Here you can browse all ENISA publications ordered by publication date.
You can also access the ENISA Work Programmes & General Reports and the ENISA Management Board Newsletters
For a list of ENISA’s 2012 Work Programme publications, with links, please click here.
If you would like to browse past publications (before 2010) here is the link to our archive.
Apr 10, 2015
This guide wants to assist SMEs understand the security risks and opportunities they should take into account when procuring cloud services. This document includes a set of security risk, a set of security opportunities and a list of security questions the SME could pose to the provider to understand the level of security. The risks and opportunities are linked to the security questions so the...
Apr 09, 2015
The Technical Guideline on Security Measures for Article 4 and Article 13a gives guidance to national competent authorities about the supervision of security measures in Article 13a of the Framework Directive (2009/140/EC) and Article 4 of the e-Privacy directive (2002/58/EC). In particular it lists security measures national competent authorities should take into account when evaluating the...
Apr 02, 2015
This report provides an overview of the dedicated means of auditing for TSPs. It discusses specifically the following areas: standards applicable to TSPs and Conformity Assessment Bodies (auditors), methodology of auditing TSPs (off- and on-site), TSPs documentation (plans, policies and procedures) and implementation of TSPs services. This set of good practices can be used as reference for both,...
Mar 25, 2015
This report is a continuation of the work done by ENISA in the field of good practices for CERTs and LEAs in the fight against cybercrime. It aims at providing a guide for first responders, with a special emphasis in evidence gathering. It aims at complementing the existing (vast) material on the topic of digital forensics and evidence gathering, as these are in most cases written from the...
Mar 24, 2015
This paper explains why standards are important for cyber security, specifically in the area of electronic identification and trust services providers. A number of challenges associated with the definition and deployment of standards in the area of cyber security are discussed. This is followed by a brief overview of several key EU initiatives in this area and a number of ENISA recommendations....
Mar 20, 2015
Having a national / governmental CERTs in place that fulfils the requirements for ’baseline capabilities’ as defined in this document is essential for CIIP in all Member States. However these teams should not be considered as the one and only necessary measure a Member State must take in order to ensure adequate protection. CIIP at the national level must always be planned as part of a...
Feb 26, 2015
ENISA after having analysed the present state of play of governmental Cloud deployment in 2013 report, presents a guide on the steps public administration has to take to deploy cloud computing. This report gives guidance on the process from pre-procurement till finalisation and exit from a cloud contract, explaining which are the steps to take when focusing on security and privacy. It offers...
Feb 23, 2015
This study aims to tackle the problem of identification of Critical Information Infrastructures in communication networks. The goal is to provide an overview of the current state of play in Europe and depict possible improvements in order to be ready for future threat landscapes and challenges.
Feb 19, 2015
This document explores how current initiatives on certification of professional skills are related to the topic of ICS/SCADA cyber security. It also identifies the challenges and proposes a series of recommendations towards the development of certification schemes for ICS/SCADA cyber security professionals.Pursuant to interviews with experts worldwide and the analysis of the results of an online...
Feb 10, 2015
ECSM is an EU advocacy campaign that promotes cyber security among citizens and advocates for change in the perception of cyber-threats by promoting data and information security, education, sharing of good practices and competitions.
The objective of this report is to:
1. Present this preparatory work;
2. Carry out an objective evaluation by setting up an external survey open to the ECSM...
Feb 09, 2015
The study identifies threats to all asset classes, across the several alternative design pathways to smart homes. As it develops, the smart home will exhibit a high cyber security risk profile for the individual context, with additional systematic effects on broader information security.
Jan 27, 2015
In the ETL 2014, details of the developments made in 2014 are consolidated by means of top cyber threats and emerging threat trends in various technological and application areas. References to over 400 relevant sources on threats will help decision makers, security experts and interested individuals to navigate through the threat landscape.
Jan 19, 2015
This document has been created as part of an ENISA-funded study of the state of security information sharing and is intended to supplement the main report, “Actionable Information for Security Incident Response.” The purpose of this document is to give the target audience of this study - national and governmental CERTs - a better understanding of the standards and tools for processing...
This document is intended as a good practice guide for the exchange and processing of actionable information. The report is relevant to incident response in all types of organizations, the primary audience of this study isnational and governmental CERTs. The scope of the study is purposefully broad.
Jan 15, 2015
This study details a list of good practices that aim at securing an Internet infrastructure asset from Important Specific Threats. A gap analysis identifies that some assets remain not covered by current good practices: human resources (administrators and operators) for Routing, DNS and Denial of Service, as well as System Configuration and Essential Addressing Protocols for Denial of Service.
Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of prevention and protection measures in all sectors, naturally including the finance sector.
This research aimed at understanding and comparing the...
Jan 12, 2015
This report contributes to bridging the gap between the legal framework and the available technolog-ical implementation measures by providing an inventory of existing approaches, privacy design strat-egies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first...
Dec 19, 2014
The report describes the need for harmonised European smart grid certification practices which cover the complete smart grid supply chain, and are supported by a European platform based on M/490 SGAM1 (Smart Grid Architecture Model) and the concept of smart grid chain of trust.
Dec 17, 2014
This document aims to provide recommendations to Member States (MS) that wish to protect their underground electronic communications infrastructure against disruption due to civil works. This document shall help MS to assess their need to deploy an automated information system for damage prevention, and eventually assist them in the development of such tool through a number of recommendations.
Dec 11, 2014
The “Security Guide for ICT Procurement” aims to be a practical tool for electronic communications service providers to better manage security risks when dealing with vendors of ICT products and outsourced services. The Guide maps security risks which could lead to a disruption of electronic communications services for users, to a full framework of security requirements, which can be applied...
European Union Agency for Network and Information Security (ENISA) ·