Gaps in NIS standardisation - Recommendations for improving NIS in EU standardisation policy
This report recommends that the European Commission, with the support of the Member States, pursuant to the NIS Directive, adopt a standards based framework for the exchange of threat and defensive measure information that impacts the functioning of…
Commonality of risk assessment language in cyber insurance
While several risk assessment languages and frameworks exist in cyber-insurance, the industry has yet to take steps in the direction of harmonisation. This report aims at further investigating this issue by identifying the incentives and barriers…
Guidelines on assessing DSP security and OES compliance with the NISD security requirements
This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
Telecom Security Incidents 2020 - Annual Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package: Article 13a of the Framework Directive (2009/140/EC) came into force in 2011. The European Electronic Communications…
Common practices of EU-level crisis management and applicability to the cyber crises
Despite a number of initiatives within the European Network and Information Security community to establish frameworks and standard operating procedures, the EU-level response to cyber incidents, and in particular these which lead to crisis…
CRA - Making the EU Market Resilient
Join us for the first edition of the CRA – Making the EU Market Resilient, conference taking place on 8 October 2025 in Bucharest.
Telecom Services Security Incidents 2019 Annual Analysis Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package, Article 13a of the Framework directive (2009/140/EC) came into force in 2011. The incident reporting in Article 13a…
EISAS (enhanced) report on implementation
The 'EISAS (enhanced) report is an implementation plan for further development and deployment of EISAS concept. It's a 'how-to' method for implementing a fully functional EISAS framework until 2013 in the European Union Member States.
Annual Incident Report 2011
For the first time in the EU, in spring 2012, national reports about security incidents were provided to ENISA and the European Commission, under Article 13a of the Framework Directive (2009/140/EC). This is a new article in the EU legal framework…
Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement
This report aims to support the cooperation between CSIRTs - in particular national/governmental CSIRTs - and LEAs in their fight against cybercrime, by providing information on the framework and on the technical aspects of the cooperation,…