Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:14 PM
Dark Reading
Dark Reading
Products and Releases

New Report On National Risk Management Preparedness

Report a guideline for the governance of NRM in relation to a country’s Critical Information Infrastructure

ENISA (the European Network and Information Security Agency ENISA) has launched a new publication on National Risk Management (NRM) preparedness. The report sets out the essential elements as a guideline for the governance of NRM in relation to a country’s Critical Information Infrastructure (CII). In particular, the report presents a workflow to develop and implement an NRM processes.

The relationship between NRM and the management of information security risk in individual CII stakeholder organisations is identified in this new Agency report. It determines three essential NRM processes that need to be implemented by national governments, as follows:

Process 1: Define NRM Policy.

Process 2: Coordinate and Support Implementation [of risk management in CII stakeholder organisations].

Process 3: Review, Reassess and Report [on NRM].

Each of these three processes is supported by a number of activities. The report identifies a total of twelve detailed activities. These activities include among others; to set the vision, establish the NRM organisation, promote standards, create awareness, as well as to analyse errors and incidents. The framework for the governance of NRM enables governments and other national CII stakeholders to gain an overview of the elements that are required to build such a programme; and to understand the relationships between these elements.

The guidelines feature a questionnaire that allows governments to assess their strengths and weaknesses in relation to NRM preparedness by using a use a five-level capability maturity measurement.

The report can be used in practice by national governments to:

Identify strengths and weaknesses in the implementation of NRM in their Member State;

Assist in the development of a framework for the governance of NRM;

Help the government to assist CII stakeholder organisations in developing their own risk management processes; and

Assess the Member State’s NRM preparedness through the use of a defined testing process.

Background: CIIP Communication by the European Commission.

For full paper

For interviews, or further details: Ulf Bergstrom, Spokesman, ENISA, [email protected], Mobile: + 30 6948 460 143, or Dr. Louis Marinos, Expert, [email protected]

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items;




Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.