Image
This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The…
Featured publications
ENISA NIS360 2024
The NIS360 is a new ENISA product that assesses the maturity and criticality of sectors of high criticality under the NIS2 Directive, providing both a comparative overview and a more in-depth analysis of each sector. The NIS360 is designed to…
2024 Report on the State of the Cybersecurity in the Union
This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…
All publications
Flash Note: Large scale UDP attacks - the 2014 trend and how to face it
Recent news show the increase of large scale attacks exploiting specific vulnerabilities of the Internet core protocols. In the latest cases, the Network Time Protocol (NTP), which allows synchronizing devices to the coordinated universal time (UTC…
Brokerage model for Network and Information Security in Education
By publishing the Brokerage model for Network & Information Security (NIS) in Education report, we aim to provide content and promote digital education on network and information security at all levels. The target group is composed of educators…
Flash note: Risks of using discontinued software
ENISA warns about the risks of using discontinued software, not only because of the lack of support from the manufacturer, but also from third parties, like manufacturers of anti-malware or other kind of software, or computer peripherals. This will…
Position Paper of the EP3R Task Forces on Incident Management and Mutual Aid Strategies (TF-MASIM)
This document summarises the discussions that happened between April and September 2013 in the EP3R Task Force on Incident Management and Mutual Aid Strategies. The task assigned to this Task Force was to reflect on the potential issues found when a…
EP3R 2013 – Task Forces on Terminology Definitions and Categorisation of Assets (TF-TDCA)
This Position Paper intends to establish the foundations of a commonly accepted and adopted methodology to define proper Terminology within EP3R, and later allow a concise Key Assets Categorisation.
Position Paper of the EP3R Task Forces on Trusted Information Sharing (TF-TIS)
The key recommendations of this report are:
- To establish a pilot based on the Management and Functional Requirements listed in this document which usage will allow a more structured Information Sharing mechanism;
- To designate a neutral party who…
Guidelines for trust service providers - Part 1: Security framework
This document describes the framework surrounding trust service providers (TPSs) – the concepts and standards related to operations of a TSP. It focuses on EU standards, but also takes into account others where relevant. The document specifically…
Guidelines for trust service providers - Part 2: Risk assessment
This document covers the following aspects of Trust Service Providers operations:
• Assets: identification, classification and evaluation
• Threats to assets: classification and evaluation
• Vulnerabilities present in the environment
• Probability…
Guidelines for trust service providers - Part 3: Mitigating the impact of security incidents
This document recommends measures to mitigate the impact of security incidents on trust service providers (TSP) by proposing suitable technical and organisational means to handle the security risks posed to the TSP. This is done using a…
Recommendations for a methodology of the assessment of severity of personal data breaches
The European Union Agency for Network and Information Security (ENISA) reviewed the existing measures and the procedures in EU Member States with regard to personal data breaches and published in 2011 a study on the technical implementation of the…