Ο ENISA, the European Organization for Network and Information Security, based in Crete, publishes its recommendations for safe σύναψη συμβάσεων για να είναι ασφαλής η ηλεκτρονική επικοινωνία αλλά και οι υπηρεσίες ηλεκτρονικών επικοινωνιών. Επιχειρεί έτσι να συμβάλλει στην μείωση των κινδύνων που κατέλυσαν το 2013 τα ευρωπαϊκά networks fixed and mobile telephony, after finding that providers are increasingly relying on the provision of services on behalf of third parties.
The European Network and Information Security Agency (ENISA) today publishes two reports:
(a) the report "Safe signing of secure electronic communications contracts", highlighting the increasing reliance of providers on outsourced ICT products and services, and it also analyzes the associated security risks involved in this process.
b) the "Guide to safe procurement of ICT for providers of electronic communications services", which aims to be a practical tool for providers to better address security risks when dealing with vendors and suppliers of ICT products and outsourcing services.
The report, entitled Secure ICT Contracting for Secure Electronic Communications, follows the latest edition of the Annual Incident Report, which provides aggregated analysis of security incidents leading to serious business disruptions, with products and outsourced services as the primary cause Third party ICT, especially in the field of hardware failures and software code errors.
This year's report is the result of ENISA's cooperation with providers and vendors in an effort to address these issues.
The main issues posed by electronic communications providers are, among other things:
- The lack of security controls on the part of the seller
- The vulnerabilities software in ICT products or services
- Non-compliance with contract security requirements
- Lack of support from sellers in case of incidents
- The small bargaining power of the providers
- The lack of framework or guidance for providers in contracting and outsourcing
In this context, ENISA provides general recommendations and includes the results of research it conducted on electronic communications providers and ICT vendors. Recommendations to Member States include raising awareness of the security risks associated with contracting for ICT products and outsourcing services. In addition, vendors and providers are encouraged to develop a collaborative approach to defining security requirements,change security vulnerability and threat intelligence, and incident mitigation.
Guide to safe procurement of ICT for providers of electronic communications services
The Guide assigns security risks to the full framework of security requirements that vendors can use as a procurement tool while examining security risks for core services in communications networks and services.
Professor Udo Helmbrecht, Executive Director of ENISA, commented: "Every year we see from the annual incident report that third-party ICT products and services are a major cause of downtime. A simple software code error can have a serious impact on the availability of internet and telephony services, and providers are not always able to solve such issues quickly. The ICT Security Guide we publish today is a practical tool that will help providers to buy ICT products and services from vendors and suppliers with the necessary security requirements. "
- Full reports are available at https://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/requirements-ecomms-vendors
