WorkshopsDeSIRE and DeFINE

CNR, Pisa

25th -27th November, 2002

Dr. Stefano Bruno and Daniel Bircher, Ernst Basler + Partners Ltd.

Ernst Basler + Partners Ltd.Zurich/Zollikon, Switzerland

http://www.ebp.ch

General Overview

• Ernst Basler + Partners Ltd. is a planning, consulting and engineering company, based in Zurich.

• The services range from the concept development to implementation and from the technical solutions to management consulting and strategy planning.

• The seven Business Units are: Civil Engineering, Project Management, Infrastructure and Transport, Energy and Technology, Environment, Safety and Security, and Information Technology

• About 20% of the projects are international

1

Process and Information Security

The Business Field “Process and Information Security” is part of the Business Unit “Safety and Security”. The activities include:

• Projects covering dependability aspects of critical infrastructures

• Support of and involvement in the Swiss information assurance community (constitution building, elaboration of concepts etc.)

• IT security concepts

2

Selected Activities And Projects

• Development and application of methods for risk analysis for critical infrastructure sectors

• IT-Simulation game “INFORMO 2001”

• Elaboration of concepts for a national information sharing and analysis unit

• Founding member of the Swiss foundation “InfoSurance” (a PPP project for dependability)

• Swiss partner of the DDSI project

• Elaboration of the „International Critical Information Infrastructure Protection Handbook“ (with Swiss Federal Institute of Technology, Zurich)

3

Contacts Within Dependability Community

Ernst Basler + Partners Ltd. has amongst others the following close contacts within the Swiss dependability community:

• Swiss Federal Strategy Unit for Information Technology

• Swiss Federal Office of Communication

• Swiss Federal Office for National Economic Supply

• Swiss Federal Institute of Technology, Zurich

• University for Technics and Architecture, Lucerne

• Foundation InfoSurance

4

Research Areas For DeSIRE/DeFINE (I)

Ernst Basler + Partners Ltd. suggests contributions for DeSIRE/DeFINE in the following four research areas:

• A. Infrastructure vulnerabilities

• B. Socio-economic studies

• C. Cyber-crime and cyber-abuse

• D. Training tools

5

Research Areas for DeSIRE/DeFINE (II)

A. Infrastructure vulnerabilities

• Methods for IT risk assessment (e.g. QPRA, FTRA), based on 30 years of in-house experience

• Methods and models to assess and to simulate interdependencies of information infrastructures with Geographic Information Systems (GIS)

• Practical risk analysis methods for the use in critical (information) infrastructure sectors

6

Research Areas for DeSIRE/DeFINE (III)

B. Socio-economic studies

• Behavioral studies regarding aspects of trust and confidence in the Information Society

• Behavioral studies regarding the use/non-use of IT security tools (virus protection, strong passwords etc.), based on interviews

7

Research Areas for DeSIRE/DeFINE (IV)

C. Cyber-crime and cyber-abuse

• Conceptual and organisational models and approaches for early warning capabilities and information sharing schemes

• Development of models or trusted networks for information sharing

• Conceptual research for cyber-crime databases and statistics (based on SIBIS results)

• EU-related models for developing/strengthening public private partnerships (PPP)

8

Research Areas for DeSIRE/DeFINE (V)

D. Training tools

• Concepts for education and training of dependability stakeholders

• Establishment of a forum/platform for information sharing, common training facilities, e-learning etc.

• Guideline/Handbook for simulation gaming for dependability key players

9

Contact Information

Ernst Basler + Partners Ltd.

Zollikerstrasse 65

CH-8702 Zollikon

Phone + 41-1-395 11 11

Fax + 41-1-395 12 34

Internet

Dr. Stefano Bruno Daniel Bircher

E-Mail: stefano.bruno@ebp.ch E-Mail: daniel.bircher@ebp.ch

http://www.ebp.ch

10