Here you can browse all ENISA publications ordered by publication date.
You can also access the ENISA Work Programmes & General Reports and the ENISA Management Board Newsletters
For a list of ENISA’s 2012 Work Programme publications, with links, please click here.
If you would like to browse past publications (before 2010) here is the link to our archive.
Dec 06, 2013
In 2011 ENISA reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of the Art. 4 of the ePrivacy Directive, which included recommendations on how to plan and prepare for data breaches, how to detect and assess them, how to notify individuals and competent authorities and how to...
Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems (ICS).
In the last decade SCADA technology has passed through a transformation, from isolated and proprietary systems into open architectures and...
Dec 04, 2013
This document builds upon the current practice of CERTs with responsibilities for ICS networks, and also on the earlier work of ENISA on a baseline capabilities scheme for national/ governmental (n/g) CERTs. The document is an initial attempt to provide a good practice guide for the entities that have been tasked to provide ICS Computer Emergency Response Capabilities (ICS-CERC). On the other...
Nov 28, 2013
This Good Practice Collection was produced at the initiative of ENISA in the context of its support activities to ensure the efficient functioning of CERTs/CSIRTs and their cooperation with law enforcement agencies (LEAs) in the face of a new development in European cybercrime policy.The report serves two major goals, which both aim at supporting CERTs/CSIRTs:
1) Firstly to provide an analysis...
Nov 27, 2013
Mobile communications are an integral part of everyday life. In less than 30 years they have surpassed the traditional fixed line telephony. Every day millions of European citizens rely on mobile telephony for work, social life, but also to contact emergency services. Hence outages of a mobile network can have a severe impact on the economy and on society.
Mobile network outages are common. In...
Nov 21, 2013
This guide complements the existing set of ENISA guides that support Computer Emergency Response Teams (CERTs, also known as CSIRTs). It describes good practices and provides practical information and guidelines for the process of preparing and issuing alerts, warnings and announcements to a CERT’s constituency.
The main focus area of the guide is the process of informing the CERTs and their...
This report aims at providing input for the adoption of a framework on privacy certifications, as well as for eGovernment certification in Europe. There are numerous IT security certification schemes across the European Member States that can serve as the basis for the drawing of recommendations on aspects of security certifications that could be applied to privacy and eGovernment services...
Nov 20, 2013
The focus of this report is on the threat and incident information exchange and sharing practices used among CERTs in Europe, especially, but not limited to, national/governmental CERTs.
It aims at:
- Taking stock of existing communication solutions and practices among European CERTs
- Identifying the functional and technical gaps that limit threat intelligence exchange between n/g CERTs...
Nov 19, 2013
This report is based on a study and analysis of approaches to national-level risk assessment and threat modelling for cyber security which was conducted between April and October 2013. ENISA aims to provide an evidence-based methodology for establishing a National-level Risk Assessment in order to contribute to the wider objective of improving national contingency planning practices (NCPs) . This...
Nov 18, 2013
This document is a brief ENISA report on the annual workshop for Computer Emergency Response Teams in Europe “CERTs in Europe”. The first part of the workshop focused on hands-on technical training for non- governmental CERTs in Europe. Part II of the workshop, the ENISA/EC3 workshop, is a follow up event to last years's workshop with Europol and it has the same focus on cooperation between...
Nov 15, 2013
In this report, ENISA identifies the Member States with operational government Cloud infrastructures and underlines the diversity of Cloud adoption in the public sector in Europe. Moreover through this document, ENISA aims to assist Member States in elaborating a national Cloud strategy implementation, to understand current barriers and suggest solutions to overcome those barriers, and to share...
Nov 04, 2013
This document addresses the protection measures applied to safeguard sensitive and/or personal data, which has been acquired legitimately by a data controller. In this respect it discusses how information technology users, who have a basic knowledge of information security, can employ cryptographic techniques to protect personal data. Finally, it addresses the need for a minimum level of...
Oct 29, 2013
This document collates a series of recommendations for algorithms, keysizes, and parameter recommendations. It addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to protect personal and sensitive data of the citizens. The document tries to address the need for continuation of the reports published by ECRYPT NoE...
Oct 24, 2013
ENISA hosted the ‘Second ENISA International Conference on Cyber Crisis Cooperation and Exercises’ on 23–24 September 2013 in Athens, Greece.
The Second ENISA International Conference on Cyber-Crisis Cooperation and Exercises was a unique high-profile international event that aimed to directly support the new cyber security strategy2 of the European Union by helping various constituents...
Oct 18, 2013
Fully revised for 2013, the document looks at the latest trends affecting the cyber-threat landscape, and also examines the EU's Cybersecurity Strategy and the Draft Directive on Network and Information Security (NIS).
Oct 09, 2013
Security experts across the world continue to sound the alarm bells about the security of Industrial Control Systems (ICS). Industrial Control Systems look more and more like consumer PCs.
They are used everywhere and involve a considerable amount of software, often outdated and unpatched.
Recent security incidents in the context of SCADA and Industrial Control Systems emphasise greatly the...
Oct 03, 2013
Across society there are now critical services which rely on computers, networks and servers. Protecting the security of this information infrastructure is not easy. Often the information infrastructure is run by several organisations and uses different types of information technology from different companies. This report deals with the issue of how to enforce an adequate level of security across...
Sep 19, 2013
ENISA presents in this short paper a first “taste” of current developments related to the Threat Landscape 2013.
Aug 20, 2013
This report provides an overview of the process and an aggregated analysis of the 79 incident reports of severe outages of electronic communication networks or services which were reported by national regulators during 2012.
Jun 20, 2013
This document aims to provide an overview on the actual situation concerning CERT matters in Europe. It provides a list of response teams and similar facilities by country, but also contains a catalogue of co-operation, support and standardisation activities related to them.
European Union Agency for Network and Information Security (ENISA) ·