[AfrICANN-discuss] ENISA report: Fighting cyber threats; Plugging the gaps. New report on proactive detection of cyber security incidents to make “digital fire-brigades” more effective‏

Joseph Mandjolo josemandjolo at ocpt.cd
Thu Dec 22 15:27:38 SAST 2011

 *Fighting cyber threats; Plugging the gaps. New report on proactive
detection of cyber security incidents to make “digital fire-brigades” more
effective *
Fighting cyber threats; Plugging the gaps. EU Agency ENISA launches report
on proactive detection of cyber security incidents to make “digital
fire-brigades” more effective
 Proactive detection measures are key to more effectively fight cyber
*The Agency today launches a **report
*which identifies 16 shortcomings in detection of network security
incidents. The report reveals that not all available tools are used widely
enough by the ‘’digital fire-brigades’’, the Computer Emergency Response
Teams (CERTs) to effectively fight cyber threats. Therefore, the Agency
issues 35 recommendations to data providers, data consumers, and at
EU/national levels to mitigate the shortcomings. *
 The *study *<http://www.enisa.europa.eu/act/cert/support/proactive-detection/>has
identified that the CERTs are currently not fully utilizing all possible
external sources at their disposal. Similarly, many CERTs neither collect,
nor share incident data about other constituencies with other CERTs. This
is concerning, as information exchange is key to effectively combating
malware and malicious activities, which is extremely important in fighting
cross-border cyber threats.
The 16 shortcomings in detection of incidents are examined in depth. Top
technical gaps include insufficient data quality (false positives in
provided data, poor timeliness of delivery), lack of standard formats,
tools, resources and skills. The most important legal problem involves
privacy regulations and personal data protection laws that hinder
information exchange.
“National/government CERT managers should use the report to overcome
identified shortcomings, by using more external sources of incident
information, and additional internal tools to collect information to plug
the gaps” says the Agency Executive Director, *Professor Udo
*35 recommendations to mitigate the shortcomings*
For *data providers,* the key recommendations focus on how to better reach
CERTs, better data format, distribution, as well as data quality
improvement. For *data consumers*, they include additional activities by a
CERT to verify the quality of data feeds, and specific deployments of new
technologies recommended. Finally, at the E*U or national level* balancing
of the privacy protection and security needs is necessary, as well as
facilitating the adoption of common formats, integration of statistical
incident data, and research into data leakage reporting.
*Background:* Proactive detection of incidents is the discovery of
malicious activity, before the complaints and incident reports about it are
received. As such, it is a cornerstone for an efficient CERT services
portfolio. It can greatly boost a CERT’s efficiency in operations,
thus *strengthening
CERT’s Incident Handling
is one of the core services of national / governmental CERTs.
*For **full report*<http://www.enisa.europa.eu/act/cert/support/proactive-detection/>
*Background:* *Digital Agenda for Europe action point 38

*Chef de Service Qualités des Services
Assistant Technique et Maintenance
projet gestion nom de domaine .CD*
*Mobile: +243 9 98 42 91 25
            +243 89 80 86 263
B.P. 1130 Kinshasa 1
e-mail: josemandjolo at ocpt.cd
          josemandjolo at hotmail.com*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/africann/attachments/20111222/5cb1948d/attachment-0001.htm

More information about the AfrICANN mailing list