going debate on privacy and encryption.

Read the complete statement here

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Udo Helmbrecht speech at Europol-EIPA event

Fri, 05/20/2016 - 13:05

Read the Executive Director’s speech.

See also statement by Prof. Dr Udo Helmbrecht on Lawful Access and Security: A Transatlantic Perspective – EastWest Institute

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

ENISA recommendations for qualified website authentication certificates

Mon, 05/16/2016 - 15:25

The report targets all participants in the European trust service markets. Both regulators and supervisors from Member States, as well as Trust Service Providers, can find useful recommendations on how to promote the deployment of this new type of qualified trust service.

The report is divided in several sections. In its introductory chapters, the study describes the main concepts around qualified website authentication certificates, both in the context of existing commercial certificates and the eIDAS Regulation. The next sections present an analysis of the electronic certificates market and a SWOT analysis for the introduction of qualified website authentication certificates. The objective is to identify internal and external factors that can impact positively and negatively the growth of the adoption of this new kind of trust services in Europe and the development of the related market.

As of 1st July 2016, European Trust Services Providers will be able to provide this new type of qualified trust service. With this report, ENISA aims to support a smooth and rapid deployment. During 2016 ENISA will be following up on this topic by undertaking more activities in the area of trust services, some of them which build upon the recommendations proposed in the report.

Full report available online

For technical information please contact Clara Galan Manso at isdp@enisa.europa.eu

For press enquiries please contact press@enisa.europa.eu Tel.+30 2814 409576

 

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

SecureCloud 2016 count down - Latest updates

Fri, 05/13/2016 - 08:00

Updates in the agenda:

  • Pearse O’Donahue, European Commission
  • Charles Schulz, ANSSI
  • Martin Mckeay, Akamai
  • Olivier Perrault, Orange

 

Stay tuned for more news!

Be part of the great cloud community event and join us: https://csacongress.org/event/securecloud-2016

Follow us  #SecureCloudEU

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

From the Netherlands Presidency of the EU Council: Coordinated vulnerability disclosure Manifesto signed

Thu, 05/12/2016 - 15:49

Approximately 30 organisations have signed the Coordinated Vulnerability Disclosure Manifesto today, in which they declare to support the principle of having a point of contact to report IT vulnerabilities to and already have this set up in their own organisations, or they plan to do so soon. By signing the manifesto, the participating organisations acknowledge the importance of efforts of the research and the white-hats communities to make the internet and our society safer. The manifesto is an initiative of Rabobank and CIO Platform Nederland. The signing took place during the High Level Meeting Cyber Security in Amsterdam, organised by the Ministry of Security and Justice during the Netherlands’ Presidency of the EU Council.

For more information: CIO Platform Nederland, Lydia Kampman, lydia.kampman@cio-platform.nl, 0614031732 Rabobank, Kees Nanninga, kees.nanninga@rabobank.nl, 0302161740

 

 

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:

http://www.enisa.europa.eu/media/news-items/news-wires/RSS

PRs:

http://www.enisa.europa.eu/media/press-releases/press-releases/RSS

Pages