Risk assessment methodologies for Critical Infrastructure Protection. Part I: A state of the art

Effective risk assessment methodologies are the cornerstone of a successful Critical Infrastructure Protection program. The extensive number of risk assessment methodologies for critical infrastructures clearly supports this argument. Risk assessment is indispensable in order to identify threats, assess vulnerabilities and evaluate the impact on assets, infrastructures or systems taking into account the probability of the occurrence of these threats. This is a critical element that differentiates a risk assessment from a typical impact assessment methodologyJRC.G.6-Security technology assessmen

Accelerating understanding of resilient agriculture. Using a data sprint to catalyze new insights from existing evidence

Key messagesThe Evidence for Resilient Agriculture (ERA) dataset contains more than 100,000 observations describing which agricultural practices work where.A Data Sprint was held for six months to leverage ERA to generate new insights that maximize the impact of the dataset and build new scientific collaborations.A sample analysis that compared expert elicitation and ERA data of benefits of CSA identified little convergence and highlighted the need for integration of diverse evidence.A sample analysis that generated predictive scenarios to improve food and nutrition security in Ethiopia leveraged ERA data to identify pathways that account for local diversity.A sample analysis that assessed data deserts and research gaps using ERA data found a lack of evidence in regions with pastoral systems

Achieving ICS resilience and security through granular data flow management

Modern Industrial Control Systems (ICS) rely on enterprise to plant floor connectivity. Where the size, diversity, and therefore complexity of ICS increase, operational requirements, goals, and challenges defined by users across various sub-systems follow. Recent trends in Information Technology (IT) and Operational Technology (OT) convergence may cause operators to lose a comprehensive understanding of end-to-end data flow requirements. This presents a risk to system security and resilience. Sensors were once solely applied for operational process use, but now act as inputs supporting a diverse set of organisational requirements. If these are not fully understood, incomplete risk assessment, and inappropriate implementation of security controls could occur. In search of a solution, operators may turn to standards and guidelines. This paper reviews popular standards and guidelines, prior to the presentation of a case study and conceptual tool, highlighting the importance of data flows, critical data processing points, and system-to-user relationships. The proposed approach forms a basis for risk assessment and security control implementation, aiding the evolution of ICS security and resilience

Can the EU taxonomy for sustainable activities help upscale investments into urban nature-based solutions?

We analyze the potential of the European Union (EU) Taxonomy (ET) for Sustainable Activities to mobilize investments for the sustainability transition toward urban nature-based solutions (UNBS). We map the current investment landscape of UNBS in Europe and combine this mapping with document analysis of UNBS inclusion in the ET to understand how the ET might help overcome the well-documented barriers to UNBS finance. We suggest that the ET has a legitimizing effect on UNBS as climate investments, which can support their uptake, but also conclude that only some UNBS subtypes are explicitly included when they fit with existing investment classes. In particular, the ET (1) disregards innovative - and specifically urban - UNBS types and (2) fails to provide incentives for investments that can deliver multiple sustainable objectives, which would enhance the investment case for UNBS. Since the current investment landscape of UNBS is characterized by a strong presence of public actors and a high incidence of co-financing, we recommend that public actors leverage the ET to obtain private funding for UNBS via (green) bond issuance and public-private co-finance instruments. Our analysis indicates that the ability of the ET to upscale investments for specific sustainability transitions depends on the interplay among their current investment landscapes, specific financing barriers, and explicit inclusion in the ET

Development of the BIRD: a metadata modelling approach for the purpose of harmonising supervisory reporting at the European Central Bank - Directorate of general statistics: master and metadata

Internship Report presented as the partial requirement for obtaining a Master's degree in Statistics and Information Management, specialization in Information Analysis and ManagementThe work presented is a report documenting the work completed during an Internship at the European Central Bank (ECB), located in Frankfurt Germany from the 15th March 2019 – 15th March 2020. The internship took place in the Directorate of General Statistics (DG-S), specifically in the Master and Metadata section of the Analytical Credit and Master data division (MAM). It will be a continuation of the ECB Internal Banks’ Integrated Reporting Dictionary (BIRD) project as well as management of ECB’s centralised metadata repository, known as the Single Data Dictionary (SDD). The purpose of the dictionary and BIRD Project is to provide the banks with a harmonized data model that describes precisely the data that should be extracted from the banks' internal IT systems to derive reports demanded by supervisory authorities, like the ECB. In this report, I will provide a basis for understanding the work undertaken in the team, focussing of the technical aspect of relational database modelling and metadata repositories and their role in big data analytical processing systems, current reporting requirements and methods used by the central banking institutions, which coincide with the processes set out by the European Banking Authority (EBA). This report will also provide an in-depth look into the structure of the database, as well as the principles followed to create the data model. It will also document the process of how the SDD is maintained and updated to meet changing needs. The report also includes the process undertaken by the BIRD team and supporting members on the banking community to introduce new reporting frameworks into the data model. During this period, the framework for the Financial Reporting (FinRep) standards was included, through a collaborative effort between banking representatives and the master and metadata team

A characteristics framework for Semantic Information Systems Standards

Semantic Information Systems (IS) Standards play a critical role in the development of the networked economy. While their importance is undoubted by all stakeholders—such as businesses, policy makers, researchers, developers—the current state of research leaves a number of questions unaddressed. Terminological confusion exists around the notions of “business semantics”, “business-to-business interoperability”, and “interoperability standards” amongst others. And, moreover, a comprehensive understanding about the characteristics of Semantic IS Standards is missing. The paper addresses this gap in literature by developing a characteristics framework for Semantic IS Standards. Two case studies are used to check the applicability of the framework in a “real-life” context. The framework lays the foundation for future research in an important field of the IS discipline and supports practitioners in their efforts to analyze, compare, and evaluate Semantic IS Standard

ECHO Information sharing models

As part of the ECHO project, the Early Warning System (EWS) is one of four technologies under development. The E-EWS will provide the capability to share information to provide up to date information to all constituents involved in the E-EWS. The development of the E-EWS will be rooted in a comprehensive review of information sharing and trust models from within the cyber domain as well as models from other domains