Cybersecurity is an emerging field within information security, as cybercrime continues to increase exponentially says the US-based information governance body ISACA. Governments and institutions have launched cybersecurity initiatives, ranging from standards to laws and regulation. To offer resources in cybersecurity, the IT association ISACA has released the European Cybersecurity Implementation Series.
The series is part of ISACA’s holistic Cybersecurity Nexus (CSX), a central resource where security people can find cybersecurity research and training. The series provides guidance that is aligned with European Network and Information Security Agency (ENISA), European requirements and good practices. Four white papers and an audit/assurance program are included in the series:
European Cybersecurity Implementation: Overview—This paper provides a high-level overview of implementing cybersecurity good practice in line with existing laws, standards and other guidance. It is complemented by the three detailed white papers that focus on risk guidance, resilience and assurance in cybersecurity, as well as a European Cybersecurity Audit/Assurance Program.
European Cybersecurity Implementation: Assurance—Enterprises need assurance over their cybersecurity activities and initiatives, as part of enterprise governance, risk and compliance (GRC). This white paper addresses cybersecurity implementation from a European perspective, including the European Union (EU) and its associated countries, to help contribute effectively to the enterprise’s protection against cyberattacks and breaches.
European Cybersecurity Implementation: Resilience—In cybersecurity, resilience is the ability to absorb internal and external impacts, and to recover to normal operations in a controlled manner. This white paper addresses resilience in cybersecurity from a European perspective, using the EU and national approaches toward critical information infrastructure and its protection.
European Cybersecurity Implementation: Risk—Cybersecurity risk strategies should align with the overarching enterprise risk management strategy and framework. All identified risk that is related to cybersecurity requires in-depth analysis that incorporates a number of components. This white paper will help enterprises determine a manageable set of risk, based on risk scenarios that target known risk and emerging and future risk factors that might arise in the context of cybersecurity.
European Cybersecurity Audit/Assurance Program (available soon)—Based on ISACA’s IT Assurance Framework (ITAF), this program helps provide management with an assessment of the effectiveness of cybersecurity and related governance, management and assurance. The review focuses on cybersecurity standards, guidelines and procedures, and aligns with ISACA’s COBIT 5 framework.
Rolf von Roessing, CISA, CISM, CGEIT, president of Forfa AG and past international vice president of ISACA, said: “Organisations need to transform their cybersecurity to keep up with advanced threats, changing regulations and good practices, and this ISACA guidance helps them do that. European organizations will find valuable implementation guidance in these white papers that are aligned with ENISA and EU requirements.”
The white papers are free to ISACA members and nonmembers and can be found at www.isaca.org/whitepapers. ISACA audit/assurance programs are free to ISACA members and are available for purchase by nonmembers and can be found at www.isaca.org/auditprograms.
