Main Page

From SAMRisk - Risknet

Jump to: navigation, search
RISKnet: Norwegian and Nordic Network in Information Security and Societal Risk

Contents

RISKnet: Norwegian and Nordic Network in Information Security and Societal Risk

This is the public web page of the SAMRISk RISKnet project.

Contact: The project leader is Åsmund SKomedal, Norsk Regnesentral.

Project lifespan: 01.07.2008 - 30.06.2010

Status: Running.

Project description

The goal of Risknet is to establish a network of experts that strengthen expertise and readiness in industry, research and society. Risknet will advance topics by providing a common meeting ground for researchers and practitioners in the field of IT security and risk management in order to identify and explore synergies between the Risknet members.

Risknet will build an interdisciplinary national network for researchers, practitioners and end users. This network will also be a part of a Nordic network of scientist from universities and research institutes in the Nordic countries. Risknet will engage in activities that gather, debate and communicate knowledge, trends, policies, and regulations related to information security. This will cover, but not be limited to, the following aspects: future research challenges, societal risks, policy development, best practice, legal regulation, compliance, deployment methods and implementation. In particular, the following topics are covered by Risknet:

  1. Risk management and security policy development
  2. Legislation, compliance, investigations and legal proceedings
  3. Information security, security management and protection in infrastructures
  4. Security engineering and system development

Background

Information infrastructures build an indispensible foundation for Norway’s economic and community life. Infrastructures such as data networks, telecommunications, databases, financial transactions and web services pervade all of society’s functions. Any accidental or intentional failure of such infrastructures can have a large impact on Scandinavia’s and Norway’s well-being.

With the fast progress of technology, many unanswered questions about the security and risk of electronic information and infrastructures remain. Risk assessment, risk analysis and the resulting strategies for risk reduction and secure operation are important activities that need an interdisciplinary environment involving the important stakeholders. In addition to being interdisciplinary these activities need to contain strategic elements in order to improve society and evolve over time. To archive this, the different stakeholders (policy makers, academia, research institutes, developers, practitioners and end users) need to be involved in the process.

Project participants

These Norwegian institutions participate in RISKnet: Norwegian Computing Center, Norway - Mnemonic, Norway - Institutt f. Rettsinformatikk, University of Oslo, Norway - Novasecure, Norway - IPNett, Norway - Norman ASA, Norway - Brønnøysundregister, Norway

These international institutions participate in RISKnet: Karlstad University Dept. of Computer Science, Sweden - Zebranet, Denmark - Roskilde University, Denmark - VTT Technical Research Center, Finland

RISKnet topics and networking goals

The network will give it main priority to the following topics Please click here for a Detailed description of RISKnet topics.

RISK MANAGEMENT AND SECURITY POLICIES

Risk Management as a process should provide a balance between (all kinds of) costs, benefits and opportunities in a business operation. Therefore, it is necessary to apply an appropriate framework and to correctly set the scope and boundaries of the Risk Management process.

LEGISLATION, COMPLIANCE AND LEGAL PROCEEDINGS

Information security compliance is important in such diverse topics as privacy & data protection, digital evidence procedures, and other legal frameworks. However, the bridge between a legal norm and its technical and procedural compliance is not always clear. RISKnet will support the bridge with decision-support research and the production of suggestions.

INFORMATION SECURITY

The main focus for this activity is technology, strategies for future research and its alignment with the other topics.

SECURITY ASSURANCE AND ENGINEERING

Risknet will discuss the challenges and future research topics that emerge as new types of products and services include security assurance activities. This will improve information security and provide a better protection to both organisations and citizens and be relevant for public and commercial members of Risknet.


Risknet will establish relations to international academic environments and networks working in the same field. In particular Risknet will cooperate with other national network in the Nordic countries, and establish relations to international standardizing organizations. Some of the members in the Nordic network are included as international partners in Risknet.

Risknet seminars will be open and shall facilitate exchange of ideas, open dialogue and discussion between researchers and practitioners. Workshops are normally for Risknet members and shall enable research activities to be both strategic and relevant for both the public sector and industry technology and service providers.

To achieve this, the network will arrange:

  1. A Website; create and support a common website for the network member’s communication on research topics in relation to society and member organizations.
  2. Workshops; arrange workshops for discussion and strategic development of research. The purpose of these workshops is to facilitate the highly needed two-way interaction between the research community, legislators and (industry) users. This interaction shall lead to better alignment of future research and identification of relevant challenges. The research community needs an open arena for discussion of trends and future research topics. User groups will benefit from an extended co-operation with the research community and an increased knowledge about state-of-the art and best practice.
  3. Seminars; arrange multidisciplinary open seminars for dissemination and interaction. The societal aspects of technological development should be presented, discussed and evolved in multidisciplinary forums consisting of researchers, system owners, developers, politicians, journalists and users. This in order to achieve a cross-cultural process where the different stakeholders will hear elaborated views and evaluate the impact of different viewpoints on the defined topics.
  4. Publication; collaborate in writing scientific articles, popular science articles and factual prose for publication.
  5. Project collaboration; facilitate and co-ordinate consortium establishment for project proposals. It is assumed that the different members of the Risknet have several unexploited opportunities for collaboration and joint research activities due to a lack of knowledge about each others activities and field of work. Hence, this shall lead to new applications and research projects, mainly to EU (FP7, EEA programs, ITEA, Eureka) and national funding agencies.

Project results - activities and documentation

RISKnet organized several seminars, and contributed to international conferences. In addition, several members of RISKnet propose projects together.

Timeline web.jpg

Events

Projects and collaboration created out of RISKnet

Links & background materials

  • Sweden passed a new law on data traffic surveillance by its intelligence services. As many foreign data infrastructures are run by and through TeliaSonera, there is a large media debate about the security consequences for Norway, Finland, Denmark and other countries. See an article in Norwegian in Dagens IT, 10.7.1008!


Project materials

Handouts and presentations from the workshops and seminars are available from the event pages listed above in the "Events" section.

Project Material

You can get a high-resolution version of the RISKnet project logo.


Program RISK-NET 6 may 2010, Norwegian Computing Center ,Gaustadalleen 23, 4 floor. Room Alfa-Omega Time: 9:00-15:30: 

  "IT development, risk and loss, securing enterprise systems in Norway"

Session Chair: Habtamu Abie

1) Opening of RISK-NET workshop: «Overview of vulnerabilities - what should we be worried about?» 9:15 – 9:50 Speaker: Åsmund Skomedal, Research Director Norwegian Computing Center, Associate Professor, Gjøvik University College Presentation: vulnerabilities 

9:50 - 10:00 coffee break

2) Legal issues in system development: «Contracts, resposibility, liability, risks» 10:00 - 11:00 Speaker: Arve Føyen, (Founder) Partner Føyen Advokatfirma DA Presentation: legal issues

3) System ownership: MinID and BankID

11:00 - 11:30 «Challenges in integrating and supporting large scale applications like MinID and ID porten» Speaker: Olav Skarsbø, Service leader MinID, DIFI Presentation: MinID


11:30 – 12:00 «Assuring availability and security of electronic ID for web-banking» Speaker: Nils Inge Brurberg, Product Director, BankID Norge Presentation: BankID 

12:00- 13:00 Lunch

4) Status on Computer Crime and Information Security in Norwegian Business 13:00 – 13:30 Speaker: Arne Røed Simonsen, Senior Advisor, The Norwegian Business and Industry Security Council (NSR) Presentation: Crime

5) Risk analysis of IT systems: «Experiences and methodology from industry» 14:00 – 14:30 Speaker: Geir Arild Engh-Hellesvik, Ernst & Young Presentation: Experiences 

14:30- 14:35 coffee break

6) Funding Norwegian security research 14:35 – 15:00 Speaker: Olaug Råd, Senior Advisor, Division for large projects Department for future technology, Norwegian Research Council Presentation: Funding 


Panel discussion - «What effort reduces risk most efficiently?» 15:00 – 15:30 Panel moderator: Lothar Fritsch
Retrieved from "http://risknet.nr.no/risknet/index.php/Main_Page"
Personal tools