Ο ENISA, the European Organization for Network and Information Security, based in Crete, publishes its recommendations for safe entering into contracts to ensure that electronic communication and electronic communication services are secure. It is thus trying to contribute to the reduction of the risks that brought down the European fixed and mobile telephony networks in 2013, after at the same time finding that the providers rely more and more on the provision of services on behalf of third parties.
The European Network and Information Security Agency (ENISA) today publishes two reports:
(a) the report "Safe signing of secure electronic communications contracts", highlighting the increasing reliance of providers on outsourced ICT products and services, and it also analyzes the associated security risks involved in this process.
b) the "Guide to safe procurement of ICT for providers of electronic communications services", the aim of which is to be practical tool for providers to better address security risks when dealing with vendors and suppliers of ICT products and outsourcing services.
The report entitled "Secure ICT Contracting for Secure Electronic Communications" follows the last version της Ετήσιας έκθεσης περιστατικών, η οποία παρέχει συγκεντρωτική ανάλυση των περιστατικών ασφαλείας που οδηγούν σε σοβαρές διακοπές στη λειτουργία, με πρωταρχικό αίτιο τα προϊόντα και τις κατ' ανάθεση υπηρεσίες ΤΠΕ τρίτων, ειδικά στον τομέα των βλαβών υλικού και των σφαλμάτων κώδικα λογισμικού.
This year's report is the result of ENISA's cooperation with providers and vendors in an effort to address these issues.
The main issues posed by electronic communications providers are, among other things:
- The lack of security controls on the part of the seller
- Software vulnerabilities in ICT products or services
- Non-compliance with contract security requirements
- Lack of support from sellers in case of incidents
- The small bargaining power of the providers
- The lack of framework or guidance for providers in contracting and outsourcing
In this context, ENISA provides general recommendations and includes the results of research it conducted on electronic communications providers and ICT vendors. Recommendations to Member States include raising awareness of the security risks associated with contracting for ICT products and outsourcing services. In addition, vendors and providers are encouraged to develop a collaborative approach with respect to defining security requirements, sharing information on vulnerabilities and security threats, and mitigating incidents.
Guide to safe procurement of ICT for providers of electronic communications services
The Guide assigns security risks to the full framework of security requirements that vendors can use as a procurement tool while examining security risks for core services in communications networks and services.
Professor Udo Helmbrecht, executive director of ENISA, commented: "Every year we see from the annual incident report that products and services managementς τρίτων στον τομέα των ΤΠΕ αποτελούν σημαντικό αίτιο διακοπών στη λειτουργία. Ένα απλό σφάλμα κώδικα λογισμικού μπορεί να έχει σοβαρή επίπτωση στη διαθεσιμότητα των υπηρεσιών διαδικτύου και τηλεφωνίας, ενώ οι πάροχοι δεν είναι πάντα σε θέση να επιλύουν μόνοι τους τέτοια ζητήματα γρήγορα. Ο Οδηγός ασφαλείας για τη σύναψη συμβάσεων ΤΠΕ που δημοσιεύουμε σήμερα αποτελεί πρακτικό εργαλείο που θα βοηθήσει τους παρόχους να αγοράζουν προϊόντα και υπηρεσίες ΤΠΕ από πωλητές και προμηθευτές, με τις απαραίτητες απαιτήσεις ασφαλείας».
- Full reports are available at https://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/requirements-ecomms-vendors