Dan Cimpean

Women in Cybersecurity whitepaper by Deloitte explains how the European Cyber Security Challenge (ECSC) initiative of the European Union Agency for Cybersecurity (ENISA) serves as an enabler for achieving a more balanced cyber workforce. As a well-established platform, the ECSC is an opportunity to attract more women to the cyber profession.

This report is analysing how EU Member States are approaching innovation as a strategic priority under National Cyber Security Strategies (NCSS). The analysis is structured around several aspects of innovation such as: Innovation Priorities, Industrialisation and Collaboration and Market and Policy. Each of these aspects is at the same time divided into two dimensions. Innovation priorities can be divided into Innovation in technologies and services, and into economic incentives and… Show more

This report is analysing how EU Member States are approaching innovation as a strategic priority under National Cyber Security Strategies (NCSS). The analysis is structured around several aspects of innovation such as: Innovation Priorities, Industrialisation and Collaboration and Market and Policy. Each of these aspects is at the same time divided into two dimensions. Innovation priorities can be divided into Innovation in technologies and services, and into economic incentives and investments. Industrialisation and collaboration can be divided into industrialisation processes and activities, and stakeholders’ collaboration. Market and Policy can be divided into Market and Technology Alignment and Market regulation. Each dimension can be supported by several activities and mechanisms.
(Report executed as contractor of ENISA) Show less

This study is concerned with dependencies and interdependencies among Operators of Essential Services (OES) and Digital Service Providers (DSPs) as defined in the NIS Directive and addresses emerging dependencies and interdependencies across sectors.
(Report executed as contractor of ENISA)

The CEPS Task Force on Strengthening the EU's Cyber Defence Capabilities identified a clear EU-wide interest for greater coordination and cooperation in this space. After a comparative analysis of alternative scenarios, the Task Force concluded in favour of creating an EU Cyber Defence Agency with executive competencies and therefore, the ability to develop and utilise strategic and operational capabilities at the EU level. This would mark a critical step towards a more effective and… Show more

The CEPS Task Force on Strengthening the EU's Cyber Defence Capabilities identified a clear EU-wide interest for greater coordination and cooperation in this space. After a comparative analysis of alternative scenarios, the Task Force concluded in favour of creating an EU Cyber Defence Agency with executive competencies and therefore, the ability to develop and utilise strategic and operational capabilities at the EU level. This would mark a critical step towards a more effective and collaborative approach to enhancing cyber security and resilience in the EU.  Show less

Based on detailed analysis of five different EU-level crisis management frameworks, this report highlights those lessons learnt from years of crisis management in five different sectors which would be applicable to the cyber domain, and provides a series of key recommendations regarding EU-level priorities to alter the outcome of the next cyber crisis.
(Report executed as contractor of ENISA)

This study aims to present the regulatory and non-regulatory approaches of EU Member States as well as EEA and EFTA countries to share information on cyber incidents, the different sector regulation challenges of managing cyber security issues, and their key practices in addressing them. The study identifies three types of approaches to share information on cyber security incidents: 1) traditional regulation; 2) alternative forms of regulation, such as self- and co-regulation; 3) other… Show more

This study aims to present the regulatory and non-regulatory approaches of EU Member States as well as EEA and EFTA countries to share information on cyber incidents, the different sector regulation challenges of managing cyber security issues, and their key practices in addressing them. The study identifies three types of approaches to share information on cyber security incidents: 1) traditional regulation; 2) alternative forms of regulation, such as self- and co-regulation; 3) other approaches to enable information sharing, such as information and education schemes.
(Report executed as contractor of ENISA) Show less

This report represents the outcome of an impact assessment of ENISA’s support to Computer Emergency Response Teams (CERTs) for the period 2005 until today. The impact assessment has served as a basis for a proposed roadmap to 2020. The key objectives of the study are to:
▪ Take stock of ENISA achievements in relation to European CERTs, and in light of relevant policy documents;
▪ Perform an impact analysis of ENISA’s achievements with regard to CERTs and other operational communities,… Show more

This report represents the outcome of an impact assessment of ENISA’s support to Computer Emergency Response Teams (CERTs) for the period 2005 until today. The impact assessment has served as a basis for a proposed roadmap to 2020. The key objectives of the study are to:
▪ Take stock of ENISA achievements in relation to European CERTs, and in light of relevant policy documents;
▪ Perform an impact analysis of ENISA’s achievements with regard to CERTs and other operational communities, and
▪ Provide a roadmap for the period leading up to 2020 based on the results of the impact analysis.
(Report executed as contractor of ENISA) Show less

The European Commission’s Directorate-General CONNECT (Communications Networks, Content and Technology) published the results of the feasibility assessment of a European-wide Early Warning and Response System against cyber-attacks and disruptions. ISBN 978-92-79-33423-8
The feasibility of the EWRS has been assessed by taking into account all relevant inputs: a) research into the current state of art in early warnings and response systems in the context of cybersecurity, b) a stock-taking of… Show more

The European Commission’s Directorate-General CONNECT (Communications Networks, Content and Technology) published the results of the feasibility assessment of a European-wide Early Warning and Response System against cyber-attacks and disruptions. ISBN 978-92-79-33423-8
The feasibility of the EWRS has been assessed by taking into account all relevant inputs: a) research into the current state of art in early warnings and response systems in the context of cybersecurity, b) a stock-taking of Member States’ requirements towards a European-wide EWRS against cyber-attacks and disruptions, c) identification of three scenarios for the architecture and scope of a European-wide EWRS against cyber-attacks and disruptions, d) Identification of milestones which need to be completed once the decision to implement a European-wide EWRS has been taken and concludes with e) recommendations for both the European Commission and the Member States on initiatives which could be started pending the adoption of the NIS Directive. Show less

Involved in assisting ENISA who hosted the ‘Second ENISA International Conference on Cyber Crisis Cooperation and Exercises’ on 23–24 September 2013 in Athens, Greece. The Second ENISA International Conference on Cyber-Crisis Cooperation and Exercises was a unique high-profile international event that aimed to directly support the new cyber security strategy of the European Union by helping various constituents in their efforts to establish a more coherent cyber security policy. Additionally… Show more

Involved in assisting ENISA who hosted the ‘Second ENISA International Conference on Cyber Crisis Cooperation and Exercises’ on 23–24 September 2013 in Athens, Greece. The Second ENISA International Conference on Cyber-Crisis Cooperation and Exercises was a unique high-profile international event that aimed to directly support the new cyber security strategy of the European Union by helping various constituents in their efforts to establish a more coherent cyber security policy. Additionally, the conference was a key knowledge sharing platform for national and governmental level cyber security experts. It also facilitated debate and information exchange, and offered networking opportunities to both technical experts and executive stakeholders. Show less

This technical document provides guidance to smart grid stakeholders by providing a set of minimum cyber security measures which might help in improving the minimum level of their cyber security services. The proposed security measures are organised into three (3) sophistication levels and ten (10) domains.

This document aims to provide an overview on the actual situation concerning CERT matters in Europe. It provides a list of computer emergency response teams and similar facilities by country, but also contains a catalogue of co-operation, support and standardisation activities related to them. The CERT inventory’s new improved tabulated format shows Europe’s “digital fire brigades” by sector for each country, while the new CERTs map provides filtering capabilities for all CERT teams in the… Show more

This document aims to provide an overview on the actual situation concerning CERT matters in Europe. It provides a list of computer emergency response teams and similar facilities by country, but also contains a catalogue of co-operation, support and standardisation activities related to them. The CERT inventory’s new improved tabulated format shows Europe’s “digital fire brigades” by sector for each country, while the new CERTs map provides filtering capabilities for all CERT teams in the wider EU geographical region. This now includes 195 CERT teams, 22 more than when the inventory was last updated in spring 2012.
An extra feature of the map is the inclusion of the General CERT Report and the National Governmental CERT Report, which provide information on the countries’ CERT teams. Show less

The first EU report ever on cyber security challenges in the Maritime Sector. This principal analysis highlights essential key insights, as well as existing initiatives, as a baseline for cyber security.
Recent deliberate disruptions of critical automation systems, such as Stuxnet, prove that cyber-attacks have a significant impact on critical infrastructures. Disruption of these ICT capabilities may have disastrous consequences for the EU Member States’ governments and maritime sector.

The objective of this study launched by the European Commission Directorate General Regional Policy was to assess the situation prevailing in Romania regarding public procurement with a view to identifying malfunctions and weaknesses regarding the institutional framework, applicable procedures and capacity of contracting authorities.

Co-author of the Cloud Security Alliance Cloud Controls Matrix (CCM v1.2) that is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider. The CSA CCM provides a controls framework that gives detailed understanding of security concepts and principles that are aligned to the Cloud Security Alliance guidance in 13 domains.

The report on EU Member States’ security policies and regulations for communication networks and information systems does analysis of rules, policies and practices EU Member States and EFTA countries develop and deploy with the aim to enhance resilience of their public e-Communication networks.
Provides high level and context specific recommendations to policy and decision makers on how Member States could improve their policies and activities. Identifies good practices that might serve as… Show more

The report on EU Member States’ security policies and regulations for communication networks and information systems does analysis of rules, policies and practices EU Member States and EFTA countries develop and deploy with the aim to enhance resilience of their public e-Communication networks.
Provides high level and context specific recommendations to policy and decision makers on how Member States could improve their policies and activities. Identifies good practices that might serve as “inspiring cases” to countries wishing to improve their policies and activities in certain areas. Show less

The report includes assessment of the impact of the ENISAs output and deliverables to the respective target groups (e.g. European Union Member States, Industry, Academia, ENISA Board Members etc.

Co-author of this ISACA publication that provides guidance primarily for business executives business management, and IT management, as well as IT developers and implementers, internal and external auditors and other professionals on the:
- Definition and nature of application controls (addressing at least the six application controls discussed in COBIT)
- Design and operation of application controls
- Relationships and dependencies that application controls have with other controls… Show more

Co-author of this ISACA publication that provides guidance primarily for business executives business management, and IT management, as well as IT developers and implementers, internal and external auditors and other professionals on the:
- Definition and nature of application controls (addressing at least the six application controls discussed in COBIT)
- Design and operation of application controls
- Relationships and dependencies that application controls have with other controls (such as IT general controls)
- Relative responsibilities of business management and IT management Show less