Conference

ENISA Risk Management Workshop

ENISA Risk Management Workshop in Rome 2006

Time
October 13, 2006 from 00:00 to 00:00
Place
Rome, Italy
Contact name
Dr. Louis Marinos
Contact phone
+30 2810 391 359
Add to calendar
Add to iCal, Add to vCal

Workshop Summary

ENISA has organized a Workshop on Risk Management/Risk Assessment in Rome in 13th October 2006. The purpose of the workshop was to present ENISA results of 2006 in the area of Risk Management, and also to gather user requirements and user feed back in that area.

The interest of the related community has been manifested by more than 40 European experts who attended the workshop. They represented different areas and aspects of Risk Management, ranging from education and training to Risk Management needs for small and large companies.

Since the ENISA results are directed to both experts and non-experts, a balance in the audience was achieved by attracting security experts on the one hand (e.g. security consultants, experts in related areas, professional users) but on the other hand stakeholders from areas with lower affinity to security (e.g. SMEs, professional associations, education etc.).

The workshop has been accordingly divided into three sessions, one informing the audience about delivered and upcoming ENISA results; a second one with reports from activities of other players in the filed; a third to collect user feedback; and finally a session to conclude the discussed issues:

  • Session 1: Tackling present and future results of the ENISA Work Programme 2006. Furthermore, in this session the work of the ENISA ad hoc Working Group on Risk Management has been presented.
  • Session 2: Explaining other key activities in Risk Management with speakers and representatives of major European actors and initiatives in Risk Management. Objective was to demonstrate what are currently the developments that area.
  • Session 3: Focusing on users requirements. Panel session with a number of major players in the area of Risk Management, and representatives of user associations. The aim was to produce a good overview of expectations, current activities and various user needs.
  • Session 4: Discussing and concluding the workshop. Several aspects raised by the audience by means of user feedback and suggestions have been summarized and discussed with the participants.

Both with the diversified presentations and the discussion, numerous aspects of Risk Management and its application in businesses have been raised and addressed. One can summarize the workshop highlights as follows:

  • Participants underlined the importance of emerging risks for their work and encouraged ENISA to further elaborate on this issue.
  • The participants appreciated the ENISA work presented and expressed the need to continue in this direction by adding examples and best practices, both for current and emerging risks.
  • ENISA should provide guidance for the introduction of Risk Management in SMEs. One possible approach can be based on size considerations and on the level of confidentiality of processed information. This can be expressed via various profiles, expressing particular threat and protection levels. Relevant work in member states has to be taken into account in structuring the final ENISA result (e.g. work conducted in Germany and Finland).
  • ENISA should play a catalytic role in the field of Risk Management concerning best practices. Similarly ENISA should participate in the review process leading to a balanced regulatory activity within Europe in this field. This is an important requirement especially in the telecommunications sector, where responsibilities among stakeholders regarding security issues need to be clarified.
  • To identify regulatory relevance of external and internal risks, ENISA should analyze which regulations contain references to treatment of risks (e.g. SOX, Basel II, etc.). Besides the inventories in the ENISA web site, this information would be valuable for organizations that are interested in legal requirements concerning the management of external and internal risks.
  • Besides the technical details of Risk Management and Risk Assessment, attention has to be paid to organizational integration issues. This will lead to a higher effectiveness of introduced methods and procedures in organizations.
  • ENISA has to proceed with the generation of knowledge on Risk Management and with the collection of data on Risk Assessment. This will help both non-experts and experts in applying Risk Management/Risk Assessment in their daily businesses.
  • Together with other initiatives and relevant bodies, ENISA should participate in the discussion on Risk Management in Europe and the identification of new issues of Risk Management/Risk Assessment towards European research and development. Examples of such engagements are the cooperation within conferences (ARES, ISSE), as well as possible cooperation with the Security Risk Management Initiative (SMRI).
  • The current event can be considered in the long term as a forum to communicate in the future new developments, events and ENISA results in the area of Risk Management and Risk Assessment. This might be achieved by both organizing such events and establishing a virtual forum.

Some of the above points of feed back have been to a certain extend anticipated in current and future ENISA results. As soon as possible, as many as possible of the above aspects will be integrated into the forthcoming ENISA Work Programmes and/or various ENISA actions during the coming years.

All presentations held in the workshop are publicly available as downloads and can be found in Downloads below. Similarly, in this site future ENISA results will be integrated. The intension is, to make this information resource one important knowledge base for the public (i.e. experts and non-experts).

Downloads

Location

We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Ok, I understand No, tell me more