Presentation is loading. Please wait.

Presentation is loading. Please wait.

Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local.

Published byGiles Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local."— Presentation transcript:

1 Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local Informatics Security Officer

2 Eurostat The Context (1) Regulation (EC) No 223/2009 of the European Parliament and of the Council (pream) The confidential information which the national and Community statistical authorities collect for the production of European statistics should be protected, in order to gain and maintain the confidence of the parties responsible for providing that information. The confidentiality of data should satisfy the same principles in all the Member States. (pream) For that purpose, it is necessary to establish common principles and guidelines ensuring the confidentiality of data used for the production of European statistics and the access to those confidential data with due account for technical developments and the requirements of users in a democratic society. The NSIs and other national authorities and the Commission (Eurostat) shall take all necessary measures to ensure the harmonisation of principles and guidelines as regards the physical and logical protection of confidential data. COMMISSION DECISION of 17 September 2012 on Eurostat (2012/504/EU) The Director-General of Eurostat shall, in addition, take all necessary measures to protect data whose disclosure would cause prejudice to Union interests, or to the interests of the Member State to which they relate NO IMPLEMENTING ACTIONS PROPOSED

3 Eurostat The Context (2) COMMISSION DECISION (EU) …/… OF 2015 ON S ECURITY IN THE C OMMISSION Article 10 Security measures regarding Communication and Information Systems All Communication and Information Systems ("CIS") used by the Commission shall comply with the Commission's Information Systems Security Policy, as set out in Commission Decision C(2006)3602, its implementing rules and corresponding security standards. Commission services owning, managing or operating CIS shall only allow other Union Institutions, agencies, bodies or other organisations to have access to those systems provided that those Union Institutions, agencies, bodies or other organisations can provide reasonable assurance that their IT systems are protected at a level equivalent to the Commission’s Information Systems Security Policy as set out in Commission Decision C(2006)3602, its implementing rules and corresponding security standards. The Commission shall monitor such compliance, and in case of serious non-compliance or continued failure to comply, be entitled to prohibit access. NEW SECURITY COMPLIANCE NEEDS

4 Eurostat The Vision 2.0 – Security Framework Develop an ESS that : is guided by quality in all activities and continues to deliver coherent, relevant and reliable statistics based on internationally harmonised concepts, sound methodologies and a strict data protection regime; engages users proactively and meets their demands in a cost-efficient and responsive manner; promotes efficiency and realises productivity gains through collaboration in sharing methods, tools, technological infrastructure and where appropriate data and human resources, based on legal frameworks and all prerequisites needed to ensure statistical confidentiality; embraces opportunities provided by the digital transformation and harnesses new data sources to produce meaningful statistics; delivers information in an interactive and easily understandable way, and improves the statistical literacy of European citizens and institutions by guiding them through the deluge of data and information from various origins.

5 Eurostat Vision 2.0 - Security Elements Privacy and security in Big Data " In the long run we will explore the potentials of setting up a protected data exchange area, in which the exchange of micro data does not cause any data privacy or security concerns in any member state. Since the partners of micro data exchange should be capable of implementing the highest data protection standards, we will explore starting the micro data exchange network within the partnership of statistical producers in the ESS only …. It requires the development of appropriate technical and organisation measures to manage the risks and in so doing protect statistical confidentiality and provide appropriate mechanisms to react to any breach of security swiftly and effectively. Above all, the procedures accompanying micro data exchange will be organised in a transparent way, so as to build-up mutual trust based on evidence…. common secure IT network for data exchange… …We will investigate the appropriateness and possibility of statistical institutes fulfilling the role of a trusted third party through which market competitors can share information without risk of disclosing sensitive data… "

6 Eurostat Objectives of the working group Know better each other in the ESS in terms of information security and specificities, Exchange of Best Practices in IT security, Agree on common rules, procedures, guidelines and standards for secure communication (i.e. emails) and data storage/exchange/transfer in order to build mutual trust, Agree on security level of shared applications, services, processes Exchange of information on Security measures used in MS for data protection, data centre, access to micro data for research purposes; Projects/programmes linked to information security; IT architecture in MS to better understand the MS’s capacity to connect to a secured data exchange infrastructure like i.e. CCN network or sTesta; Set up a repository of information on people, roles, procedures, best practices and documentation of infrastructures

7 Eurostat Activities 2012 Presentation of the idea to SISAI 12-13/6/2012 Request support of ITDG for creation of a WG on IT security (29- 30/11/2012) "Enterprise Architecture Security Workshop" - December 2012 Discuss security aspects, mandate of the WG 2013 Survey Questionnaire on IT Security January-May 2013 Presentation of first findings at SISAI 2013 (13-14/5/2013) Presentation of a document on IT security for ITDG (7/6/2013) 2 Field visits in IT and FR Due to budgetary constraints, WG converted to a Task Force 2014 2 TF Meetings (5-6/6/2014 & 9-10/10/2014 in Helsinki) Field visits in DE, PT, FI, SI

8 Eurostat Results (1) Secure emailing Ensured with DE, IT, SI, ES, CH, EL FI having its own system FR and PT: issues on certificates Repository of information Available on CROS portal OwnCloud solution in PT for more secure information Exchange of information and Common position Share security guidelines and notices (Secure IT development, use of video-conference facilities, etc..)

9 Eurostat Results (2) Build trustworthiness between ESS Members IT Security Framework Introduction Data classification Risk analysis IT security controls: entry pack – Level 1 – Level 2 Guidelines for implementing controls Self-assessment Compliance Monitoring Framework complementing the Code of Practice Feedback mechanism towards ESSC and Member State Work on labelling capacity for access facilities (557/2013) and NSIs

10 Eurostat Next Phase (1) Finalise the work on security framework and compliance monitoring. Organise 2 TF meetings in 2015 (May/Lisbon; October/Lux). Present security framework to ITDG in September 2015 for endorsement and transmission to ESSC Continue field visits in Member States (DK, NL, ES, SE, EL,…). Continue implementing secure email exchange facility. Involve more ESS members in the TF activities Convert TF to an expert group in 2016. Broaden current participation (CH, DE, DK, ES, FI, FR, IT, NL, PL, PT, SI)

11 Eurostat Next Phase (2) Prepare an ESSnet project (2017) on IT security: Support ESS members to reach minimum security level Monitor and help ESS members to reach level 1 and level 2 security levels Support the Compliance Monitoring (NSI and Access facilities) Support the labelling of MS in terms of IT security Ensure communications between ESS members on security Run the network for information exchange on security breaches and threats Ensure trustworthiness between ESS partners

Download ppt "Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local."

Similar presentations

Scoping the Framework Guidelines on Interoperability Rules for European Gas Transmission Geert Van Hauwermeiren Workshop, Ljubljana, 13 Sept 2011.

Scoping the Framework Guidelines on Interoperability Rules for European Gas Transmission Geert Van Hauwermeiren Workshop, Ljubljana, 13 Sept 2011.
Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.

Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.
The governance of metadata management in the S-DWH

The governance of metadata management in the S-DWH
The role of ACER In the Regional Initiatives Steve Gordon Head Of the Gas Department North West Regional Initiatives 2011.

The role of ACER In the Regional Initiatives Steve Gordon Head Of the Gas Department North West Regional Initiatives 2011.
Cooperation Framework for Member States under ESS VIP SIMSTAT ESSnet Workshop, Rome 1 3-4 Dec. 2012 Georges Pongas (slides by Mushtaq Hussain)

Cooperation Framework for Member States under ESS VIP SIMSTAT ESSnet Workshop, Rome Dec Georges Pongas (slides by Mushtaq Hussain)
ECVET WORKSHOP 2 22/23/24 November 2010. The European Quality Assurance Reference Framework.

ECVET WORKSHOP 2 22/23/24 November The European Quality Assurance Reference Framework.
An Ocean of Opportunity: An integrated maritime policy for the EU 1 Places of refuge: General legal framework and developments within IMO and the EU Alexandros.

An Ocean of Opportunity: An integrated maritime policy for the EU 1 Places of refuge: General legal framework and developments within IMO and the EU Alexandros.
Eurostat Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer.

Eurostat Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer.
| 1 Guido de Wilt DG TREN D4 EUROPEAN POLICY REGARDING MICRO-CHP EUROPEAN COMMISSION.

| 1 Guido de Wilt DG TREN D4 EUROPEAN POLICY REGARDING MICRO-CHP EUROPEAN COMMISSION.
European Statistical Law – in preparation Kirsten Wismer & Lars Thygesen.

European Statistical Law – in preparation Kirsten Wismer & Lars Thygesen.
The ESS.VIP Programme: a response to the challenges facing the ESS Mariana Kotzeva, ESS VIP Programme Coordinator Advisor Hors Classe ESTAT.

The ESS.VIP Programme: a response to the challenges facing the ESS Mariana Kotzeva, ESS VIP Programme Coordinator Advisor Hors Classe ESTAT.
Www.statistik.atWe process information Coordination of National Statistical Systems Seminar on the Implementation of Fundamental Principles Konrad Pesendorfer.

process information Coordination of National Statistical Systems Seminar on the Implementation of Fundamental Principles Konrad Pesendorfer.
Expert group meeting on draft delegated act on the European code of conduct on partnership (ECCP) under cohesion policy 25.01.2013 1.

Expert group meeting on draft delegated act on the European code of conduct on partnership (ECCP) under cohesion policy
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
EUNetPaS is a project supported by a grant from the EAHC. The sole responsibility for the content of this presentation lies with the author(s). The EAHC.

EUNetPaS is a project supported by a grant from the EAHC. The sole responsibility for the content of this presentation lies with the author(s). The EAHC.
Joana Mendes Amsterdam Centre for European Law and Governance, University of Amsterdam Jean Monnet Seminar, University of Macau 27 October 2011 Participation.

Joana Mendes Amsterdam Centre for European Law and Governance, University of Amsterdam Jean Monnet Seminar, University of Macau 27 October 2011 Participation.
Eurostat ESTP course on International Trade in Goods Statistics 22-26 April 2013 Point 2 of the agenda Legal framework for EU trade statistics.

Eurostat ESTP course on International Trade in Goods Statistics April 2013 Point 2 of the agenda Legal framework for EU trade statistics.
26 August 2011 Future of access to EU confidential data for scientific purposes Jean-Marc Museux Eurostat – 58th ISI conference,

26 August 2011 Future of access to EU confidential data for scientific purposes Jean-Marc Museux Eurostat – 58th ISI conference,
The partnership principle and the European Code of Conduct on Partnership.

The partnership principle and the European Code of Conduct on Partnership.
Implementation of the European Statistics Code of Practice Yalta September 2009 Pieter Everaers, Eurostat.

Implementation of the European Statistics Code of Practice Yalta September 2009 Pieter Everaers, Eurostat.

Similar presentations

Ads by Google