|
Unedited news and product information from vendors. New Report on National Risk Management Preparedness: a Guideline for Critical Information Infrastructure Governance May 18, 2011 (07:05 PM EDT) BRUSSELS and HERAKLION, Greece, May 18, 2011 /PRNewswire/ -- ENISA (the European Network and Information Security Agency ENISA) has launched a new publication on National Risk Management (NRM) preparedness. The report sets out the essential elements as a guideline for the governance of NRM in relation to a country's Critical Information Infrastructure (CII). In particular, the report presents a workflow to develop and implement an NRM processes. The relationship between NRM and the management of information security risk in individual CII stakeholder organisations is identified in this new Agency report. It determines three essential NRM processes that need to be implemented by national governments, as follows:
Each of these three processes is supported by a number of activities. The report identifies a total of twelve detailed activities. These activities include among others; to set the vision, establish the NRM organisation, promote standards, create awareness, as well as to analyse errors and incidents. The framework for the governance of NRM enables governments and other national CII stakeholders to gain an overview of the elements that are required to build such a programme; and to understand the relationships between these elements. The guidelines feature a questionnaire that allows governments to assess their strengths and weaknesses in relation to NRM preparedness by using a use a five-level capability maturity measurement. The report can be used in practice by national governments to:
Background: CIIP Communication by the European Commission. For full paper SOURCE ENISA - European Network and Information Security Agency |
