A Governance Framework for National Cybersecurity Strategies
This study focuses on the good practices around the set-up and deployment of a governance framework to support the implementation of the NCSS in the EU. The main aim of this statistical outline is to give an overview of the key findings of the study…
National Capabilities Assessment Framework
This report presents the work performed by ENISA to build a National Capabilities Assessment Framework (NCAF). The framework aims at providing Member States with a self-assessment of their level of maturity by assessing their NCSS objectives,…
Building Effective Governance Frameworks for the Implementation of National Cybersecurity Strategies
This study is focusing on the good practices around the set-up and deployment of a governance framework to support the implementation of the NCSS in the EU. The objective is to systematically review existing governance models relevant to the…
Annual report Telecom security incidents 2017
The Annual report Telecom security incidents 2017 is the 7th annual report about significant outage incidents in the EU electronic communications sector. The legal framework for this incident reporting process is Article 13a of the Framework…
Guidelines on assessing DSP security and OES compliance with the NISD security requirements
This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
Telecom Security Incidents 2020 - Annual Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package: Article 13a of the Framework Directive (2009/140/EC) came into force in 2011. The European Electronic Communications…
Telecom Services Security Incidents 2019 Annual Analysis Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package, Article 13a of the Framework directive (2009/140/EC) came into force in 2011. The incident reporting in Article 13a…
Impact evaluation on the implementation of Article 13a incident reporting scheme within EU
As several years have passed since the publication and implementation of the Framework Directive 2009/140 including Art. 13a, an impact evaluation of the new article was necessary. The evaluation has the purpose of assessing the changes in outcome…
Article 19 Incident reporting
The focus of this document is the implementation of incident reporting and it aims at supporting the su-pervisory bodies in being aligned with obligations set out in Article 19. The Article 19 incident reporting framework has been prepared in…
NIS Investments Report 2023
This report aims at providing policy makers with evidence to assess the effectiveness of the existing EU cybersecurity framework specifically through data on how Operators of Essential Services (OES) and Digital Service Providers (DSP) identified in…