March 30, 2015
The body, which is an EU agency which advises policy makers on cyber security issues, said that standards for cyber security, such as for security products, testing of network and information security, and processes and procedures for cross border communications between regulators on cyber security incidents, were “important”. This is particularly the case for electronic identification (e-ID) and the verification of online identities by trust service providers, it said.
However, it said that it currently takes too long for cyber security standards to be introduced (31-page / 821KB PDF) after new technology has been brought into use.
ENISA said the EU needs to “address” its “strategy towards standardisation in the area of ICT” in general because its “current approach” is “not consistent and lacks a unified vision”.
“At the time of writing, there is no single, continuous ‘line of standards’ related to cyber security, but rather a number of discrete areas which are the subject of standardisation,” ENISA said in a new report. It said these standards relate to technical matters, metrics that are mostly related to business continuity, cyber security definitions and “organisational aspects”.