Recommended cryptographic measures - Securing personal data
This document addresses the protection measures applied to safeguard sensitive and/or personal data, which has been acquired legitimately by a data controller. In this respect it discusses how information technology users, who have a basic knowledge…
EISAS Large-Scale Pilot - Collaborative Awareness Raising for EU Citizens & SMEs
To continually raise the level of cyber security awareness of all citizens and businesses, the European Commission decided to promote a collaborative approach for awareness raising in Europe. Introduced in 2006, EISAS, the European Information…
Interoperable EU Risk Management Toolbox
This document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information security RM methods. The toolbox aims to facilitate the smooth integration of various RM methods in an…
Annual report Telecom security incidents 2017
The Annual report Telecom security incidents 2017 is the 7th annual report about significant outage incidents in the EU electronic communications sector. The legal framework for this incident reporting process is Article 13a of the Framework…
Annual Report Trust Services Security Incidents 2017
The Annual report Trust Services security incidents 2017 marks the 1st full year of annual reporting about significant security incidents in the EU's trust services sector. The legal framework for this incident reporting process is Article 19 of the…
EUELEx19_AAR
On April 5th, the European Parliament, the European Commission and the EU Agency for cybersecurity (ENISA) in close cooperation with the EU Member States organised an exercise to test the EU's response to and crisis plans for potential…
Economics of Vulnerability Disclosure
Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited. The different actors within a vulnerability disclosure process are subject to a range of…
Security Framework for Governmental Clouds
ENISA after having analysed the present state of play of governmental Cloud deployment in 2013 report, presents a guide on the steps public administration has to take to deploy cloud computing. This report gives guidance on the process from pre-…
Alerts-Warnings-Announcements
This guide complements the existing set of ENISA guides that support Computer Emergency Response Teams (CERTs, also known as CSIRTs). It describes good practices and provides practical information and guidelines for the process of preparing and…
Recommendations for technical implementation of Art.4
In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs and industry. This group helped in the development of the specific technical recommendations for the implementation of…