Recent Posts
-
First Meeting of WG1 on Cybersecurity Risk Management
WG1 will identify best practices to design, implement and maintain cybersecurity risk management processes throughout an organisation. This will include steps to be taken at strategic, management and operational level to identify, assess and mitigate cybersecurity risks, to monitor the effectiveness of controls, and to deter and handle incidents.
Best practices could cover the articulation of roles and responsibilities; human resources security; physical and environmental security of facilities; risk-based methodologies to identify critical assets; procedures to verify the availability and status of assets and operations; contingency plans and strategies for incident response and escalation; monitoring, testing and auditing networks and information systems, facilities, and cybersecurity measures; management of the interactions between cybersecurity risk management and the overall risk management/continuity plan of an organisation.
WG1 should in particular address (a) information assurance; (b) risk metrics, to monitor, predict, track and evaluate risk exposure; and (c) awareness raising practices to acquire and disseminate cybersecurity knowledge and skills among the staff and at senior level (C-level awareness).
WG1 could also focus on the specific questions mentioned in the draft issues paper:
- How to remove the barriers to the adoption of best practices and help less advanced stakeholders to progressively increase their level of NIS; and whether the use of a Capability Maturity Model, guiding entities to progressively improve their risk management processes, would prove to be useful in this regard;
- Whether minimum security requirements could be identified to help companies and administrations counter basic threats, on which a large part of successful breaches are based, while serving as a basis to progressively implement more sophisticated risk management practices.
WG1 will to a maximum possible extent follow a cross-sectoral approach. WG1 will also look at economic, legal and technological incentives that could be set at EU and/or national level to stimulate the take-up of the best practices identified and help less advanced stakeholders to progressively increase their level of NIS. Such incentives will have to be economically sustainable and be aimed at ensuring a level playing field among businesses in the EU.
For more information and meeting minutes, please visit:
Terms of reference for Working Group 1
Minutes of the First Meeting of WG1
15 Nov 2013 / rasen_adm / Comments Off
Categories: News
First year RASEN dissemination Third RASEN General Assembly in Oslo