Hi All,ENISA just published: ENISA GUIDELINE ON SECURITY MEASURES UNDER THE EECCThis document, the Technical Guideline for Security Measures, provides guidance to competent authorities about the technical details of implementing Articles 40 and 41 of the EECC: how to ensure that providers assess risks and take appropriate security measures. The guideline lists 29 high-level security objectives, which are grouped into 8 security domains. For each security objective, we list specific detailed security measures which could be taken by providers to reach the security objective. These security measures are grouped into 3 levels of increasing sophistication. We also give examples of evidence, which could be taken into account by an auditor, for example, when assessing if these security measures are actually in place.------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------