Here you can browse all ENISA publications ordered by publication date.
You can also access the ENISA Work Programmes & General Reports and the ENISA Management Board Newsletters
For a list of ENISA’s 2012 Work Programme publications, with links, please click here.
If you would like to browse past publications (before 2010) here is the link to our archive.
Nov 27, 2014
ENISA work on the evaluation of National Cyber Security Strategies (NCSS) addressing to policy experts and government officials who design, implement and evaluate an NCSS policy. It aims to be a flexible and pragmatic tool based on principles rather than prescriptive checklists, in alignment with the provisions of the EU Cyber Security Strategy.
The evaluation framework developed by ENISA,...
One of ENISA’s role is that of community builder. In order to properly fulfill this role, ENISA must have a better insight at what makes or breaks a community – trust. This report takes a first informal look at how communities build and maintain trust, by looking at four different operational communities. This report highlights commonalities and differences, and gives a first set of...
Dec 01, 2014
This report represents the outcome of an impact assessment of ENISA’s support to Computer Emergency Response Teams (CERTs) for the period 2005 until today. The impact assessment has served as a basis for a proposed roadmap to 2020.
The key objectives of the study are to: take stock of ENISA achievements in relation to European CERTs, and in light of relevant policy documents; perform an...
Nov 21, 2014
Cryptographic algorithms, when used in networks, are used within a cryptographic protocol. Even if the cryptographic primitives and schemes (discussed in the “Algorithms, key size and parameters” report of 2014, see link below) are deemed secure, their use within a protocol can result in a vulnerability which exposes the supposedly secured data.
The report focuses on the current status in...
The “Algorithms, key size and parameters” report of 2014 is a reference document providing a set of guidelines to decision makers, in particular specialists designing and implementing cryptographic solutions for personal data protection within commercial organisations or governmental services for citizens.
This report provides an update of the 2013 cryptographic guidelines report (link...
Nov 19, 2014
This report focuses on analysing the current situation concerning cybersecurity challenge competitions in Europe. The experience gathered will be the basis to develop a pan-European competition on cybersecurity.
Nov 12, 2014
The goal of this document is to guide both novice and experienced trainers to design and deliver trainings of any size or type, and to make these trainings more successful, more “fun” and with better and longer lasting results.
Nov 06, 2014
This is a comparative study on the cyber crisis management and the general crisis management. The purpose of the study is twofold: to compare the concepts from general crisis management systems with the corresponding systems related to cyber crisis management, and to conduct a conceptual analysis of the language and terminology within these two fields, covering for their structures, scope and...
Oct 31, 2014
This document continues work from previous activities by suggesting training materials, scenarios and a way forward for implementing the EC roadmap for NIS education in Europe. In doing so, the Agency has recognised the heterogeneous landscape of Europe in this area.
Oct 24, 2014
In this document we give guidance to NRAs about the implementation of Article 13a and in particular about the security measures that providers of public communications networks must take to ensure security and integrity of these networks. It lists the minimum security measures NRAs should take into account when evaluating the compliance of public communications network providers with paragraph 1...
This guideline gives guidance to NRAs about the implementation of Article 13a (of EU Directive 2009/140/EC) and, in particular, the two types of incident reporting mentioned in Article 13a: the annual summary reporting of significant incidents to ENISA and the EC and ad hoc notification of incidents to other NRAs in case of cross-border incidents. This document defines the scope of incident...
Oct 06, 2014
This report focuses on the brokerage of best practices between the public and private sectors aimed at all members of the Network and Information Security Education community in Europe. ENISA is committed to taking the lead in encouraging the exchange of NIS best practices and it follows a strong community-building process for NIS Education stakeholders.
Sep 29, 2014
Last week a serious, remotely exploitable vulnerability was discovered in the widely deployed Bourne Again Shell (BASH). The technical background is analysed by ENISA in a new flash note.
Sep 16, 2014
The Annual Incidents report 2013 provides an aggregated analysis of the security incidents in 2013 which caused severe outages. Most incidents reported to regulators and ENISA involved mobile internet and mobile telephony connections.
Jun 30, 2014
This document aims to provide an overview on the actual situation concerning CERT matters in Europe. It provides a list of response teams and similar facilities by country, but also contains a catalogue of co-operation, support and standardisation activities related to them.
Apr 14, 2014
Last week the entire web discovered the existence of the so called “Heartbleed” vulnerability affecting one of the most popular mechanisms used to secure communication with web sites: OpenSSL.
The underlying problem is a programming error with fatal consequences. The technical background is analysed by ENISA in a new flash note.
Feb 24, 2014
Recent news show the increase of large scale attacks exploiting specific vulnerabilities of the Internet core protocols. In the latest cases, the Network Time Protocol (NTP), which allows synchronizing devices to the coordinated universal time (UTC), has been misused. Specifically, in December 2013, a vulnerability in this UDP protocol became mainstream and started to be exploited for large scale...
Feb 11, 2014
By publishing the Brokerage model for Network & Information Security (NIS) in Education report, we aim to provide content and promote digital education on network and information security at all levels. The target group is composed of educators such as trainers, teachers and peers involved in formal education and non-formal education, including lifelong learning.In our current brokerage effort we...
Dec 20, 2013
There are two pieces of EU legislation which explicitly mention security measures in the telecom sector: Article 4 of the e-Privacy directive asks providers to take security measures to protect security of personal data processing. Article 13a of the Framework directive asks providers to take security measures to protect security of the provided networks and services. It has been argued there is...
This Position Paper intends to establish the foundations of a commonly accepted and adopted methodology to define proper Terminology within EP3R, and later allow a concise Key Assets Categorisation.
European Union Agency for Network and Information Security (ENISA) ·