ENISA and ISACA hosted a joint workshop in Berlin on Tuesday, June 11, to address cybersecurity challenges for national regulators, telecom operators, ISPs and auditors. More than 25 organisations from 15 countries attended the event held with ISACA’s World Congress: INSIGHTS 2013.
Themed “Auditing Security Measures in the Electronic Communications Sector,” the workshop covered Article 13a in the European Union Framework Directive of Telecom Reform. This article requires electronic communications providers to assess risk, take appropriate security measures to prevent security incidents, and report on security incidents to their national regulator. This triangle of activity is generally supervised by a telecom regulator, which has the challenging task of supervising security across a sector of service providers consisting of hundreds of businesses ranging from very small operators to large multinationals who have infrastructure across borders.
The ENISA-ISACA workshop was led by a panel consisting of a national regulator, a telecom operator and an auditor. The panel facilitated open discussion on the following questions:
How can providers show their respective national regulators (in a cost-effective way) that appropriate security measures are in place?
How can providers reuse existing governance frameworks and tools?
How can government authorities supervise and ensure that appropriate security measures are being taken across a sector?
What is the role of auditing and certification in this, and who should bear the auditing costs and get the detailed audit reports?
ENISA’s Head of Secure Infrastructure and Services, Dr. Evangelos Ouzounis, said: “ISACA is a key network of network and information security (NIS) experts with a global reach, and ENISA is very pleased to share our learning and experience with this highly respected group. The areas that ISACA works on, particularly security audits, complement ENISA’s technical perspectives, and in our joint workshop we were able to consider security issues from the perspectives of regulatory authorities, service providers and auditors. This wide-ranging activity is fully in tune with ENISA’s approach. Events like the ISACA World Congress bring the key players together, working to make cyberspace secure.”
As a follow-up to the workshop, ENISA and ISACA will issue a joint white paper providing guidance on this matter.
“ISACA’s knowledge, COBIT framework and certifications are based on international research and cooperation, which in turn helps professionals and their enterprises innovate,” said Christos Dimitriadis, director of ISACA and head of security at INTRALOT Group. “Hosting a workshop jointly with ENISA, a key European organization in network and information security, was of great value for ISACA members and the security community as a whole.”
