Compendium of Risk Management Frameworks with Potential Interoperability
This report presents the results of desktop research and the analysis of currently used
cybersecurity Risk Management (RM) frameworks and methodologies with the potential
for interoperability. The identification of the most prominent RM frameworks…
Digital Identity: Leveraging the SSI Concept to Build Trust
The maintenance of continuity in social life, businesses and administration has accelerated the reflection on the possibility of a need for such decentralised electronic identity. This report explores the potential of self-sovereign identity (SSI)…
Common practices of EU-level crisis management and applicability to the cyber crises
Despite a number of initiatives within the European Network and Information Security community to establish frameworks and standard operating procedures, the EU-level response to cyber incidents, and in particular these which lead to crisis…
Post-Quantum Cryptography: Current state and quantum mitigation
This study provides an overview of the current state of affairs on the standardization process of Post-Quantum Cryptography (PQC). It presents the 5 main families of PQ algorithms; viz. code-based, isogeny-based, hash-based, lattice-based and…
Cybersecurity Certification: Candidate EUCC Scheme V1.1.1
Following the request from the European Commission in accordance with Article 48.2 of the Cybersecurity Act, ENISA has set up an Ad Hoc Working Group to support the preparation of a candidate EU cybersecurity certification scheme as a successor to…
BlueOLEx 2024 exercise: EU-CyCLONe test its cyber crisis response preparedness
In light of the NIS2 era, this year’s edition of the BlueOlex built upon the scenario of Cyber Europe 2024 and tested the executive layer of cooperation in the EU ecosystem.
How Cybersecurity Standards Support the Evolving EU Legislative Landscape
The European Union Agency for Cybersecurity (ENISA) joined forces with the European Standards Organisations (ESOs), CEN, CENELEC and ETSI, to organise their 7th annual conference. The hybrid conference focused on "European Standardisation in support…
Window of exposure… a real problem for SCADA systems?
Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems…
Trusted e-ID Infrastructures and services in the EU - Recommendations for Trusted Provision of e-Government services
Under the scope of the the proposed new Regulation on electronic identification and trust services for electronic transactions in the internal market, which will supersede the current Directive 1999/93/EC on a Community framework for electronic…
Privacy standards for information security
Over the last decade, there has been a significant development of privacy standards, which aim at contributing to the integration of privacy requirements into information processes, systems and services.