Sep 24, 2013
from 09:00 AM to 05:00 PM
Auditorium MADOU, Place Madou 1, 1210 Brussels
|Contact Name||Slawomir Gorniak, Clara Galan|
|Add event to calendar||
Note to participants: The workshop will take place in Brussels on September 24th 2013. A workshop organized by the IAS project consortium is planned for the following day, September 25th 2013, also in Brussels. The IAS project, financed by the European Commission, has as its objective to conduct a feasibility study on an electronic identification, authentication and signature policy in the EU. The IAS study workshop is aimed to collect and discuss feedback from stakeholders on the implementing needs relating to the forthcoming Regulation (delegated and implementing acts). Since the workshops will take place on consecutive days, we believe participants would benefit most from attendance to both, as they offer a comprehensive view of the current state of the art of the trust service framework. More information on the IAS project can be obtained following the link: http://www.iasproject.eu
Trust services are meant to add integrity, authenticity and confidentiality to electronic communications, and therefore they are a key factor to boost the citizens’ confidence in online transactions. The whole lifecycle of trust service provision, from the issuance of a certificate to its revocation, as well as all the added services, such as signature verification or long term preservation, need to be equipped with strong security measures to guarantee trust is not broken in any step of the process.
The European Commission, aware of the importance of advancing towards a mature and harmonized trust services market, presented in July 2012 a proposal for a new Regulation on electronic identification and trust services for electronic transactions, which will supersede the current Directive 1999/93/EC on a Community framework for electronic signatures.
Art. 15 of the proposed Regulation establishes certain provisions regarding the security requirements applicable to trust service providers. Art 15.1. points that trust service providers shall appropriate technical and organisational measures manage the risks posed to the security of their services. The article stresses that these measures shall ensure that the level of security is appropriate to the degree of risk, they shall prevent and minimise the impact of security incidents and inform stakeholders of adverse effects of any incidents.
In order to facilitate the implementation of this provision, as well as to generally support trust service providers in the introduction of best security practices, ENISA has been working on 2013 on a series of studies on the topics of risk assessment, security requirements and incident management for trust service providers issuing electronic certificates, as well as the security aspects of the new trust services foreseen in the proposed Regulation.
ENISA aims to validate the results of its studies with stakeholders, and for this purpose we have planned both a workshop and a survey on the topic of security aspects of trust services. The objective of the workshop is not just to present and discuss the results of ENISA studies, but also to promote an open exchange of ideas among the different stakeholders involved in the trust services sector.
The workshop has been structured to achieve the following targets:
- To present the studies conducted by ENISA on the topics on security of trust services: risk assessment guidelines, security measures, trust breaches and security aspects of the new trust services defined in the Regulation.
- To validate the results of the studies with participants’ feedback. We have selected a format for the sessions to contribute to open discussion.
- To facilitate the dialog among the different stakeholders of the trust service sector: providers (for any type of trust services), regulators, supervisors, independent forums, etc.