The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy translates in practice across organisations in the EU and its effects on their investments, resources, and operations.
…
Through a more threat-centric approach and further contextual analysis, this latest edition of the ENISA Threat Landscape analyses 4875 incidents over a period spanning from 1 July 2024 to 30 June 2025. At its core, this report provides an…
This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The cybersecurity requirements for…
The Annual Incidents report 2013 provides an aggregated analysis of the security incidents in 2013 which caused severe outages. Most incidents reported to regulators and ENISA involved mobile internet and mobile telephony connections.
Last week the entire web discovered the existence of the so called “Heartbleed” vulnerability affecting one of the most popular mechanisms used to secure communication with web sites: OpenSSL.
The underlying problem is a programming error…
Recent news show the increase of large scale attacks exploiting specific vulnerabilities of the Internet core protocols. In the latest cases, the Network Time Protocol (NTP), which allows synchronizing devices to the coordinated universal time (…
By publishing the Brokerage model for Network & Information Security (NIS) in Education report, we aim to provide content and promote digital education on network and information security at all levels. The target group is composed of…
ENISA warns about the risks of using discontinued software, not only because of the lack of support from the manufacturer, but also from third parties, like manufacturers of anti-malware or other kind of software, or computer peripherals. This…
The European Union Agency for Network and Information Security (ENISA) reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of…
This report collects the results of a survey launched by ENISA (European Network and Information Security Agency). The main purpose of the survey has been to collect information about the electronic IDentity and Authentication Systems (eIDAS)…
This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically…
This document covers the following aspects of Trust Service Providers operations:
• Assets: identification, classification and evaluation
• Threats to assets: classification and evaluation
• Vulnerabilities present in the environment…
This document recommends measures to mitigate the impact of security incidents on trust service providers (TSP) by proposing suitable technical and organisational means to handle the security risks posed to the TSP. This is done using a…
Stay updated with ENISA! Sign up for email alerts on publications, events, vacancies, and more.
