The Executive Director Udo Helmbrecht gave an “ENISA perspective on Electronic Trust Services (eIDAS)” on October 22nd at the Secure 2014 Conference in Warsaw.
The meeting brought together leading international experts, applied solutions, hot topics presenting state-of-the-art solutions, analysis of the current threats, latest trends in ICT security and important legal issues.
Analysing the threat landscape a dramatic increase of risks on cloud, mobile and wireless services feature with an increase in DDoS and phishing. An overview of breach notification in EU law and security requirements for Trust Service providers was compared to the existing practise where there is relative rare internal or risk assessment. Recommendations for Trust Service Providers (TSP) include:
- Trust service providers in the EU and a national regulatory framework
- Standardisation in the area of trust services
- Supervision and audit of trust service providers
- Certification of electronic signature products
- Cryptographic algorithms in certification services
- Incident handling procedures
- References to minimum security requirements for personal data protection, using state-of-the-art techniques
- Collaboration with ETSI, ESI
Udo Helmbrecht said: “Trust Service providers perform an important role within the EU and national regulatory framework. The increasing demands for security resulting from the threat landscape urge us to review the existing means for auditing Trust Service Providers, and stress the increasing need for standardisation, certification of services and products with the embedded use of cryptographic algorithms”.
Further, an audit of Trust Services will be soon available covering:
- Obligations, warranties and liability of TSPs
- Standards applicable to TSPs and CABs
- Audit methodologies
- TSPs documentation (policies, procedures)
- Implementation
For more information: Secure 2014 conference