ISACA Releases European Guidance on Cybersecurity
August 2014 by ISACA
Cybersecurity is an emerging field within information security, as cybercrime continues to increase exponentially worldwide. Governments and institutions have launched many cybersecurity initiatives, ranging from standards to comprehensive legislation and regulation. To address the need for resources in cybersecurity, global IT association ISACA has released the European Cybersecurity Implementation Series.
The series is part of ISACA’s holistic Cybersecurity Nexus (CSX), a central resource where security professionals and their enterprises can find cybersecurity research, training and community. The series provides practical implementation guidance that is aligned with European Network and Information Security Agency (ENISA), European requirements and good practices. Four white papers and an audit/assurance program are included in the series:
European Cybersecurity Implementation: Overview—This paper provides a high-level overview of implementing cybersecurity good practice in line with existing laws, standards and other guidance. It is complemented by the three detailed white papers that focus on risk guidance, resilience and assurance in cybersecurity, as well as a European Cybersecurity Audit/Assurance Program. European Cybersecurity Implementation: Assurance—Enterprises need assurance over their cybersecurity activities and initiatives, as part of enterprise governance, risk and compliance (GRC). This white paper addresses cybersecurity implementation from a European perspective, including the European Union (EU) and its associated countries, to help contribute effectively to the enterprise’s protection against cyberattacks and breaches.
European Cybersecurity Implementation: Resilience—In cybersecurity, resilience is the ability to absorb internal and external impacts, and to recover to normal operations in a controlled manner. This white paper addresses resilience in cybersecurity from a European perspective, using the EU and national approaches toward critical information infrastructure and its protection. European Cybersecurity Implementation: Risk—Cybersecurity risk strategies should align with the overarching enterprise risk management strategy and framework. All identified risk that is related to cybersecurity requires in-depth analysis that incorporates a number of components. This white paper will help enterprises determine a manageable set of risk, based on risk scenarios that target known risk and emerging and future risk factors that might arise in the context of cybersecurity.
European Cybersecurity Audit/Assurance Program (available soon)—Based on ISACA’s IT Assurance Framework (ITAF), this program helps provide management with an assessment of the effectiveness of cybersecurity and related governance, management and assurance. The review focuses on cybersecurity standards, guidelines and procedures, and aligns with ISACA’s COBIT 5 framework.
“Organizations need to transform their cybersecurity to keep up with advanced threats, changing regulations and good practices, and this ISACA guidance helps them do that,” said Rolf von Roessing, CISA, CISM, CGEIT, president of Forfa AG and past international vice president of ISACA. “European organizations will find valuable implementation guidance in these white papers that are aligned with ENISA and EU requirements.”
The white papers are free to ISACA members and nonmembers and can be found at www.isaca.org/whitepapers. ISACA audit/assurance programs are free to ISACA members and are available for purchase by nonmembers and can be found at www.isaca.org/auditprograms.
ISACA’s CSX can be found at www.isaca.org/cyber. Current and upcoming CSX materials include Cybersecurity Fundamentals Certificate study guide (August 2014) and the Cybersecurity Fundamentals Certificate exam (October 2014).
Additional COBIT 5 resources can be found at www.isaca.org/COBIT.