Sectoral CSIRT Capabilities - Energy and Air Transport
This study provides a continuation of work on Sectoral IRC at European level following the publication of the 2019 “EU Member States incident response development status report”. The report focuses on trends in Energy and Air Transport Incident…
PSIRT Expertise and Capabilities Development
This study focuses on the Sectoral CSIRT and PSIRT capabilities status and development within the Energy and Health sectors as specified within the NIS directive. A desk research has been conducted, followed by a survey which was answered by 7…
Strategies for incident response and cyber crisis cooperation
This document was prepared for the NIS Platform WG2 members introducing the main functions of CSIRTs from incident handling to crisis coordination – a high-level summary of the basics of incident response based on ENISA’s previous work on CSIRTs and…
Electronic evidence - a basic guide for First Responders
This report is a continuation of the work done by ENISA in the field of good practices for CSIRTs and LEAs in the fight against cybercrime. It aims at providing a guide for first responders, with a special emphasis in evidence gathering. It aims at…
Good practice guide for CERTs in the area of Industrial Control Systems - Computer Emergency Response Capabilities considerations for ICS
This document builds upon the current practice of CSIRTs with responsibilities for ICS networks, and also on the earlier work of ENISA on a baseline capabilities scheme for national/ governmental (n/g) CSIRTs. The document is an initial attempt to…
A Good Practice Collection for CERTs on the Directive on attacks against information systems
This Good Practice Collection was produced at the initiative of ENISA in the context of its support activities to ensure the efficient functioning of CSIRTs and their cooperation with Law Enforcement Agencies (LEAs) in the face of a new development…
Improving recognition of ICT security standards
This report is a continuation and an extension of previously carried out ENISA work on approaches to the NIS Directive by Member States, which have provided recommendations on standardisation and have outlined the use and management of CSIRTs.
A good practice guide of using taxonomies in incident prevention and detection
The aim of this document is to provide good practices on using taxonomies for incident detection and prevention by taking into account the input received from the CSIRT community and relevant information from previous ENISA studies. In addition, it…
Reference Incident Classification Taxonomy
This taxonomy resulted from collaboration initiatives such as the annual ENISA/EC3 Workshop which involved CSIRTs, LEAs, ENISA, and EC3. Other examples include the eCSIRT.net taxonomy2 which was developed in 2003, and the eCSIRT.net mkVI taxonomy3…
Report on Cyber Security Information Sharing in the Energy Sector
The purpose of this report is to understand and learn the development of CSIRTs, ISACs, as well as relevant initiatives on information sharing on cyber security incidents in the energy sector by focusing on the subsectors identified in the NIS…