Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local.

Slides:



Advertisements
Similar presentations
Scoping the Framework Guidelines on Interoperability Rules for European Gas Transmission Geert Van Hauwermeiren Workshop, Ljubljana, 13 Sept 2011.
Advertisements

Eurostat T HE E UROPEAN PROCESS OF ENHANCING ACCESS TO E UROSTAT DATA A LEKSANDRA B UJNOWSKA E UROSTAT.
The governance of metadata management in the S-DWH
The role of ACER In the Regional Initiatives Steve Gordon Head Of the Gas Department North West Regional Initiatives 2011.
Cooperation Framework for Member States under ESS VIP SIMSTAT ESSnet Workshop, Rome Dec Georges Pongas (slides by Mushtaq Hussain)
ECVET WORKSHOP 2 22/23/24 November The European Quality Assurance Reference Framework.
An Ocean of Opportunity: An integrated maritime policy for the EU 1 Places of refuge: General legal framework and developments within IMO and the EU Alexandros.
Eurostat Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer.
| 1 Guido de Wilt DG TREN D4 EUROPEAN POLICY REGARDING MICRO-CHP EUROPEAN COMMISSION.
European Statistical Law – in preparation Kirsten Wismer & Lars Thygesen.
The ESS.VIP Programme: a response to the challenges facing the ESS Mariana Kotzeva, ESS VIP Programme Coordinator Advisor Hors Classe ESTAT.
process information Coordination of National Statistical Systems Seminar on the Implementation of Fundamental Principles Konrad Pesendorfer.
Expert group meeting on draft delegated act on the European code of conduct on partnership (ECCP) under cohesion policy
Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.
EUNetPaS is a project supported by a grant from the EAHC. The sole responsibility for the content of this presentation lies with the author(s). The EAHC.
Joana Mendes Amsterdam Centre for European Law and Governance, University of Amsterdam Jean Monnet Seminar, University of Macau 27 October 2011 Participation.
Eurostat ESTP course on International Trade in Goods Statistics April 2013 Point 2 of the agenda Legal framework for EU trade statistics.
26 August 2011 Future of access to EU confidential data for scientific purposes Jean-Marc Museux Eurostat – 58th ISI conference,
The partnership principle and the European Code of Conduct on Partnership.
Implementation of the European Statistics Code of Practice Yalta September 2009 Pieter Everaers, Eurostat.
Sponsorship on Standardisation Background and overview Daniel Defays Forwardlooking Feedback Workshop, The Hague, 30/31 May 2013.
Eurostat ESS Security and Secure exchange of information Expert Group (E4SWG) Report of the activity of the Task Force in 2015 Pascal Jacques ESTAT B0.
1 Item 2.1.b of the agenda IT Governance in the ESS and related issues Renewal of mandates STNE Adam WROŃSKI Eurostat, Unit B5.
19-20 October 2010 IT Directors’ Group meeting 1 Item 6 of the agenda ISA programme Pascal JACQUES Unit B2 - Methodology/Research Local Informatics Security.
Joint UNECE/Eurostat work session on statistical data confidentiality October 2015 Helsinki, Finland Circle of trust Maurice Brandt DESTATIS.
Eurostat Report on SDMX Reference Infrastructure User Group 1 st meeting in Luxembourg Sept 2012 Item 5.2 of the agenda November 2012IT Director's.
Slide 1 Eurostat Unit B3 – Statistical Information Technology ITDG on October 2004 IDAbc Eurostat’s proposal for a statistical project in the European.
Agenda item 5 ESS Vision 2020: other activities DIGICOM and SIMSTAT DIME-ITDG joint plenary Luxembourg,
Eurostat Standardisation DIME-ITDG 2015 Item 6 DIME-ITDG February
Eurostat Sharing data validation services Item 5.1 of the agenda.
Harmonised use of accreditation for assessing the competence of various Conformity Assessment Bodies Dr Andreas Steinhorst, EA ERA workshop 13 April 2016,
1 Recent developments in quality related matters in the ESS High level seminar for Eastern Europe, Caucasus and Central Asia countries Claudia Junker,
TAIEX-REGIO Workshop on Applying the Partnership Principle in the European Structural and Investment Funds Bratislava, 20/05/2016 Involvement of Partners.
INSPIRE and the role of Spatial Data Interest Communities (SDIC)
Legal, political and methodological issues in confidentiality in the ESS Maria João Santos, Jean-Marc Museux Eurostat.
Implementing the ESS Vision 2020
SISAI STATISTICAL INFORMATION SYSTEMS ARCHITECTURE AND INTEGRATION
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
"IT principles" Context, roadmap
ESS Security Survey ESTAT LISO – B0.
Item 3 - Progress and deployment of services
SISAI STATISTICAL INFORMATION SYSTEMS ARCHITECTURE AND INTEGRATION
IT Director's Group Meeting
2.1. ESS Agreement on Learning Mobility (IVET & Youth)
Overview of the ESS quality framework and context
Responses to recent challenges in official statistics Renewed Institutional Frameworks and adoption of good statistical practice Pieter Everaers Director.
ESS Security and Secure exchange of information Expert Group (E4SEG) DIME/ITDG Item 8 ESS Security Assurance Pascal Jacques ESTAT B2 Local Security Officer.
ESS Security and Secure exchange of information Expert Group (E4SEG) DIME/ITDG SG ESS IT Security Framework Pascal Jacques ESTAT B2 Local Security Officer.
Pascal JACQUES – ESTAT B0 Local Informatics Security Officer
The role of the ECCP (1) The involvement of all relevant stakeholders – public authorities, economic and social partners and civil society bodies – at.
New mandate for the Working Group
Opinions after the 24/25 February 2016 Plenary
Eurostat A short introduction
Item 3 of the draft agenda ESS.VIP ADMIN: progress report
Giuliano Amerini Unit E6 (Transport)
CORA ESSNet COmmon Reference Architecture starting ...
Draft Methodology for impact analysis of ESS.VIP Projects
Item 4.1 Recent activities in confidentiality and micro data access
Commission Activities Eurostat : Latest developments
The European Statistics Code of Practice - a Basis for Eurostat’s Quality Assurance Framework Marie Bohatá Deputy Director General, Eurostat ... Strategic.
Working Group on Statistical Confidentiality Item 3 of the Agenda
Resource Directors Group Introduction
EuroGroups register First results of measures on advancement
ESS Security and Secure exchange of information Expert Group (E4SEG) Item 1 of the agenda IT security assurance DIME/ITDG SG Meeting London 15/2/20189.
Item 4.2 – Towards the 2016 AES Philippe Lombardo Eurostat-F5
IT security assurance – 2018 and beyond Item 2 of the agenda DIME/ITDG Steering Group June 2018 Pascal JACQUES ESTAT B2/LISO.
Item 2.2 of the agenda IT Working Group meeting 2016
Outline Mandate Working methods Timetable
Project objectives and benefits
Overview of the ESS quality framework and context
Presentation transcript:

Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local Informatics Security Officer

Eurostat The Context (1) Regulation (EC) No 223/2009 of the European Parliament and of the Council (pream) The confidential information which the national and Community statistical authorities collect for the production of European statistics should be protected, in order to gain and maintain the confidence of the parties responsible for providing that information. The confidentiality of data should satisfy the same principles in all the Member States. (pream) For that purpose, it is necessary to establish common principles and guidelines ensuring the confidentiality of data used for the production of European statistics and the access to those confidential data with due account for technical developments and the requirements of users in a democratic society. The NSIs and other national authorities and the Commission (Eurostat) shall take all necessary measures to ensure the harmonisation of principles and guidelines as regards the physical and logical protection of confidential data. COMMISSION DECISION of 17 September 2012 on Eurostat (2012/504/EU) The Director-General of Eurostat shall, in addition, take all necessary measures to protect data whose disclosure would cause prejudice to Union interests, or to the interests of the Member State to which they relate NO IMPLEMENTING ACTIONS PROPOSED

Eurostat The Context (2) COMMISSION DECISION (EU) …/… OF 2015 ON S ECURITY IN THE C OMMISSION Article 10 Security measures regarding Communication and Information Systems All Communication and Information Systems ("CIS") used by the Commission shall comply with the Commission's Information Systems Security Policy, as set out in Commission Decision C(2006)3602, its implementing rules and corresponding security standards. Commission services owning, managing or operating CIS shall only allow other Union Institutions, agencies, bodies or other organisations to have access to those systems provided that those Union Institutions, agencies, bodies or other organisations can provide reasonable assurance that their IT systems are protected at a level equivalent to the Commission’s Information Systems Security Policy as set out in Commission Decision C(2006)3602, its implementing rules and corresponding security standards. The Commission shall monitor such compliance, and in case of serious non-compliance or continued failure to comply, be entitled to prohibit access. NEW SECURITY COMPLIANCE NEEDS

Eurostat The Vision 2.0 – Security Framework Develop an ESS that : is guided by quality in all activities and continues to deliver coherent, relevant and reliable statistics based on internationally harmonised concepts, sound methodologies and a strict data protection regime; engages users proactively and meets their demands in a cost-efficient and responsive manner; promotes efficiency and realises productivity gains through collaboration in sharing methods, tools, technological infrastructure and where appropriate data and human resources, based on legal frameworks and all prerequisites needed to ensure statistical confidentiality; embraces opportunities provided by the digital transformation and harnesses new data sources to produce meaningful statistics; delivers information in an interactive and easily understandable way, and improves the statistical literacy of European citizens and institutions by guiding them through the deluge of data and information from various origins.

Eurostat Vision Security Elements Privacy and security in Big Data " In the long run we will explore the potentials of setting up a protected data exchange area, in which the exchange of micro data does not cause any data privacy or security concerns in any member state. Since the partners of micro data exchange should be capable of implementing the highest data protection standards, we will explore starting the micro data exchange network within the partnership of statistical producers in the ESS only …. It requires the development of appropriate technical and organisation measures to manage the risks and in so doing protect statistical confidentiality and provide appropriate mechanisms to react to any breach of security swiftly and effectively. Above all, the procedures accompanying micro data exchange will be organised in a transparent way, so as to build-up mutual trust based on evidence…. common secure IT network for data exchange… …We will investigate the appropriateness and possibility of statistical institutes fulfilling the role of a trusted third party through which market competitors can share information without risk of disclosing sensitive data… "

Eurostat Objectives of the working group Know better each other in the ESS in terms of information security and specificities, Exchange of Best Practices in IT security, Agree on common rules, procedures, guidelines and standards for secure communication (i.e. s) and data storage/exchange/transfer in order to build mutual trust, Agree on security level of shared applications, services, processes Exchange of information on Security measures used in MS for data protection, data centre, access to micro data for research purposes; Projects/programmes linked to information security; IT architecture in MS to better understand the MS’s capacity to connect to a secured data exchange infrastructure like i.e. CCN network or sTesta; Set up a repository of information on people, roles, procedures, best practices and documentation of infrastructures

Eurostat Activities 2012 Presentation of the idea to SISAI 12-13/6/2012 Request support of ITDG for creation of a WG on IT security (29- 30/11/2012) "Enterprise Architecture Security Workshop" - December 2012 Discuss security aspects, mandate of the WG 2013 Survey Questionnaire on IT Security January-May 2013 Presentation of first findings at SISAI 2013 (13-14/5/2013) Presentation of a document on IT security for ITDG (7/6/2013) 2 Field visits in IT and FR Due to budgetary constraints, WG converted to a Task Force TF Meetings (5-6/6/2014 & 9-10/10/2014 in Helsinki) Field visits in DE, PT, FI, SI

Eurostat Results (1) Secure ing Ensured with DE, IT, SI, ES, CH, EL FI having its own system FR and PT: issues on certificates Repository of information Available on CROS portal OwnCloud solution in PT for more secure information Exchange of information and Common position Share security guidelines and notices (Secure IT development, use of video-conference facilities, etc..)

Eurostat Results (2) Build trustworthiness between ESS Members IT Security Framework Introduction Data classification Risk analysis IT security controls: entry pack – Level 1 – Level 2 Guidelines for implementing controls Self-assessment Compliance Monitoring Framework complementing the Code of Practice Feedback mechanism towards ESSC and Member State Work on labelling capacity for access facilities (557/2013) and NSIs

Eurostat Next Phase (1) Finalise the work on security framework and compliance monitoring. Organise 2 TF meetings in 2015 (May/Lisbon; October/Lux). Present security framework to ITDG in September 2015 for endorsement and transmission to ESSC Continue field visits in Member States (DK, NL, ES, SE, EL,…). Continue implementing secure exchange facility. Involve more ESS members in the TF activities Convert TF to an expert group in Broaden current participation (CH, DE, DK, ES, FI, FR, IT, NL, PL, PT, SI)

Eurostat Next Phase (2) Prepare an ESSnet project (2017) on IT security: Support ESS members to reach minimum security level Monitor and help ESS members to reach level 1 and level 2 security levels Support the Compliance Monitoring (NSI and Access facilities) Support the labelling of MS in terms of IT security Ensure communications between ESS members on security Run the network for information exchange on security breaches and threats Ensure trustworthiness between ESS partners