ISACA and ENISA Release Key Conclusions of Meeting on Auditing Security Measures in the Electronic Communications Sector
Published on November 14, 2013
Global association ISACA and cybersecurity agency ENISA have issued minutes highlighting the key conclusions of a joint workshop that took place at ISACA’s World Congress in Berlin. The workshop addressed cybersecurity challenges for national regulators, telecom operators, ISPs and auditors. The minutes are freely available at www.isaca.org/cyber and the ENISA website.
More than 25 organizations from 15 countries attended the event held in conjunction with ISACA’s World Congress: INSIGHTS 2013. Among the conclusions:
- Cyber security is not only about malicious cyber threats. Power supply failures and cable breaks are threats that need attention.
- Security measures should be taken within a single framework, and not split into different frameworks for continuity, privacy, etc.
- Standards and audits are valuable, but they need to contribute to continuous improvements in security and not stop at certifications and OK stamps.
Themed “Auditing Security Measures in the Electronic Communications Sector,” the workshop covered Article 13a in the European Union Framework Directive of the Telecom Reform. This article requires electronic communications service providers to assess risks, take appropriate security measures to prevent security incidents, and report on security incidents to their national regulator.
The workshop featured a panel of three key operators, regulators and auditors:
- Telecom Italia
- Anacom Portugal
- KPMG Luxembourg
“ENISA co-operates with all relevant stakeholders to develop good practices in the area of security measures for Telecom Providers and ISPs. This workshop with ISACA gave us the opportunity to disseminate our work to a large community of certified cybersecurity experts. Through them we hope to reach all relevant stakeholders and make ENISA’s work known and useful,” said Professor Udo Helmbrecht, Executive Director of ENISA.
The report includes a link to relevant ENISA and ISACA resources, including:
- ENISA’s Technical Guideline on Security Measures and Technical Guideline on Incident Reporting
- ISACA’s cybersecurity research, including an APT study, a guide on responding to targeted cyberattacks and information on how to use COBIT to transform cybersecurity
“While modern cyber threats have no boundaries, international cooperation in the area of cybersecurity is more relevant than ever. This workshop provided results towards advancing current practices, while bridging gaps between different fields such as cybersecurity and auditing that many times operate in silos and fail to be effective,” said Dr. Christos K. Dimitriadis, CISA, CISM, CRISC, international vice president of ISACA and Group Head of Security, Compliance and Innovation at INTRALOT.
About ENISA
The European Union Agency for Network and Information Security (ENISA) is a centre of network and information security expertise for the EU, its Member States, the private sector and Europe's citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU Member States in implementing relevant EU legislation and works to improve the resilience of Europe's critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu.
Follow ENISA on Twitter: https://twitter.com/@enisa_eu
Join ENISA on LinkedIn: www.linkedin.com/company/european-network-and-information-security-agency-enisa-
Like ENISA on Facebook: www.facebook.com/ENISAEUAGENCY
About ISACA
With more than 110,000 constituents in 180 countries, ISACA (www.isaca.org) helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, the nonprofit, independent ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association, which has 200 chapters worldwide, advances and validates business-critical skills and knowledge through the globally respected Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT) and Certified in Risk and Information Systems Control (CRISC) credentials. ISACA also developed and continually updates COBIT, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.
Participate in the ISACA Knowledge Center: www.isaca.org/knowledge-center
Follow ISACA on Twitter: https://twitter.com/ISACANews
Join ISACA on LinkedIn: ISACA (Official), http://linkd.in/ISACAOfficial
Like ISACA on Facebook: www.facebook.com/ISACAHQ
Contact:
Kristen Kessinger, +1.847.660.5512, news@isaca.org
Ulf Bergstrom, 00 30 6948 460 143, Ulf.Bergstrom@enisa.europa.eu
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!
News items:
http://www.enisa.europa.eu/media/news-items/news-wires/RSS
PRs:
http://www.enisa.europa.eu/media/press-releases/press-releases/RSS