Guidelines for SMEs on the security of personal data processing
ENISA undertook a study to support SME’s on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the…
Security Framework for Trust Service Providers
This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation. As illustrated below, this security framework includes specific guidelines for TSP on: 1) Risk management related to the security of the eIDAS…
Reinforcing trust and security in the area of electronic communications and online services
This study provides an overview of well-established security practices, for the purpose of sketching the notion of “state-of-the-art” in a number of categories of measures, as they are listed in ENISA’s guidelines for SMEs on the security of…
Security of Mobile Payments and Digital Wallets
The primary objective of this paper is the production of guidelines to assist mobile payment developers and mobile payment providers towards recommended security controls which if implemented would help ensure that consumers, retailers and financial…
Security Framework for Qualified Trust Service Providers
This document proposes a security framework to achieve compliance with Article 19 of the eIDAS Regulation, to which both non-QTSP and QTSP are subject. Nevertheless, Article 19.1 states that the security measures “shall ensure that the level of…
Stock taking of security requirements set by different legal frameworks on OES and DSPs
In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified…
Countering SIM-Swapping
In this study, we give an overview of how SIM-Swapping attacks work, list measures that providers can take to mitigate the attack and make recommendations for policy makers and authorities in the telecom sector and other sectors. Security of…
Data Protection Engineering
Data Protection Engineering can be perceived as part of data protection by Design and by Default. It aims to support the selection, deployment and configuration of appropriate technical and organizational measures in order to satisfy specific data…
Trust Services & Digital Wallets: Moving to the Cloud and Remote Identity Proofing
In order to address the cybersecurity questions of remote identity proofing, the European Union Agency for Cybersecurity (ENISA) organised a workshop to support the area of Trust Services and Digital Wallets and published a report on moving trust…
