Presentation is loading. Please wait.

Presentation is loading. Please wait.

ESS Security and Secure exchange of information Expert Group (E4SEG) DIME/ITDG SG ESS IT Security Framework Pascal Jacques ESTAT B2 Local Security Officer.

Published byWidyawati Jayadi Modified over 6 years ago

Similar presentations

Presentation on theme: "ESS Security and Secure exchange of information Expert Group (E4SEG) DIME/ITDG SG ESS IT Security Framework Pascal Jacques ESTAT B2 Local Security Officer."— Presentation transcript:

1 ESS Security and Secure exchange of information Expert Group (E4SEG) DIME/ITDG SG ESS IT Security Framework Pascal Jacques ESTAT B2 Local Security Officer

2 The Context Core Principles for the exchange of confidential business data endorsed by ESSC in February 2016 "Exchange of confidential data takes place only when confidentiality and information security meet the highest standards". all ESS members to take the necessary regulatory, administrative, technical and organizational measures to ensure the physical and logical protection of confidential data following agreed common confidentiality standards

3 The Context common information security standards (IT, organizational and physical elements) shall be established and their implementation should be regularly monitored a system of monitoring has to be developed and implemented covering ESS members(NSIs, ONAs (Other National Authorities) and Eurostat

4 VISION 2020 - Mitigating risks of microdata exchange
Build trustworthiness between ESS Members by: Common Security Framework Security Assurance Reporting compliance to ESSC Scope: management and exchange of microdata between Member States on a mandatory basis

5 ESS IT Security Framework (1)
1. Introduction document context/scope 2. Risk analysis focussing on management & storage of microdata transfer of confidential statistical information based on ESTAT data classification

6 ESS IT Security Framework (2)
3. IT security controls Based on ISO27K:2013 entry pack : 96 out of 114 controls selected with 213 sub-controls Level 1 : 105 controls Level 2 : Full ISO27K – 114 controls 4. Guidelines for implementing controls evidences to be provided. 5. Self-assessment excel sheet with compliance scoring to Entry Pack

7 Assurance mechanism (1)
Self-assessment compiled by all ESS members June-August 2016. To help ESS measure their compliance level Results to be provided to ESTAT To inform November ESSC on IT Security landscape in the ESS Assurance mechanism Self-managed and financed certification mechanism - Conclusions of audit analysed and validated/endorsed by central ESS certification service;

8 Assurance mechanism (2)
Central ESS certification service selected through an Open Call for Tender 29 ESS members to conduct audit ESTAT Included For ONAs, NSIs should act as intermediary Applies to ESS members and service providers (contractors, private cloud provider, etc.) Multiple interactions will be needed between central certification service and ESS members. Audit details and artefacts remain confidential – Summary of certification process submitted to ESSC annually

9 Capacity Building grants
ESTAT to provide support to MS To improve their IT security level To ensure compliance to ESS IT Security Entry Pack Mono-beneficiary grants Organised in 2 steps First group of ESS members to be supported in 2017 for audit in 2018 Second group of ESS members to be supported in 2018 for audit in 2019

10 Roadmap (1) Present and discuss the ESS IT security framework.
DIME_ITDG Steering Group 18/11/2015 Working Group Statistical Confidentiality 1/12/2015 12th SIMSTAT TF Meeting 9-10/2/2016 DIME/ITDG 24-25/2/2016 ESTAT IT Advisory Committee 26/2/2016 ESTAT DM 8/3/2016 VIG 14/3/2016 ESSC 18/5/2016 ITWG 26/5/2016 DIME/ITDG SG 28/6/2016 February ESSC endorses Core Principles May 2016 – ESSC endorses IT security framework 6th June launch ESS Self-Assessment exercise

11 Roadmap (2) 31th August 2016 – Receive Self-assessment and prepare analysis June Launch call for tender for Central Certification Service September 2016 – Launch of 1st Call for proposals for mono-beneficiary grants : Capacity Building Grants to start early 2017 End 2016 Report to ESSC on ESS security level ESSC Endorsement of IT security assurance mechanism Certification mechanism ESS countries phase 1 June 2017 – Launch of 2nd Call for proposals for mono-beneficiary grants : Capacity Building Grants to start early 2018 Certification mechanism ESS countries phase 2 Certification mechanism ESS countries phase 3 End of 2017, 2018, 2019: Reporting progress to ESSC Restart cycle of certification mechanism

Download ppt "ESS Security and Secure exchange of information Expert Group (E4SEG) DIME/ITDG SG ESS IT Security Framework Pascal Jacques ESTAT B2 Local Security Officer."

Similar presentations

Cooperation Framework for Member States under ESS VIP SIMSTAT ESSnet Workshop, Rome 1 3-4 Dec. 2012 Georges Pongas (slides by Mushtaq Hussain)

Cooperation Framework for Member States under ESS VIP SIMSTAT ESSnet Workshop, Rome Dec Georges Pongas (slides by Mushtaq Hussain)
Eurostat Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer.

Eurostat Coverage of Security Issues Pascal Jacques ESTAT B0 Local Informatics Security Officer.
NEXT www.csn.es Lessons Learned from Integrated Regulatory Review Service (IRRS) 22 nd and 23 rd January 2014, Brussels Fernando Franco, Spanish Nuclear.

NEXT Lessons Learned from Integrated Regulatory Review Service (IRRS) 22 nd and 23 rd January 2014, Brussels Fernando Franco, Spanish Nuclear.
Quality assurance activities at EUROSTAT CCSA Conference Helsinki, 6-7 May 2010 Martina Hahn, Eurostat.

Quality assurance activities at EUROSTAT CCSA Conference Helsinki, 6-7 May 2010 Martina Hahn, Eurostat.
Joanna Fiedler Enlargement and Neighbouring Countries Unit DG Environment European Commission REReP → RENA Vision of the European Commission PEIP Regional.

Joanna Fiedler Enlargement and Neighbouring Countries Unit DG Environment European Commission REReP → RENA Vision of the European Commission PEIP Regional.
Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local.

Eurostat ESS Security and Secure exchange of information Working Group (E4SWG) ITDG – Item 4 Security progress and issues Pascal Jacques ESTAT B0 Local.
ESS Vision 2020 Strategic Risk Management Risk Mitigation Involvement of the DIME-ITDG DIME-ITDG Steering Group – item 07 Luxembourg, 18.11.2015.

ESS Vision 2020 Strategic Risk Management Risk Mitigation Involvement of the DIME-ITDG DIME-ITDG Steering Group – item 07 Luxembourg,
Eurostat ESS Security and Secure exchange of information Expert Group (E4SWG) Report of the activity of the Task Force in 2015 Pascal Jacques ESTAT B0.

Eurostat ESS Security and Secure exchange of information Expert Group (E4SWG) Report of the activity of the Task Force in 2015 Pascal Jacques ESTAT B0.
Eurostat ESS.VIP.SERV – sharing statistical services in the ESS Gergely Koevesd, Eurostat (B3) DIME/ITDG Steering committee 18 November 2015 1.

Eurostat ESS.VIP.SERV – sharing statistical services in the ESS Gergely Koevesd, Eurostat (B3) DIME/ITDG Steering committee 18 November
ESDEN - modernisation of data exchange in the ESS

ESDEN - modernisation of data exchange in the ESS
Item 5: Vision 2020 Implementation paper – version 1.1 DIME/ITDG Steering Group – item 05 Meeting of 18 November 2015 BECH B2/404.

Item 5: Vision 2020 Implementation paper – version 1.1 DIME/ITDG Steering Group – item 05 Meeting of 18 November 2015 BECH B2/404.
Item 5 of the Agenda of the DIME/ITDG SG 24 February 2015 ESS EA TF : Progress report Enterprise Architecture Reference Framework (ESS EA RF)

Item 5 of the Agenda of the DIME/ITDG SG 24 February 2015 ESS EA TF : Progress report Enterprise Architecture Reference Framework (ESS EA RF)
Agenda item 5 ESS Vision 2020: other activities DIGICOM and SIMSTAT DIME-ITDG joint plenary Luxembourg, 24-25.02.2016.

Agenda item 5 ESS Vision 2020: other activities DIGICOM and SIMSTAT DIME-ITDG joint plenary Luxembourg,
Eurostat Standardisation DIME-ITDG 2015 Item 6 DIME-ITDG 23-24-25 February 2015 1.

Eurostat Standardisation DIME-ITDG 2015 Item 6 DIME-ITDG February
Strategic approach to national implementation programmes for SEEA by UNSD Sixth Meeting United Nations Committee of Experts on Environmental Economic Accounting.

Strategic approach to national implementation programmes for SEEA by UNSD Sixth Meeting United Nations Committee of Experts on Environmental Economic Accounting.
From Intrastat to SIMSTAT and ESS.VIP Programme ESTAT Walter Radermacher.

From Intrastat to SIMSTAT and ESS.VIP Programme ESTAT Walter Radermacher.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 32 – Financial Control Bilateral screening:

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 32 – Financial Control Bilateral screening:
ISO 9001 Quality Management System implementation experience in the Agency on Statistics of the Republic of Kazakhstan (ASRK) Zhasser Jarkinbayev, ASRK.

ISO 9001 Quality Management System implementation experience in the Agency on Statistics of the Republic of Kazakhstan (ASRK) Zhasser Jarkinbayev, ASRK.
Audit of predetermined objectives

Audit of predetermined objectives
ESS Vision 2020 Recent developments Addressing the skill gaps

ESS Vision 2020 Recent developments Addressing the skill gaps

Similar presentations

Ads by Google