The Country Reports are an assessment of the ongoing and planned activities of NIS in each Member State. As such, they provide a unique overview of the "state of the art" in NIS in 30 European countries: the 27 European Union Member States and the 3 EEA countries [Iceland, Lichtenstein and Norway]. Each country chapter contains eg; Country Highlights, Key Stakeholders Overview, Activities, and Current Trends, eg, focusing on the status of national electronic ID schemes, and major incidences of security breaches involving loss of data.
The categorization and mapping of stakeholders and their mutual relations was one of the most important aims of the report. The most important areas in which national-level organizations have an impact on NIS was charted, i.e: Policy Development: the drafting of, or assistance in the process of drafting, governmental policies relating to NIS, NIS Policy Implementation, Privacy and Data Protection, Electronic Communications, CIP/CIIP: Critical Infrastructure Protection / Critical Information Infrastructure Protection, and [CERT]s: Computer Emergency Response Team.
The report found, not surprisingly, that institutions and responsibilities vary substantially from country to country. However, some general trends were identified:
* The most important actors for defining NIS policies are Governmental Organizations and Bodies: eg; the Ministry of Communications, the National Regulatory Agency for Electronic Communications (where established), the National Office for Data Protection, the Ministry of Interior, Defence, or having shared responsibilities for different areas of NIS.
* Public Network and Information Security Bodies: Public NIS bodies with broad responsibilities exist in about one third of the countries. Their main tasks are eg. information gathering for IT security issues and scientific advice. Many also approve and certify the security of national information systems.
* CERTs: There are over 100 CERTs active in the EU, but their geographical distribution is very uneven. Almost all countries have 1 or 2 public sector CERTs. Most CERT acts as the national NIS point of contact and coordinate crisis response.
http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_country_reports_2009.pdf