ENISA and Cloud Security

Similar documents
ENISA and Cloud Security

ENISA and Cloud Security

Cloud and Critical Information Infrastructures

How To Write An Article On The European Cyberspace Policy And Security Strategy

Prof. Udo Helmbrecht

European Cloud. Computing Strategy. State of play: Ken Ducatel DG CONNECT

How To Understand And Understand The European Priorities In Information Security

European Cloud Computing. Strategy. Cloud standards. Ken Ducatel DG CONNECT

European Cloud Computing Strategy

Cloud Computing - Cyber Security Challenges for the Finance Sector

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Cyber Security in Europe

Security and privacy standardization for the SME community

Council of the European Union Brussels, 4 July 2014 (OR. en) Mr Uwe CORSEPIUS, Secretary-General of the Council of the European Union

ENISA: Cybersecurity policy in Energy Dr. Andreas Mitrakas, LL.M., M.Sc., Head of Unit Quality & data mgt

Some Public Sector Cloud Views

Demystifying cloud computing for SMEs

National-level Risk Assessments

An SME perspective on Cloud Computing November 09. Survey

Cloud Security Standardisation & Certification. Arjan de Jong Policy Advisor Information Security

Cloud Computing. and the European Strategy. State of play: Dan-Mihai CHIRILĂ DG CONNECT

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

Procurement Innovation for Cloud Services in Europe - PICSE

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

Cooperation in Securing National Critical Infrastructure

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA.

European Privacy Reporter

ENISA TRAINING. Tentative agenda for workshop. Supported and co- organised by: TLP WHITE JANUARY 2016

ICT 7: Advanced cloud infrastructures and services

National Cyber Security Strategies

Security Framework for Governmental Clouds

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Towards defining priorities for cybersecurity research in Horizon 2020's work programme Contributions from the Working Group on Secure ICT

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

Virtual Appliance Instructions for ENISA CERT Training TLP WHITE APRIL European Union Agency For Network And Information Security

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

Standards for Cyber Security

Cyber Europe Key Findings and Recommendations

The role of certification and standards for trusted Cloud solutions

OSCi Domain 2 presentation Massively distributed services

OUTCOME OF PROCEEDINGS

CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES

Berlin, 15 th November Mark Dunne SaaSAssurance

Achieving Global Cyber Security Through Collaboration

European Union Agency for Network and Information Security ENISA ANNUAL REPORT

Cloud Competency Programme Workshop [1] Secure cloud services in a regulated environment

ehealth in support of safety, quality and continuity of care within and across borders

European Innovation Partnership on Active and Healthy Ageing. Action Group C2 Interoperable Independent Living Solutions

EU policy on Network and Information Security and Critical Information Infrastructure Protection

Mainstreaming European Military Cyber Defence Training & Exercises

EISAS European Information Sharing and Alert System for citizens and SMEs Implementation through cooperation

Cyber Security in Austria

Summary Report Report # 1. Security Challenges of Cross-Border Use of Cloud Services under Special Consideration of ENISA s Contributions

It s all about Europe s future with Cloud. EUROCLOUD FORUM th EuroCloud Congress Barcelona, October 7 9

Taking on the Cloud Challenge in Europe

ENISA Work programme

Achieving Global Cyber Security Through Collaboration


Expert Group on Cloud Computing Services and Standards ( EGCCSS ) Formation of Working Groups

Certification in the EU Cloud Strategy

ANALYSIS OF THE STAKEHOLDER CONSULTATION ON

ENISA workshop on Security Certification of ICT products in Europe

MONITORING COMMITTEE Operational Programme I. JEREMIE Criteria

CYSPA - EC projects supporting NIS

A European Policy on Open Access and its implementation in Horizon 2020

WORK PROGRAMME NOVEMBER 2012

ICS-SCADA testing and patching: Recommendations for Europe

European perspectives in addressing sustainability in data centres (in context, in particular, of urban environments)

Privacy in the Cloud: Data Protection and Security in Cloud Computing

European Innovation Partnership Smart Cities and Communities Henriette VAN EIJL, European Commission, DG MOVE-C2

Impact Assessment (IA)

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

ENISA s contribution to the development of Network and Information Security within the Community

A Guide to Horizon 2020 Funding for the Creative Industries

CYSPA launch event - Turkey

Your first EURES job. Progress Summary 2014Q4. March 2015

Multi-Jurisdictional Study: Cloud Computing Legal Requirements. Julien Debussche Associate January 2015

Cloud Standards Coordination Final Report November 2013 VERSION 1.0

Honourable members of the National Parliaments of the EU member states and candidate countries,

ICT 7: Advanced cloud infrastructures and services. ICT 8: Boosting public sector productivity and innovation through cloud computing services

Technical Guideline for Minimum Security Measures

Public consultation on the contractual public-private partnership on cybersecurity and possible accompanying measures

Cloud Security Incident Reporting

ERDF Grant Schemes for Enterprises. Schemes part-financed by European Regional Development Funds

Dr. Jesus Luna Garcia

National Cyber Security Strategy

Cloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL

Cloud certification guidelines and recommendations

D4.1 Cloud certification guidelines and recommendations

Together towards an EU Urban Agenda

VACANCY NOTICE FOR THE POSITION OF SENIOR EXPERT IN SECURITY TOOLS AND ARCHITECTURE Ref. ENISA/TA/AD/2007/13

Standards in the Digital Single Market: setting priorities and ensuring delivery

Building up a European Cybersecurity

Innovation and PPP financing: The European Investment Fund

Khalil ROUHANA Director. Directorate-General for Information Society European Commission

Cyber Security for Railway Signalling

Social Business Initiative

David Quesada, ENIDE BESTFACT International Workshop on e-freight 11 Junio 2015 Barcelona

Transcription:

Click icon to add picture Click icon to add picture ENISA and Cloud Security Dimitra Liveri NIS Expert EuroCloud Forum 2015 Barcelona 07-10-2015 European Union Agency for Network and Informaton Security Click icon to add picture

Positoning ENISA actvites HA ND S ON P O LI C Y IM P L E M E N MOBILISING COMMUNITIES TAT IO N RECOMMENDATIONS 2

Agenda ENISA Actvites in Cloud Security ENISA tools Risk Assessment for SMEs Cloud Certfcaton Schemes List Next steps 3

Diferences in Requirements for Governments vs. Companies Private Sector Diference depending on the scale i.e. Large companies and SMEs Investment from cost perspectve Public Sector Legacy Data Legacy Applicatons Legacy Processes Special informaton assurance requirements NEEDS MORE TIME TO ADOPT EASIER TO MAKE THE RIGHT DECISION 4

ENISA s work in the area of Cloud 2009 Cloud computng risk assessment 2009 Cloud security Assurance framework 2012 Procure secure (Security in SLAs) 2013 Critcal cloud computng 2013 Incident reportng for cloud computng 2013 Securely deploying GovClouds 2013 Support EU Cloud Strategy 2014 Cloud Certfcaton Meta-Framework 2014 Procurement security in GovClouds 2015 Cloud Security guide for SMEs htp://www.enisa.europa.eu/actvites/resilience-and-ciip/cloud-computng 5

ENISA engages the community ENISA Cloud Security and Resilience experts group 6

Cloud Computng Risk Assessment Addressed to: public sector, private sector (large companies and SMEs), governmental agencies 7

Risk Assessment in the Cloud Famous 2009 Guide Updated in 2012 Security Guide for SMEs 2015 8

Security guide for SMEs Small and medium size enterprises (SMEs) are an important driver for innovaton and growth in the EU Cloud Computng is a means for innovaton, but cloud is for the SMEs stll a challenge. ENISA in this study presents: - 11 security opportunites (compared to legacy IT benefts) 11 security risks (compared with legacy IT risks) 12 security questons for the SME to ask the provider (in one security cheat sheet 2 comprehensive scenarios Some legal advice 9

and online tool Where you can: rate your opportunites from cloud rate your risks produce a risks map get your security questons 10

Cloud Certfcaton Addressed to: private sector - large companies and SMEs, (public sector and governmental agencies in some cases) 11

The EU Cloud Strategy EU should not only be cloud-friendly, but also cloud actve The The European European Commission s Commission s strategy strategy Cutng Cutng through through the the jungle jungle of of I I am am pleased pleased that that ETSI ETSI launched launched and and steered steered the the Cloud Cloud Standards Standards Coordinaton Coordinaton technical technical standards standards (CSC) (CSC) initatve initatve in in aa fully fully transparent transparent and and open open way way for for all all stakeholders. stakeholders. Unleashing Unleashing the the potential potential of of cloud cloud computing computing in in Europe Europe Adopted Adopted on on 27 27 September September 2012, 2012, it it is is designed designed to to speed speed up up and and increase increase the the use use of of Development Development of of model model safe safe and and fair fair contract contract terms terms and and conditons conditons...ensuring...ensuring technical technical security security requirements requirements are are mapped mapped onto onto certfcaton, certfcaton, as as ENISA ENISA is is leading leading cloud cloud computing computing across across the the economy economy...... we we ofcially ofcially launch launch the the platorm platorm for for public public sector sector cooperaton cooperaton with with this this A A European European Cloud Cloud Partnership Partnership to to "Cloud "Cloud for for Europe" Europe" initatve. initatve. This This is is an an enormous enormous step step forward. forward. drive drive innovaton innovaton and and growth growth Neelie Neelie Kroes, Kroes, European European Commissioner Commissioner for for the the Digital Digital Agenda Agenda Oct Oct 2013 2013 from from the the public public sector sector 12

ENISA realising the EU Cloud Strategy: Certfcaton Strategic objectve of EC Strategy: List of voluntary certfcaton schemes Cloud Certfcaton Schemes List (CCSL): List of existng certfcaton schemes 13 Certfcaton schemes included Powered by ENISA, supported by the EC and the Cloud Selected Industry Group (C-SIG) Cloud Certfcaton Schemes Meta-framework (CCSM): Meta-framework based on existng certfcaton schemes Mapping detailed ICT security requirements of the public sector in the EU (11 countries and more will come) Matrix will results to be used for procurement 13 Visit: htps://resilience.enisa.europa.eu/cloud-computng-certfcaton

How we draw CCSM 14

Next steps Ex-post analysis of cloud incidents (early 2016) EU perspectve on ex post analysis (forensics) for cloud incidents: 8 countries(it, ES, IE, NL, GR, FR, EE, UK): Academia, LEAs, Forensics Specialists, CERTs. Challenges, procedures, tools, legal restrictons ICT in e-health (2016) Challenges and opportunites of ICT deployments in ehealth (medical records, patent records etc) Cloud computng use case in ehealth Big data use case in e Health 15

Click icon to add picture Thank you and Welcome! PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information