Guidelines for SMEs on the security of personal data processing
ENISA undertook a study to support SME’s on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the…
DNS Identity
This report provides a view of authentication and verification of domain name owners in the context of domain name registration. It identifies the security challenges, good practices, security controls and associated risks in the domain name…
Remote ID Proofing - Good practices
Through this report, ENISA aims to enhance stakeholder awareness, facilitate risk analysis in evolving threat landscapes, and bolster trustworthiness in remote identity proofing methods.
Cyber Insurance - Models and methods and the use of AI
The main objective of this report is to introduce cyber risk and cyber insurance, provide an overview of existing research and modelling approaches, and identify gaps for upcoming research projects.
Security Framework for Trust Service Providers
This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS…
Security framework for Trust Service Providers - Technical guidelines on trust services
Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of appropriate security practices, and…
Countering SIM-Swapping
In this study, we give an overview of how SIM-Swapping attacks work, list measures that providers can take to mitigate the attack and make recommendations for policy makers and authorities in the telecom sector and other sectors. Security of…
Artificial Intelligence Cybersecurity Challenges
This report presents the Agency's active mapping of the AI cybersecurity ecosystem and its Threat Landscape, realised with the support of the Ad-Hoc Working Group on Artificial Intelligence Cybersecurity. The ENISA AI Threat Landscape not only lays…
Cyber Security and Resilience of smart cars
The objective of this study is to identify good practices that ensure the security of smart cars against cyber threats, with the particularity that smart cars’ security shall also guarantee safety. The study lists the sensitive assets present in…
Security Framework for Qualified Trust Service Providers
This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of…