[Owasp-leaders] EC consultation on risk management and breach reporting
ludovic.petit at owasp.org
Sun Aug 5 14:29:36 UTC 2012
I'm really busy at the moment but I would be glad however to act as a point
of contact for particular sections, whatever, I'm quite familiar with this
EU Legal Framework, specially for telecoms.
Just let me know.
Chapter Leader OWASP France
+33 (0) 611 726 164
Le 5 août 2012 16:15, "Colin Watson" <colin.watson at owasp.org> a écrit :
> I would like to ask if OWASP leaders, especially in the EU, would be
> able to work together to produce a combined response to the following
> EC consultation. We would need:
> - 1 or 2 people to coordinate actions, generate a consistent response,
> and seek EU-chapter wide support for the final draft
> - several people to act as points of contact for particular sections
> of the response
> - other people to ask for input from participants through their local
> chapter lists
> The European Commission has published a consultation document called
> "Improving Network and Information Security (NIS) in the EU" but
> essentially relating to future risk management and breach reporting
> requirements. Currently in the EU only telecomms companies and ISPs
> are subject to breach reporting.
> Background information
> As PDF
> As online form
> Some of the questions appear to be a good fit for OWASP to respond
> to, for example:
> 3.9. Information exchange between private companies and between
> the public and private sector on incidents, threats and risks is key
> to share best practices, build capabilities, develop trend analysis,
> manage risks effectively or reduce the impacts of incidents. What are
> the most effective ways to facilitate such exchanges at EU level
> (please explain)?
> 3.16. Everybody (business, consumers and governments) should
> ensure a minimum level of protection against cyber threats. Do you
> 3.17. Which actions can be reasonably be expected to be taken
> respectively by business, consumers and governments to better protect
> themselves on-line?
> 3.18. It is key to empower consumers and help them identify
> companies with good levels of cyber security protection. Which is the
> best way to achieve this objective?
> - Stimulate the development of industry-led standards at EU level
> - Give guidance at EU level to enable consumers to
> differentiate good security products and services [or]
> - Define compulsory security standards for goods and services
> at EU level [or]
> - Other
> 3.19. If you chose other [in 3.18], please specify
> 3.22. People driving a car are required to take security measures
> to protect themselves and others.Do you consider that people using the
> Internet should also be subject to security obligations? If yes, which
> 3.23. It is important to ensure security throughout the supply
> chain. Which is the most effective way to encourage all actors in the
> value chain (e.g. product manufacturers, software developers and
> Internet companies) to invest in security solutions at an appropriate
> 4.1.7. Would you in principle be favourable to the introduction of
> a regulatory requirement to manage NIS risks?
> If you would like to take part, please reply directly, or via the GIC
> mailing list:
> We have until October, but would really need to prepare a draft
> response by early September.
> Colin Watson
> OWASP Global Industry Committee
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders