Strategies for incident response and cyber crisis cooperation
This document was prepared for the NIS Platform WG2 members introducing the main functions of CSIRTs from incident handling to crisis coordination – a high-level summary of the basics of incident response based on ENISA’s previous work on CSIRTs and…
Secure Group Communications for incident response and operational communities
With a number of cybersecurity incidents and an attack surface that increase every day, spanning from large infrastructures to the end users, there is the need to improve operational cooperation, preparedness and information exchange by promoting…
EU Member States incident response development status report
Following the recent transposition of the NIS Directive1 (NISD) into European Member States (MS) legislation, this study aims to analyse the current operational Incident Response set-up within NISD sectors2 and identify the recent changes. The study…
Proactive detection – Measures and information sources
The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident…
Proactive detection - Good practices gap analysis recommendations
The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident…
Proactive detection – Survey results
The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident…
ENISA CSIRT Maturity Framework - Updated and improved
This document presents the updated and improved version of ENISA’s Computer Security Incident Response Teams (CSIRT) Maturity Framework that is intended to contribute to the enhancement of the capacity to manage cyber incidents, with a focus on…
CSIRT Capabilities in Healthcare Sector
An attack directed at a critical infrastructure, such as a hospital, can lead to physical damages and put the lives of patients at risk. Therefore, there is a need for solid Incident Response Capabilities (IRC) in the health sector, in particular…
2020 Report on CSIRT-LE Cooperation: study of roles and synergies among selected countries
The purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in particular national and governmental (n/g) CSIRTs, and law enforcement agencies (LEAs) and their…
2021 Report on CSIRT-Law Enforcement Cooperation
The purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in particular national and governmental CSIRTs, and Law enforcement agencies (LEAs) and their interactions with…