Project

Multilanguage information

French version
Spanish version

Overall project structure
The project is divided in six workpackages:

• Project Management
• Dissemination and exploitation plan
• Shared advisory infrastructure
• Advisory distribution to SMEs
• Deployment and integration of ICT security products
• Measurement and Evaluation of Results
  

The most interesting from a user perspective are workpackages 3, 4 and 5.

Workpackage 3: Shared advisory infrastructure
The objective of workpackage 3 is to set up a "shared infrastructure" between the participating Centres of Expertise (established CERTs), in order to make available to the community (large enterprises and SMEs) a repository of preventative material and to take advantage of this effort to constitute a European network of expertise in that field.
The infrastructure will include vulnerability databases and it will address vulnerability inter-dependencies.

Workpackage 4: Advisory distribution to SMEs
The first objective of workpackage 4 is the definition and experimentation of a security advisory dissemination model targeted at SMEs.
The second objective is concerned with the particular technique needed to achieve the first objective - that being PKI usage in an "open" (as opposed to an Enterprise) environment - and having to deal with very large numbers of users (e.g. SMEs).
The third objective has to do with the way those preventative actions can be made available to SMEs and this will enable us to develop an "adapted" resource-funding model for this type of activity.

Workpackage 5: Deployment and integration of ICT security products
The maintenance of security products poses specific challenges to SMEs. Typically, SMEs have a limited amount of technical staff and keeping security products that have been deployed up to date with the most recent patches, signature files etc. can pose resource and logistical problems. In many cases SMEs require a service provider to distribute best practice information about their diverse security systems, releasing the technical staff within the SME to concentrate on the organisations core business. Given the diversity of requirements and solutions among SMEs, a relevant effort will be made to address different situations, extrapolating from the practical experience on the pilots, so that the results of this project can be used by a large number of European SMEs.
The recommendations made in workpackage 4, will be checked in "real life", in order to have a direct feedback from real SMEs. The objectives of this workpackage are:

To integrate the distribution of security advisories with the use of security products by SMEs. Thus, in addition to a security advisory being distributed, an SME may also receive the related information on how to correctly configure their firewall / IDS / virus scanner to deal with this vulnerability. Such information would be tailored to the type of perimeter security tools used by the SME.

To test the suitability and completeness of the information, implementing it directly to a selected number of SMEs across Europe (by each Centre of Expertise).

To automate the distribution of advisory information through the integration of automatic vulnerability scanning up to and including patch distribution and application.

Users involvment

Users may be involved in two ways:

• As final users: typically SMEs receive and use the advisories and services either directly provided by the CERTs shared infrastructure, or through intermediaries
• As intermediaries; typically ISP, ASP or Chambers of Commerce act as the intermediary between the EISPP and the end user. They may just deal with user registration and help desk, so that the overall structure can scale better, or they can add personalized services, like those that will be experimented in workpackage 5.

The figure shows some examples of how CERTs, intermediaries and SMEs interact (Hint: click on the picture to enlarge it).

The following is an example of the benefits of a selective advisory service:

An SME receives alerts for all systems running in their environment including those, for example, from: Microsoft, Compaq, Sun, Oracle, Checkpoint. The result is information overload where the SME has neither the ability nor the time to select which advisories apply to their systems - so many problems remain unsolved.

EISPP provides the SME with alerts dealing with their specific systems - e.g. Checkpoint FW-1 running on Nokia platform, Oracle 8i running on Solaris 8, or MS Win2K. EISPP also provides pointers to IDS signatures / Virus updates to detect new vulnerabilities for Oracle 8i on a Solaris 8 platform. Moreover, EISPP adds expert commentary from the network of security experts throughout Europe. The result is security information that can be used more effectively.