The EBF would like to take the opportunity to note few general remarks on key issues as follows:
|
|
- Teresa Curtis
- 8 years ago
- Views:
Transcription
1 Ref.:EBF_ Brussels, 17 June 2013 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries. The EBF represents the interests of some 4,500 banks, large and small, wholesale and retail, local and cross-border financial institutions. EBF s position on the Commission s proposal for a Directive concerning measures to ensure a high common level of network and information security (NIS) across the European Union COM(2013) 48 final General remarks: The Commission s proposal falls within the scope of the European Cyber Security Strategy aiming at ensuring a safe and reliable digital environment across the EU. Based on recent data the Existing NIS capabilities and voluntary mechanisms are simply insufficient to keep pace with the fast-changing landscape of threats and to ensure a common high level of protection in all the Member States. The Commission is aiming at guarantying a high common level of network and information security (NIS) by improving the security of the internet and the private networks and information systems underpinning the functioning of our societies and economies to ensure a reliable environment for worldwide trade in services via coordinated regulatory interventions, strategies and standards as well as trusted information sharing on NIS incidents and risks among the Member States. The European Banking Federation (EBF) positively welcomes the draft Directive, as it is particularly important for the banking sector which has already the infrastructures in place. The EBF supports strongly the objective of the draft Directive to ensure that there are tools in place to react properly in case of incidents. Indeed, appropriate tools may result in an increased consumers trust, leading to a more inclusive cyberspace, and a digital economy that grows even faster, supporting our economic recovery. The EBF fears however that in some aspects the Commission s proposal seems very ambitious. The EBF would like to take the opportunity to note few general remarks on key issues as follows: The EBF believes that the proposed Directive should promote the exchange of information among all the main actors involved in the security management process, not only among Member States and Computer Emergency Response Teams (CERTs) but also between the most relevant stakeholders. As the banking sector has already set and put in place well defined risk assessment and incident monitoring procedures, the EBF considers that one of the biggest challenges nowadays is an efficient cooperation with other stakeholders (e.g. Telecommunications operators), especially in case of incidents. EBF a.i.s.b.l ETI Registration number: Avenue des Arts 56, B-1000 Brussels +32 (0) Phone +32 (0) Fax
2 The EBF would like to draw the attention of the legislator that should any new requirements be adopted they should be proportional to the associated risk and of its impact of loss as well as being consistent all over Europe. However, first it should be noted that the scope of the proposed Directive has only sets minimum rules allowing EU countries to go beyond these requirements and secondly small companies are excluded from the risk management and notification requirements. However, they may also be confronted with or causing a cyber incident that may cause collateral damages or impact the economy/society. As a consequence the current proposal would allow Member States to adopt different reporting rules; which could lead to diverging requirements throughout the EU, These inconsistencies could be detrimental to the principle of a level playing field and may lead to additional costs inherent to the implementation of these new measures. The EBF would like to add as well that the sanctions and their enforcement can differ from one Member State to another, and therefore could create real uncertainty for transnational companies. As specific remarks, the European Banking Federation would like to point out the following issues: 1. Incident Reporting (Article 14) According to Articles 14 to 16, the Commission proposes new security and incident reporting obligations. The public administrations and private entities in specific sectors (e.g. financial services) will be required to adopt network and information security (NIS) risk management practices and notify competent national authorities of any security incident that has a significant impact on the continuity of core services they provide (art.14-16). Following the notification, national authorities may decide to inform the general public. The EBF would like to stress the importance of a coherence between the requirements of the proposed NIS Directive and the- currently under review- Data Protection Regulation. In terms of efficiency the specific obligations to notify data breach/ network incidents should require reporting to one authority with one single form to fill in. This is rightly mentioned in recital 31, with the establishment of harmonised exchange mechanisms and template to notify incidents. The requirement for mandatory reporting of incidents by market operators requires careful scoping in order to ensure it drives the desired behaviour that it is important to balance between the interest to inform the public, the level of details made public and its consequences as well as the guarantee of protecting reputation and image of the organisation involved in data violation episodes [Ref Article 14]: The EBF considers problematic that the authorities will decide on the information to disclose where it determines that the incident is of public interest. The Authorities should in collaboration of the market operators and the public administrations ensure that information on weaknesses in security are not detailed and do not identify specific problems. This would be otherwise equivalent to indicate to hackers where a specific sector is not good enough to protect its systems). 2
3 The EBF would prefer that the elements of respectively recital 17 and recital 28 regarding the handling of the information with confidentiality should be part of the main body of the Directive as considered as an essential part of the Directive. Art 14 (1) suggests a focus only on incidents that impact continuity of service. However, integrity of service is equally important. Art 14 (2) requires reporting by market operators of incidents having a significant impact on the security of the core services they provide. The word significant needs careful definition in order to determine whether this Directive will achieve its aim: o If the requirement includes reporting of incidents with minimal impact to the business of the market operator, then it could drive a culture that is encouraged not to identify incidents. This would be counterproductive as effective cyber security requires identification and investigation of a wide range of incidents, many of which appear to be insignificant at first sight. It is only by catching such incidents early that material incidents are prevented. o We would recommend the limitation of mandatory reporting to just incidents with significant and material impact and this needs to be established within the Directive in order to prevent scope creep in the future. It should also be noted that many cyber security incidents do not actually involve the breach of systems belonging to the victim organisation. o For example, the widely-publicised Denial of Service attacks against US Banks have not breached their systems, but rather prevented access to them. o Similarly, fraudsters often do not target banking systems, but rather the systems of banks customers. o It is unclear how the mandatory reporting would be applied in these circumstances. 2. Incident Identification (Article 14) The draft Directive contains no requirements on market operators to develop capability to detect incidents. If there are to be requirements on market operators to report incidents that have been identified, then there should be some requirement on the market operators to identify those incidents in the first place. Otherwise a disincentive to monitor for cyber security incidents will be created for market operators. The EBF considers that it could have a detrimental impact on the level of network and information security across the Union. We would therefore propose that the Directive includes a requirement for market operators to monitor their networks and information systems for incidents, in a manner appropriate with the threats they face, but without requiring compliance with specific technical standards. (see next comment) 3. Standards (Article 16) 3
4 Encouragement of the use of standards is a laudable principle. However, it must be recognised that requiring compliance to detailed technical standards by market operators is likely to be counter-productive: Technical standards take time to be developed and revised and are unlikely to keep pace with the dynamic threat environment; Requiring compliance to detailed technical standards will encourage a compliance culture, with an emphasis on box-ticking as opposed to genuine risk management. The risk management practices that must be encouraged across the Union involve a high degree of skill, judgement and investigation by capable professionals this research type culture will not be encouraged by compliance requirements; Compliance with technical standards can create a false sense of security for senior management. For example, the payments industry has for some time required merchants to comply with technical security standards (PCI-DSS) when handling payment card details. However, breaches in recent years have occurred in organisations that are certified as compliant with PCI-DSS standards. This illustrates that compliance with even the most stringent technical standards is not sufficient for effective risk management. 4. Delegated acts (art. 18) & implemented act (14.7): In reference to Articles 9(2), 10 (5) and 14(5) as well as Article 14 (7) delegated acts and implemented act have been conferred to the Commission. The EBF has serious concerns regarding this extensive power for the European Commission because of the limited involvement of stakeholders in this process. The EBF also sees this technique as problematic since it leaves too much uncertainty with regard to the actual implementation of the Directive. This is all the most worrying as the respectively proposed delegated and implemented acts apply to essential aspects of the draft Directive such as the definition of the criteria to be fulfilled for a member state to be authorised to participate to the secure information-sharing-system (Article 9(2)), the further specification of the risks and incidents triggering early warning (Article 10 (5)), the definition of circumstances in which public administrations and Market operators are required to notify incidents (art. 14(5)) and finally the format and procedures applicable for the Member States to ensure that market operators notify to the competent authority incidents having a significant impact on the security of the core service they provide. 5. Definition of Market Operators We note the suggestion in paragraph 24 on page 14 that software developers and hardware manufacturers be explicitly excluded from the requirements of this Directive. However we would argue the contrary; that they should be at the core of the scope of this Directive: Their products are relied on by all other market operators to ensure the security of services thus they are a critical dependency; 4
5 There are known examples of hardware and software providers either being targeted in order to then compromise other market operators, or publicly acknowledged as placing market operators at risk due to vulnerabilities in their products. Whilst we acknowledge that the list given in Annex II is indicative, we would suggest omissions have been made of whole sectors that are known to be targets of sustained cyber attacks, and represent risk to the security of the EU. Examples include: Legal firms Accountancy and audit firms Food and agriculture firms Utilities such as water Information Technology firms Persons of contact: Fanny Derouck-Tadros Séverine Anciberro Noémie Papp 5
EBF response to ESMA consultation on the exemption for market making activities and primary market operations under Regulation (EU) 236/2012
EBF Ref.: D1758E-2012 Brussels, 5 October 2012 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association
More informationHow To Write An Article On The European Cyberspace Policy And Security Strategy
EU Cybersecurity Policy & Legislation ENISA s Contribution Steve Purser Head of Core Operations Oslo 26 May 2015 European Union Agency for Network and Information Security Agenda 01 Introduction to ENISA
More informationEU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence
EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32 A call for views and evidence 22 nd May 2013 Contents Contents... 2 Overview: The EU Directive on Network and Information Security...
More informationKey Points. EBF Ref. D1412D-2011 Brussels, 03.10.2011. Contact Person: Enrique Velázquez, e.velazquez@ebf-fbe.eu
EBF Ref. D1412D-2011 Brussels, 03.10.2011 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.
More informationProposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
EUROPEAN COMMISSION Brussels, 7.2.2013 COM(2013) 48 final 2013/0027 (COD) Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures to ensure a high common level of network
More informationProposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
EUROPEAN COMMISSION Brussels, XXX [ ](2012) XXX draft Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL concerning measures to ensure a high common level of network and information
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationWho s next after TalkTalk?
Who s next after TalkTalk? Frequently Asked Questions on Cyber Risk Fraud threat to millions of TalkTalk customers TalkTalk cyber-attack: website hit by significant breach These are just two of the many
More informationDIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations
DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations Brussels, October 2015 INTRODUCTION On behalf of the European
More informationEBA final draft Regulatory Technical Standards
EBA/RTS/2014/11 18 July 2014 EBA final draft Regulatory Technical Standards on the content of recovery plans under Article 5(10) of Directive 2014/59/EU establishing a framework for the recovery and resolution
More informationCyber Security : preventing and mitigating incidents. Alexander Brown Robert Allen
Cyber Security : preventing and mitigating incidents Alexander Brown Robert Allen 07 & 08 October 2015 Cyber Security context of the threat The magnitude and tempo of [cyber security attacks], basic or
More informationCouncil of the European Union Brussels, 5 March 2015 (OR. en)
Council of the European Union Brussels, 5 March 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 6788/15 LIMITE TELECOM 59 DATAPROTECT 23 CYBER 13 MI 139 CSC 55 CODEC 279 NOTE From: Presidency To:
More informationEBF preliminary position on the European Commission proposal for an insurance mediation directive (Recast)
EBF Ref.: D2142F 10.01.13 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries. The EBF represents
More informationPosition of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015
2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection
More informationKey Points. Ref.:EBF_004742 Brussels, 04 November 2013
Ref.:EBF_004742 Brussels, 04 November 2013 European Banking Federation Position Paper on the European Commission Proposal for a Regulation on Interchange Fees for Card-Based Payment Transactions Launched
More informationCode of Practice on Electronic Invoicing in Europe
Code of Practice on Electronic Invoicing in Europe 24 th March 2009 Version 0.17 Approved by Expert Group Plenary on 24 th March 2009 This Code of Practice on Electronic Invoicing in Europe is recommended
More informationKey Points. Ref.:EBF_007865E. Brussels, 09 May 2014
Ref.:EBF_007865E Brussels, 09 May 2014 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association countries.
More informationCode of Practice on Electronic Invoicing in Europe
Code of Practice on Electronic Invoicing in Europe 24 th March 2009 Version 0.17 Approved by Expert Group Plenary on 24 th March 2009 This Code of Practice on Electronic Invoicing in Europe is recommended
More informationHow To Understand And Understand The European Priorities In Information Security
European priorities in information security Graeme Cooper Head of Public Affairs Unit, ENISA 12th International InfoSec and Data Storage Conference, 26th September 2013, Sheraton Hotel, Sofia, Bulgaria
More informationREFORM OF STATUTORY AUDIT
EU BRIEFING 14 MARCH 2012 REFORM OF STATUTORY AUDIT Assessing the legislative proposals This briefing sets out our initial assessment of the legislative proposals to reform statutory audit published by
More informationASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012. Co-Chair s Summary Report
ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September 2012 Co-Chair s Summary Report 1. Pursuant to the 18 th ASEAN Regional Forum (ARF) Ministerial meeting in Bali,
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationGUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK
GUIDELINE ON THE APPLICATION OF THE OUTSOURCING REQUIREMENTS UNDER THE FSA RULES IMPLEMENTING MIFID AND THE CRD IN THE UK This Guideline does not purport to be a definitive guide, but is instead a non-exhaustive
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationRef: ED Responding to Non-Compliance or Suspected Non-Compliance with Laws and Regulations
October 15. 2015 IAASB Ref: ED Responding to Non-Compliance or Suspected Non-Compliance with Laws and Regulations FSR - danske revisorer welcomes this project to ensure consistency between ISAs and the
More informationMapping of outsourcing requirements
Mapping of outsourcing requirements Following comments received during the first round of consultation, CEBS and the Committee of European Securities Regulators (CESR) have worked closely together to ensure
More informationBEREC Monitoring quality of Internet access services in the context of Net Neutrality
BEREC Monitoring quality of Internet access services in the context of Net Neutrality BEUC statement Contact: Guillermo Beltrà - digital@beuc.eu Ref.: BEUC-X-2014-029 28/04/2014 BUREAU EUROPÉEN DES UNIONS
More informationDELEGATED REGULATION (EU)
RTS 15: Draft regulatory technical standards on market making, market making agreements and marking making schemes COMMISSION DELEGATED REGULATION (EU) No /.. of [date] supplementing Directive 2014/65/EU
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationBEREC Guidelines for Quality of Service in the scope of Net Neutrality
BEREC Guidelines for Quality of Service in the scope of Net Neutrality BEUC response to the public consultation Contact: Guillermo Beltrà digital@beuc.eu Ref.: X/2012/060-27/07/2012 BUREAU EUROPÉEN DES
More information2011-2014. Deliverable 1. Input on the EU's role in fighting match-fixing. Expert Group "Good Governance. EU Work Plan for Sport
EU Work Plan for Sport 2011-2014 Expert Group "Good Governance Deliverable 1 Input on the EU's role in fighting match-fixing J u n e 2012 2 1. INTRODUCTION The EU Work Plan for Sport identifies integrity
More informationEFPIA position on Clinical Trials Regulation trialogue
EFPIA position on Clinical Trials Regulation trialogue As the revision of the Clinical Trial Directive enters the Trialogue phase, it is critical to remember that the key objective of this legislation
More informationWestern Australian Auditor General s Report. Information Systems Audit Report
Western Australian Auditor General s Report Information Systems Audit Report Report 10 June 2012 Auditor General s Overview The Information Systems Audit Report is tabled each year by my Office. It summarises
More informationData Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department
Data Breach Notifications Submission by the Australian Communications Consumer Action Network to the Attorney General s Department November 2012 About ACCAN The Australian Communications Consumer Action
More informationIESBA Technical Director Mr. Ken Siong. By e-mail: kensiong@ethicsboard.org. 2 September, 2015
IESBA Technical Director Mr. Ken Siong By e-mail: kensiong@ethicsboard.org 2 September, 2015 Re: FSR danske revisorer comments on IESBA Exposure Draft: Responding to Non-Compliance with Laws and Regulations
More informationORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA
ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA ON THE AMENDMENT OF THE ORDER NO. 1V-1013 ON THE APPROVAL OF THE RULES ON THE ENSURANCE OF SECURITY AND INTEGRITY
More informationHaving regard to the Treaty on the Functioning of the European Union, and in particular Article 16 thereof,
Opinion of the European Data Protection Supervisor on the Joint Communication of the Commission and of the High Representative of the European Union for Foreign Affairs and Security Policy on a 'Cyber
More informationUpdating Ofcom s guidance on network security
Updating Ofcom s guidance on network security Call for Inputs Publication date: 13 December 2013 Closing Date for Responses: 21 February 2014 Contents Section Page 1 Introduction 1 2 Legislative framework
More informationEnhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015
Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015 European Union Agency for Network and Information Security Summary 1 Presentation
More informationGOVERNMENT OF THE REPUBLIC OF LITHUANIA
GOVERNMENT OF THE REPUBLIC OF LITHUANIA RESOLUTION NO 796 of 29 June 2011 ON THE APPROVAL OF THE PROGRAMME FOR THE DEVELOPMENT OF ELECTRONIC INFORMATION SECURITY (CYBER-SECURITY) FOR 20112019 Vilnius For
More informationCOMMISSION STAFF WORKING DOCUMENT. Executive Summary of the Impact Assessment. Accompanying the document
EUROPEAN COMMISSION Brussels, 11.9.2013 SWD(2013) 332 final COMMISSION STAFF WORKING DOCUMENT Executive Summary of the Impact Assessment Accompanying the document Proposal for a Regulation of the European
More informationWe take the opportunity of the proposal to stress the following specific points where we think there is room for improvement.
D0208G 22/05/2012 Set up in 1960, the European Banking Federation is the voice of the European banking sector (European Union & European Free Trade Association countries). The EBF represents the interests
More informationBEREC DRAFT REPORT ON OTT SERVICES
The Consumer Voice in Europe BEREC DRAFT REPORT ON OTT SERVICES BEUC response to the public consultation Contact: Guillermo Beltrà digital@beuc.eu BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL DER
More informationPrinciples of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country
2015 Principles of Best Practice applicable to the distribution of Life Insurance Products on a Cross-border Basis within the EU or a Third Country 1 Principles of Best Practice applicable to the distribution
More informationHelmut Wacket Head of Oversight Division. Cybersecurity: regulatory framework and central bank initiatives in the EU
Helmut Wacket Head of Oversight Division Cybersecurity: regulatory framework and central bank initiatives in the EU Cybersecurity in the EU Securing network and information systems in the EU is essential
More informationMerchants and Trade - Act No 28/2001 on electronic signatures
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
More informationHacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows
Hacks, apps and espionage - how protected are you against cyber crime? Top 10 Legal Need-to-Knows 24 February 2015 Callum Sinclair Faith Jayne Agenda Top 10 legal need-to-knows, including: What is cyber
More informationHow To Write A New Payment Services Directive
Proposal for a revised Payment Services Directive BEUC position Contact: Financial Services Team financialservices@beuc.eu Ref.: X/2013/079-27/11/2013 BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL
More informationAnthony J. Albanese, Acting Superintendent of Financial Services. Financial and Banking Information Infrastructure Committee (FBIIC) Members:
Andrew M. Cuomo Governor Anthony J. Albanese Acting Superintendent FROM: TO: Anthony J. Albanese, Acting Superintendent of Financial Services Financial and Banking Information Infrastructure Committee
More informationLEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction
LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed
More informationCCBE comments on the proposal for a Directive of the European Parliament and of the Council on singlemember private limited liability companies
Conseil des barreaux européens Council of Bars and Law Societies of Europe Association internationale sans but lucratif Rue Joseph II, 40 /8 1000 Bruxelles T. : +32 (0)2 234 65 10 F. : +32 (0)2 234 65
More informationInternal controls Guidance for trustees
Regulatory code of practice no. 9 Internal controls Guidance for trustees Contents Paragraph Page 1 Introduction 3 5 The status of codes of practice 3 6 Other regulatory requirements 3 7 Terminology 4
More informationCOMMISSION REGULATION (EU) No /.. of XXX
EUROPEAN COMMISSION Brussels, XXX [ ](2013) XXX draft COMMISSION REGULATION (EU) No /.. of XXX on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC on privacy
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More informationEU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013
EU Priorities in Cybersecurity Steve Purser Head of Core Operations Department June 2013 Agenda About ENISA The EU Cyber Security Strategy Protecting Critical Information Infrastructure National & EU Cyber
More informationHow To Assess A Critical Service Provider
Committee on Payments and Market Infrastructures Board of the International Organization of Securities Commissions Principles for financial market infrastructures: Assessment methodology for the oversight
More information5581/16 AD/NC/ra DGE 2
Council of the European Union Brussels, 21 April 2016 (OR. en) Interinstitutional File: 2013/0027 (COD) 5581/16 LEGISLATIVE ACTS AND OTHER INSTRUMTS Subject: TELECOM 7 DATAPROTECT 6 CYBER 4 MI 37 CSC 15
More informationGENERAL COMMENTS. 12 February 2015
EBF_013353 The European Banking Federation is the voice of the European banking sector, uniting 32 national banking associations in Europe that together represent some 4,500 banks - large and small, wholesale
More informationEuropean Code for Export Compliance
European Code for Export Compliance EU-CEC European Institute For Export Compliance EU-ECF EU Export Compliance Framework: EU Export Compliance Charter The European Code for Export Compliance EU-CEC 1.
More informationBCS, The Chartered Institute for IT Consultation Response to:
BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First
More informationData Protection Breach Management Policy
Data Protection Breach Management Policy Please check the HSE intranet for the most up to date version of this policy http://hsenet.hse.ie/hse_central/commercial_and_support_services/ict/policies_and_procedures/policies/
More informationWHITE PAPER. PCI Basics: What it Takes to Be Compliant
WHITE PAPER PCI Basics: What it Takes to Be Compliant Introduction A long-running worldwide advertising campaign by Visa states that the card is accepted everywhere you want to be. Unfortunately, and through
More informationDemystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature
Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach
More informationE-PRIVACY DIRECTIVE: Personal Data Breach Notification
E-PRIVACY DIRECTIVE: Personal Data Breach Notification PUBLIC CONSULTATION BEUC Response Contact: Kostas Rossoglou digital@beuc.eu Ref.: X/2011/092-13/09/11 EC register for interest representatives: identification
More information15229/2/15 REV 2 KM/ek 1 DG E2B
Council of the European Union Brussels, 18 December 2015 (OR. en) Interinstitutional File: 2013/0027 (COD) 15229/2/15 REV 2 NOTE From: To: Presidency Permanent Representatives Committee TELECOM 232 DATAPROTECT
More informationHonourable members of the National Parliaments of the EU member states and candidate countries,
Speech by Mr Rudolf Peter ROY, Head of division for Security Policy and Sanctions of the European External Action Service, at the L COSAC Meeting 29 October 2013, Vilnius Honourable members of the National
More information005ASubmission to the Serious Data Breach Notification Consultation
005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation
More informationCOMPLIANCE FRAMEWORK AND REPORTING GUIDELINES
COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:
More informationChapter Five: Respect for Human Rights in Joint Ventures Relationships
73 Chapter Five: Respect for Human Rights in Joint Ventures Relationships Overview Brief overview of joint ventures relationships Joint ventures (JVs) are formed when companies combine their resources
More informationInformation Security Management System (ISMS) Policy
Information Security Management System (ISMS) Policy April 2015 Version 1.0 Version History Version Date Detail Author 0.1 18/02/2015 First draft Andy Turton 0.2 20/02/2015 Updated following feedback from
More informationslaughter and may The new EU Data Protection Regulation revolution or evolution?
slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of
More informationCyber and Data Security. Proposal form
Cyber and Data Security Proposal form This proposal form must be completed and signed by a principal, director or a partner of the proposed insured. Cover and Quotation requirements Please indicate which
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationEUROPEAN DATA PROTECTION SUPERVISOR
C 47/6 Official Journal of the European Union 25.2.2010 EUROPEAN DATA PROTECTION SUPERVISOR Opinion of the European Data Protection Supervisor on the Communication from the Commission on an Action Plan
More informationEBF Comments on the Review Draft Standard on General Hedges
Chief Executive RK/MT EBF ref. N 0365 Email International Accounting Standards Board Mr Martin Edelmann, Mr Stephen Cooper and Mr Takatsugu Ochi 30 Canon Street London EC4M 6XH United Kingdom Brussels,
More informationOUTCOME OF PROCEEDINGS
Council of the European Union Brussels, 18 November 2014 15585/14 COPS 303 POLMIL 103 CYBER 61 RELEX 934 JAI 880 TELECOM 210 CSC 249 CIS 13 COSI 114 OUTCOME OF PROCEEDINGS From: Council On: 17 18 November
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationEACB messages for the Trialogue negotiations on Bank Recovery and Resolution Directive
EACB messages for the Trialogue negotiations on Bank Recovery and Resolution Directive 30 August 2013 The EACB is the voice of the co-operative banks in Europe. It represents, promotes and defends the
More informationNational Occupational Standards. Compliance
National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationExternal Supplier Control Requirements
External Supplier Control s Cyber Security For Suppliers Categorised as Low Cyber Risk 1. Asset Protection and System Configuration Barclays Data and the assets or systems storing or processing it must
More informationConsultative report. Committee on Payment and Settlement Systems. Board of the International Organization of Securities Commissions
Committee on Payment and Settlement Systems Board of the International Organization of Securities Commissions Consultative report Principles for financial market infrastructures: Assessment methodology
More informationCYBER-ATTACKS THE GLOBAL RESPONSE
R E P R I N T CYBER-ATTACKS THE GLOBAL RESPONSE REPRINTED FROM: Risk, Governance & Compliance for Financial Institutions 2015 RISK GOVERNANCE & COMPLIANCE for F I N A N C I A L INSTITUTIONS 2 0 1 5 Visit
More informationHEALTH AND SOCIAL CARE BILL 2011. Joint Briefing for the House of Lords Committee
HEALTH AND SOCIAL CARE BILL 2011 Joint Briefing for the House of Lords Committee A Statutory Duty of Candour for the NHS (Duty to ensure transparency) Aim: Establish a Duty of Candour so that any provider
More informationThe European Lotteries
The European Lotteries SPORTS INTEGRITY ACTION PLAN The 7 Point Programme for THE BENEFIT AND THE FURTHER DEVELOPMENT OF SPORT IN EUROPE March 2013 THE EUROPEAN LOTTERIES SPORTS INTEGRITY ACTION PLAN The
More informationConsultation on the technical legislative implementation of the EU Audit Directive and Regulation
AUDITOR REGULATION Consultation on the technical legislative implementation of the EU Audit Directive and Regulation OCTOBER 2015 1. Contents 1. Contents... 2 2. Introduction... 4 The EU Audit Directive
More informationCyber Security - What Would a Breach Really Mean for your Business?
Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber
More informationIndustrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported
Protecting What Matters Most Christian Fahlke, Regional Sales Manager ALPS March 2015 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) 2014: 245 incidents reported (Source: https://ics-cert.us-cert.gov/sites/default/files/monitors/ics-cert_monitor_sep2014-feb2015.pdf)
More informationwww.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit March 6, 2014 (4:30-5:30) Draft v8 2-25-14
www.pwc.com The data breach lifecycle: From prevention to response IAPP global privacy summit (4:30-5:30) Draft v8 2-25-14 Common Myths 1. You have not been hacked. 2. Cyber security is about keeping the
More informationSpecific comments on Communication
Comments on Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions Cybersecurity Strategy of the European Union: An Open,
More informationAchieving Global Cyber Security Through Collaboration
Achieving Global Cyber Security Through Collaboration Steve Purser Head of Core Operations Department December 2013 European Union Agency for Network and Information Security www.enisa.europa.eu Agenda
More informationRegistration must be carried out by a top executive or a number of executives having the power to commit the whole company in the EU.
Questions and answers 1- What is the purpose of The Initiative? Why are we doing this? The purpose of the Supply Chain Initiative is to promote fair business practices in the food supply chain as a basis
More informationENISA s Study on the Evolving Threat Landscape. European Network and Information Security Agency
ENISA s Study on the Evolving Threat Landscape European Network and Information Security Agency Agenda Introduction to ENISA Preliminary remarks The ENISA report Major findings Conclusions 2 ENISA The
More informationTICSA. Telecommunications (Interception Capability and Security) Act 2013. Guidance for Network Operators. www.gcsb.govt.nz www.ncsc.govt.
TICSA Telecommunications (Interception Capability and Security) Act 2013 Guidance for Network Operators www.gcsb.govt.nz www.ncsc.govt.nz Contents Introduction...2 Overview of the Guidance...3 Focus of
More informationInitial appraisal of a European Commission Impact Assessment
Initial appraisal of a European Commission Impact Assessment European Commission proposal for a Directive on the harmonisation of laws of the Member States to the making available on the market of radio
More informationSOLIDAR CONTRIBUTION TO EUROPEAN COMMISSION CONSULTATION ON FINANCIAL INCLUSION/ACCESS TO A BANK ACCOUNT
Rue du Commerce 22 B-1000 Brussels T + 32 (0)2 500 10 20 F + 32 (0)2 500 10 30 E solidar@solidar.org Register ID #9722558612-54 SOLIDAR CONTRIBUTION TO EUROPEAN COMMISSION CONSULTATION ON FINANCIAL INCLUSION/ACCESS
More informationENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012
ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe CENTR General Assembly, Brussels October 4, 2012 christoffer.karsberg@enisa.europa.eu 1 Who we are ENISA was
More information- 'Improving Cyber Security in Europe, the way forward
Report Breakfast Briefing: 'Improving Cyber Security in Europe, the way forward 24 April 2013, European Parliament, Brussels Disclaimer: This report is prepared by the rapporteur, Dr. Alea Fairchild, for
More informationCCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING
CCBE RESPONSE REGARDING THE EUROPEAN COMMISSION PUBLIC CONSULTATION ON CLOUD COMPUTING CCBE response regarding the European Commission Public Consultation on Cloud Computing The Council of Bars and Law
More informationGovernment Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary
Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary 1. The Government hereby approves the National Cyber Security Strategy of Hungary laid down in Annex No.
More information