Information sharing and common taxonomies between CSIRTs and Law Enforcement
This Report on Information Sharing and Common Taxonomies between CSIRTs and Law Enforcement Agencies (LEAs) was produced at the initiative of ENISA with the objective to enhance cooperation both between the Member States (MS) of the EU and between…
Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches
This study aims to present the regulatory and non-regulatory approaches of EU Member States as well as EEA and EFTA countries to share information on cyber incidents, the different sector regulation challenges of managing cyber security issues, and…
Good practice guide for CERTs in the area of Industrial Control Systems - Computer Emergency Response Capabilities considerations for ICS
This document builds upon the current practice of CSIRTs with responsibilities for ICS networks, and also on the earlier work of ENISA on a baseline capabilities scheme for national/ governmental (n/g) CSIRTs. The document is an initial attempt to…
Security Issues in Cross-border Electronic Authentication
Improving the interoperability of electronic identification and authentication systems is a European task and a task for all Member States. Considerable efforts have been made in several projects to face the challenges of pan-European…
Considerations on ICT security certification in EU - Survey Report
Over the last years, ENISA has engaged in a number of activities in pursuit of supporting the Commission and the Member States in identifying a way forward on the certification of ICT security products and services, which on the one hand seeks to…
Algorithms, Key Sizes and Parameters Report - 2013
This document collates a series of recommendations for algorithms, keysizes, and parameter recommendations. It addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to…
Telecom Services Security Incidents 2019 Annual Analysis Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package, Article 13a of the Framework directive (2009/140/EC) came into force in 2011. The incident reporting in Article 13a…
Sectoral CSIRT Capabilities - Energy and Air Transport
This study provides a continuation of work on Sectoral IRC at European level following the publication of the 2019 “EU Member States incident response development status report”. The report focuses on trends in Energy and Air Transport Incident…
NIS Investments Report 2021
Following the 2020 NIS Investment publication, this report covers all 27 EU Member States and offering additional insights into the allocation of NIS budgets of OES/DSP, the economic impact of cybersecurity incidents and the organisation of…
Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime
In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been…