ETSI addresses cybersecurity risk management in new report

The report addresses various cybersecurity issues and requirements.

ETSI is taking on the growing cybersecurity risk issue by releasing its ETSI TR 103 456 report. This report will provide enterprises, government agencies and service providers guidance on how to implement the Directive on Security of Network and Information Systems (NIS Directive) to ensure the security of network and information systems in the European Union.

The report provides guidance on the available technical specifications and those in development by major cybersecurity communities in the world which are designed to meet the legal measures and technical requirements of the NIS Directive. Member EU states have 21 months to transpose the directive into their national laws and six months more to identify operators of essential services.

Specifically, the report addresses various cybersecurity issues and requirements: sharing and exchanging information; incident notification; technical and system risk management; challenges and solutions; and providing recommendations.

RELATED: Verizon, China Telecom, Huawei, others team at ETSI to research AI in networks


Like this story? Subscribe to FierceTelecom!

The Telecom industry is an ever-changing world where big ideas come along daily. Our subscribers rely on FierceTelecom as their must-read source for the latest news, analysis and data on the intersection of telecom and media. Sign up today to get telecom news and updates delivered to your inbox and read on the go.

To lay out a proper cybersecurity prevention plan, ETSI says cybersecurity risk management involves assessing a range of risks in the context of an organization’s environment, understanding assets, resources and processes that are fundamental to the organization.

Additionally, it requires taking steps to ensure that the organization continuously improves how it protects, detects threats and responds to incidents involving those assets, resources and processes.

“This new ETSI report provides a broader cybersecurity context building on the NIS Directive or the ENISA Standardization Gaps Report,” said Charles Brookson, chairman of ETSI TC CYBER, in a release. “ETSI has a long expertise in security matters, including the work developed in our cyber group. This report should help those striving to meet the requirements of the NIS Directive, and guide them on how to meet it.”

ETSI said that its technical report has been developed to be used by any entity that needs to consider the effects, use or perform the legal transposition of the NIS Directive into national legislation. This includes national regulators that need to update regulations or guidelines for specific industries identified in the NIS Directive as Operators of Essential Services (OES) or national policymakers wishing to provide guidance for Digital Service Providers (DSP).

ETSI’s Technical Report is intended to be used by all who need to consider the effects, use or perform the legal transposition of the NIS Directive into national legislation, whether they are regulators, operators of essential services or digital service providers.

Suggested Articles

Crosslake Fibre is tapping into Ciena's optical technology and software to help build its 1,500-kilometer cable between New York City and Toronto.

Windstream Enterprises has expanded its SD-WAN horizon with an additional solution backed by Fortinet.

The LF AI Foundation has dropped its second software release for its Acumos project, which includes a new licensing framework and partner catalogs.