Last week ENISA had its first meeting with the ENISA Expert group for Finance Resilience and Network and Information Security (NIS). The Expert group acts as a sounding board and a pool of expertise for ongoing and future Agency activities on NIS issues in the financial sector. As such, it is a platform for financial sector experts to support future ENISA work, give input and provide feedback on ongoing ENISA work relevant for the finance sector.
Composition
The expert group is currently composed of experts from: BNP Paribas, GAD eG - IT für Banken, European Banking Federation, La Banque Postale, Bank of America Merrill Lynch, Alpha Bank, ING, Finanz Informatik, European Central Bank, ECB / Serco Services, Dutch Payments Association, Danish Bankers Association, Belfius Bank, Febelfin, Hungarian Bankers Association, Capital One, Morgan Stanley, National Australia Bank Group, SEB, Piraeus Bank, Bankinter, KBC, Paypal, Erste Bank, UBS, SPB, Crédit Agricole, Citi, Société Générale, FS-ISAC and ABILAB.
Agenda topics
The group first discussed about the need to complement (and not overlap) ongoing activities. ENISA's activities in this domain should not overlap with ongoing activities on NIS in the finance sector, but focus on cross-cutting and cross-sector issues. This means, for example;the financial sector's dependence on the telecom networks and services, the dependency on cloud computing, et cetera.
Focus net list of future work
Secondly, the group suggested a number of potential topics for focussing the work of the ENISA group. Below is a summary of the topics:.
- NIS and outsourcing: The problem for organisations in the finance sector to manage NIS, across the outsourced assets, and across the supply chain, for example in the case of cloud computing. Can certification and accreditation help here?
- Breach reporting: Breach reporting is becoming more and more important across the EU. How can we agree on a good and harmonized security breaches notification framework for the finance sector?
- Security of the communication networks and services: Banks currently struggle with a range of security issues in the electronic communication networks and services (CCLID spoofing, fake calls from banks, spoofed emails, phishing, hacked voicemail boxes, spoofed messages, DoS attacks, and so on). There should be better collaboration with the telecom sector to address the risks for the financial sector.
Next steps
We will continue the discussion about these topics, with the objective to agree on a shortlist of topics which should be addressed by ENISA in the future.
For more information about the group contact resilience@enisa.europa.eu