Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Good practices on the implementation of regulatory technical standards

MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is…
Private Sector

Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary

This report aims to support the cooperation between CSIRTs and Law Enforcement, as well as their interaction with the judiciary in their fight against cybercrime, by providing information on the legal, organisational, technical and cultural aspects…
National / EU authorities

Good practices on interdependencies between OES and DSPs

This study is concerned with dependencies and interdependencies among Operators of Essential Services (OES) and Digital Service Providers (DSPs) as defined in the NIS Directive and addresses emerging dependencies and interdependencies across sectors…
National / EU authoritiesPrivate Sector

Guidelines on assessing DSP security and OES compliance with the NISD security requirements

This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
National / EU authoritiesPrivate Sector
signalling security in telecom ss7 diameter 5g

Signalling Security in Telecom SS7/Diameter/5G

The present study has deep dived into a critical area within electronic communications, the security of interconnections in electronic communications (signalling security). Based on the analysis, at this moment there is a medium to high level of…
Private Sector

Reference Incident Classification Taxonomy

This taxonomy resulted from collaboration initiatives such as the annual ENISA/EC3 Workshop which involved CSIRTs, LEAs, ENISA, and EC3. Other examples include the eCSIRT.net taxonomy2 which was developed in 2003, and the eCSIRT.net mkVI taxonomy3…
National / EU authoritiesPrivate Sector

Mapping of OES Security Requirements to Specific Sectors

The current report provides a substantial and comprehensive mapping of the security requirements for OES, as they have been agreed in the NISD Cooperation Group, to sector specific information security standards. ENISA conducted desktop research on…
Private Sector

Maturity Reference for CSIRTs – Executive Summary

The target audience for this study is primarily the middle management layer in the CSIRTs, responsible for increasing the team’s maturity. The study will help them to more easily and quickly implement real maturity improvement, following self-…
National / EU authoritiesPrivate Sector

Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement

This report aims to support the cooperation between CSIRTs - in particular national/governmental CSIRTs - and LEAs in their fight against cybercrime, by providing information on the framework and on the technical aspects of the cooperation,…
National / EU authorities

Improving Cooperation between CSIRTs and Law Enforcement: Legal and Organisational Aspects

This report aims to support the cooperation between CSIRTs - in particular national/governmental CSIRTs - and LEAs in their fight against cybercrime, by providing information on the legal and organisational aspects, identifying current shortcomings…
National / EU authorities