Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

ENISA Threat Landscape (ETL) report is an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Cybersecurity Culture Guidelines: 'Technical Annex: Evidence Reviews'

This technical annex contains the four reviews that supported the writing of the report Review of “Behavioural Sciences Research in the Field of Cybersecurity”. The reviews are: 1. Measurement of cyber security attitudes and behaviours, 2.…
Private Sector

ICT security certification opportunities in the healthcare sector

The scope of this report covers functional requirements for a potential ICT security certification scheme for a widely understood healthcare sector.
Private Sector

Good practices on the implementation of regulatory technical standards

MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is…
Private Sector

Good practices on interdependencies between OES and DSPs

This study is concerned with dependencies and interdependencies among Operators of Essential Services (OES) and Digital Service Providers (DSPs) as defined in the NIS Directive and addresses emerging dependencies and interdependencies across sectors…
National / EU authoritiesPrivate Sector

Guidelines on assessing DSP security and OES compliance with the NISD security requirements

This report presents the steps of an information security audit process for the OES compliance, as well as of a self-assessment/ management framework for the DSP security against the security requirements set by the NIS Directive. In addition, it…
National / EU authoritiesPrivate Sector
signalling security in telecom ss7 diameter 5g

Signalling Security in Telecom SS7/Diameter/5G

The present study has deep dived into a critical area within electronic communications, the security of interconnections in electronic communications (signalling security). Based on the analysis, at this moment there is a medium to high level of…
Private Sector

Mapping of OES Security Requirements to Specific Sectors

The current report provides a substantial and comprehensive mapping of the security requirements for OES, as they have been agreed in the NISD Cooperation Group, to sector specific information security standards. ENISA conducted desktop research on…
Private Sector

Stock taking of information security training needs in critical sectors

The primary objective of this project is to provide a mapping of ENISA’s training program and a strategy to adapt it in the light of the recently adopted EU NIS Directive, catering for the needs of the identified critical sectors.

Private Sector

Recommendations on European Data Protection Certification

The objective of this report is to identify and analyse challenges and opportunities of data protection certification mechanisms, including seals and marks, as introduced by the GDPR, focusing also on existing initiatives and voluntary schemes.
National / EU authorities

Considerations on ICT security certification in EU - Survey Report

Over the last years, ENISA has engaged in a number of activities in pursuit of supporting the Commission and the Member States in identifying a way forward on the certification of ICT security products and services, which on the one hand seeks to…
National / EU authorities