Recently we posted:
- Early Warning System (EWS) – what it takes to create success
- EISAS and ENISA – biggest challenge are the Key Performance Indicators – KPIs
- EISAS and ENISA – presentation given in Berlin about feasibility study
| Early Warning System – much work it takes to create ‘added value’ |
| From time-to-time we will bring new insights regarding the running of EWS operations. |
| We hope that you enjoy reading these and will get something out of them |
| We would appreciate if you leave a comment below what you think or maybe what can be added, why don’t you? |
Last week we discussed risk assessment and what one should do first – namely begin categorizing risks. We provided you with some thoughts and a schemata helping you do this important job in your environment:-Early Warning System (EWS) – Categorizing the risks
In part, putting risk categories together will then help compliance officers, regulators, CEOS, etc. to get a better handle on which risks reqire immediate effort and which can wait awhile. Put differently, get the lowest hanging fruit first. We addressed this issue including providing links and descriptions of the relevant directives, regulations, national laws, ISO standards, best practice and industry codes here:
Urs+Nahum’s Security Checklist ISBN 978-0-9783768-0-2 – latest version June 2007
Today ENISA released a new study that apparently accomplishes the following laudable objective:
The presented material is charting the main normative components regarding RM/RA applicable within the European Union. Moreover, this material assesses the impact of these normative texts for both the private and public sector. This knowledge is instrumental for business, e.g. to determine to which extent these guidelines apply to risk management considerations, and how they may impact Network and Information Security (NIS) practices. (from the press release published 2007-06-26)
You can download the report from here:
Some of you may criticize the above report and wonder how it really helps in getting a better handle on regulations, directive and national laws. In particular it is not always easy to see how it can help manage risks better and improve on risk assessment in an enterprise (i.e. the private sector) it does provide a great overview regarding these regulations and ISO standards.
Moreover, the study is very thorough and provides an exhaustive but, nonetheless, very nicely structured overview by using Tables with explanations. If you know a lot about regbulations and standards this might confirm that you are on top of it but, more likely, it will point you to one or two directives or regulations that might have fallen between the cracks in your enterprise or public agency.
Have a look, it is definitely worth checking out these 105 pages. This is another nice tool that could help you in your work in addition to the many more we pointed out in our checklist.
What it will not do, however, is tell you where to start to get your house in order. For that you may want to check out Urs+Nahum’s Security Checklist
SUBSCRIPTION
To make it more convenient for you to take advantage of CyTRAP Labs’ offerings, just provide us with your e-mail address below. You can personalize your subscription to make it suit your needs.