Guidelines on assessing DSP security and OES compliance with the NISD security requirements
This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
Telecom Security Incidents 2020 - Annual Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package: Article 13a of the Framework Directive (2009/140/EC) came into force in 2011. The European Electronic Communications…
Common practices of EU-level crisis management and applicability to the cyber crises
Despite a number of initiatives within the European Network and Information Security community to establish frameworks and standard operating procedures, the EU-level response to cyber incidents, and in particular these which lead to crisis…
Telecom Services Security Incidents 2019 Annual Analysis Report
Security incident reporting has been part of the EU’s telecom regulatory framework since the 2009 reform of the telecom package, Article 13a of the Framework directive (2009/140/EC) came into force in 2011. The incident reporting in Article 13a…
EISAS (enhanced) report on implementation
The 'EISAS (enhanced) report is an implementation plan for further development and deployment of EISAS concept. It's a 'how-to' method for implementing a fully functional EISAS framework until 2013 in the European Union Member States.
Annual Incident Report 2011
For the first time in the EU, in spring 2012, national reports about security incidents were provided to ENISA and the European Commission, under Article 13a of the Framework Directive (2009/140/EC). This is a new article in the EU legal framework…
Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement
This report aims to support the cooperation between CSIRTs - in particular national/governmental CSIRTs - and LEAs in their fight against cybercrime, by providing information on the framework and on the technical aspects of the cooperation,…
Schemes for auditing security measures
Across society there are now critical services which rely on computers, networks and servers. Protecting the security of this information infrastructure is not easy. Often the information infrastructure is run by several organisations and uses…
Guidelines for SMEs on the security of personal data processing
ENISA undertook a study to support SME’s on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the…
Overview of the practices of ICT Certification Laboratories in Europe
This study seeks to identify and analyse the current landscape of ICT security certification laboratories in EU Member States, comparing them also with third countries practices. The findings of this study will constitute the basis for the Agency’s…