[Owasp-leaders] EC consultation on risk management and breach reporting

Ludovic Petit ludovic.petit at owasp.org
Sun Aug 5 14:29:36 UTC 2012


Hi Colin,

I'm really busy at the moment but I would be glad however to act as a point
of contact for particular sections, whatever, I'm quite familiar with this
EU Legal Framework, specially for telecoms.

Just let me know.

Best.
Ludovic
Chapter Leader OWASP France
+33 (0) 611 726 164
 Le 5 août 2012 16:15, "Colin Watson" <colin.watson at owasp.org> a écrit :

> Leaders
>
> I would like to ask if OWASP leaders, especially in the EU, would be
> able to work together to produce a combined response to the following
> EC consultation. We would need:
>
> - 1 or 2 people to coordinate actions, generate a consistent response,
> and seek EU-chapter wide support for the final draft
> - several people to act as points of contact for particular sections
> of the response
> - other people to ask for input from participants through their local
> chapter lists
>
> ------------------------------------------
>
> The European Commission has published a consultation document called
> "Improving Network and Information Security (NIS) in the EU" but
> essentially relating to future risk management and breach reporting
> requirements. Currently in the EU only telecomms companies and ISPs
> are subject to breach reporting.
>
>     Background information
>
> http://ec.europa.eu/information_society/digital-agenda/actions/infosec-consultation/docs/Background-document.pdf
>
>     Consultation
>       As PDF
>
> http://ec.europa.eu/yourvoice/ipm/forms/formpdf/securitystrategy2en.pdf
>
>       As online form
>
> http://ec.europa.eu/yourvoice/ipm/forms/dispatch?form=securitystrategy2
>
>  Some of the questions appear to be a good fit for OWASP to respond
> to, for example:
>
>     3.9. Information exchange between private companies and between
> the public and private sector on incidents, threats and risks is key
> to share best practices, build capabilities, develop trend analysis,
> manage risks effectively or reduce the impacts of incidents. What are
> the most effective ways to facilitate such exchanges at EU level
> (please explain)?
>
>     3.16. Everybody (business, consumers and governments) should
> ensure a minimum level of protection against cyber threats. Do you
> agree?
>
>     3.17. Which actions can be reasonably be expected to be taken
> respectively by business, consumers and governments to better protect
>  themselves on-line?
>
>     3.18. It is key to empower consumers and help them identify
> companies with good levels of cyber security protection. Which is the
> best way to achieve this objective?
>         - Stimulate the development of industry-led standards at EU level
> [or]
>         - Give guidance at EU level to enable consumers to
> differentiate good security products and services [or]
>         - Define compulsory security standards for goods and services
> at EU level [or]
>         - Other
>
>     3.19. If you chose other [in 3.18], please specify
>
>     3.22. People driving a car are required to take security measures
> to protect themselves and others.Do you consider that people using the
> Internet should also be subject to security obligations? If yes, which
> ones?
>
>     3.23. It is important to ensure security throughout the supply
> chain. Which is the most effective way to encourage all actors in the
> value chain (e.g. product manufacturers, software developers and
> Internet companies) to invest in security solutions at an appropriate
> level?
>
>     4.1.7. Would you in principle be favourable to the introduction of
> a regulatory requirement to manage NIS risks?
>
> ------------------------------------------
>
>
> If you would like to take part, please reply directly, or via the GIC
> mailing list:
>
>     https://lists.owasp.org/mailman/listinfo/global_industry_committee
>
> We have until October, but would really need to prepare a draft
> response by early September.
>
> Regards
>
> Colin Watson
> OWASP Global Industry Committee
> https://www.owasp.org/index.php/Global_Industry_Committee
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120805/96f211fe/attachment.html>


More information about the OWASP-Leaders mailing list