Good Practice Guide Reporting Security Incident
Good Practice Guide - Reporting Security Incident
To address this and other challenges, the CIIP communication has identified that ENISA could play a
key role in conducting several tasks, including identifying good practices, and facilitating the sharing of
these practices across the EU institutions and Member States
The Reformed Telecom Package
The reformed Regulatory Framework for electronic communications networks and services that was
adopted in November 2009 brings a new important stone to the policy objective of developing an
appropriate data collection framework with respect to the collection of reliable EU-wide data on
security incidents. The new framework addresses many different issues, but within the new chapter on
security and integrity (article 13), there is one provision that specifies that Member States shall ensure
that telecom operators notify the competent national regulatory authority of a breach of security or
loss of integrity that has had a significant impact on the operation of their networks. Where
appropriate, these authorities should inform their peers in other Member States, as well as ENISA. On
an annual basis, these authorities shall submit a summary report to the Commission and ENISA of all
notifications received at national level. The European Commission, taking the utmost account of the
opinion of ENISA, may adopt technical implementation measures with the view to harmonising this
provision on notification of security breaches.
Given this strong commitment by the EU institutions and the Member States to the resilience of public
communications networks, ENISA was asked to help Member States and EU institutions to identify
good practices in incident reporting schemes.
This document addresses many of the issues that Member States will face as they debate, take stock,
establish, launch, develop and harmonize their incident reporting systems at national level.
The report discusses schemes for reporting incidents that may harm or threaten the resilience and
security of public eCommunication networks. It examines the whole lifecycle of a reporting scheme,
from the first steps in designing the scheme, through engaging the constituency's cooperation, setting
the reporting procedures, and then management and improvement of the scheme. Data protection-
related incidents or data breaches are not addressed.
Due to the complexity of the subject and the diversity of the scopes, objectives, and characteristics of
schemes, it is impossible to provide detailed guidance on all of the lifecycle particulars. Instead, it is
intended as a reference point for all of major issues that must be addressed. It also gives insight into
how other dealt with these issues and provides general guidance on the identified good practices.
The report aims to assist public authorities and private organizations in the EU and Member States as
they implement incident reporting schemes.
It aims to support those who do not have significant experience with such schemes. Additionally, it
may also serve as a tool for improvement for those managing or working with existing reporting