Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

CSIRT Capabilities in Healthcare Sector

An attack directed at a critical infrastructure, such as a hospital, can lead to physical damages and put the lives of patients at risk. Therefore, there is a need for solid Incident Response Capabilities (IRC) in the health sector, in particular…
National / EU authoritiesPrivate Sector

Post-Quantum Cryptography: Current state and quantum mitigation

This study provides an overview of the current state of affairs on the standardization process of Post-Quantum Cryptography (PQC). It presents the 5 main families of PQ algorithms; viz. code-based, isogeny-based, hash-based, lattice-based and…
Private Sector

Remote ID Proofing

This report provides an overview of the most common methods for identity proofing with some examples received by stakeholders, presents the current legal / regulatory landscape and supporting standards at the international and EU level and provides…
Private Sector

Conformity Assessment of Qualified Trust Service Providers

This document provides an overview of the conformity assessment framework for QTSPs as set out in the eIDAS Regulation, i.e. aiming to confirm that the assessed QTSP/QTS fulfils its requirements. This report discusses the typical process flow and…
Private Sector

Recommendations for Qualified Trust Service Providers based on Standards

This document provides recommendations to help qualified trust service providers and auditors understand the expected mapping between these requirements/obligations and reference numbers of standards, as well as practical recommendations for their…
Private Sector

Security Framework for Qualified Trust Service Providers

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of…
Private Sector

Security Framework for Trust Service Providers

This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS…
Private Sector

Crypto Assets: Introduction to Digital Currencies and Distributed Ledger Technologies

This report aims to increase the understanding of blockchain technologies. It aims to explain the underlying technical concepts and how they relate to each other. The goal is to explain the components, and illustrate their use by pointing to…
Private Sector

Data Pseudonymisation: Advanced Techniques and Use Cases

This report, building on the basic pseudonymisation techniques, examines advanced solutions for more complex scenarios that can be based on asymmetric encryption, ring signatures and group pseudonyms, chaining mode, pseudonyms based on multiple…
Private Sector

2020 Report on CSIRT-LE Cooperation: study of roles and synergies among selected countries

The purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in particular national and governmental (n/g) CSIRTs, and law enforcement agencies (LEAs) and their…

National / EU authorities