Recently we posted:
|Early Warning System – much work it takes to create ‘added value’
|From time-to-time we will bring new insights regarding the running of EWS operations.|
|We hope that you enjoy reading these and will get something out of them|
|We would appreciate if you leave a comment below what you think or maybe what can be added, why don’t you?|
Last week we discussed risk assessment and what one should do first – namely begin categorizing risks. We provided you with some thoughts and a schemata helping you do this important job in your environment:-Early Warning System (EWS) – Categorizing the risks
In part, putting risk categories together will then help compliance officers, regulators, CEOS, etc. to get a better handle on which risks reqire immediate effort and which can wait awhile. Put differently, get the lowest hanging fruit first. We addressed this issue including providing links and descriptions of the relevant directives, regulations, national laws, ISO standards, best practice and industry codes here:
Today ENISA released a new study that apparently accomplishes the following laudable objective:
The presented material is charting the main normative components regarding RM/RA applicable within the European Union. Moreover, this material assesses the impact of these normative texts for both the private and public sector. This knowledge is instrumental for business, e.g. to determine to which extent these guidelines apply to risk management considerations, and how they may impact Network and Information Security (NIS) practices. (from the press release published 2007-06-26)
You can download the report from here:
ENISA (June 26, 2007) Risk Management / Risk Assessment in European regulation, international guidelines and codes of practice Heraklion – Crete – Grece: ENISA – European Network and Information Security Agency (ENISA) – Section Risk Management with the collaboration of J. Dumortier and Hans Graux
Some of you may criticize the above report and wonder how it really helps in getting a better handle on regulations, directive and national laws. In particular it is not always easy to see how it can help manage risks better and improve on risk assessment in an enterprise (i.e. the private sector) it does provide a great overview regarding these regulations and ISO standards.
Moreover, the study is very thorough and provides an exhaustive but, nonetheless, very nicely structured overview by using Tables with explanations. If you know a lot about regbulations and standards this might confirm that you are on top of it but, more likely, it will point you to one or two directives or regulations that might have fallen between the cracks in your enterprise or public agency.
Have a look, it is definitely worth checking out these 105 pages. This is another nice tool that could help you in your work in addition to the many more we pointed out in our checklist.
What it will not do, however, is tell you where to start to get your house in order. For that you may want to check out Urs+Nahum’s Security Checklist
To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.