Institute for Internet-Security
if(is)

Links  | Kontakt  | Sitemap  | Impressum  |  if(is) auf Twitter if(is) Facebook if(is)
Internet-Early-Warning-Systems

FISHA - A Framework for Information Sharing and Alerting

Distributed european information broker for Citizens and SMEs to exchange IT security information

Motivation

Fisha-Logo
Fisha Logo

The internet is an important ressource for Citizens and SMEs for years. It helps Citzens managing their everyday life by enabling them to fulfill typical duties like Government, Online Shopping, Communication or Information Retriveal. For SMEs it is a crucial instrument for handling their business processes. Citizens and SMEs are moreover the bigger part of the european population and therefore an important participating instance. From the ENISAs (the European Network and Information Security Agency) point of view it is a crucial duty to raise the internet security awareness of this groups. For this purpose it is necessary to establish a target-group-specific communication which permamently reports about new threats and information awareness raising material. For this reason the FISHA project was founded 2009 for two years which has the aim to build a protoype based on the EISAS study.

The institute for internet-security supports the project with its experience in raising internet security awareness and particular attention on establishing an effective communication for the target groups.

Provided Information

It is planned to offer a comprehensive range of IT security related advice and information. In particular it is necessary to provide different kinds of information for different kinds of knowledge. There will be three big information groups called Alerts/Warnings, Advisories and Awareness materials.

The category Alerts and Warnings stands for technical warnings and threat levels. Technical warnings are typically warnings about an ongoing threat, event or vulnerabillity with high risk for concerned persons. Threat levels are aggregating the ongoing threat level of the internet into a single value which are often traffic lights or multi-colored systems displaying a state.

The second category advisory includes similar data but much more detailed and not immediately available. There will be also information with lower risk and awareness material for actual events. For example, this could be a phishing wave which targets customers of a specific bank. Then they should be aware of that.

The last category handles IT security awareness materials. This information class is typically longer-lived and needs more effort when creating it. Awareness material could be best practices, educational material, checklists, wizards, other tests or guides and howto's. For example, that could be informations about securing your personal computer, using the internet or general threats.

The information could be displayed as videos, pictures, comics or games.

Fisha Visualization - Data Leakage, Malware, Phishing, Scareware, Cost Traps, Spyware

Targeting the specific needs

To understand the needs of the target group, first the strengths and weaknesses of the groups must be identified, because the communication channels must fit to the strenghts and weaknesses of the target groups.

For example, citizens are using the internet for personal purposes, ranging from young to old. The SME group consists of employees and employers from small and medium-sized enterprises which also have strengths and weaknesses. One big difference is that the competences in IT security are ranging from non-existent to high based on the size of the companies. Tiny enterprises usually haven't any expert in IT security. As bigger the company size rises as higher is the probabillity that they have an IT security expert. The biggest and most important group within companies are the employees. The reason is that the most of the security violations are caused by human errors. The strenghts and weaknesses are related to them of the citizens but the impact is much higher.

Fisha: it-security information, fisha networks, channels, target groups

Some results

A research about best practices from other portals, which want to offer similar information, has been done and the requirements for the network were defined. Furthermore serveral communication channels which could be used to transport the information to the target groups were evaluated. Regarding the adequacy TV, Radio, E-Mail, Twitter, SMS and social networks were reviewed.

The collected ideas were presented and discussed in a workshop and were rated as a possible solution.

The next steps target the development of the prototype which will be deployed at the project partners for test and evaluation afterwards.

Consortium

  • if(is)
  • NASK / CERT Polska
  • PTA CERT-Hungary

Website: http://www.fisha-project.eu/

Contact

Institute for Internet-Security
Fachbereich Informatik

Dominique Petersen
Fachhochschule Gelsenkirchen
Neidenburger Str. 43
45887 Gelsenkirchen
E-Mail: dominique.peterseninternet-sicherheit.de
Tel.: +49 (0) 209. 9596 766


Link zum moeglichen Abschlussarbeiten des if(is)
Marktplatz IT-Sicherheit, Lösungen, Anbieter, Dienstleistungen, IT-Jobs
Anbieter finden!
Jobs finden!

Logo zum neuen Studiengang: Master Internet-SicherheitEinstieg auch zum
Sommersemster!

Logo zum Professor des Jahres 2011

Logo: Buch Sicher im Internet

Logo: DIX - Deutscher Internet-Index

Logo: Frühwarn- und Intrusion Detection-System auf der Basis von kombinierten Methoden der KI

Logo: Live Hacking / Awareness Performance

Logo: Turaya