Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March

Published byJoan Strickland Modified over 6 years ago

Similar presentations

Presentation on theme: "Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March"— Presentation transcript:

1 Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March
The NIS Directive and the Digital Single Market- what does the cloud need? Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March

2 Positioning ENISA activities
CAPACITY Hands on activities POLICY Support MS & COM in Policy implementation Harmonisation across EU Mobilizing EU communities COMMUNITY EXPERTISE Recommendations Independent Advice

3 ENISA’s work in the area of Cloud
2009 Cloud computing risk assessment 2009 Cloud security Assurance framework 2012 Procure secure (Security in SLAs) 2013 Critical cloud computing 2013 Incident reporting for cloud computing 2013 Securely deploying GovClouds 2013 Support EU Cloud Strategy 2014 Cloud Certification Meta-Framework 2014 Procurement security in GovClouds 2015 Cloud Security guide for SMEs 2016 Exploring Cloud Incidents This is an overview of the work we did in the past and are doing. Our early papers from 2009 are still widely downloaded and quoted. They basically give an overview of the main risks and benefits when moving to the cloud. Let me go over some of them quickly. Put in about “ENISA’s work on Cloud Computing, but concentrating on how we have helped industry secure a developing business model (work with CSA, support for the EU Cloud strategy). Here we can stress the fact that we look for security solutions that are economically viable and provide a reasonable trade-off between opportunity and risk. This is ENISA supporting economic growth.” All SecureCloud events are coorganized with CSA

4 First comprehensive EU cybersecurity legislation adopted!
06 July 2016 First comprehensive EU cybersecurity legislation adopted!

5

6 Obligations for MS on DSPs
Minimum security measures: Technical and organizational measures proportionate to the risk (Implementing act by the COM, August 2017) Incident notification: prevent and minimize the impact of incidents on the IT systems which provide the services (Implementing act by the COM, August 2017) Notes: Light touch approach to be applied for DSPs NIS directive applicable only to large and medium enterprises Define DPS: cloud providers, online market places, search engines Implementing acts: legal texts which ensure uniform conditions for implementing legally binding Union legislative documents Light touch approach means: - security requirements for DSPs should be lighter than those for OESs, - DSPs are not subject to identification - MS are not allowed to impose any further security and notification requirements on DSPs - The criterion of main establishment of the DSP is applied vis a vis the applicable law to avoid multiple parallel jurisdictions - Security measures relevant, ONLY, to the following domains 1. Security of systems and facilities 2. Incident handling 3. Business continuity 4. Monitoring, auditing and testing 5. Compliance with international standards

7 ENISA’s role in supporting MSs on DSPs
ENISA supported COM and the MSs with the following projects in 2016 Guidelines for implementing incident notification – DSPs - Assist COM(by providing input for the implementing acts) and MS (by providing guidelines) in incident notification requirements for DSPs Guidelines for implementing security measures – DSPs - Assist COM (by providing input for the implementing acts) and MS (by providing guidelines) in implementing minimum security measures for DSPs MSs discussed the provisions on DSPs in an informal group created by COM 2 meetings of the informal group took place in 2016 next meeting, 15 March 2017, Brussels: discussion on the draft implementing acts Our input is discussed with an informal group, created by COM, with representatives from MS Its role is to prepare the implementing acts and the ToRs for the Cooperation Group The implementing acts will pass through the comitology procedure. Main challenge is the identification of the DSPs

8 ENISA supporting the NISD

9 EC implementing acts ENISA input
A non exhaustive list of 29 security measures which fall under the article 16(1) elements. (a) the security of systems and facilities; (b) incident handling; (c) business continuity management; (d) monitoring, auditing and testing; (e) compliance with international standards. Examples of implementation for all these 29 measures A list of definitions which accompanies the list of security measures The process Deadline for the adoption: 9 August 2017 First comitology meeting: 15 March 2017

10 The DSM and the Cybersecurity Industry
Opportunities and tools for growth Supports the DSM

11 How NIS Products and Services can benefit from the DSM?
NIS Products and services are used to: Protect digital and physical assets from cyber threats; Enhance the awareness and preparedness level; Ensure availability, privacy and integrity… Non-exhaustive list of NIS Products and Services: Software (e.g. antivirus, firewall, SIEM) Hardware (e.g. network probe) Information exchange (e.g. ISAC) Service (e.g. cloud storage, threat intelligence, certification) Awareness (e.g. education, training) Support (e.g. product maintenance, CERT) etc.

12 Current and Emerging Trends & the Evolution of the Demand Side
Common requirements in NIS products and services across all sectors. Prioritization based on specific business context. Need for enhanced intelligence, analytics, automation etc. (AI?) Investment in NIS and ease of use are key issues Landscape is changing due to evolving threats Trend Online Banking Online Marketplaces Cloud Storage Wireless Telecommunications Online Media Cloud IoT Mobile SDN/NFV AI Big Data Business Models / Use Cases / Application Areas Vulnerabilities / Attack Surface NIS Tools

13 Recommendation Highlights
Raise awareness on the user side to increase demand (educate the market, Cyber-Insurance, regulatory impact on NIS investment, SME policy, NIS training and education, pursue board-level involvement etc.) Foster innovation and support EU NIS start-ups to bridge the gap from prototyping to industrialization/commercialization (focused R&D planning, link research to NIS industry, preferential procurement policy, innovation clusters etc.) Address market fragmentation (harmonized certification, standards etc.) Build NIS ecosystem (industrial clusters, added value chain positioning etc.)

14 Thank you

Download ppt "Dimitra Liveri | NIS Expert CSA CEE Summit 2017|Ljubljana - 9 March"

Similar presentations

Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.

Capacity Building Mandate We, the participants…recognize the need to support: …A coordinated effort to involve and assist developing countries in improving.
Philippine Cybercrime Efforts

Philippine Cybercrime Efforts
Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.

Critical Infrastructure Protection Policy Priorities Sara Pinheiro European Commission DG Home Affairs.
European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.

European Consumer Summit 2014 On-line and mobile payments Dr Florent Frederix Trust & Security Unit, DG CONNECT, European Commission 1 th of April 2014.
1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.

1 Moderated by Gordon Gillerman National Institute of Standards & Technology November 10, 2010 Ninth Annual ANSI-HSSP Plenary: U.S. European Collaboration.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Security Controls – What Works

Security Controls – What Works
ENISA and Cloud Security

ENISA and Cloud Security
National Cybersecurity Management System

National Cybersecurity Management System
Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.

Giandonato CAGGIANO ENISA MANAGEMENT BOARD REPRESENTATIVE LEGAL ADVISER ON EUROPEAN AFFAIRS OF THE MINISTRY OF COMMUNICATIONS U. OF ROMA TRE LAW FACULTY.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.

1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:

Topic: Information Security Risk Management Framework: China Aerospace Systems Engineering Corporation (Case Study) Supervisor: Dr. Raymond Choo Student:
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.

Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
Approaches and Mainstreaming of Ecosystem-based Adaptation in Europe International workshop “Mainstreaming an ecosystem based approach to climate change.

Approaches and Mainstreaming of Ecosystem-based Adaptation in Europe International workshop “Mainstreaming an ecosystem based approach to climate change.
Geneva, Switzerland, 14 November 2014 ENISA and Cloud Certification Dimitra Liveri Security and Resilience of Communication Networks Officer ENISA ITU.

Geneva, Switzerland, 14 November 2014 ENISA and Cloud Certification Dimitra Liveri Security and Resilience of Communication Networks Officer ENISA ITU.
Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc. 2015.

Cyber Risk Management Solutions Fall 2015 Thomas Compliance Associates, Inc
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.
Improving NIS in the EU Dr

Improving NIS in the EU Dr
ISACA Ireland Cyber Security Policy 9 February 2016.

ISACA Ireland Cyber Security Policy 9 February 2016.

Similar presentations

Ads by Google