Monday, 21 January 2013

Cloud security - more ENISA reports

ENISA's further cloud security reports may have been missed by some, being published on their site around Christmas time without any press releases or announcements that I could find. Links to those reports are below.
Also, ENISA wants to create a single working group of experts "to initiate discussions and studies, and to validate analyses and recommendation related to cloud security and resilience". The kick-off meeting of the expert group is planned for end February 2013. You can sign up to this group by emailing marnix.dekker (at) .
  1. Cloud computing - Benefits, risks and recommendations for information security, Rev.B – December 2012 (revised by Thomas Haeberlen & Lionel Dupré; original authors  of 2009 version Daniele Catteddu & Giles Hogben): an update of their very popular 2009 paper on cloud risk assessment.
    Summary, full PDF, issue tracker.
  2. Critical Cloud Computing - A CIIP perspective on cloud computing services, Version 1.0, December 2012, by Dr. M.A.C. Dekker: cloud computing and critical services – cloud dependencies and failures - an overview of some key threats from a CIIP perspective with some specific recommendations.
    Summary, full PDF, issue tracker.
Another late Dec ENISA publication which may have escaped wide attention is National Cyber Security Strategies  - Practical Guide on Development and Execution - for policymakers, a "set of concrete actions, which if implemented will lead to a coherent and holistic national cyber-security strategy. It also proposes a national cyber-security strategy lifecycle, with a special emphasis on the development and execution phase. For each component of the strategy a list of possible and indicative Key performance indicators (KPIs) will be described."