Difference between revisions of "Critical Information Infrastructure Protection"

From CIPedia
Jump to navigation Jump to search
(Estonia)
(Good Practices)
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
 +
==Abbreviation==
 +
[[CIIP]]
 
==Definitions==
 
==Definitions==
 
=== European Definitions ===
 
=== European Definitions ===
Line 5: Line 7:
  
  
<!-- === Other International Definitions ===
+
=== Other International Definitions ===
Test test test. -->
+
==== GFCE-MERIDIAN ====
 +
{{definition|Critical Information Infrastructure Protection (CIIP) is defined as all activities aimed at ensuring the functionality, continuity and integrity of CII in order to deter, mitigate and neutralise a threat, risk or vulnerability or minimise the impact of an incident. <ref>[https://www.tno.nl/media/8578/gpg_criticalinformationinfrastructureprotection.pdf The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers, November 2016]</ref>}}<br/>
  
 
=== National Definitions ===
 
=== National Definitions ===
Line 15: Line 18:
 
==== [[Estonia]] ====
 
==== [[Estonia]] ====
 
{{definition|The purpose of the critical information infrastructure protection (CIIP) is to maintain a trouble-free functioning of the country's essential information and communication systems under ordinary circumstances and to ensure their continuity on a minimum level during critical situations. <ref> [https://www.ria.ee/CIIP/ Critical Information Infrastructure Protection Estonia]</ref>}}<br /><br />
 
{{definition|The purpose of the critical information infrastructure protection (CIIP) is to maintain a trouble-free functioning of the country's essential information and communication systems under ordinary circumstances and to ensure their continuity on a minimum level during critical situations. <ref> [https://www.ria.ee/CIIP/ Critical Information Infrastructure Protection Estonia]</ref>}}<br /><br />
 +
==== [[Italy]] ====
 +
{{definition|Protezione delle infrastrutture critiche informatizzate (CIIP): azioni tese ad innalzare il livello di sicurezza, affidabilità e correttezza di tutte quelle infrastrutture critiche che utilizzano, in tutto o in parte, una qualunque infrastruttura informatica per il loro monitoraggio, la loro gestione o il loro controllo; includendo, naturalmente, nel novero delle infrastrutture critiche anche quelle informatiche e specificatamente Internet. <ref>[http://www.vigilidelfuoco.gov.it/aspx/ReturnDocument.aspx?IdDocumento=2832 PROTEZIONE DELLE INFRASTRUTTURE CRITICHE INFORMATIZZATE La realtà Italiana (2004)]</ref>}}<br/><br/>
 +
==== [[Japan]] ====
 +
{{definition|In order to continuously provide CII services and to avoid serious effects on the public welfare and socioeconomic activities from IT outages resulting from natural [[Disaster|disasters]], [[Cyber Attack|cyber-attacks]] or other causes, all stakeholders should protect [[Critical Information Infrastructure|CII]] by reducing the risk of IT outages as much as possible and by ensuring prompt recovery from IT outages. <ref>[http://www.nisc.go.jp/eng/pdf/actionplan_ci_eng_v3_r1.pdf The Basic Policy of Critical Information Infrastructure Protection (3rd Edition), Japan (2015)]</ref>}}<br/><br/>
 +
==== [[Kosovo]] ====
 +
{{definition|Mbrojtja e infrastrukturës kritike të informacionit (MIKI): Programet dhe aktivitetet e pronarëve, operatorëve, prodhuesve, përdoruesve dhe autoriteteve rregullatore të infrastrukturës, të cilat kanë për qëllim të ruajnë performancën e infrastrukturave kritike të informacionit në rast të dështimit, sulmit apo aksidenteve mbi një nivel të definuar minimal të shërbimeve, si dhe që synojnë shkurtimin e kohës së rikuperimit dhe tkurrjen e dëmeve. <ref>[http://stikk.org/fileadmin/user_upload/Strategjia_Shteterore_per_Sigurine_Kibernetike_dhe_Plani_i_Veprimit_2016-2019.pdf Strategjia Shtetërore për Sigurinë Kibernetike dhe Plani i Veprimit 2016 – 2019]</ref><br/><br/>Critical Information Infrastructure Protection (CIIP): The programs and activities of infrastructure owners, operators, manufacturers, users, and regulatory authorities which aim at keeping the performance of critical information infrastructures in case of failures, attacks or accidents above a defined minimum level of services and aim at minimising the recovery time and damage. <ref>[http://www.kryeministri-ks.net/repository/docs/National_Cyber_Security_Strategy_and_Action_Plan_2016-2019_per_publikim_1202.pdf National Cyber Security Strategy and Action Plan 2016 – 2019 (2016)]</ref>}}CIIP should therefore be viewed as a cross-sector phenomenon rather than being limited to specific sectors. CIIP should be closely coordinated with Critical Infrastructure Protection from a holistic perspective. <br/><br/>
  
 
==== [[Russian Federation]] ====
 
==== [[Russian Federation]] ====
Line 23: Line 32:
  
 
-->
 
-->
 +
== Good Practices ==
 +
# The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers. <ref>[http://publications.tno.nl/publication/34625751/8a9zkX/luiijf-2016-good.pdf GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers (2016)]</ref>
 +
# Companion Document to the GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers. <ref>[http://publications.tno.nl/publication/34625885/eLJW9I/gfce-2017-companion.pdf Companion Document to the GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers (2017)]</ref>
 +
# Critical Information Infrastructure Protection (CIIP). <ref>[http://publications.tno.nl/publication/34625842/WzQ3p5/gcfe-2017-critical.pdf Critical Information Infrastructure Protection (CIIP) - 2017]</ref>
 +
<br/>
  
 
==See also==
 
==See also==
Line 35: Line 49:
 
* Test reference. -->
 
* Test reference. -->
 
[[Category:Information]][[Category:Infrastructure]][[Category:Protection]]
 
[[Category:Information]][[Category:Infrastructure]][[Category:Protection]]
{{#set:defined by=Czech Republic|defined by=Estonia|defined by=Russian Federation}}
+
{{#set:defined by=Czech Republic|defined by=Estonia|defined by=Italy|defined by=Japan|defined by=Kosovo|defined by=Russian Federation}}
 +
{{#set: Showmainpage=Yes}}

Revision as of 01:03, 24 January 2020

Abbreviation

CIIP

Definitions

European Definitions

Council Communication COM(2011)163 final

No definition provided[1].


Other International Definitions

GFCE-MERIDIAN

Critical Information Infrastructure Protection (CIIP) is defined as all activities aimed at ensuring the functionality, continuity and integrity of CII in order to deter, mitigate and neutralise a threat, risk or vulnerability or minimise the impact of an incident. [2]


National Definitions

Czech Republic

Critical Information Infrastructure Protection (CIIP) is a subset of CIP. CIIP focuses on the protection of systems and assets including components such as telecommunications, computers/software, Internet, satellites, fibre optics etc., and on interconnected computers and networks, and the services they provide. [3]


Estonia

The purpose of the critical information infrastructure protection (CIIP) is to maintain a trouble-free functioning of the country's essential information and communication systems under ordinary circumstances and to ensure their continuity on a minimum level during critical situations. [4]



Italy

Protezione delle infrastrutture critiche informatizzate (CIIP): azioni tese ad innalzare il livello di sicurezza, affidabilità e correttezza di tutte quelle infrastrutture critiche che utilizzano, in tutto o in parte, una qualunque infrastruttura informatica per il loro monitoraggio, la loro gestione o il loro controllo; includendo, naturalmente, nel novero delle infrastrutture critiche anche quelle informatiche e specificatamente Internet. [5]



Japan

In order to continuously provide CII services and to avoid serious effects on the public welfare and socioeconomic activities from IT outages resulting from natural disasters, cyber-attacks or other causes, all stakeholders should protect CII by reducing the risk of IT outages as much as possible and by ensuring prompt recovery from IT outages. [6]



Kosovo

Mbrojtja e infrastrukturës kritike të informacionit (MIKI): Programet dhe aktivitetet e pronarëve, operatorëve, prodhuesve, përdoruesve dhe autoriteteve rregullatore të infrastrukturës, të cilat kanë për qëllim të ruajnë performancën e infrastrukturave kritike të informacionit në rast të dështimit, sulmit apo aksidenteve mbi një nivel të definuar minimal të shërbimeve, si dhe që synojnë shkurtimin e kohës së rikuperimit dhe tkurrjen e dëmeve. [7]

Critical Information Infrastructure Protection (CIIP): The programs and activities of infrastructure owners, operators, manufacturers, users, and regulatory authorities which aim at keeping the performance of critical information infrastructures in case of failures, attacks or accidents above a defined minimum level of services and aim at minimising the recovery time and damage. [8]

CIIP should therefore be viewed as a cross-sector phenomenon rather than being limited to specific sectors. CIIP should be closely coordinated with Critical Infrastructure Protection from a holistic perspective.

Russian Federation

безопасность критической информационной инфраструктуры - состояние элементов критической информационной инфраструктуры и критической информационной инфраструктуры в целом, при котором проведение в отношении ее компьютерных атак не влечет за собой тяжких последствий.

Critical information infrastructure security is the state of critical information infrastructure and critical information infrastructure as a whole, in which the holding in respect of its computer attacks do not entail grave consequence. [9]



Good Practices

  1. The GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers. [10]
  2. Companion Document to the GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers. [11]
  3. Critical Information Infrastructure Protection (CIIP). [12]


See also

Notes