ENISA and ISACA hosted a joint workshop in Berlin on Tuesday to address cybersecurity challenges for national regulators, telecom operators, ISPs and auditors. More than 25 organizations from 15 countries attended the event held in conjunction with ISACA’s World Congress: INSIGHTS 2013.
Themed “Auditing Security Measures in the Electronic Communications Sector,” the workshop covered Article 13a in the European Union Framework Directive of Telecom Reform. This article requires electronic communications providers to assess risk, take appropriate security measures to prevent security incidents, and report on security incidents to their national regulator. This triangle of activity is generally supervised by a telecom regulator, which has the challenging task of supervising security across a sector of service providers consisting of hundreds of businesses ranging from very small operators to large multinationals who have infrastructure across borders.
The ENISA-ISACA workshop was led by a panel consisting of a national regulator, a telecom operator and an auditor. The panel facilitated open discussion on the following questions:
- How can providers show their respective national regulators (in a cost-effective way) that appropriate security measures are in place?
- How can providers reuse existing governance frameworks and tools?
- How can government authorities supervise and ensure that appropriate security measures are being taken across a sector?
- What is the role of auditing and certification in this, and who should bear the auditing costs and get the detailed audit reports?
Commenting on the joint ENISA-ISACA workshop, ENISA’s Head of Secure Infrastructure and Services, Dr. Evangelos Ouzounis, said: “ISACA is a key network of network and information security (NIS) experts with a global reach, and ENISA is very pleased to share our learning and experience with this highly respected group. The areas that ISACA works on, particularly security audits, complement ENISA’s technical perspectives, and in our joint workshop we were able to consider security issues from the perspectives of regulatory authorities, service providers and auditors. This wide-ranging activity is fully in tune with ENISA’s approach. Events like the ISACA World Congress bring the key players together, working to make cyberspace secure.”
As a follow-up to the workshop, ENISA and ISACA will issue a joint white paper providing guidance on this matter.
“ISACA’s knowledge, COBIT framework and certifications are based on international research and cooperation, which in turn helps professionals and their enterprises innovate,” said Christos Dimitriadis, director of ISACA and head of security at INTRALOT Group. “Hosting a workshop jointly with ENISA, a key European organization in network and information security, was of great value for ISACA members and the security community as a whole.”
About ENISA
The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its member states, the private sector and Europe´s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU member states in implementing relevant EU legislation and works to improve the resilience of Europe´s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU member states by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu.
About ISACA
With 110,000 constituents in 180 countries, ISACA® (www.isaca.org) helps business and IT leaders maximize value and manage risk related to information and technology. Founded in 1969, ISACA is an advocate for professionals involved in information security, assurance, risk management and governance. These professionals rely on ISACA as the trusted source for information and technology knowledge, community, standards and certification. The association advances and validates business-critical skills and knowledge through the Certified Information Systems Auditor® (CISA®), Certified Information Security Manager® (CISM®), Certified in the Governance of Enterprise IT® (CGEIT®) and Certified in Risk and Information Systems Control™ (CRISC™) credentials. ISACA also developed COBIT®, a business framework that helps enterprises in all industries and geographies govern and manage their information and technology.
Follow ISACA on Twitter: https://twitter.com/ISACANews
