‘Thumbs up’ for future development of European security certifications, ENISA issues six recommendations
Some of the key ENISA recommendations in the report include, in brief:
• Generally speaking, organisations should verify their information security management systems, choose certified security products and encourage security employees to choose appropriate personal information security certifications.
• For processes, the development of the complementary standards of the 27000 family for public and private organisations should be encouraged, e.g. an ISO27001 ‘light’ for SMEs.
• As concerns products, the EU should extend the intergovernmental Mutual Recognition Agreement on Common Criteria to all Member States, as a tool for a more secure e-Communication market. EU Framework Programme 7 should sponsor research to analyse the economics of the certification of products.
• About people, the EU should strength accreditation schemes related to people certification in IT security and encourage the development of people certification adapted to different profiles, from the end-user level (Computer Driving Licence) to the most professional one (e.g. IT security officer).The EU should also reinforce bridges between education (schools and universities) and the certification process (private training and certificate providers).
For full recommendations, please refer to the full report: http://www.enisa.europa.eu/...
The Executive Director of ENISA and the Head of Technical Department Dr Alain Esterle comment: “ENISA’s report is setting the right course for an improved market of IT security certifications, which are crucial for products, people and processes”.
Why is studying certifications important? Accreditation and certification schemes are a major vector to strengthen user’s confidence in network and information security and improve business and competitiveness in Europe. In that sense, certification prolongs and complements standardization. It provides guidance and may be used as a marketing tool.
ENISA - European Network and Information Security Agency
“Single European Information Space” and The Council’s “Strategy for a Secure Information Society in Europe”. ENISA’s feasibility study is a response to a EU Commission request.
For further information, please refer to the ENISA feasibility study: http://www.enisa.europa.eu/... or Head of Department, Dr. Alain Esterle or Ulf Bergström, Press and Communications Officer, ENISA, Mob:
Press releases you might also be interested in
Weitere Informationen zum Thema "Sicherheit":
Was ist Common Criteria?
Mit Hilfe der Common Criteria for Information Technology Security Evaluation lassen sich IT-Produkte nach allgemeinen Kriterien bezüglich ihrer Sicherheit bewerten. Bei Common Criteria (CC) handelt es sich um einen international anerkannten Standard.Weiterlesen