Incident notification for DSPs in the context of the NIS Directive
This report provides preliminary guidelines on how incident notification provisions for Digital Service Providers could be effectively implemented across the EU. Based on valuable input from Member States and companies directly impacted by the…
Stock taking of information security training needs in critical sectors
The primary objective of this project is to provide a mapping of ENISA’s training program and a strategy to adapt it in the light of the recently adopted EU NIS Directive, catering for the needs of the identified critical sectors.
Demand Side of Cyber Insurance in the EU
The report analyses current perspectives and challenges of Operator of Essential Services (OESs) related to the acquirement of cyber insurance services. Information and statistics are presented according to the selection, acquisition and use of…
Good practices on interdependencies between OES and DSPs
This study is concerned with dependencies and interdependencies among Operators of Essential Services (OES) and Digital Service Providers (DSPs) as defined in the NIS Directive and addresses emerging dependencies and interdependencies across sectors…
CSIRT Capabilities in Healthcare Sector
An attack directed at a critical infrastructure, such as a hospital, can lead to physical damages and put the lives of patients at risk. Therefore, there is a need for solid Incident Response Capabilities (IRC) in the health sector, in particular…
Report on Cyber Security Information Sharing in the Energy Sector
The purpose of this report is to understand and learn the development of CSIRTs, ISACs, as well as relevant initiatives on information sharing on cyber security incidents in the energy sector by focusing on the subsectors identified in the NIS…
Guidelines on assessing DSP security and OES compliance with the NISD security requirements
This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
Railway Cybersecurity
This ENISA study regards the level of implementation of cybersecurity measures in the railway sector, within the context of the enforcement of the NIS Directive in each European Member State. It presents a thorough list of essential railway…
Sectoral CSIRT Capabilities - Energy and Air Transport
This study provides a continuation of work on Sectoral IRC at European level following the publication of the 2019 “EU Member States incident response development status report”. The report focuses on trends in Energy and Air Transport Incident…
PSIRT Expertise and Capabilities Development
This study focuses on the Sectoral CSIRT and PSIRT capabilities status and development within the Energy and Health sectors as specified within the NIS directive. A desk research has been conducted, followed by a survey which was answered by 7…