According to the latest ENISA Annual Incident Reports 2013, most incidents reported between 2011 and 2013 were caused by failing hardware or software. In discussions with electronic communications service providers, they have indicated that there are sometimes problems or misunderstandings in vendor-provider relationships and outsourcing in general. During 2014 ENISA has worked with providers and vendors to address these issues. The work is presented in two papers.
The report, “Secure ICT Procurement in Electronic Communications”, focuses on the growing dependency of electronic communications service providers on ICT products and outsourced services, it analyses the associated security risks, it provides practices used in the sector and it gives general recommendations.
The accompanying paper, “Security Guide for ICT Procurement”, aims to be a practical tool for individual providers to better manage security risks when dealing with vendors of ICT products and outsourced services. The Guide maps security risks which could lead to a disruption of electronic communications services for users, to a full framework of security requirements, which can be applied to vendors of ICT products and outsourced services used for the core operations of electronic communications networks and services.