ETSI addresses cybersecurity risk management in new report

The report addresses various cybersecurity issues and requirements.

ETSI is taking on the growing cybersecurity risk issue by releasing its ETSI TR 103 456 report. This report will provide enterprises, government agencies and service providers guidance on how to implement the Directive on Security of Network and Information Systems (NIS Directive) to ensure the security of network and information systems in the European Union.

The report provides guidance on the available technical specifications and those in development by major cybersecurity communities in the world which are designed to meet the legal measures and technical requirements of the NIS Directive. Member EU states have 21 months to transpose the directive into their national laws and six months more to identify operators of essential services.

Specifically, the report addresses various cybersecurity issues and requirements: sharing and exchanging information; incident notification; technical and system risk management; challenges and solutions; and providing recommendations.

RELATED: Verizon, China Telecom, Huawei, others team at ETSI to research AI in networks

To lay out a proper cybersecurity prevention plan, ETSI says cybersecurity risk management involves assessing a range of risks in the context of an organization’s environment, understanding assets, resources and processes that are fundamental to the organization.

Additionally, it requires taking steps to ensure that the organization continuously improves how it protects, detects threats and responds to incidents involving those assets, resources and processes.

“This new ETSI report provides a broader cybersecurity context building on the NIS Directive or the ENISA Standardization Gaps Report,” said Charles Brookson, chairman of ETSI TC CYBER, in a release. “ETSI has a long expertise in security matters, including the work developed in our cyber group. This report should help those striving to meet the requirements of the NIS Directive, and guide them on how to meet it.”

ETSI said that its technical report has been developed to be used by any entity that needs to consider the effects, use or perform the legal transposition of the NIS Directive into national legislation. This includes national regulators that need to update regulations or guidelines for specific industries identified in the NIS Directive as Operators of Essential Services (OES) or national policymakers wishing to provide guidance for Digital Service Providers (DSP).

ETSI’s Technical Report is intended to be used by all who need to consider the effects, use or perform the legal transposition of the NIS Directive into national legislation, whether they are regulators, operators of essential services or digital service providers.