Search results

237 items matching your search terms.
Filter the results.
Item type












































New items since



Sort by relevance · date (newest first) · alphabetically
Report/Study C source code Online privacy tools for the general public
ENISA has published a study in the area of PETs for the protection of online privacy (online privacy tools) with two main objectives: a) to define the current level of information and guidance that is provided to the general public and b) to provide a proposal for an assessment model for online privacy tools that could bring more assurance in their use, supporting their wider adoption by internet and mobile users.
Located in Publications
Report/Study Report on Annual Privacy Forum 2012
The first Annual Privacy Forum1 (APF’12) was held in Limassol, Cyprus from 10–11 October 2012. The Forum was co-organised by the European Network and Information Security Agency (ENISA)2 and the European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT),3 with the support of the Department of Computer Science of the University of Cyprus. APF’12 was endorsed as an official event of the Cyprus Presidency of the Council of the European Union.
Located in Publications
Report/Study Securing personal data in the context of data retention
Data retention legislation has been adopted to address concerns related to national security and serious criminal activity. The legislation provides access to communication data for law enforcement purposes. However, according to the Data Retention Directive (DRD) personal data collected, stored or in any way processed in most European Union (EU) Member States (MSs) needs to be securely protected, to meet the requirements of data protection legislation. This study provides the results of (a) a survey on the national implementation of the DRD in six selected Member States on the requirements regarding technical and organisational security measures (in short ‘security measures’) and the implementation of the data security principles that are provided for in the Directive, and (b) a state-of-the-art analysis of the security measures proposed for the protection of personal data collected and stored in the context of the DRD. ENISA initiated this study following a request by the Directorate General Home Affairs (DG HOME) of the European Commission. This document aims at providing a set of recommendations for a common European approach on the security measures that should be taken in relation to retained data, taking into account existing specifications on security measures.
Located in Publications
Report/Study Security certification practice in the EU - Information Security Management Systems - A case study
This report aims at providing input for the adoption of a framework on privacy certifications, as well as for eGovernment certification in Europe. There are numerous IT security certification schemes across the European Member States that can serve as the basis for the drawing of recommendations on aspects of security certifications that could be applied to privacy and eGovernment services certification. This study addresses Information Security Management Systems (ISMS) certification.
Located in Publications
Report/Study ECMAScript program Information security and privacy standards for SMEs
The analysis conducted for this study, based on the interviews with subject matter experts and review of available studies, shows that, despite rising concerns on information security risks, the level of SMEs information security and privacy standard adoption is relatively low. The main existing drivers and barriers that contribute to the limited uptake of information security and privacy standards in European SMEs have been identified and analysed in this
Located in Publications
Report/Study Study on cryptographic protocols
Cryptographic algorithms, when used in networks, are used within a cryptographic protocol. Even if the cryptographic primitives and schemes (discussed in the “Algorithms, key size and parameters” report of 2014, see link below) are deemed secure, their use within a protocol can result in a vulnerability which exposes the supposedly secured data. The report focuses on the current status in cryptographic protocols and encourages further research. A quick overview is presented on protocols which are used in relatively restricted application areas such as wireless, mobile communications or banking (Bluetooth, WPA/WEP, UMTS/LTE, ZigBee, EMV) and specific environments focusing on Cloud computing. The main emphasis of the report is on guidelines to researchers and organisations in the field. The key problem with protocols today is that many result from cryptographic design many years (even decades) ago. Thus cryptographic protocols suffer more from legacy issues than the underlying cryptographic components. The goal should be to work towards a better cryptographic protocol infrastructure which does not exhibit such problems. Thus we provide in this report guidelines to organisations which are developing new protocols.
Located in Publications
Report/Study image/x-coreldrawpattern Survey of accountability, trust, consent, tracking, security and privacy mechanisms in online environments
The study, using a survey, attempts to evaluate which are currently the mechanisms deployed in available online services for accountability, consent, trust, security and privacy. While the finding of this survey cannot be easily extrapolated to all online services, some trends are prominent and it is safe to assume that these are valid for most organisations that operate online. Besides these trends, we mention here the lack of a single coherent view on how to best achieve user privacy in online environments. An increase in awareness of privacy and security concepts within organisations and industry sectors appears to be desirable, in order to maintain a high level of security and confidence on the part of users and society in the ICT infrastructure and services provided within the EU. A major area of concern was how the EU would create and maintain a ‘level regulatory playing field’, especially with non-EU based multinationals entering the EU market without proper (privacy) compliance and rapidly establishing a significant user base.
Located in Publications
Report/Study The right to be forgotten - between expectations and practice
The right to be forgotten is included in the proposed regulation on data protection published by the European Commission in January 2012. The regulation is still to be adopted by the European Parliament for entering into force. The different legal aspects of the right to be forgotten (i.e. right to erasure or right to oblivion) have been debated in different contexts and are beyond the scope of this paper. With this paper we aim to cover other facets of the right to be forgotten. We focus on the technical means to enforce or support the right in information systems; as can be seen from this paper, there are technical limitations and there is a further need for clear definitions and legal clarifications.
Located in Publications
Report/Study Smartphones: Information security risks, opportunities and recommendations for users
The objective of this report is to allow an informed assessment of the information security and privacy risks of using smartphones. Most importantly, we make practical recommendations on how to address these risks. We assess and rank the most important information security risks and opportunities for smartphone users and give prioritised recommendations on how to address them. The report analyses 10 information security risks for smartphone users and 7 information security opportunities. It makes 20 recommendations to address the risks.
Located in Publications
Report/Study C header Recommendations for technical implementation of Art.4
In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs and industry. This group helped in the development of the specific technical recommendations for the implementation of the Article 4 of the ePrivacy Directive, including a practical and usable definition of a data breach, and in particular its relation to the definition of an “information security incident”, criteria for determining a data breach, identification and assessment of security controls that affect determination of a breach, identification and assessment of risks of data breaches and procedures of notifications about data breaches in both private and public sector, including online processing of data breaches, definition of „undue delay‟ etc.
Located in Publications

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information