Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary
This report aims to support the cooperation between CSIRTs and Law Enforcement, as well as their interaction with the judiciary in their fight against cybercrime, by providing information on the legal, organisational, technical and cultural aspects…
Cyber Europe 2018 - After Action Report
ENISA has compiled all the information gathered during the exercise and produced an after-action report, identifying challenges and main takeaways, and making useful recommendations for the participants.
Analysis of the European R&D priorities in cybersecurity
The present document provides a series of recommendations for the priorities in the EU for R&D in the domain of ICT security made after analysis of a wide series of interviews with domain experts.
The proposed research priorities have the aim to…
Economics of Vulnerability Disclosure
Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited. The different actors within a vulnerability disclosure process are subject to a range of…
Assessment of Standards related to eIDAS
In this report, ENISA presents aspects of QSCD certification and QTSP supervision to identify the way to combine respective elements therein, in line with the eIDAS requirements. In this context, this report seeks to support standards CEN EN 419 241…
Guideline on assessing security measures in the context of Article 3(3) of the Open Internet regulation
This guideline regards the security exceptions in the EU net neutrality rules. It offers a checklist and an evaluation form to help NRAs in deciding whether or not a provider is allowed to take a security measure, for example blocking certain…
Good practices on interdependencies between OES and DSPs
This study is concerned with dependencies and interdependencies among Operators of Essential Services (OES) and Digital Service Providers (DSPs) as defined in the NIS Directive and addresses emerging dependencies and interdependencies across sectors…
Guidelines on assessing DSP security and OES compliance with the NISD security requirements
This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
Good Practices for Security of Internet of Things in the context of Smart Manufacturing
This ENISA study aims at addressing the security and privacy challenges related to the evolution of industrial systems and services precipitated by the introduction of IoT innovations. The main objectives were to collect good practices to ensure…
Annual Report Trust Services Security Incidents 2017
The Annual report Trust Services security incidents 2017 marks the 1st full year of annual reporting about significant security incidents in the EU's trust services sector. The legal framework for this incident reporting process is Article 19 of the…