Main idea of the event:
In many European countries, methods and tools for Risk Management and Risk Assessment are already available. In many cases, these methods are released by public authorities, agencies or ministries. Apart from these, numerous methods and tools have also been developed as commercial products.
In the context of this event, we would like to present the experience drawn from the implementation of the Risk Management process in various European countries. For each country, the authority maintaining the national method/tool, an association of users (e.g. chambers, professional associations etc.) or a multiplier (e.g. consulting firms) and finally some representative end-users will present their views on Risk Management and Risk Assessment and will report on their experience in applying relevant approaches in their businesses.
The presented country cases have been selected so as to cover the major European developments in that area and encompass various business sectors. The presentations will demonstrate the importance of Risk Management and Risk Assessment in end-user organizations from various business sectors.
One further objective of the event is to identify the barriers in the adoption of Risk Management, especially by small and medium enterprises, and in particular to:
- Present the end-users' perspective on Risk Management and security: which are their needs their preparedness and the available knowledge on Risk Management?
- Identify potential gaps: which are the shortages of existing tools and methods? Is it the awareness, the complexity of existing methods or the absence of appropriate approaches that lead to a low engagement of SMEs in Risk Management and security?
- Identify existing approaches of knowledge transfer: present country reports on how to proceed in the relevant field. What is the experience gained?
Selected country cases :
The presented country cases selected cover five European countries. The number of the cases to be presented was decided considering the available time frame for the event (i.e. one and a half days). Moreover, the selection of the cases was also made with a view to present the internationally recognized approaches in Risk Management and Risk Assessment followed by some EU countries (e.g. Germany, France and UK). However, other EU countries currently making significant efforts in this area are also considered (Austria, Spain). Specifically, the country and business cases that will present their experience on deploying the Risk Management process are the following:
- Germany - Insurance Sector: Bundesamt für Sicherheit in der Informationstechnik (BSI), HiSolutions AG and presentation by a small organisation from the insurance sector.
- United Kingdom - Security in retail supply chain sector: Presentation of ISO 17799, presentation of a retailer and one/two SMEs participating in supply chain.
- France - Manufacturing: Direction centrale de la sécurité des systèmes d'information (DCSSI), EBIOS Club and presentation by an end-user from the manufacturing sector.
- Spain - Financial sector: Spanish NSA, presentation from one multiplier and a SME from the financial sector.
- Austria - Regulation: Bundeskanzleramt Österreich, presentation by the Chamber of Commerce and presentation by a SME.
In the second part of the event, that is on the second day, a panel discussion with key players from the various EU countries, associations and the industry will be held. In this panel, the results/conclusions from the country cases presented will be discussed.
We would like to invite key players from the area of Risk Management and Risk Assessment to express their opinions on the issues identified in the context of the conference. At the same they will be invited to express their views on the matter and suggest ways of addressing the identified challenges towards improving the deployment of the Risk Management process in organizations. In particular, the challenges of encouraging Risk Management and Risk Assessment for SMEs will be discussed.
A Steering Committee with experts from the particular countries has been set. The SC consists of the following persons:
- Chair: Dr. L. Marinos, ENISA, Greece, Dr. Jeremy Ward, Symantec, UK
- Prof. Sadie Creese, Warwick Digital Laboratories, UK
- Prof. I. Schaumueller-Bichl, Univ. of Appl. Science Hagenberg, Austria
- Prof. D. Karagiannis, Univ. of Vienna, Austria
- Aljosa Pasic, Atos Origin, Spain
- Marcos Gomez Hidalgo, INTECO, Spain
- Prof. José A. Mañas, Univ. Politécnica de Madrid, Spain
- Dr. Lydia Tsintsifa, BSI, Germany
- Alexander Geschonneck, HiSolutions, Germany
- Serge Lebel, DCSSI, France
- Loïc Bournon, EBIOS Club, Sagem, France
- Martina Rohde, DG INFSO, A3, Belgium
- Vincent Tilman, Eurochambres, Belgium
- Dr. Alain Esterle, ENISA, Greece
- Peter Pfeifhofer, ENISA, Greece
- Dr. Simone Balboni, ENISA, Greece
We expect c.a. 200 participants for this event. The participation in this ENISA event will be free of charge. Participants have to cover their own traveling and accommodation expenses.