ENISA’s four organisational recommendations for information security good practice

Earlier this month ENISA, the European Union Agency for Network and Information Security, released its Threat Landscape and Good Practice Guide for Internet Infrastructure report. Aimed principally at Internet infrastructure owners, it “details the assets composing an Internet infrastructure and classifies the threats applicable” such as “routing threats, DNS threats, and (Distributed) Denial of Service.”

Udo Helmbrecht, ENISA’s executive director, commented: “Threats analysed in the current study indicate they are globally on the rise. It is important to apply good practices and promote the exchange of information, in order to mitigate threats and secure Internet infrastructure.”

The report proposes five technical recommendations and four organisational good practices. The organisational recommendations “focus on defining operational procedures and processes” and have a wider applicability than the technical recommendations:

  • Recommendation 6: For Internet infrastructure owners, use proper risk assessment methods to understand vulnerable assets in your internet infrastructure and prioritise your protection actions.
  • Recommendation 7: Build an information and communication technology security awareness and training program.
  • Recommendation 8: Internet infrastructure owners shall commit third-party vendors to apply security measures.
  • Recommendation 9: Internet infrastructure owners should stay current on any updates.

You can read the report here.

Organisations that are concerned about information security and want to implement ENISA’s recommendations will be pleased to learn that there is a single best-practice solution that can be employed to address all of the recommendations listed above.

ISO 27001

ISO 27001, the international information security standard, sets out the requirements of an enterprise-wide information security management system (ISMS) that encompasses people, processes and technology.

An ISMS is a risk-based approach to mitigating information security threats, which requires staff awareness and training, stipulates security requirements to be followed throughout the supply chain, and demands the maintenance of systems.

IT Governance ISO 27001 packaged solutions

IT Governance’s recently relaunched ISO 27001 packaged solutions provide ISMS implementation resources for all organisations concerned about information security. These fixed-price packages enable any organisation – whatever its size, sector, location or budget – to implement ISO 27001 at a speed and for a budget appropriate to its needs and preferred project approach.

January offer: order the ISO 27001 packaged solutions through our website in January and receive a 10% discount. Click for more information >>

One Response

  1. Jack Brickman 30th January 2015

Leave a Reply

Your email address will not be published. Required fields are marked *