Proposal for One Security Framework for Articles 4 and 13a
There are two pieces of EU legislation which explicitly mention security measures in the telecom sector: Article 4 of the e-Privacy directive asks providers to take security measures to protect security of personal data processing. Article 13a of…
Security Framework for Governmental Clouds
ENISA after having analysed the present state of play of governmental Cloud deployment in 2013 report, presents a guide on the steps public administration has to take to deploy cloud computing. This report gives guidance on the process from pre-…
Guidelines for trust service providers - Part 1: Security framework
This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically…
Bolstering ENISA in the EU Cybersecurity Certification Framework
Under the CSA, the key role reserved for ENISA is to assist in the preparation of candidate cybersecurity certification schemes. In doing so, ENISA needs to interact with both EU Member States and industry stakeholders.
Stock taking of security requirements set by different legal frameworks on OES and DSPs
In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified…
Security framework for Trust Service Providers - Technical guidelines on trust services
Article 19, which is the main focus of this document, of the eIDAS Regulation, states that Trust Service Providers have to demonstrate due diligence, in relation to the identification of risks and adoption of appropriate security practices, and…
Towards a framework for policy development in cybersecurity - Security and privacy considerations in autonomous agents
One of the key aspects in autonomous systems is the data collected, mainly for supporting the demanding functionality in a qualitative and timely manner. The current study highlights a number of relevant security and privacy considerations, such as…
Supporting NIS2 implementation through actionable guidance
The EU Agency for Cybersecurity (ENISA) publishes a technical guideline for the security measures of the NIS2 Implementing Regulation to assist digital infrastructures and managed service providers.
Annual report Telecom security incidents 2017
The Annual report Telecom security incidents 2017 is the 7th annual report about significant outage incidents in the EU electronic communications sector. The legal framework for this incident reporting process is Article 13a of the Framework…
Addressing Skills Shortage and Gap Through Higher Education
In this report, ENISA contributes to both practice and research on the cybersecurity skills shortage and gap in two distinctive areas. Firstly, it provides an overview of the current supply of cybersecurity skills in Europe through an analysis of…