Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

How to set up CSIRT and SOC

This publication provides results-driven guidance for those who are interested in establishing a computer security incident response team (CSIRT) or security operations centre (SOC), and guidance on possible improvements for different types of…
National / EU authoritiesPrivate Sector

Proactive detection - Good practices gap analysis recommendations

The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident…
National / EU authoritiesPrivate Sector

Proactive detection – Measures and information sources

The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident…
National / EU authoritiesPrivate Sector

Proactive detection – Survey results

The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident…
National / EU authoritiesPrivate Sector

Secure Group Communications for incident response and operational communities

With a number of cybersecurity incidents and an attack surface that increase every day, spanning from large infrastructures to the end users, there is the need to improve operational cooperation, preparedness and information exchange by promoting…
National / EU authorities

ENISA CSIRT maturity assessment model

This is the updated version of the "Challenges for National CSIRTs in Europe in 2016: Study on CSIRT Maturity" published by ENISA in 2017. The study takes all relevant information sources into account, with a special emphasis on the NIS Directive,…
National / EU authoritiesPrivate Sector

ENISA Maturity Evaluation Methodology for CSIRTs

This is the updated version of the "Study on CSIRT Maturity – Evaluation Process" published by ENISA in 2017. The new version (v.2) reflects values that are consistent with other documents and studies on CSIRT maturity.
National / EU authoritiesPrivate Sector

Reference Incident Classification Taxonomy

This taxonomy resulted from collaboration initiatives such as the annual ENISA/EC3 Workshop which involved CSIRTs, LEAs, ENISA, and EC3. Other examples include the eCSIRT.net taxonomy2 which was developed in 2003, and the eCSIRT.net mkVI taxonomy3…
National / EU authoritiesPrivate Sector

Maturity Reference for CSIRTs – Executive Summary

The target audience for this study is primarily the middle management layer in the CSIRTs, responsible for increasing the team’s maturity. The study will help them to more easily and quickly implement real maturity improvement, following self-…
National / EU authoritiesPrivate Sector

A good practice guide of using taxonomies in incident prevention and detection

The aim of this document is to provide good practices on using taxonomies for incident detection and prevention by taking into account the input received from the CSIRT community and relevant information from previous ENISA studies. In addition, it…
National / EU authoritiesPrivate Sector