ENISA publishes a Tool for the Mapping of Dependencies to International Standards

Objective

The web tool presents the mapping of the indicators demonstrated in the report Good practices on interdependencies between OES and DSPs to international information security standards.

This report analysed the dependencies and interdependencies between Operators of Essential Services (OES) and Digital Service Providers (DSPs) and identified a number of indicators to assess them.

These indicators are mapped to international standards and frameworks, namely ISO IEC 27002, COBIT5, the NIS Cooperation Group security measures and NIST Cybersecurity Framework.

Context

Due to the digitalisation of services, all major sectors have an increasing level of cyber (inter)dependencies on digital infrastructures and DSPs. Integrating the assessment of (inter)dependencies in an overall risk management process is a complex process, particularly in the case of cross-sector or cross-border dependencies and interdependencies.

The following framework was used to identify, analyse these interdependencies and then define the (inter)dependencies’ indicators.

Tool

The tool contributes to the NIS Directive (Article 3) objective for a common and converged level of security in network and information systems at EU level. It does not intend to replace existing standards, frameworks or good-practices in use by OESs.

By using this tool, security experts may:

1. Describe the interdependencies among OES and DSP in a straightforward  and comprehensive manner;
2. Easily identify risk assessment practices for the evaluation of the potential impact of interdependencies;
3. Define good practices for assessing interdependencies stemming from international standards and frameworks.

Click here to access the Interdependencies between OES and DSPs - Tool

Target Audience

• Operators of Essential Services (OES)
• Digital Service Providers (DSPs);
• National Competent Authorities (NCAs).