8

What is the European counterpart organization to USA's NIST?

I want to check the European best practices and guidelines on computer security. Does anyone know if this organization exists, and if there are available publications?

I need to check the policy role of some firewall but in general I want to know what is the de-facto standard organization to watch.

I live in Italy.

Zuly Gonzalez
  • 394
  • 3
  • 21
boos
  • 1,066
  • 2
  • 10
  • 21

3 Answers3

5

The appropriate organisation for Europe is ENISA, however as Rory points out there are also organisations specific to the sovereign states, which all have their own legislation regarding data protection and information security.

  • As i see in the ENISA's web site i cant for example find any specific stuff about firewall, i think the ENISA is far away from the 'maturity' of NIST. thanks – boos Feb 24 '11 at 13:30
3

There are a range of organisations throughout Europe - so if you want a specific one, you should state which country is of interest. Also, NIST produce guidelines which are generally appropriate anywhere so if you currently use them, they will give you a good basis.

You should look at ISO:IEC 27002 (and in fact the entire 27000 range) as well as the Data Protection Act 1998 (or it's local equivalent) as these are good guidelines.

If you can give more information as to what you are protecting and what country you are in there may be more specific documents we can point you at.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
-1

Or check ACPO (Association of Chief Police Officers)Guidelines, you just have to narrow it down to the ones applicable to your current case. e.g This one is for Digital Evidence: http://www.digital-detective.net/digital-forensics-documents/ACPO_Good_Practice_Guide_for_Digital_Evidence_v5.pdf

I hope that helps, cheer!

LadyT
  • 1
  • Welcome to Information Security Stack Exchange! I'm not sure this answers the question. The OP asks for a European equivalent to NIST. The document you provide seems specific to digital forensics, rather than best partices and guidelines for securing systems. ACPO ([apparently now NPPC](https://en.wikipedia.org/wiki/Association_of_Chief_Police_Officers)) seems to be about police work, rather than being a specific body for ICT standards and guidelines. – S.L. Barth Aug 04 '17 at 11:19