This document focuses on the security measures providers have deployed to protect networks for the provision of services, and equally important, for the personal and operational data of their customers. The report is targeted primarily at e-communication providers, and at a second level, to National Regulatory Authorities as members of ENISA’s Article 13a Experts Group.
Most of the providers, report a very good level of using ENISA recommendations on security requirements, while virtually all providers have deployed a good level of basic security controls. In some security domains, the level of maturity reported, is high as well as the sophistication of implemented controls.
It is important that providers of electronic communications take the appropriate measures to address major security concerns. A key conclusion seems to be that while all IT security basics are covered, the achievement of the next level of maturity is impeded mostly by lack of sustainability mechanisms, i.e. repeatable processes and the regularly maintained documentation.
The main recommendation for the providers - based on the reported deployment of security measures - is to pay additional attention to sustainability and efficiency. This is best achieved by the adoption of Service Management frameworks and creating a series of processes that include measurement and periodic reviews of security controls and capabilities in all domains.
Full report is available here
For interviews and press enquiries please contact firstname.lastname@example.org Tel.+30 2814 409576
Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!