This study aims to present the regulatory and non-regulatory approaches of EU Member States as well as EEA and EFTA countries to share information on cyber incidents, the different sector regulation challenges of managing cyber security issues, and their key practices in addressing them. The study identifies three types of approaches to share information on cyber security incidents: 1) traditional regulation; 2) alternative forms of regulation, such as self- and co-regulation; 3) other approaches to enable information sharing, such as information and education schemes.
The European FI-ISAC, the European Financial Institutes – Information Sharing and Analysis Centre, is an independent organisation, that was founded in 2008.
One of ENISA’s role is that of community builder. In order to properly fulfill this role, ENISA must have a better insight at what makes or breaks a community – trust. This report takes a first informal look at how communities build and maintain trust, by looking at four different operational communities. This report highlights commonalities and differences, and gives a first set of recommendations to enhance trust in a community.
The focus of this report is on the threat and incident information exchange and sharing practices used among CERTs in Europe, especially, but not limited to, national/governmental CERTs. It aims at: - Taking stock of existing communication solutions and practices among European CERTs - Identifying the functional and technical gaps that limit threat intelligence exchange between n/g CERTs and their counterparts in Europe, as well as other CERTs within their respective countries - Defining basic requirements for improved communications interoperable with existing solutions