Geoff Lister Echelon Consulting Limited NIS Report Editor IT
advertisement
MAKING IT SAFE & SECURE INTRODUCTION ¾ Geoff Lister ¾ Echelon Consulting Limited ¾ NIS Report Editor 1 ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited MAKING IT SAFE & SECURE AGENDA ¾ NIS Report - Background, Context and Scope ¾ Current Situation ¾ Updating the NIS Report 2 ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited ETSI Future Security Workshop - 17 Jan 2005 Report Context and Scope ¾ Commission Communication COM (2001) 298, 6th June 2001 ¾ “On a common approach and specific actions in the area of network and information security” eEurope 2002 3 “Network and Information Security: Proposal for a European Policy Approach” Council Resolution, 28th January 2002 ¾ MAKING IT SAFE & SECURE Security and Trust in electronic business carried out over public private networks ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited Report Context and Scope MAKING IT SAFE & SECURE NIS Report is the response of CEN and ETSI to Commission Communication COM (2001) 298 ¾ It addresses standardisation issues which are relevant to: ¾ the European Standards Organisations(ESOs) industry and academic standards groups ¾ …..and within an e-business environment any commercial transaction carried out electronically relates both to the user and provider of an e-business service 4 ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited Report Context and Scope ¾ MAKING IT SAFE & SECURE Does not address in detail : Personnel Vetting Information Security Professional Qualifications Digital Rights Management (refer to CEN/ISSS Focus Group) Moving Pictures (refer to MPEG in ISO/IEC JTC1/SC29) Data Protection (refer to CEN/ISSS IPSE initiative) Crime Risk (EU Mandate M/355 issued August 2004) 5 ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited Report Context and Scope ¾ 6 MAKING IT SAFE & SECURE To summarise : Network and Information Security standardization e-Business applications Identifies existing and developing standards Makes recommendations for future standards-related work (ESOs) ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited Current NIS Report Structure ¾ MAKING IT SAFE & SECURE e-Business user security requirements for: Home users SMEs Large Organisations and industries ¾ e-Business service provider security requirements: sets of security services • Registration and Authentication services • Confidentiality and privacy services • Trust services • etc. ¾ 7 Standards Annexes ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited Current Situation MAKING IT SAFE & SECURE July 2003: Joint Issue of final report by CEN/ISSS (web site) and ETSI (ETSI SR 002 298) ¾ March 2004: ICTSB set up NISSG (Network and Information Security Steering Group): ¾ to act as a focal point for European Standardisation on network and information security standardization to “implement” the recommendations of the NIS report provide a focal point of contact between the standardization community and ENISA 8 ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited NISSG Proposal to Update the NIS Report ¾ MAKING IT SAFE & SECURE Existing Report is out of date snapshot at a point in time technology and standards evolve continuously ¾ It is “one-dimensional” pertinent to e-business applications It is not “selectively” accessible ¾ It is not easy to extend the report in its current form to other business areas ¾ 9 ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited NISSG Proposal to Update the NIS Report MAKING IT SAFE & SECURE Standards Information needs to be updated ¾ Flexible Framework to enable the report to be expanded - e.g. more “business” areas ¾ Capable of responding to advances in security technology and standards developments ¾ “Light touch” maintenance ¾ Better accessibility ¾ ¾ plus ENISA 10 ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited Updating the NIS Report some initial personal thoughts Web Based - ICTSB website ¾ Three Tier Modular Document ¾ First Tier - Introduction and site map ¾ Second Tier ¾ Identifies and defines the “business areas”: • • • • • 11 e-commerce e-health crime risk mobile telephony etc Links to appropriate modules in third tier ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited MAKING IT SAFE & SECURE Updating the NIS Report some initial personal thoughts ¾ Third tier - each module contains a group of related security services confidentiality identity management trust • Non-repudiation • Integrity ¾ Each module lists or links to: relevant current and developing standards developing security topics identification of gaps and weaknesses ETSI Future Security Copyright ©2005 Echelon Consulting Limited etc 17 January 2006 12 MAKING IT SAFE & SECURE Updating the NIS Report some initial personal thoughts MAKING IT SAFE & SECURE TIER 1 Site Map TIER 2 Business Application e-commerce TIER 3 Security Services PRIVACY 13 ETSI Future Security 17 January 2006 TIER 2 Business Application Crime risk TIER 3 Security Services IDENTITY MNGMT TIER 3 Security Services TRUST TIER 2 Business Application e-health TIER 2 Business Application Mobile Telephony TIER 3 Security Services ?????? Copyright ©2005 Echelon Consulting Limited Any Questions ? 14 ETSI Future Security 17 January 2006 Copyright ©2005 Echelon Consulting Limited MAKING IT SAFE & SECURE
