Here you can browse all ENISA publications ordered by publication date.
You can also access the ENISA Work Programmes & General Reports and the ENISA Management Board Newsletters
For a list of ENISA’s 2012 Work Programme publications, with links, please click here.
If you would like to browse past publications (before 2010) here is the link to our archive.
Feb 24, 2014
Recent news show the increase of large scale attacks exploiting specific vulnerabilities of the Internet core protocols. In the latest cases, the Network Time Protocol (NTP), which allows synchronizing devices to the coordinated universal time (UTC), has been misused. Specifically, in December 2013, a vulnerability in this UDP protocol became mainstream and started to be exploited for large scale...
Feb 11, 2014
By publishing the Brokerage model for Network & Information Security (NIS) in Education report, we aim to provide content and promote digital education on network and information security at all levels. The target group is composed of educators such as trainers, teachers and peers involved in formal education and non-formal education, including lifelong learning.In our current brokerage effort we...
Dec 17, 2013
ENISA report on threats in the area of smart grids and good practice guide.
Jan 29, 2014
ENISA warns about the risks of using discontinued software, not only because of the lack of support from the manufacturer, but also from third parties, like manufacturers of anti-malware or other kind of software, or computer peripherals. This will lead in persistent exposure to vulnerabilities and lack of possibility to update peripherals or third party applications.
Dec 13, 2013
ENISA has conducted a survey about the security mechanisms used by TSPs (Trust Service Providers) in Europe, and their interoperability, under the scope of the proposed new Regulation on electronic identification and trust services for electronic transactions in the internal market, which will supersede the current Directive 1999/93/EC on a Community framework for electronic signatures. The...
Under the scope of the the proposed new Regulation on electronic identification and trust services for electronic transactions in the internal market, which will supersede the current Directive 1999/93/EC on a Community framework for electronic signatures, ENISA has conducted a study about the security mechanisms and interoperability issues specific to the new regulated trust services. The aim of...
Dec 20, 2014
This document recommends measures to mitigate the impact of security incidents on trust service providers (TSP) by proposing suitable technical and organisational means to handle the security risks posed to the TSP. This is done using a certification service provider (CSP) as representative example. The document focuses on the concepts and entities of hierarchical public key infrastructures...
This document covers the following aspects of Trust Service Providers operations:
• Assets: identification, classification and evaluation
• Threats to assets: classification and evaluation
• Vulnerabilities present in the environment
• Probability or frequency of the threat
• The impact that the exposure can have on the organization
• Countermeasures that can reduce the...
Dec 20, 2013
This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically outlines security requirements for qualified and non-qualified trust service providers. It references the most important standards and standardization...
Dec 10, 2013
There is growing interest in ICS security testing in Europe. This has led to the current situation in which several initiatives have emerged. Unfortunately, they are mostly considered immature, with poor or no coordination between them and room for improvement in methodologies, standards and educational resources. Most experts consider that leveraging these efforts under a coordinated programme...
This report collects the results of a survey launched by ENISA (European Network and Information Security Agency). The main purpose of the survey has been to collect information about the electronic IDentity and Authentication Systems (eIDAS) used in e-Finance and e-Payment systems, to analyse the risks associated to each eIDAS mechanism, and produce a Guidelines report with the best practices...
Dec 09, 2013
The proposed NIS Directive mentions cloud computing explicitly. This is not surprising. Cloud infrastructures play an increasingly important role in the digital society. A large part of the EU’s Digital Agenda is the European cloud strategy which aims to speed up adoption of cloud computing for financial and economic benefits. ENISA has often underlined the security opportunities of cloud...
Dec 16, 2013
This report analyses the conditions under which online security and privacy seals (OSPS) can be deployed to support users to make an informed trust decision about Web services and their providers with respect to the provided security and privacy. This report is motivated by the numerous policy documents, that mention marks, seals, logos, icons, (collectively referred as OSPS) as a mean enabling...
Electronic communications are the backbone of the EU’s digital society. Article 13a of the EU’s electronic communications Framework directive asks EU Member States to ensure the security and resilience of public electronic communications networks and services.
As part of the implementation of Article 13a, National Regulatory Authorities (NRAs) in the EU collect reports about incidents...
This report presents 5 main recommendations which will –if implemented- improve emergency preparedness for ICT Stakeholders. The results of the preliminary study performed in 2011 showed that the preparedness for Black Swan events (low probability / high impact) cannot be handled in isolation, and that one of the possible responses to this issue could be the use of Mutual Aid Agreements. The...
Dec 12, 2013
This document provides an overview of existing mechanisms supporting Computer Emergency Response Teams (CERTs) to deploy capabilities necessary for their operations and their maturity level. It introduces these mechanisms according to the CERT maturity levels that they address based on eight predefined criteria including requirements that CERTs must meet; CERTs’ focus: type or region; and...
Dec 11, 2013
ENISA releases the 2013's ENISA Threat Landscape (ETL 2013). The ENISA Threat Landscape is a collection of top cyber-threats that have been assessed in the reporting period, ie. end 2012-end 2013.
ENISA has collected over 250 reports regarding cyber-threats, risks and threat agents. ETL 2013 is a comprehensive compilation of the top 15 cyber-threats assessed.
Data retention legislation has been adopted to address concerns related to national security and serious criminal activity. The legislation provides access to communication data for law enforcement purposes. However, according to the Data Retention Directive (DRD) personal data collected, stored or in any way processed in most European Union (EU) Member States (MSs) needs to be securely...
EISAS – European Information Sharing and Alerting – has proven to be a great opportunity to enhance collaboration and foster awareness-raising actions across Europe. ENISA helped design EISAS, but now EISAS has to run by itself.
The deployment plan presented in this document defines an information sharing concept and infrastructure and an accompanying organisational structure, where ENISA...
The European Union Agency for Network and Information Security (ENISA) reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of the Art. 4 of the ePrivacy Directive, which included recommendations on how to plan and prepare for data breaches, how to detect and assess them, how to...
European Union Agency for Network and Information Security (ENISA) ·