Here you can browse all ENISA publications ordered by publication date.
You can also access the ENISA Work Programmes & General Reports and the ENISA Management Board Newsletters
For a list of ENISA’s 2012 Work Programme publications, with links, please click here.
If you would like to browse past publications (before 2010) here is the link to our archive.
Dec 27, 2014
In the ETL 2014, details of the developments made in 2014 are consolidated by means of top cyber threats and emerging threat trends in various technological and application areas. References to over 400 relevant sources on threats will help decision makers, security experts and interested individuals to navigate through the threat landscape.
Jan 19, 2015
This document has been created as part of an ENISA-funded study of the state of security information sharing and is intended to supplement the main report, “Actionable Information for Security Incident Response.” The purpose of this document is to give the target audience of this study - national and governmental CERTs - a better understanding of the standards and tools for processing...
This document is intended as a good practice guide for the exchange and processing of actionable information. The report is relevant to incident response in all types of organizations, the primary audience of this study isnational and governmental CERTs. The scope of the study is purposefully broad.
Jan 15, 2015
This study details a list of good practices that aim at securing an Internet infrastructure asset from Important Specific Threats. A gap analysis identifies that some assets remain not covered by current good practices: human resources (administrators and operators) for Routing, DNS and Denial of Service, as well as System Configuration and Essential Addressing Protocols for Denial of Service.
Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of prevention and protection measures in all sectors, naturally including the finance sector.
This research aimed at understanding and comparing the...
Jan 12, 2015
This report contributes to bridging the gap between the legal framework and the available technolog-ical implementation measures by providing an inventory of existing approaches, privacy design strat-egies, and technical building blocks of various degrees of maturity from research and development. Starting from the privacy principles of the legislation, important elements are presented as a first...
Dec 19, 2014
The report describes the need for harmonised European smart grid certification practices which cover the complete smart grid supply chain, and are supported by a European platform based on M/490 SGAM1 (Smart Grid Architecture Model) and the concept of smart grid chain of trust.
Dec 17, 2014
This document aims to provide recommendations to Member States (MS) that wish to protect their underground electronic communications infrastructure against disruption due to civil works. This document shall help MS to assess their need to deploy an automated information system for damage prevention, and eventually assist them in the development of such tool through a number of recommendations.
Dec 11, 2014
The “Security Guide for ICT Procurement” aims to be a practical tool for electronic communications service providers to better manage security risks when dealing with vendors of ICT products and outsourced services. The Guide maps security risks which could lead to a disruption of electronic communications services for users, to a full framework of security requirements, which can be applied...
The report, “Secure ICT Procurement in Electronic Communications”, focuses on the growing dependency of electronic communications service providers on ICT products and outsourced services, it analyses security risks associated with third party ICT products and outsourced services used for core operations, it provides practices used in the sector and it gives general recommendations to the...
Dec 01, 2014
This report represents the outcome of an impact assessment of ENISA’s support to Computer Emergency Response Teams (CERTs) for the period 2005 until today. The impact assessment has served as a basis for a proposed roadmap to 2020.
The key objectives of the study are to: take stock of ENISA achievements in relation to European CERTs, and in light of relevant policy documents; perform an...
Nov 27, 2014
ENISA work on the evaluation of National Cyber Security Strategies (NCSS) addressing to policy experts and government officials who design, implement and evaluate an NCSS policy. It aims to be a flexible and pragmatic tool based on principles rather than prescriptive checklists, in alignment with the provisions of the EU Cyber Security Strategy.
The evaluation framework developed by ENISA,...
One of ENISA’s role is that of community builder. In order to properly fulfill this role, ENISA must have a better insight at what makes or breaks a community – trust. This report takes a first informal look at how communities build and maintain trust, by looking at four different operational communities. This report highlights commonalities and differences, and gives a first set of...
Nov 21, 2014
Cryptographic algorithms, when used in networks, are used within a cryptographic protocol. Even if the cryptographic primitives and schemes (discussed in the “Algorithms, key size and parameters” report of 2014, see link below) are deemed secure, their use within a protocol can result in a vulnerability which exposes the supposedly secured data.
The report focuses on the current status in...
The “Algorithms, key size and parameters” report of 2014 is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection within commercial organisations or governmental services for citizens.
This report provides an update of the 2013 cryptographic guidelines report (link...
Nov 19, 2014
This report focuses on analysing the current situation concerning cybersecurity challenge competitions in Europe. The experience gathered will be the basis to develop a pan-European competition on cybersecurity.
Nov 12, 2014
The goal of this document is to guide both novice and experienced trainers to design and deliver trainings of any size or type, and to make these trainings more successful, more “fun” and with better and longer lasting results.
Nov 06, 2014
This is a comparative study on the cyber crisis management and the general crisis management. The purpose of the study is twofold: to compare the concepts from general crisis management systems with the corresponding systems related to cyber crisis management, and to conduct a conceptual analysis of the language and terminology within these two fields, covering for their structures, scope and...
Oct 31, 2014
This document continues work from previous activities by suggesting training materials, scenarios and a way forward for implementing the EC roadmap for NIS education in Europe. In doing so, the Agency has recognised the heterogeneous landscape of Europe in this area.
Oct 24, 2014
In this document we give guidance to NRAs about the implementation of Article 13a and in particular about the security measures that providers of public communications networks must take to ensure security and integrity of these networks. It lists the minimum security measures NRAs should take into account when evaluating the compliance of public communications network providers with paragraph 1...
European Union Agency for Network and Information Security (ENISA) ·