ENISA work on the evaluation of National Cyber Security Strategies (NCSS) addressing to policy experts and government officials who design, implement and evaluate an NCSS policy. It aims to be a flexible and pragmatic tool based on…
Good practices in innovation on Cybersecurity under the NCSS
ENISA supports the efforts aimed to enhance the overall level of cybersecurity in the Member States (MS) both at a national and EU level. This report supports that effort by analysing how Member States are approaching innovation as a strategic…
Security aspects of virtualization
This report provides an analysis of the status of virtualization security. ENISA presents current efforts, emerging best practices and known security gaps, discussing the impact the latter have on environments based on virtualization technologies.…
Commonality of risk assessment language in cyber insurance
While several risk assessment languages and frameworks exist in cyber-insurance, the industry has yet to take steps in the direction of harmonisation. This report aims at further investigating this issue by identifying the incentives and barriers…
Cyber Security and Resilience of Intelligent Public Transport. Good practices and recommendations
This study proposes a pragmatic approach that will highlight the critical assets of Intelligent Public Transport systems. It gives an overview of the existing security measures (good practices) that could be deployed to protect these critical assets…
Emergency Communications Stocktaking
The Emergency Communications Stocktaking project is an initiative of the European Network and Information Security Agency (ENISA) to determine how emergency services communicate within their own organisations and with each other in times of…
Definition of Cybersecurity - Gaps and overlaps in standardisation
This document analyses the usage of this term by various stakeholders and reviews standardisation activities in the area of Cybersecurity, providing an overview of overlaps and gaps in available standards. It has been written by CSCG and ENISA…
On the security, privacy and usability of online seals
This report analyses the conditions under which online security and privacy seals (OSPS) can be deployed to support users to make an informed trust decision about Web services and their providers with respect to the provided security and privacy.…
EU Cybersecurity Initiatives in the Finance Sector
The finance sector is a heavily regulated sector, and cybersecurity provisions are already included in multiple EU policies and legislations (e.g. PSD 2 , MIFID II ). EU institutions, agencies, bodies, regulators and other groups of stakeholders run…
Countering SIM-Swapping
In this study, we give an overview of how SIM-Swapping attacks work, list measures that providers can take to mitigate the attack and make recommendations for policy makers and authorities in the telecom sector and other sectors. Security of…