Wir sind nicht sicher, ob die letzte Antwort auf diese Anfrage Informationen enthält – »falls Sie Carly Minsky sind, bitte melden Sich an und lassen es uns wissen.

Cyber-security breaches and responses at Esma

We're waiting for Carly Minsky to read recent responses and update the status.

Dear European Securities and Markets Authority,

Under the right of access to documents in the EU treaties, as developed in Regulation 1049/2001, I am requesting documents which contain the following information:

1) Information on the number of known occasions that ESMA's systems or databases were subjected to a cyber-attack over the last five years, and any comparative figures for other periods.
2) Information on the number of occasions an unauthorised third-party (external to ESMA) accessed systems, data or documents at ESMA over the last five years
3) Information on the number of occasions someone internally gained unauthorised access (intentionally or otherwise) to systems, data or documents at ESMA over the last five years.
4) Information on the number of occasions that ESMA had to take action in response to security breaches or suspicious activity over the last five years, and details of what action was taken
5) Any documents relating to cyber-security policies, controls, testing, staff training, disclosure and incident response at ESMA.

Please feel free to contact me to discuss my request.

Yours faithfully,
Carly Minsky

Info ESMA, Europäische Wertpapier- und Marktaufsichtsbehörde

Dear sir or Madam,

Thank you for your message.

We value your input and question raised on this issue. As with all
relevant questions that are submitted to us by external sources, we have
taken note of the points raised and are consulting internally as well as
with the relevant ESMA committees to assess whether further public
guidance is needed. Please refer to
[1]https://www.esma.europa.eu/questions-and... for information on
criteria followed by ESMA to accept and prioritise questions.

Please note that ESMA endeavours to reply within two months to factual
questions received and within four to six months to policy questions that
raise new points of interpretation.

Please also note that a question is much more useful when submitted
together with a proposed answer. We would therefore be grateful if you
could suggest possible answers should you need guidance on other issues in
the future.
Finally, please note that this inbox only handles general enquiries. If
you are contacting us to make a complaint, you should first refer to the
complaints section of the ESMA website. There you will find information on
how ESMA can help and who you should contact to make your complaint.

Regards,

ESMA

 

References

Visible links
1. Follow link
https://www.esma.europa.eu/questions-and...

Eugenia Siracusa, Europäische Wertpapier- und Marktaufsichtsbehörde

Dear Ms Minsky,

 

Pursuant to Article 7(1) of the Regulation (EC) 1049/2001 ESMA hereby
acknowledges the receipt of your access to documents request -
Cyber-security breaches and responses at Esma.

 

We will review your request and respond in due course.

 

To facilitate further communication, could you kindly indicate your
preference for access to documents as stipulated under Article 10(1) of
the Regulation (EC) 1049/2001 (i.e., on spot, copy, or electronic copy)?

 

Please accept our apologies for the delay in acknowledging your request.

 

Kind regards,

 

Eugenia

 

 

Eugenia Siracusa

Legal Officer - Legal, Convergence & Enforcement

European Securities and Markets Authority (ESMA)

103 rue de Grenelle, 75007 Paris – France

Tel:  + 33 1 58 36 51 16

Email: [1][email address]

 

This message is confidential to the person(s) to whom it is addressed. It
may be subject to legal privilege and/or professional secrecy. It may not,
without permission, be further disclosed, copied or used in any other way.
If you have received this message in error, it may be unlawful to make any
use of it: inform the sender and destroy all copies by appropriate and
secure means.

    

 

References

Visible links
1. mailto:[email address]

Dear Eugenia Siracusa,

Thank you for your reply. My preferences for document access is electronic copy, or failing that, hard copy. It is unclear what 'on the spot' means - does this mean access to documents in person?

Would you be able to give me an indication of when I can expect to receive access to relevant documents?

Yours sincerely,

Carly Minsky

Eugenia Siracusa, Europäische Wertpapier- und Marktaufsichtsbehörde

Thank you for your message. I am now out of the office until 3 January
2018.

 

In your message is urgent, you may contact Mina Filippa
([email address]).

 

Kind regards,

Eugenia Siracusa

Enrico Gagliardi, Europäische Wertpapier- und Marktaufsichtsbehörde

Dear Ms Minsky,
 
We would like to refer you to the email below you sent to ESMA in which
you requested certain information concerning Cyber-security breaches and
responses at ESMA.
 
Firstly we would like to sincerely apologise for the delay in the
response.
 
Against this background, please find below the responses to your
questions:
 

 1. Information on the number of known occasions that ESMA's systems or
databases were subjected to a cyber-attack over the last five years,
and any comparative figures for other periods: there are no incidents
logged at ESMA's for successful Cyber-attacks against systems or
databases.

 

 2. Information on the number of occasions an unauthorised third-party
(external to ESMA) accessed systems, data or documents at ESMA over
the last five years: there are no incidents logged at ESMA's for
successful unauthorized accesses to ESMA non-public classified
information.

 

 3. Information on the number of occasions someone internally gained
unauthorised access (intentionally or otherwise) to systems, data or
documents at ESMA over the last five years: there are no incidents
logged at ESMA's for successful unauthorized accesses to ESMA
non-public classified Information.

 

 4. Information on the number of occasions that ESMA had to take action in
response to security breaches or suspicious activity over the last
five years, and details of what action was taken: suspicious activity
requiring Security Analysis and Triage was recorded; on average ESMA
performs one investigation every month.

 

 5. Any documents relating to cyber-security policies, controls, testing,
staff training, disclosure and incident response at ESMA: ESMA takes
several Cyber-Security policies as references. Examples of such an
industry specifications and best practices are: ISO/IEC 27001, CIS
Controls [1]https://www.cisecurity.org/cybersecurity...
and the Security standards applying to all European Commission
information systems
[2]https://ec.europa.eu/info/publications/s...

 
Kind regards
 
Enrico Gagliardi
 
 

Zitate anzeigen

Wir sind nicht sicher, ob die letzte Antwort auf diese Anfrage Informationen enthält – »falls Sie Carly Minsky sind, bitte melden Sich an und lassen es uns wissen.