Externe Publicaties

Deze pagina bevat een overzicht van publicaties van externe partijen welke interessant kunnen zijn voor PvIB leden.

ENISA publicaties

• Fighting Spam
  The 2009 Anti-Spam Measure Survey

  (original site)

  The EU ‘cyber security’ Agency - ENISA (the European Network and Information Security Agency) presents its new, 3rd ‘spam report’, i.e. anti-spam measures implemented by European Internet service providers (ISPs). The report looks at spam budgets, impact of spam and spam management. No significant progress is reported in the fight against spam.
  The survey targeted email service providers of different types and sizes, and received replies from 100 respondents from 30 different countries, throughout the EU (26 /27 EU Member States); and 80 million mailboxes managed. The survey analyses how e-mail service providers combat spam in their networks, and identifies the state of art in the fight against spam. Some of the key findings are:

  • Less than 5% of all email traffic is delivered to mailboxes. [This means the main bulk of mails, 95%, is spam.]This is a very minor change, from 6%, in earlier ENISA reports.
  • 70% of respondents consider spam extremely significant or significant for their security operations.
  • Over ¼ of respondents had spam accounting for >10% of helpdesk calls.
  • Among very small providers, ¼ of respondents allocate anti-spam budgets of over EUR €10,000 per year.
  • 1/3 of very large providers dedicate anti-spam budgets >EUR 1 Mn/year.
  • Fighting spam has reached a certain level of maturity.
  • ISPs are using various kinds of measures: technical, awareness, policies and legal framework. Blacklists are the most commonly used anti-spam tool. On average 5 kinds of measures are used.
  • ISPs consider spam prevention as a competitive advantage to attract and retain customers. However, spam is not a critical factor.

The Executive Director of ENISA, Dr Udo Helmbrecht concludes:
“Spam remains an unnecessary, time consuming and costly burden for Europe. Given the number of spam messages observed, I can only conclude more dedicated efforts must be undertaken.
Email providers should be better at monitoring spam and identifying the source. Policy-makers and regulatory authorities should clarify the conflicts between spam-filtering, privacy, and obligation to deliver.”

Download the full survey and slides

• The European Network and Information Security Market
  Scenario, Trends and Challenges

  (original site)

  IDC, a ICT market intelligence consultant, has been commissioned by the European Commission to carry out a survey and analysis of the EU's ICT security industry and market for products and services.

  The objectives of the study were to collect data on the NIS market in the European Union, to describe how the market operates and to formulate recommendations for its improvement.

  The better understanding of the market resulting from the study is useful to set up establish a strategic partnership between Member States, the private sector and the research community ensuring the availability of data on the ICT security industry and the evolving market trends for products and services in the EU.

  • Terms of reference of the study

  • Final report of the study (D.7.1)

  • Evidence base - Demand analysis (D.7.2)

  • Evidence base - Supply analysis (D.7.3)

  • Evidence base - Critical Issues analysis (D.7.4)

• Een "Good practice guide on national exercises" waarin gezien het belang van voorbereid zijn op rampen, uitval en andere noodsituaties handvaten worden gegeven voor het opzetten en uitvoeren van oefeningen. Zie verder voor het document en een toelichting: http://www.enisa.europa.eu/act/res/ex/gpgb

• Een "Good Practice Guide on Reporting Security Incidents". Rapporteren over incidenten speelt een belangrijke rol in de verbetering van de weerbaarheid van netwerken en in het nieuwe regelgevend kader van de EU over electronische communicatie wordt daar ook in voorzien. De uitgebrachte leidraad beoogt opgedane ervaringen te delen en een aanzet te geven voor de discussie voor een toekomstige gemeenschappelijke invulling. Zie voor verdere achtergrondinformatie en het document: http://www.enisa.europa.eu/act/res/ir/gpg

• Een eerste inventarisatie over veiligheidsaspecten rond cloud computing heeft Enisa onlangs samengebracht in een rapport. U kunt dit vinden op: http://www.enisa.europa.eu/media/press-releases/enisa-clears-the-fog-on-cloud-computing-security-1

• Een pakket materiaal over CERTs. Dit bestaat o.a. uit de resultaten van twee vorig jaar gehouden pilot-oefeningen en een ontwerp-definiëring van basisvoorzieningen die deel zouden moeten uitmaken van nationale danwel overheidscerts. Nadere informatie kan gevonden worden op: http://www.enisa.europa.eu/media/news-items/new-certs-material