A simplified approach to Risk Management for SMEs
The aim of this document is to provide a simplified and comprehensive view of risk management/risk
assessment for use within small and medium sized enterprises (SMEs). To achieve this goal, the
present document has been structured in a modular way.…
EISAS Large-Scale Pilot - Collaborative Awareness Raising for EU Citizens & SMEs
To continually raise the level of cyber security awareness of all citizens and businesses, the European Commission decided to promote a collaborative approach for awareness raising in Europe. Introduced in 2006, EISAS, the European Information…
Annual Incident Reports 2013
The Annual Incidents report 2013 provides an aggregated analysis of the security incidents in 2013 which caused severe outages. Most incidents reported to regulators and ENISA involved mobile internet and mobile telephony connections.
Recommendations for technical implementation of Art.4
In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs and industry. This group helped in the development of the specific technical recommendations for the implementation of…
Good Practice Guide for Incident Management
This guide complements the existing set of ENISA guides that support Computer Emergency Response Teams. It describes good practices and provides practical information and guidelines for the management of network and information security incidents…
Privacy and data protection in mobile applications
The scope of the report is to provide a meta-study on privacy and data protection in mobile apps by analysing the features of the app development environment that impact privacy and security, as well as defining relevant best-practices, open issues…
Consumerization of IT: Final report on Risk Mitigation Strategies and Good Practices
This report presents security policies that can be deployed to mitigate risks that are related with the trend of Consumerization of IT (COIT) and Bring Your Own Device (BYOD). The aim of this document is to identify mitigation strategies, policies…
NIS Investments Report 2020
Four years after the NIS Directive entered into force and two years after the transposition by Member States into their national laws, this report presents the findings of a survey of 251 organisations across five EU Member States (France, Germany,…
NIS Investments 2022
This report marks the third iteration of ENISA's NIS Investments report, which collects data on how Operators of Essential Services (OES) and Digital Service Providers (DSP) identified in the European Union’s directive on security of network and…
Standardisation in the field of Electronic Identities and Trust Service Providers
This paper explains why standards are important for cyber security, specifically in the area of electronic identification and trust services providers. A number of challenges associated with the definition and deployment of standards in the area of…