One of the European Commission's jobs for ENISA was to see whether it was feasible to collect data from all around Europe in a consistent way. After almost 100 different data collection initiatives using more than a dozen different indicators, ENISA said that it could not be done unless there was coordination between existing data collection initiatives.
"You have to agree about certain terminologies and indicators for the different sectors to explore," De Bruin said. "This is not a trivial exercise."
ENISA concluded that a consistent European-wide data collection was possible in theory, but in practice would be extremely difficult. It decided that making Europe more aware of the problems, risks, vulnerabilities and coming trends was more important.
"Rather than having to keep looking at the rear view mirror, we need to have a forward looking and prospective orientation," said De Bruin.
ENISA's three year programme
ENISA created a three year programme to develop trust and confidence with decision makers - who were not necessarily that well informed about risks and vulnerabilities - and provide them with a better insight which would allow them to make better decisions.
De Bruin said: "The goal of the programme is that after three years we have at least fifteen of the member states that refer to ENISA as their point of reference."
To do this, ENISA started rolling a programme of producing risk assessment papers on different security topics. It isn't just ENISA employees who work on the research - experts were employed to explore the risks.
Protecting European small businesses
Another of ENISA's jobs was to look after European business IT supporting small and medium businesses in coping with information security risks and therefore become more competitive
"I believe this is an important task," said Andrea Pirotti, executive director of ENISA, at its network and information security summer school held in Greece. "Small and medium enterprises have don't have resources, financial personnel or culture to manage these issues.
He added: "Almost 90 per cent of our commercial activities in Europe are based on small and medium enterprises."
ENISA has worked particularly with small micro-businesses consisting of one to nine employees. Many of these SMEs were aware of the security problems from news sources, but there wasn't any means for them to solve them - as well as a lack of resources to invest.
De Bruin said: "Those SMEs should be actively offered ready to use solutions to help them forward, and we believe that an EU wide network to deliver such tools should be developed."
"We're working together with industry associations and working groups to define what the actual needs are and what initiatives they can benefit from."
