While many people fear the risk of illegal copies in this case as well, MIT Press has doubled apparently its sales of hard copies since its first
Depending on their risk adversity, they will innovate and exploit networks information differently 2. Industrial co-operation:
from exchange to production From a theoretical point of view, the notion of net -work is still very fuzzy.
Thus, risk adversity may impede the innova -tion process. Following two types of behaviour are
innovation represents a large financial risk. So they only innovate under the pressure of their environ
-tive capabilities depend on the ability to exploit exter -nal knowledge and on in-house R&d efforts.
innovativeness, proactiveness and risk-taking create the factors closely tied to an entrepreneurial firm 5, 10,11.
for the proposition that national culture influences the way firms†exploit entrepreneurial orientation has been noted by Knight
) Risk-taking propensity is expected to be crucial as well as innovation by definition requires an investment with an uncertain outcome.
Risks in using a likert scale are a The analysis concludes that innovation significantly depends on the position of
To overcome these risks indicators were tested thoroughly on validity and reliability 5 Regression analysis: innovation level explains a growth in number of buyers (Î=0. 001, r2=0. 106
and reduces risks. The aggregate of all innovations leads to a highly resilient growth sector, able to produce small and medium-sized orders of
This is in part explained by market insecurity. As respondent#2 expresses: We are not really looking into the opportunity to modernize machines.
age, willingness to take risks, gender, no other position, worked in craft firm, primary school unfinished, primary school finished, secondary not complete, vocational
Willingness to take risks is not a significant indicator, as all entrepreneurs are at least moderately
willing to take risks. Some very innovative firm consider themselves to be moderately risk taking
as they first study the market in order to reduce their risk. Respondent#25, a micro-scale
subcontractor, illustrates that willingness to take risk has enabled his firm to survive when competitors went bankrupt:
already sold. †The example illustrates that in a process of creative destruction firms that take risk
to this risk by quickly designing new products causing a speeding up of innovation processes
The highest risk is that they just sell the raw material. Therefore, this subcontractor always gets priority
methodology, 3m identifies both risks and opportunities for improvement at all stages in the innovation process
or application can increase market risk for the developers of the technology This problem can be seen readily in the
Assurance Team London Building a Better Future published July Assurance Team meeting on creating a robust dialogue process
Zurich September Workshop on overall project Boston November Meeting on Information technology Implications Stuttgart 2001 February
Assurance Team Meeting Geneva July 2001-February 2002 Electronic Stakeholder Dialogue Intellectual Property rights September Working group Meeting
Assurance Team Meeting Jongny sur Vevey Switzerland 2002 February Stakeholder Dialogue Meeting on Intellectual Property rights
Working group and Assurance Team Meeting London March EIRMA Roundtable: Sustainable Development and the Innovation Process
Assurance team Roger Baud, ETH Sheena Boughen, ECOS Corporation Wolfgang van den Daele, Berlin Science Center for Social Research (WZB
as security for a loan. In some countries, however, patents are crucial and often indispensable to have access to any funding for
consider IP as collateral/security for loans. However in the aftermath of the †dot com crisisâ€, questions
Road safety and security...pp. 17†21 Action area 4: Integration of the vehicle into the transport infrastructure...
Data security and protection, and liability issues...pp. 26†27 Action area 6: European ITS cooperation and coordination...
Road safety and security ITS-based road safety and security applications have proved their effectiveness,
but the overall benefit for society depends on their wider deployment. At the same time, some safety -related issues require additional attention:
security of transport systems must be taken into account without jeopardising efficient and effective transport operations
Data security and protection, and liability issues The handling of data †notably personal and financial â€
-change assistance), collision warning and emergency braking systems as well as other applications including ecall (emergency call †see page 18), driver hypo-vigilance systems, †speed alertâ€
>introduce advanced emergency braking systems AEBS) and lane departure warning systems (LDWS in heavy-duty vehicles:
safety-and security-related ITS systems, and further promote the more developed/advanced ones >TASKS AND ACHIE VEMENTS
security-related ITS systems, including their installation in new vehicles (via type approval) and, if relevant, their retrofitting in used ones
countermeasures and safe human†machine interfaces was planned also. Based on the outcome of this work and if appropriate or required, specifications may be
electronics and communications raises security and privacy issues which, if left unaddressed, could jeopardise the wider
be security vulnerabilities in electronics and communications systems. ITS technologies must ensure the integrity confidentiality and secure handling of data, including personal
study launched in 2011, addressing the specific data security and data protection issues related to ITS applications and
Assess the security and personal data protection aspects related to the handling of data in ITS applications and services and propose measures in full compliance
Data security and data protection DGMOVE brochure ITS A4 indd 26 11/05/11 15: 16t105146 cee. pdf 28t105146 cee. pdf 28 20/06/11 13: 5020/06/11 13:50
instance, the liability risks may be highly complex †the term †defective product†is used in the EU product liability directive
Data security and data protection Legal framework: Directive 2010/40/EU For further information
STUDIES AND REPORTS Transport E u R O P E A n COMMISSION European Research Area Intelligent
CCTV) security systems to more advanced applications integrating live data and feedback from aâ variety of information sources (e g. parking guidance, weather information
•road safety and security •integration of the vehicle into the transport infrastructure •data security and protection, and liability issues
•European ITS cooperation and coordination The ITS Directive is aâ seven-year legal framework for aâ coordinated deployment of ITS, intended
solutions, in order to lower the risk of collision by continuously monitoring driver behaviour and driving conditions †and
and the risks of distraction, systems were implemented inâ two vehicles and road-tested in real traffic situations
dynamic traffic management and control, with surveillance cameras, sensors and electronic message signs that aim to regulate flows by informing drivers about expected travel times to
involved in emergency or public transport services †or even to goods vehicles, where appropriate The same data can also be used to extend the functionality
The high weight of long range trucks poses some threats to the surrounding environment, and it is important to help
will inevitably include measures such as access control and road charging to manage the level of demand.
address legitimate concerns around digital issues like privacy and security without damaging the ICT ecosystem
One of the areas currently most at risk is digital trade Policies that lead to
the expected benefits of privacy and security, and it also holds significant potential to slow
to implement, †according to the European Network and Information security Agency rendering the attempt not only damaging to commerce but wasteful as well. 188 And as
and computer systems that introduce new patient risks, staff frustration, and outcomes below expectation •The focus must shift from automation of clinical work to
by many as a threat to the established routines that enable organisa -tions to function, as well as to other valuable practices.
innovation, public health and security, KETS (7) and Digital Agenda, are much more common than others (see Table 3). Thematic objectives,
%Public health and security 192 14.7 %Digital Agenda 152 11.6 %Cultural and creative industries 81 6. 2
%Food security and safety 25 1. 9 %Development of regional cultural and creative industries 24 1. 8
%Public health and security Human health 5. 6 %As expected, there is a higher frequency in the priority combinations based on these main
There is a risk that these investments stem from political priorities, rather than from a real discovery process and
A potential risk of basing priority decisions mainly on future potential is that regional and national
Public administration, security and defence Defence Public administration, justice, judicial, public order, fire service and safety activities
Security and investigation activities Services to buildings and landscape activities Travel agency, tour operator and other reservation service and related activities
Safety and security Space Transport and logistics Blue growth Aquaculture Blue renewable energy Coastal and maritime tourism
ICT trust, cyber security and network security Intelligent inter-modal and sustainable urban areas (e g. smart cities New media and easier access to cultural contents (e g. heritage
Public health and security Ageing societies Food security and safety Public health and well-being Public safety and pandemics
Service innovation New or improved organisational models New or improved service processes New or improved service products (commodities or public services
and security arrangements. They are typically connected via a fibre transport ring (regional backbone. Regional headends are
sensible risks and trying new things Recommendation 10 †Research area Encourage research on the implementation process of ICT-ELI,
taking into account intellectual property, security and data protection issues 131 58.0 25. Supporting research on the perspectives of various actors and stakeholders such as
Supporting research on (physical and mental health, security and legal issues related to ICT-ELI. 130 43.1
Supporting research on (physical and mental health, security and legal issues related to ICT-ELI 3. 5 Area 5:
organisational risk aversion, conservative cultures and excessively hierarchical arrangements constitute key barriers for scaling up ICT-ELI (Kampylis, Law, et al.
and risk taking (73.3%).%)Changing practices i e. developing a culture of innovation) is a long and complex process that requires, among other
taking sensible risks and trying new things 120 73.3 32. Developing long-term strategies to advance the capacity of school leaders to adopt and
and other stakeholders when taking sensible risks and trying new thingsâ€, while for policy/decision makers and others it is:
when taking sensible risks and trying new things 73.3 120 21. Encouraging research on the implementation process of ICT-ELI, focusing on the
property, security and data protection issues Encouraging research on the implementation process of ICT-ELI, focusing on the
Supporting research on (physical and mental health, security and legal issues related to ICT-ELI Promoting research on the ICT-ELI that happen at micro-level
stakeholders when taking sensible risks and trying new things Promoting diversity in ICT-ELI by funding a number of pilots in different
security and data protection issues 8 4. 6 3. 8 11.5 21.4 22.9 35.1 58.0 Supporting research on the perspectives of
mental health, security and legal issues related to ICT-ELI 8 4. 6 13.1 11.5 26.9 24.6 18.5 43.1
other stakeholders when taking sensible risks and trying new things 8. 8 5. 0 5. 8 14.2 24.2 49 49.2 73.3
sensible risks and trying new things 6. 12 52 6. 19 27 5. 67 24 5. 88 17
security; health and consumer protection; information society and digital agenda; safety and security including nuclear;
all supported through a crosscutting and multi-disciplinary approach LB-N A-26601-EN -N
needs to be clear legislation governing patient privacy and protecting the security of health information
In addition, surveys and surveillance activities collect more data from and about individuals The key to effective patient information systems is to retain the link between the individual and the data
surveillance, and operational research (as shown in the flow diagram below Many health information systems do not in fact retain data in the form of an individual patient record
disease surveillance and reporting Furthermore, an EMR may contain clinical applications that can act on the data contained within its
enhanced surveillance and monitoring, and fewer medication-related errors, such as incorrect prescriptions involving the wrong drug, wrong dose or incorrect route of administration.
data from clinics for use in disease surveillance and health status. However, it is more difficult to capture
and disease surveillance. By understanding disease status trends, patterns and response to interventions, resources can be allocated better
Confidentiality and security guidelines developed by UNAIDS/USG Protecting the privacy and security of health information should be a high priority for all countries.
However the subject is complex and providing necessary access as well as confidentiality can be difficult in practice
have provided a set of guidelines for the confidentiality and security of health information (30 Nineteen per cent of responding countries have adopted these guidelines
data structure, data interchange, semantic content, security, pharmacy and medicines business devices, business requirements for electronic health records,
models, terminology, security, and technology for interoperability. CEN TC 251 works closely with the ISO
security issues related to patient data Fifteen per cent of the responding countries use this standard.
risk of losing compatibility with historical data. However, if the definitions in the standards are not clear
and privacy of patient information and security (36 Conclusions 4 54 The resolution urges Member States to
ehealth bodies to provide guidance in policy and strategy, data security, legal and ethical issues, interoperability, cultural and linguistic issues, infrastructure, funding
data privacy and security Member States rely on this resolution to provide high-level guidance for ehealth planning.
to the management of patient information are data privacy, security, and interoperability. This unique resource, the National ehealth Strategy Toolkit, will be published in 2012
recognizes the important need for the development of patient health data privacy and security standards Individual patient data must be protected from unauthorized disclosure.
Guidelines on protecting the confidentiality and security of HIV information: proceedings from a workshop Geneva, UNAIDS, 2007
at org. apache. pdfbox. pdmodel. encryption. Securityhandler. encryptdata (Securityhandler. java: 312 at org. apache. pdfbox. pdmodel. encryption.
Securityhandler. decryptstream (Securityhandler. java: 413 at org. apache. pdfbox. pdmodel. encryption. Securityhandler. decrypt (Securityhandler. java:
386 at org. apache. pdfbox. pdmodel. encryption. Securityhandler. decryptobject (Securityhandler. java: 361 at org. apache. pdfbox. pdmodel. encryption.
Securityhandler. proceeddecryption (Securityhandler. java: 192 at org. apache. pdfbox. pdmodel. encryption. Standardsecurityhandler. decryptdocument (Standardsecurityhandler. java:
158 at org. apache. pdfbox. pdmodel. PDDOCUMENT. openprotection (PDDOCUMENT. java: 1597 at org. apache. pdfbox. pdmodel.
PDDOCUMENT. decrypt (PDDOCUMENT. java: 943 at org. apache. pdfbox. util. PDFTEXTSTRIPPER. writetext (PDFTEXTSTRIPPER. java: 337
procurement due to the difficult application procedures, a lack of awareness and the greater risk of
link in the risk-sharing chain, shares some of the risk with financial intermediaries in the participating
A high risk of lending to SMES can emerge from the uncertainty of their invest -ments in certain knowledge-related activities,
-ary) exposure to risk, in order to stimulate the provision of debt finance to SMES at local level
It focuses on the fields of innovation and knowledge-based economy, environment and risk prevention
risks limiting the impact in any one area 5. 1. 2 Potential Regional Benefits Developing and implementing smart specialisation policies
•Priority Area B-Data Analytics, Management, Security & Privacy •Priority Area C-Digital Platforms, Content & Applications
well as data related to online security and cybercrime, gender and youth, and cultural and environmental aspects.
Cybersecurity readiness should be improved by 40%by 2020d Target 3. 2: Volume of redundant e-waste to be reduced by 50%by 2020
organize and take urgent action to exploit the possibilities and harness the challenges effectively†(UNSC, 2014). 30 In view of declining
d Data being compiled by the Global Cybersecurity Index (GCI Source: ITU 29 Measuring the Information Society Report 2014
security frameworks •Which techniques are needed for data anonymization for aggregated datasets such as mobile-phone records
transparency and digital security issues Box 1. 4: What is a data revolution The report of the High-level Panel of Eminent Persons on the
and food security (MDG 1), education (MDG 2 gender equality (MDG 3), health (MDG 4, MDG 5
monitoring and surveillance of infants and children, through the analysis of health data collected through public health applications
an emergency or of getting urgent medical attention remotely IDI and MDG 5: Improve maternal health
for syndromic surveillance, especially to model the spread of vector-borne22 and 187 Measuring the Information Society Report 2014
them to generate individual credit risk profiles. This information could help many of the world†s unbanked to have access to
well as with privacy and security. Addressing such privacy and other concerns with respect to data sharing and use is critical,
considered a business risk mitigation strategy for operators in emerging markets. However, such cooperation is predicated on opening up the
Privacy and security As social scientists look towards private data sources, privacy and security concerns become
paramount. To mitigate the potential risks, all stakeholders must see tangible benefits from such data sharing.
These stakeholders include not just the public and private sectors, but also significantly, the general public, who in many
registration Information security imperatives have prompted increasingly governments to require registration information, even for prepaid customers (GSMA, 2013b), but even with
consumer confidence and hinder efforts to exploit big data for the greater social good. Encryption virtual private networks (VPNS), firewalls, threat
monitoring and auditing are some potential technical solutions that are employed currently 199 Measuring the Information Society Report 2014
but they need to be mainstreamed (Adolph 2013). ) The paradigmatic shift required to address privacy has started,
a balanced risk-based approach may be required in the context of what is under discussion here
syndromic surveillance, as in the case of malaria in Kenya (Wesolowski et al. 2012a), big data are
minimal privacy risks •Restricting the use of probabilistic predictions: While the use of big data
21 Syndromic surveillance refers to the collection and analysis of health data about a clinical syndrome that has a significant
35 Anonymization and security techniques are very rich. For further information, see, for example, El Emam, K. 2013
46 A media access control (MAC) address is a unique identifier that is assigned to network interfaces mostly by a hardware
ITU (2006), Security in Telecommunications and Information technology: An overview of issues and the deployment of existing
ITU GSR discussion paper (2014), Big data-Opportunity or Threat. Retrieved from: http://www. itu. int/en/ITU-D/Conferences
Narayanan, A. and Shmatikov, V. 2008), Robust de-anonymization of large sparse datasets. 2008 IEEE Symposium on Security
a comparison of traditional surveillance systems with Google Flu Trends. Plos One, 6 (4), e18687. doi:
Changes during Migration. 2011 IEEE Third Int†l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int†l
Using New Data to Understand Emerging Vulnerability in Real-time UN High-level Panel (2013), A new global Partnership:
Rewards and Risks of Big data (B. Bilbao-Osorio, S. Dutta and B Lanvin, Eds References
risks as rapidly as new markets emerged The opportunity for digital technologies to create new businesses is real,
Risk aversion †â€oeit†s not worth the risk†What are the most significant cultural
-manded such speed that it is â€oeat risk of diluting employee morale. †metric systems more than half of companies fail to set key performance
2 Field of Action I-egovernment, Interoperability, Cyber security, Cloud computing, Open Data, Big Data and Social media...
2. 2 Cyber security †Information systems and networks Security...45 2. 2. 1 Introduction...45 2. 2. 2 European context...
5. Fighting poverty and social exclusion-at least 20 million fewer people in or at risk of poverty and
Reduction of population at risk of poverty or social exclusion in number of persons <580,000 8, 907,000 (2012
ï Field of action 1-egovernment, Interoperability, Cyber security, Cloud computing, Open Data Big data and Social media †increase efficiency and reduce the public sector costs in Romania by
ï Field of Action 1. 2 †Cyber security †Romania†s Cyber security Strategy ï Field of Action 1. 5 †Open Data †National Anticorruption Strategy 2014 †2016
3. Pillar III †Trust & Security †increases the trust of web users in electronic services and online
Cyber security Cloud Computing Open Data, Big Data and Social Media 1. 1. Increasing the transparency of public
security networks and systems III-Trust and security Page 10 of 170 In order to reach the goal to
reform the way how the government works, shares information engages citizens and delivers services to
Cyber security Cloud computing Open Data, Big Data and Social Media Define the Informational Perimeter of Public services
the national cyber security system Operative Council for Cyber security (COSC responsible All Ministries offering public services Ministry of Interior
Cyber security #of cyberattacks/threats registered by the Government on private data Target: To be defined based on Appendix 5
Methodology Achieve a Cluster 3 rating for Maturity based on EU NIS Market Maturity Target: To be defined
based on Appendix 5 Methodology IT Spending for Security Target: To be defined based on Appendix 5 Methodology
#of training programs regarding cyber security Target: To be defined based on Appendix 5 Methodology Improve legislation Operative Council for
Cyber security (COSC responsible All Ministries offering public services Ministry of Interior Strengthening the partnership between public & private sector
Operative Council for Cyber security (COSC responsible All Ministries offering public services Ministry of Interior Data base Consolidation of
Knowledge Operative Council for Cyber security (COSC responsible All Ministries offering public services Ministry of Interior Boost the Research & development
capabilities in cyber security Operative Council for Cyber security (COSC responsible Page 15 of 170 All Ministries offering
public services Ministry of Interior Cyber security Infrastructure Operative Council for Cyber security (COSC responsible All Ministries offering
public services Ministry of Interior CERT-RO Operative Council for Cyber security (COSC responsible All Ministries offering
public services Ministry of Interior Implementing security standards Operative Council for Cyber security (COSC responsible All Ministries offering
public services Ministry of Interior Inter-institutional cooperation Operative Council for Cyber security (COSC responsible All Ministries offering
public services Ministry of Interior Development of public awareness programs in public administration and the private sector
Operative Council for Cyber security (COSC responsible All Ministries offering public services Development of educational programs Operative Council for
Cyber security (COSC responsible All Ministries offering Page 16 of 170 public services Training Operative Council for
Cyber security (COSC responsible All Ministries offering public services Concluding agreements of international cooperation for improving the response capacity in
the event of major cyber attacks Operative Council for Cyber security (COSC responsible All Ministries offering public services
Ministry of Interior Participation in international programs and exercises in the cyber security field Operative Council for
Cyber security (COSC responsible All Ministries offering public services Ministry of Interior Promote the national security interests in the international
cooperation formats in which Romania is a member Operative Council for Cyber security (COSC responsible All Ministries offering
public services Ministry of Interior Consolidation of the Acquisition Process for the Public Institutions IT Infrastructure
Ministry for Information Society (responsible All Ministries offering public services Cloud computing, Data Management and Social Media
#of applications performed based on Governmental Cloud Target: at least 2 per county by 2020 #of applications
performed based on Big Data Unique Point of Contact or Single Sign on Ministry for Information
Society (responsible All Ministries offering public services Procure and bring into service a range of components and services forming
the cybernetic security in Romania and the European Cybercrime Centre within Europol (center instituted in
2013, at European level Ministry for Information Society (responsible Ministry of Economy support Ministry of Public Finances
an investment should improve at least the security of a public service. All initiatives should describe tangible and quantif iable
5. Protect security and privacy Ensuring a trusting environment for public services is crucial for a fast adoption of these in an online
A small security flaw in one service can have a detrimental effect on the perceived benefits
All investments will take all the appropriate measures for ensuring security for services, data, and processes.
Security should cover all aspects of a service (financial security, operational security, transactional security. Security should not compromise usability
of a service (for example entities should not impose a nonstandard way for authentication, registration, authorization;
entities should not issue a different token/card than the one marked as standard by the Romanian Government
the risk of poverty Field of action 1 Field of action 2 Field of action 4
Security, Cloud Computing, Open Data Big data and Social media Field of Action II ICT in Education, Health
Establish the National Cyber security System Boost R&d in cyber security Define Governmental Cloud Capacity Data center Consolidation
Establish key principles for Social media Promote public debates Support for Open Government and Big Data Common infrastructure
SECURITY, CLOUD COMPUTING, OPEN DATA, BIG DATA AND SOCIAL MEDIA 2. 1 EGOVERNMENT AND INTEROPERABILITY 2. 1. 1 Introduction
related to data security All public bodies will adhere to this Line Action Portal Operational Implementation of the web portals goes
to safe guard against spending public funds for systems which do not have an impact on
2. 2 CYBER SECURITY †INFORMATION SYSTEMS AND NETWORKS SECURITY 2. 2. 1 Introduction Preamble Trust and security in public services is national priority for the Romanian government
and is the underlying requirement for electronic infrastructure of data networks, electronic services and communications
the incidents were identified as the main cause of the lack of consistent security policies to protect data
Cyber security Definition Cyber security is defined as"the state of normality that results after provisioning proactive and reactive
measures that ensure confidentiality, integrity, availability, authenticity and non-repudiation of electronic information, of private and public resources and services in the cybernetic environment.
and proactive measures can include policies, concepts, standards, security guides, risk management training and awareness activities, implementation of technical solution to project the cybernetic
information via the CIIP initiative, for border security and resilience of critical information and communications infrastructure by stimulating
Security Strategy was published, for a directive concerning measures to ensure a high common level of network and information security across the Union
A new Cyber security Strategy was developed by the European commission which comprises internal market, justice and home affairs and foreign policy angles of the cyberspace issues.
The Strategy is accompanied by the technical legislative proposal by the European commission's Directorate General
Connect to strengthen the security of information systems in the EU and is comprised of 4 major priorities
ï Developing cyber security capacity building ï Fostering international cooperation in cyberspace issues To respond to EU cyber strategy,
to address cyber security in a comprehensive manner, the activity should be spread over three sub-key pillars-NIS network and information security †law enforcement †defense
sub-pillars that already operate in various institutions in Romania horizontally and vertically as in the
European commission Strategy http://ec. europa. eu/digital-agenda/en/news/eu-cybersecurity-plan-protect-open-internet
-and-online-freedom-and-opportunity-cybersecurity In its Pillar III"Security and Trust",the Digital Agenda for Europe defines a series of cyber security
initiatives at European level to ensure cyber security incident response capabilities and the protection of personal data
In this context, the responsibility of the national cyber infrastructure protection, whose compromise would undermine national security
or prejudice the Romanian state, is equal to all institutions and companies that own such facilities, primarily the state institutions constituting the Cyber security
Operations Council in accordance with the Cyber security Strategy of Romania In order to achieve a strengthened network and information security policy,
cooperation is needed between EU governments, public institutions and private companies to improve the exchange of
information and to ensure that security issues will be addressed effectively and solved. ENISA will provide the exchange and collaboration.
A real-time response to threats is required, implementing and improving the CERT network in Europe, including the European institutions.
At the national level it is necessary to develop the operational capabilities of CERT-RO as required by law,
In fighting against cyberattacks on the information systems, Member States must amend the existing criminal law on attacks against information systems.
the European legislation on cybercrime. The initiative will improve the security of citizens and businesses
and it is expected to have a positive effect on companies, as information systems repair costs are very
cyber security incidents either in an automated manner or secured through direct communication as appropriate. It will also identify,
analyze and classify security incidents in the cyber infrastructure, as per the area of competence.
development of cyber security infrastructure that provides public utility functionality or information society services. It will also continue to develop the partnership with ENISA on combating cyber incidents
To achieve a European platform on cybercrime, Europol in cooperation with the European commission has called for the integration of all relevant EU platforms in only one.
and storing information about cyberattacks. It will be the major element in the European Centre Cybercrime. At the national level it will be carried out the analysis and optimization of
existing security platforms, eventually merging and consolidating their national platform and access to Europol and staff training in fighting against cybercrime.
The implementation, monitoring and interconnection between the European and national platforms will be achieved In order to intensify the fight against cybercrime at international and European level it will be enhanced
the cooperation between EU Member States in the fight against cyberattacks. In this respect, in the EU
we will need to create a European forum for discussion between the national government to integrate risk
management, and to create a public-private partnership. Regarding the transatlantic cooperation it is necessary to improve the EU-US relations for the application of the European commission's cyber security
plan and to have an ongoing dialogue and exchange of information with the U s In this matter, at national level, we will consider implementing processes of security risk management in
the public administration. At the same time, we will aim at enhancing consultations with similar bodies in the EU and U s,
. and at exchanging specialists with the U s. and other EU countries for 1-2 years, hiring
Cyber security Approach in Romania Risks of cyber incidents occurrence are caused by human or procedural reasons.
Thus, some of the incidents were identified as the main cause of the lack of consistent security policies to protect data that
are taken, handled, processed and stored by computer networks A positive development in the field of cyber security is the setting up of CERT-RO (http://www. cert-ro. eu
which is the national contact point for similar structures and is responsible for the development and
Also, Romania's cyber security strategy adopted by Decision no. 271/2013 sets out the objectives
and deterring threats vulnerabilities and cyber security risks and promotes Romania's interests, values and national objectives in
cyberspace. The strategy and action plan aim at setting targets for cyber security and lines of action for
the coming years. The Romanian approach is aligned to the guidelines proposed by the European Commission in the Digital Agenda and its Pillar III-Trust and Security †as well as to the progress of other
European union Member States The topic"Network Information security"is a real priority of both the European commission and national
structures. Raising cybersecurity awareness, issues such as viruses and malware, how to use passwords social engineering-blogging, how to use your computer at home,
how to use"social media",how to work Page 48 of 170 outside the office, send
The National Cyber security System (NSCC) is the general framework for cooperation that brings together public authorities and institutions with responsibilities and capabilities in the field, in order to coordinate
national actions for cyberspace security, including the cooperation with academia and business trade associations and nongovernmental organizations-NGOS
The National Center for Response to Cyber security Incidents-CERT-RO is a structure of expertise and
analyze, identify and respond to cyber security incidents of information systems Developing cooperation between the public and private sectors in order to ensure cyber security
represents a priority for action at the national level, given that cyberspace include cyber infrastructure
Currently, institutions within the National Cyber security System creates, at the level of public institutions the technical and operational framework in order to ensure interoperability between computer security
components in order to protect the cyber infrastructure within the public and increase the availability and level of confidence in the specialized public services provided to citizens, businesses and government
Romanian Indicators pertaining to Cyber security According to a Eurostat survey on ICT3 usage by individuals and households
ï 37%of Romanian users are concerned about security related aspects of online payments 2. 2. 4 Strategic Lines of Development
Strategic Lines of Development for Cyber security in Romania Strategic Lines of Development Lines of Actions Description
framework for cyber security Establishing and operationalization of the national cyber security system Strategic Setting up the platform for
cooperation and harmonization of the existing CERT capabilities at national level that should capitalize the tools, will work to strengthen
expertise in cyber risk, by fostering synergies between different action plans on cyber security (military and
civil, public-private, government non-government Responsible: Operative Council for Cyber security (COSC 3 http://ec. europa. eu/public opinion/archives/ebs/ebs 404 en. pdf
Page 49 of 170 Improve legislation Enabler Completing and harmonizing the national legislation, including the
minimum national security requirements in cyber infrastructure Responsible: Operative Council for Cyber security (COSC Strengthening the partnership
between public & private sector Operational Developing cooperation between the public and private sectors, including
information on threats vulnerabilities, risks, and those related to cyber incidents and attacks Responsible: Operative Council for
Cyber security (COSC Developing national capacities for risk management in cyber security and cyber incident response under a
national program Construction of Data base with relevant information Operational Consolidating, at the level of the
competent authorities, the potential for knowledge, prevention and counteracting of threats and minimizing risks related to the use of
cyberspace Responsible: Operative Council for Cyber security (COSC Boost the Research & development capabilities in cyber security Enabler Fostering national R & D capabilities
and innovation in cyber security Responsible: Operative Council for Cyber security (COSC Cyber security Infrastructure Enabler Increasing the resilience of cyber
infrastructure Responsible: Operative Council for Cyber security (COSC CERT-RO Strategic Developing CERT entities, in both
public sector and private sector Responsible: Operative Council for Cyber security (COSC Implementing security standards Strategic Increase cyber security by reducing
vulnerabilities and implement minimum procedural and security standards for cyber public and private infrastructures Responsible:
Operative Council for Page 50 of 170 Cyber security (COSC Inter-institutional cooperation Operational Coordination of inter-institutional
response in case of cyber security incidents Responsible: Operative Council for Cyber security (COSC Promoting and consolidating the
security culture in cyber field Development of public awareness programs in public administration and the private sector
Operational Development of public awareness programs related with threats vulnerabilities and risks of using cyberspace
Responsible: Operative Council for Cyber security (COSC Development of educational programs Enabler Educational programs in the forms of
compulsory education on the safe use of the Internet and computing equipment Responsible: Operative Council for
Cyber security (COSC Training Operational Appropriate training to people working in cyber security and promoting widespread professional certifications in the field
Responsible: Operative Council for Cyber security (COSC Developing international cooperation in the field of cyber security
Concluding agreements of international cooperation for improving the response capacity in the event of major cyber attacks
Strategic Responsible: Operative Council for Cyber security (COSC Participation in international programs and exercises in the cyber
security field Operational Responsible: Operative Council for Cyber security (COSC Promote the national security interests in the international
cooperation formats in which Romania is a member Enabler Responsible: Operative Council for Cyber security (COSC
Page 51 of 170 2. 3 CLOUD COMPUTING 2. 3. 1 Introduction Preamble Cloud computing is offering several potential benefits to public bodies,
including scalability, elasticity, high performance, resilience and security together with cost efficiency. Understanding and managing risks
related to the adoption and integration of cloud computing capabilities into public bodies is a key challenge.
Effectively managing the security and resilience issues related to cloud computing capabilities is prompting many public bodies to innovate,
and some cases to rethink, their processes for assessing risk and making informed decisions related to this new service delivering model
Currently, a range of issues faced by public authorities in terms of managing the infrastructure of informational systems entails a careful analysis of the organization strategy.
Among these, some of the more important issues are ï IT infrastructures existing on the level of different governmental organizations have problems of
scalability, effectiveness of costs, and are updated often not to the current standards ï Updating technical skills for the staff serving applications in different governmental organizations
becomes a less efficient process due to heterogeneous and/or old technology, not complying with standards, insulation of IT infrastructure and people in different institutions, etc
ï Heterogeneous security solutions which reflect in greater security risk ï Granular purchase of hardware and software solutions does not provide transparency on
governmental level Cloud computing can address all these issues by ï Enabling rapid and cost-effective procurement of information systems/services for all state
agencies ï Eliminating the duplication of effort ï Reducing risk management costs Cloud computing Definition Cloud computing relies on sharing of resources to achieve coherence and economies of scale, over a
network. At the foundation of cloud computing is the broader concept of converged infrastructure and shared services
2. 3. 2 European context On European level, intense activities are carried out for the standardization of concepts related with Cloud
Technologies. In the communication submitted by the European commission"Unleashing the Potential of Cloud computing in Europe",one provides the first definitions and European strategies in this field.
Based on the materials published by European commission, Cloud computing is understood as being a capacity of storing, processing
and accessing data encountered on remote calculation systems. In this model, the users may assign calculation resources almost unlimited for
which they need major capital investments The adoption in private sector of Cloud technologies within the European union exceeds 64%,however
the organizations are still circumspect in implementing them. The general inclination is to use hybrid
the data connections, the security platforms (on the level of data centers Responsible: Ministry for
level of availability, security redundancy for protection in case of disasters, protection to data loss etc.
ï Increase of security on the level of data center by implementation of up-to-date, standard and
proved security solutions. Data will be much less prone to loss because the data backup processes
absence of financial resources for advertising and communication, have higher risks of becoming insolvent o Enabling the SME€ s to:
creation, natural disasters and nationals security At the European level, the improvement of the analytics and data processing, especially Big data, will
-Security Enabler produce and require massive amounts of data, often unstructured and increasingly in real-time
Personal lifestyle and environmental impact factors are the most significant risk factors influencing health status
ï Expansion and diversification of emergency medical services ï Implementing e-Health solutions that facilitate disease prevention methods
decreasing the risk of fraud and preventing inappropriate medication electronic prescription Responsible: Ministry of Health with
employment, education, health, information and communications, mobility, security, justice and culture designed to combat social exclusion based on criteria such as poverty, geographical location, disability and
In 201110,40. 3%of the Romanian population was facing the risk poverty or social exclusion, being a
%)To a total of 8. 63 million people at risk of poverty or social exclusion in 2011,4. 74 million people were facing the risk of poverty
%of Romanian Population facing poverty and social exclusion Source: http://www. fonduri-ue. ro/res/filepicker users/cd25a597fd-62/2012
The main informatics risks and threats can be classified based on several criteria. So, a first criterion
highlights the risks and the threats related to the following ï Data integrity †intended alteration of the stored data or
of the data transmitted inside the electronic commerce systems ï Data availability †intended blockage of the data flows
All the risks and threats mentioned above represent critical situations which can affect in a first instance
security in Romania, and the European Cybercrime Centre, within Europol (center instituted in 2013 at European level.
Operational Responsible: Ministry for Information Society 4. 2 RESEARCH †DEVELOPMENT AND INNOVATION IN ICT
operation failures, security incidents, operations & maintenance Financial monitoring and Claw-back mechanisms The Entrustment Act will mandatory
cybernetic security The existence of certain developed strategies with respect to the cybernetic security and the development
of the electronic system for public acquisition-ESPA The lack of a regulatory framework with respect to the
security measures The lack of a long term strategy for the training of the ICT personnel in the public sector
Opportunities Threats and constraints The development of an infrastructure for the egovernment of the public services
security of the online systems Our conclusion after the SWOT analysis is that the following measures will remediate the most important
improvement of cybernetic security ï Support for the use of open sources and standards for future facilitation and assurance of
interoperability of the informatics systems ï Introducing technologies such as Cloud computing and of unitary management systems of data
Opportunities Threats and constraints National and international financing programmes in the field of education, of ICT utilisation, research
Opportunities Threats and constraints The development of the informatics infrastructure in Romania, in order to be able to support the ICT
Opportunities Threats and constraints Page 129 of 170 The development of Europeana. eu †the unique
Opportunities Threats and constraints Page 131 of 170 Supporting the development of the unique digital
The security of information, low confidence of a certain part of the citizens The continuous change of the environment and of the legal
Opportunities Threats and constraints The increase of the requests with respect to autonomous systems which include elements of
Opportunities Threats and constraints RONET project laying backhaul will harmoniously complete the NGN developments into an overall NGN
amount borrowed-securities 4. Client authenticity is verified by the bank 5. Decision 5. 1 Approval,
securities with the guarantee fund in order to grant the loan 2. If the loan application meets its
security (standard/cap amount Medium Terminating a business Bankruptcy ï 2013 -27.145 insolvency Page 139 of 170
Romanian Intelligence service National Authority for Public Acquisitions Regulation and Monitoring Tactical Level O peratio n
ï§Adherence to National Standards (security, interoperability, etc o Prioritization for the lines of actions will be done based on the following criteria
of risks and mitigation actions ï Evaluate †This phase will assess the effectiveness of an initiative and its efficiency during and
ï C5-Be safe †The services should protect all the information provided by the Public security
National Centre for Response on Cybernetic Security Incidents National Information Service National Centre for Managing the Information Society
#of cyberattacks/threats registered by the Government on private data indirect indirect indirect direct direct direct direct direct indirect direct direct
IT Spending for Security indirect indirect indirect direct indirect indirect direct indirect indirect direct direct
cyber security indirect indirect indirect indirect indirect indirect indirect indirect indirect indirect indirect #of applications performed based
Overtext Web Module V3.0 Alpha
Copyright Semantic-Knowledge, 1994-2011