General FAQ's on ENISA

1. What does ENISA do?

ENISA’s role is to enhance the cyber security prevention work and capability of the EU and its Member States, and as consequence, the business community to prevent, address and respond to network and information security challenges.
To this end the Agency activities are focussed on:

  • Advising and assisting the Commission and the Member States on information security and in their dialogue with industry to address security-related problems in hardware and software products.
  • Collecting and analysing data on security incidents in Europe and emerging risks;
  • Promoting risk assessment and risk management methods to enhance our capability to deal with information security threats;
  • Awareness-raising and co-operation between different actors in the information security field, notably by developing public / private partnerships with industry in this field.

2. What does ENISA NOT do?

ENISA’s role is to be a body of expertise in cyber security; NOT of being an inspecting, or directly operational, or regulating EU-authority (in contrast to some other EU-agencies). ENISA’s remit clearly does not extend to the domains of operational national security, law enforcement and defence, but remains in the prevention field. National and other EU bodies e.g. EDPS and Europol have the operational responsabilities for these matters. ENISA’s reports and studies are highly used as starting point and input for the Commission initiatives and legislation in the field of cyber security.

3.Why was ENISA created to work for the EU and its Member States with Information Security

ENISA was created as it became increasingly clear to the Member States that they where all making a lot of efforts in this area. At the same time, the importance of making sure that the Digital Economy and Information Society functioning became progressively more clear. But in 2001, there was very little, or no cooperation or information exchange between the Members States, or between the governments and the industry in the field of Information Security. ENISA was set up to bridge this gap and bring forward good practices for all to use and to spread a culture of security across Europe.

By using the “open method of co-ordination” between the Member States and the industry in this field, ENISA is facilitating and can contribute to a significant improvement in raising the exchange of Information Security knowledge and best practices between the Member States. ENISA acts like a broker of knowledge and a switchboard of information. ENISA is also an EU point of contact for the external world on these matters, in close liaison with the EEAS.

4. What does ENISA do more concretely?

Please visit our General Report and Work Programme page, and for latest updates, our press releases, and in German, French and Greek.

5. Who is in charge of ENISA?

ENISA is headed by the Executive Director, Dr. Udo Helmbrecht who is responsible for all questions related to Information Security falling within the Agency's remit. The work of the Agency is overseen by a Management Board. The Management Board is composed of representatives from the EU Member States, the European Commission as well as industry, academic and consumer’s organisation stakeholders. The Executive Director is moreover responsible to the European Parliament, the Council of the European Union, and the Court of Auditors. As ENISA’s budget derives from the budget of the European Union, its expenditure remains subject to the normal EU financial checks and procedures.

6. Why is ENISA situated in Crete?

As for the location of all around 30 EU Agencies, this decision was taken by Ministers from all EU countries. The objective is to locate an EU-agency closer to EU’s citizens in one of the Member States. For ENISA, the Ministers found a common agreement that ENISA should be situated in Greece. The Greek government then decided to situate ENISA in Crete, due to the close connection to one of the 10 leading ICT-centre’s in Europe, FORTH. Just as Botticelli depicts”the Birth of Spring ” in Crete, and the first European originates from Crete, Crete is the cradle for much of the European culture and civilisation. Starting from Crete, ENISA fosters a new culture of security for Internet, the digtial economy and networks of Europe, to function safe and by encouraging smart users.

7. How does ENISA communicate?

Communicating its results is key for ENISA to achieve impact. To do so, ENISA relies on the support of media and the EU Member States, as multipliers of information. Through its press releases and news items, ENISA publishes its key findings. Thereby, ENISA reaches out to all relevant actors and stakeholders in the Member States, the EU institutions, the private sector and business, and other Information Security experts in the world. Subscribe to RSS feeds of PRs and News items.

Evidently, with a limited budget and staff, the ENISA web site and our social media tools are main channels for acting like a ‘switchboard’ of information for the EU Member States. The geographical location of ENISA, as for any EU Agency, therefore is of less relevance, as we have broadband connections in Crete and good support from the Greek authorities and all our stakeholders. We moreover reach out to the Information Security community through co-organising conferences, and workshops.

8. How is the industry and consumer’s opinions taken into account?

In its structure, a Permanent Stakeholders’ Group and a Management Board which includes different stakeholders. Thereby, ENISA bridges the gap in between the public and the private sector in the field of Information Security.

9. Is it possible to take part in ENISA studies/ make business with ENISA?

As a European Union agency, our work and procurement of services and products, as well as in call for studies, is within strict, official procurement rules. All information concerning studies, or tenders launched through procurements by ENISA is regularly updated under “Public procurement”. You can also subscribe to procurement RSS feeds (calls for tender).

10. How many and who works at the Agency?

There are around 60 staff members working at ENISA. All are highly specialized and qualified from both the private and the public sector. All staff is recruited through EU-wide selections procedures, with applicants from across the 27 EU Member States. There are also a few Seconded National Experts working at the Agency on a short term basis. For all HR/recruitment and application matters, please refer to the career pages, FAQs, and the possibility to subscriber by RSS feeds to vacancies.