-
Consumerization of IT: Final report on Risk Mitigation Strategies and Good Practices
-
This report presents security policies that can be deployed to mitigate risks that are related with the trend of Consumerization of IT (COIT) and Bring Your Own Device (BYOD). The aim of this document is to identify mitigation strategies, policies and controls for the risks identified in this area.
Located in
Publications
-
Consumerization of IT: Top Risks and Opportunities
-
This report is an ENISA deliverable in the area of “Identifying & Responding to the Evolving Threat Environment”. It delivers the results of a risk and opportunity assessment in the area of “Consumerization of IT” (COIT), that is, the recent trend where user-owned consumer oriented hard- and software spreads in business environments. COIT is considered as a term embracing the recent trend known as Bring-Your-Own-Device (BYOD).
Located in
Publications
-
Cloud Computing Risk Assessment
-
ENISA, supported by a group of subject matter expert comprising representatives from Industries, Academia and Governmental Organizations, has conducted, in the context of the Emerging and Future Risk Framework project, an risks assessment on cloud computing business model and technologies. The result is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also a set of practical recommendations.Produced by ENISA with contributions from a group of subject matter expert comprising representatives from Industry, Academia and Governmental Organizations, a risk assessment of cloud computing business model and technologies. This is an in-depth and independent analysis that outlines some of the information security benefits and key security risks of cloud computing. The report provide also a set of practical recommendations. It is produced in the context of the Emerging and Future Risk Framework project.
Located in
Publications
-
National-level Risk Assessments: An Analysis Report
-
This report is based on a study and analysis of approaches to national-level risk assessment and threat modelling for cyber security which was conducted between April and October 2013. ENISA aims to provide an evidence-based methodology for establishing a National-level Risk Assessment in order to contribute to the wider objective of improving national contingency planning practices (NCPs) . This report will help towards rationalising national risk assessments in EU Member States in order to reduce or eliminate vulnerabilities of critical Information and Communication Technology (ICT) services and infrastructures.
In conclusion we can see that understanding of the national approach to cyber security and how risk decisions are taken in different countries is important to ensure that the results of any National-level Risk Assessment reach key decision-makers at the right time. It is also clear that there are a variety of approaches and levels of sophistication used in National-level Risk Assessments. Qualitative tools appeared to be preferred due to the complexities of understanding risk in the cyber domain. Depending on the preconditions regarding implementation, risk assessment could be performed using a common set of methods or in a more decentralised fashion. Challenges included the diversity of methodologies and approaches to National-level Risk Assessments (which highlights the need for this guidance document) as well as the complexities of public–private cooperation. As might be expected, many countries studied drew lessons from others when preparing their National-level Risk Assessment programmes. Some countries had identified priorities that they were seeking to focus on, including greater understanding of threats, improved stakeholder engagement and better national CIIP frameworks.
Based on an analysis of the data gathered we recommend the following:
1. Member States should understand better the underlying cyber threats and risks that they face and the impact to society.
2. Member States are advised to integrate National-level Risk Assessment into the lifecycle of NIS incident management and cooperation plans and procedures.
3. Member States should expand public–private sector dialogue and information sharing.
4. A practical step-by-step guide on how to perform National-level Risk Assessments should be developed, tested and maintained. Such a guide should be piloted by countries at the early stages of preparing their own National-level Risk Assessment programme. ENISA or another international institution would be appropriate bodies to oversee this action.
5. A catalogue of scenarios to help Member States in their National-level Risk Assessments should be established at EU level. Such a catalogue could be based on work already being done at ENISA on the threat landscape and incident reporting .
6. The EU community of practitioners with an interest in cyber National-level Risk Assessments should be established and strengthened as information exchange platform, e.g., within the framework of the European Commission’s NIS Platform .
7. Risk analysis expertise must be shared from other domains that assess complex cross-border risks, such as border security, financial services, aviation or public health for example within the European Commission’s NIS Platform and other activities organised by ENISA.
Located in
Publications
-
Introduction to Return on Security Investment
-
As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention. So what is the right amount an organization should invest in protecting information?
Located in
Publications
-
Flying 2.0 - Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology
-
Located in
Publications
-
Flying 2.0 - Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology: Annex I
-
This is Annex I - " Scenario Building & Analysis" of the Final Report "Flying 2.0 - Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology".
Located in
Publications
-
Flying 2.0 - Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology: Annex II
-
This is Annex II - "Risk Assessment Spreadsheet" of the Final Report "Flying 2.0 - Enabling automated air travel by identifying and addressing the challenges of IoT & RFID technology".
Located in
Publications
-
Emerging and Future Risks Framework - Introductory Manual
-
This is an introductory manual for the ENISA Emerging and Future Risks Framework.
Located in
Publications
-
Cyber-bullying and online grooming: helping to protect against the risks
-
Children are the most valuable part of every society, regardless of culture, religion and national origin. Given the rapidly increasing digitalisation of their lives, it seemed important to assess risks related to internet usage and, in particular, the risk of become a victim of online grooming and cyber bullying activities.
Today’s kids are living in an environment that is radically different from that of their parents; virtual environments are increasingly prevalent in private and education environments. This development is detrimental to their physical activities, social skills and the behavioural model that prevailed in previous generations.
ENISA has formed a Working Group consisting of international experts in various disciplines related to the area of children’s online protection. Interdisciplinary knowledge and relevant experience in the area were the criteria of their engagement. During the selection phase of the scenario to be assessed, the expert group has identified cyber bullying and online grooming as an area that requires further elaboration. With this assessment we aim to demonstrate how attacks based on misuse of data (i.e. data mining and profiling) can affect minors.
Although the issue of children’s exposure to internet risks has been addressed in great depth by many organisations (also during the generation of this report), we have performed this risk assessment in order to point out emerging risks and issue non-technical recommendations for their mitigation. Thus, we believe that the findings of this assessment will help in triggering further activities at various levels of society, while contributing to the necessary awareness of the online protection of minors.
Located in
Publications