Across society there are now critical services which rely on computers, networks and servers. Protecting the security of this information infrastructure is not easy. Often the information infrastructure is run by several organisations and uses different types of information technology from different companies. This report deals with the issue of how to enforce an adequate level of security across a sector of service providers.
ENISA in this report presents an overview of the auditing schemes on security measures that exist across the globe: twelve different audit frameworks or certification schemes for auditing security measures, used in different settings and sectors, at ensuring that providers comply with certain security requirements. The conclusion introduces a single auditing model that captures the most common features, creating a preliminary meta-framework.