Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Flash Note: Heartbleed - A wake-up call

Last week the entire web discovered the existence of the so called “Heartbleed” vulnerability affecting one of the most popular mechanisms used to secure communication with web sites: OpenSSL. The underlying problem is a programming error with…

Flash Note: Large scale UDP attacks - the 2014 trend and how to face it

Recent news show the increase of large scale attacks exploiting specific vulnerabilities of the Internet core protocols. In the latest cases, the Network Time Protocol (NTP), which allows synchronizing devices to the coordinated universal time (UTC…

Brokerage model for Network and Information Security in Education

By publishing the Brokerage model for Network & Information Security (NIS) in Education report, we aim to provide content and promote digital education on network and information security at all levels. The target group is composed of educators…

Flash note: Risks of using discontinued software

ENISA warns about the risks of using discontinued software, not only because of the lack of support from the manufacturer, but also from third parties, like manufacturers of anti-malware or other kind of software, or computer peripherals. This will…

Recommendations for a methodology of the assessment of severity of personal data breaches

The European Union Agency for Network and Information Security (ENISA) reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of the…

eID Authentication methods in e-Finance and e-Payment services - Current practices and Recommendations

This report collects the results of a survey launched by ENISA (European Network and Information Security Agency). The main purpose of the survey has been to collect information about the electronic IDentity and Authentication Systems (eIDAS) used…

Guidelines for trust service providers - Part 1: Security framework

This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically…

Guidelines for trust service providers - Part 2: Risk assessment

This document covers the following aspects of Trust Service Providers operations: • Assets: identification, classification and evaluation • Threats to assets: classification and evaluation • Vulnerabilities present in the environment • Probability…

Guidelines for trust service providers - Part 3: Mitigating the impact of security incidents

This document recommends measures to mitigate the impact of security incidents on trust service providers (TSP) by proposing suitable technical and organisational means to handle the security risks posed to the TSP. This is done using a…

Proposal for One Security Framework for Articles 4 and 13a

There are two pieces of EU legislation which explicitly mention security measures in the telecom sector: Article 4 of the e-Privacy directive asks providers to take security measures to protect security of personal data processing. Article 13a of…