Position Papers
ENISA delivers an assortment of position papers which represent independent expert opinion on topics ENISA considers to be key NIS issues.
The papers identify risks and threats as well as providing recommendations, best practices and raising awareness.
Cyber security: future challenges and opportunities
Date: Dec 02, 2011
New technologies and business models for the use of information and communications technologies (ICTs) have brought many benefits to the European Digital Society and the European citizens. At the same time, the increased use of ICTs has been accompanied by a new set of cyber threats which are developing in ever more rapid, sophisticated and sinister ways. In this paper, ENISA analyses the...
Cyber-bullying and online grooming: helping to protect against the risks
Date: Sep 10, 2011
Children are the most valuable part of every society, regardless of culture, religion and national origin. Given the rapidly increasing digitalisation of their lives, it seemed important to assess risks related to internet usage and, in particular, the risk of become a victim of online grooming and cyber bullying activities. Today’s kids are living in an environment that is radically...
Online Games and Virtual Worlds
Date: Oct 28, 2008
The main body of this report describes MMOGs/VM risks and others, including privacy risks in MMO's, in-game access-control vulnerabilities, scripting vulnerabilities, denial of service, spam and threats to minors, before making a number of recommendations on how to remedy them. To provide evidence for the report, we conducted a survey of 1500 users of MMO/VWs. The complete results can be...
Web 2.0 Security and Privacy
Date: Dec 10, 2008
Along with the report, a survey was conducted of 1500 users from 3 European Countries to collect information on attitudes to Web 2.0 security issues. The main body of this report describes in detail these risks and others, based around a set of architectural patterns characterising the Web 2.0 paradigm shift. It then recommends a comprehensive set of initiatives in web standards and...
Reputation-based Systems: a security analysis
Date: Dec 10, 2007
This paper aims to provide a useful introduction to security issues affecting Reputation-based Systems by identifying a number of possible threats and attacks, highlighting the security requirements that should be fulfilled by these systems and providing recommendations for action and best practices to reduce the security risks to users.
Recommendations for Online Social Networks
Date: Nov 14, 2007
This paper aims to provide a useful introduction to security issues in the area of Social Networking, highlight the most important threats and make recommendations for action and best practices to reduce the security risks to users. Examples are given from a number of providers throughout the papers. These should be taken as examples only and there is no intention to single out a specific...
Strengthening EU legislation
Date: Jan 18, 2008
How to strengthen the EU legislation, improve international cooperation and secure the growing market of internet services. Position paper presented to the LIBE Committee of the European Parliament at the public hearing entitled "Data Protection and Search Engines on Internet (eg: the Google-DoubleClick case)". ENISA was asked to present a position statement on strengthening EU legislation,...
Online Social Networks
Date: Oct 25, 2007
Several SNS are now among the top 10 most visited websites globally. The commercial success of the multi-billion Euro SNS industry depends heavily on the number of users it attracts. Combined with the strong human desire to connect, this encourages design and online behaviour where security and privacy are not always the first priority. Users are often not aware of the size or nature of the...
Security Issues in the Context of Authentication Using Mobile Devices (Mobile eID)
Date: Nov 11, 2008
Mobile devices, like smart phones and PDAs, will play an increasingly important role in the digital environment. However, the pervasive use of mobile devices also brings new security and privacy risks. Persons who make extensive use of mobile devices continuously leave traces of their identities and transactions, sometimes even by just carrying the devices around in their pockets. Throughout...
Fonctionnalités des cartes d’identité électroniques européennes concernant la protection des données privées
Date: Jan 27, 2009
Jeton d’authentification et source de données à caractère personnel, une carte d’identité électronique nationale est une voie d’accès aux informations personnelles. Toute divulgation non souhaitée d’informations personnelles découlant de la délivrance ou de l’utilisation de la carte constitue une violation des droits du citoyen en matière de vie privée. Indépendamment des...
