Mon. May 23rd, 2022
    en flag
    nl flag
    et flag
    fi flag
    fr flag
    de flag
    he flag
    ja flag
    lv flag
    pl flag
    pt flag
    ru flag
    es flag

    Content Assessment: Achieving Interoperability? EU Risk Management Frameworks

    Information - 90%
    Insight - 92%
    Relevance - 89%
    Objectivity - 91%
    Authority - 93%

    91%

    Excellent

    A short percentage-based assessment of the qualitative benefit of the newly published report from ENISA on EU risk management frameworks.

    Editor’s Note: From time to time, ComplexDiscovery highlights publicly available or privately purchasable announcements, content updates, and research from cyber, data, and legal discovery providers, research organizations, and ComplexDiscovery community members. While ComplexDiscovery regularly highlights this information, it does not assume any responsibility for content assertions.

    To submit recommendations for consideration and inclusion in ComplexDiscovery’s cyber, data, and legal discovery-centric service, product, or research announcements, contact us today.


    Media Announcement from ENISA*

    How to Achieve the Interoperability of EU Risk Management Frameworks

    • Published by the European Union Agency for Cybersecurity (ENISA)
    • Authors include Costas Lambrinoudakis, Stefanos Gritzalis, Christos Xenakis, Sokratis Katsikas, Maria Karyda, Aggeliki Tsochou, Kostas Papadatos, Konstantinos Rantos, Yiannis Pavlosoglou, Stelios Gasparinatos, Anastasios Pantazis, and Alexandros Zacharis

    News Release

    The European Union Agency for Cybersecurity (ENISA) issues an analysis of the interoperability potential of cybersecurity risk management frameworks and methodologies to improve decision-making.

    The report (Interoperable EU Risk Management Framework) published today (January 13, 2022) is primarily designed to assess the existing risk management frameworks and methodologies in order to identify those with the most prominent interoperable features.

    What is security risk management?

    Information security risk management consists of the coordinated activities of an organization in order to control information security risks. These activities are inscribed in a process allowing to:

    • establish the external and internal context;
    • assess the risks and decide whether to address the risks;
    • draw a plan to implement decisions made on how to manage the risks.

    In order to reduce the risks to an acceptable level, the process includes an analysis of the likelihood of potential security breaches prior to making the decision on solutions to implement.

    About the report

    A systematic survey of risk management approaches was performed in different contexts such as industry, business, government, academia, etc. The process included a variety of inclusion criteria ranging from best practices, methodologies proposed as standards and guidelines by international and national standardization bodies, etc.

    Key European stakeholders interviewed could share their views which were considered in the process and shaped the analysis of the outcomes. This resulted in:

    1. A new ENISA inventory of risk management frameworks and methodologies;
    2. A study on the way to evaluate and categorize European Risk Management Frameworks based on their interoperability potential including a baseline of an EU-wide interoperability framework.

    Key outcomes of the report

    The analysis and research performed resulted in the compilation of the following information:

    • the identification of fully developed national and sectorial risk management frameworks and methodologies and their components;
    • the identification of specific features such as national or international scope, target sectors, size of target audience, maturity, compliance with relevant standards, compatibility with EU regulation and legislation, etc.
    • the development of a methodology for the assessment of the interoperability potential of the identified frameworks based on a set of factors such as risk identification, risk assessment and risk treatment;
    • the application of the methodology to identify frameworks with a higher interoperability potential.

    The elements gathered in the study serve the purpose of providing keys to potentially form a more coherent EU-wide risk management framework.

    Besides, the report includes a proposal for a new ENISA inventory of risk management frameworks and methodologies: the Compendium of Risk Management Frameworks with Potential Interoperability.

    Background

    Risk management is the process of identifying, quantifying, and managing the risks an organization faces. The process aims to reach an efficient balance between the opportunities available to enhance prevention of cyber risks and reducing the vulnerabilities and losses. As an integral part of management practices and an essential element of good governance, risk management needs to be seeking to support organizational improvement, performance and decision-making.

    ENISA contributes to risk management by collecting, analyzing and classifying information in the area of emerging and current risks and the evolving cyber threat environment.

    The aim of this work was not to build yet another risk management framework from scratch. It rather serves the purpose to exploit parts of existing schemes, based on the inventory work done in the introductory step of this project.

    As next steps ENISA is planning to:

    • Define interoperable terms between EU risk management frameworks & regulatory frameworks;
    • Develop common/comparative risk;
    • Create a Methodology & Protocol that helps Member States with the uptake of interoperability of proposed risk management framework.

    Read the original release.


    Read the Complete Report: Interoperable EU Risk Management Framework (PDF) – Mouseover to Scroll

    ENISA Report - Interoperable EU Risk Management Framework

    Read the Complete Report: Compendium of Risk Management Frameworks with Potential Interoperability (PDF) – Mouseover to Scroll

    ENISA Report - Compendium of Risk Management Frameworks with Potential Interoperability

    *Shared with permission under Creative Commons – Attribution 4.0 International (CC BY 4.0) – license.

    Additional Reading

    Source: ComplexDiscovery

     

    Have a Request?

    If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

    ComplexDiscovery is an online publication that highlights cyber, data, and legal discovery insight and intelligence ranging from original research to aggregated news for use by cybersecurity, information governance, and eDiscovery professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data, and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

    ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data, and legal discovery organizations. Focused primarily on supporting the ComplexDiscovery publication, the company is registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world. The company operates virtually worldwide to deliver marketing consulting and services.

    Challenged by Leaky Forms? A Study of Email and Password Exfiltration

    The report "Leaky Forms: A Study of Email and Password Exfiltration...

    Automating Incident Response? Considering Artificial Intelligence in Cyberspace

    According to the recent research report from the CCDCOE on Automated/Autonomous...

    Russian Cyberattack Activity in Ukraine: A Special Report from Microsoft

    According to an April 27, 2022 report from Microsoft's Digital Security...

    Informing Business Decisions? Cybersecurity Market Analysis Framework from ENISA

    The ENISA Cybersecurity Market Analysis Framework is designed to improve market...

    Smarsh to Acquire TeleMessage

    “As in many other service industries, mobile communication is ubiquitous in...

    A Milestone Quarter? DISCO Announces First Quarter 2022 Financial Results

    According to Kiwi Camara, Co-Founder and CEO of DISCO, “This quarter...

    New from Nuix? Macquarie Australia Conference 2022 Presentation and Trading Update

    From a rebalanced leadership team to three concurrent horizons to drive...

    Strong Growth? KLDiscovery Inc. Announces First Quarter 2022 Financial Results

    According to Christopher Weiler, CEO of KLDiscovery Inc, “The first quarter...

    On the Move? 2022 eDiscovery Market Kinetics: Five Areas of Interest

    Recently ComplexDiscovery was provided an opportunity to share with the eDiscovery...

    Trusting the Process? 2021 eDiscovery Processing Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    The Year in Review? 2021 eDiscovery Review Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    A 2021 Look at eDiscovery Collection: Task, Spend, and Cost Data Points

    Based on the complexity of cybersecurity, information governance, and legal discovery,...

    Five Great Reads on Cyber, Data, and Legal Discovery for May 2022

    From eDiscovery pricing and buyers to cyberattacks and incident response, the...

    Five Great Reads on Cyber, Data, and Legal Discovery for April 2022

    From cyber attack statistics and frameworks to eDiscovery investments and providers,...

    Five Great Reads on Cyber, Data, and Legal Discovery for March 2022

    From new privacy frameworks and disinformation to business confidence and the...

    Five Great Reads on Cyber, Data, and Legal Discovery for February 2022

    From biometric recognition and artificial intelligence to data embassies and processing...

    Feeding the Frenzy? Summer 2022 eDiscovery Pricing Survey Results

    Initiated in the winter of 2019 and conducted eight times with...

    Surge or Splurge? Eighteen Observations on eDiscovery Business Confidence in the Spring of 2022

    In the spring of 2022, 63.5% of survey respondents felt that...

    Types and Shadows? Issues Impacting eDiscovery Business Performance: A Spring 2022 Overview

    In the spring of 2022, 36.5% of respondents viewed increasing types...

    The Tide is In? eDiscovery Operational Metrics in the Spring of 2022

    In the spring of 2022, 46 eDiscovery Business Confidence Survey participants...