If your information security planning team is looking for additional benchmarking regarding cyber security incident reporting guidelines, perhaps, you might want them to read about some recent developments, information releases, and guidelines for cybersecurity incident reporting just released by ENISA, the EC’s “cyber security” agency.
The first guideline describes how to implement the mandatory cybersecurity incident reporting scheme, while the second describes specific security measures that telecom operators need to integrate, implement, and execute.
Important to also note is that the new telecommunications legislation (EU directive 2009/140/EC) among other things offers protection for consumers against security breaches.
For many of our readers employed by organizations with several locations throughout both the United States and Europe, and potentially affected by these recent EU national regulatory authority (NRA) guidelines, this information should be read and reviewed by all information security, risk management or disaster preparedness team members in those organizations.
Click here to download — “Technical Guideline on Incident Reporting” – this document defines the scope of incident reporting, the incident parameters and thresholds for reporting significant incidents to ENISA and the EC and ad hoc notification of incidents to other NRAs in case of cross-border incidents. This document also contains a reporting template for submitting incident reports to ENISA and the EC, and it explains how the incident reports will be processed by ENISA.
Click here to download — “Technical Guideline for Minimum Security Measures” — this guideline advises NRAs on the minimum security measures that telecom operators should take to ensure security of these networks.