Editor’s Note: ENISA’s work on the cybersecurity should be compared and contrasted with NIST’s work on the Cybersecurity Framework.
From: BankInfoSecurity
Agency’s Steve Purser on Greater Scope, ‘Proactive’ Impact
By Jeffrey Roman
The European parliament recently voted to extend and strengthen ENISA. With this new endorsement, the agency is expected to play a significant role in top cybersecurity initiatives across the EU, says the agency’s Steve Purser.
ENISA has been granted a new seven-year mandate. With it, the agency is expected to play a large role in the implementation of the EU Cybersecurity Strategy adopted by the European Commission in January.
Purser, head of operations for ENISA, says the new mandate provides ENISA with greater scope, flexibility and focus.
“The new mandate gives us a much more proactive role,” he says in an interview with Information Security Media Group [transcript below].
“Whereas in the old mandate we simply had a role of tracking the developments of standards in the area of network and information security, now we have a role in facilitating the establishment of technical standards.”
The mandate also enables greater cooperation between ENISA and other organizations, such as the European Cybercrime Centre.
“This is one of the mechanisms we use to align our work and to make sure that the fight against cybercrime is very much aligned with what ENISA is doing in terms of increasing preparedness,” Purser says.
ENISA maintains a preparatory role when it comes to cybersecurity, Purser says, not response. “We’re like a catalyst in a way,” he says. “Our aim is to bring existing groups together, to get them working on problems that are important to today’s policy agenda. And once these groups are working together smoothly, then we drop out of the equation and move on to something else.”
In an interview about ENISA’s growing influence on European cybersecurity matters, Purser discusses:
- The European parliament vote to strengthen ENISA;
- Key components of the EU’s cybersecurity strategy;
- How the agency helps organizations mitigate emerging threats.
Purser was born in the UK and attended the universities of Bristol and East Anglia, where he obtained a BSc in chemistry and a PhD in chemical physics, respectively. He started work in 1985 in the area of software development, subsequently progressing to project management and consultancy roles. From 1993 to 2008, he occupied the role of information security manager for a number of companies in the financial sector. He joined ENISA in December 2008 as head of the technical department and is currently responsible for all operational activities of ENISA.
Purser is co-founder of the ‘Club de Securité des Systèmes Informatiques au Luxembourg’ (CLUSSIL) and is currently the ENISA representative on the ISO SC 27 working group. He frequently publishes articles and is the author of ‘A Practical Guide to Managing Information Security’ (Artech House, 2004).
Role with ENISA
TOM FIELD: You were telling me you’ve got a new role since the beginning of the year. Why don’t you explain your role with ENISA to us, please?
STEVE PURSER: When I say it’s a new role, to be quite honest, it’s a continuation more or less of what I’ve been doing since I joined the agency in 2008. Broadly speaking, I’m responsible for the operational activities of ENISA. The only part I would say in the work program that’s not in my area is what we call research, which is basically desk-based Internet researching, which is done in our office.
But before I answer too much, let me explain who the European Network and Information Security Agency is in a few words. We are what’s known as a regulatory agency. That having been said, we work very closely with particularly the European Commission, and other European bodies, to make sure that we’re well coordinated in our approach. We’re a center of expertise that supports the Commission and EU member states in the whole area of information security, so it’s quite a vast subject area. One of the things we have to do is to be able to focus strongly and to make sure that we’re doing work where it’s at maximum value.
Leave a Reply