Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

Seven prime cybersecurity threats were identified in 2024, with threats against availability topping the chart and followed by ransomware and threats against data, and the report provides a relevant deep-dive on each one of them by analysing…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

ENISA Cyber Europe 2014 - After Action Report

ENISA's After Action Report of the pan-European cybersecurity exercise Cyber Europe 2014 (CE2014) was approved by the EU Member States and gives a high-level overview of the complex cybersecurity exercise that was carried out in 2014. The full…
annual incident reports 2014

Annual Incident Reports 2014

The report “Annual Incident reports 2014” provides an aggregated analysis of the security incidents in the European telecom sector in 2014 which caused severe outages. Most incidents reported to regulators and ENISA (137 incidents) involved fixed…
technical guideline on threats and assets

Technical Guideline on Threats and Assets

The Technical Guideline on Threats and Assets provides National Regulatory Authorities (NRAs) with a glossary of terms to communicate about the most significant threats and network assets involved in disruptions in electronic communications networks…

Supply Chain Integrity: An overview of the ICT supply chain risks and challenges, and vision for the way forward (2015)

The root of this report is the assertion that Governments, corporations, organizations, and consumers are increasingly reliant on ICT products and services, and thus on the supply chains that deliver them. As a result of this reliance threats to…

Inventory of CERT activities in Europe

This document aims to provide an overview on the actual situation concerning CERT matters in Europe. It provides a list of response teams and similar facilities by country, but also contains a catalogue of co-operation, support and standardisation…

EP3R 2009-2013 Future of NIS Public Private Cooperation.

The EP3R (European Public-Private Partnership for Resilience) was established in 2009 and was the very first attempt at Pan-European level to use a Public-Private Partnership (PPP) to address cross-border Security and Resilience concerns in the…

Cloud Security Guide for SMEs

This guide wants to assist SMEs understand the security risks and opportunities they should take into account when procuring cloud services. This document includes a set of security risk, a set of security opportunities and a list of security…

Guideline on Security measures for Article 4 and Article 13a

The Technical Guideline on Security Measures for Article 4 and Article 13a gives guidance to national competent authorities about the supervision of security measures in Article 13a of the Framework Directive (2009/140/EC) and Article 4 of the e-…

Auditing Framework for TSPs

This report provides an overview of the dedicated means of auditing for TSPs. It discusses specifically the following areas: standards applicable to TSPs and Conformity Assessment Bodies (auditors), methodology of auditing TSPs (off- and on-site),…

Electronic evidence - a basic guide for First Responders

This report is a continuation of the work done by ENISA in the field of good practices for CSIRTs and LEAs in the fight against cybercrime. It aims at providing a guide for first responders, with a special emphasis in evidence gathering. It aims at…