Publications

Featured publications

ENISA NIS360

This edition of the ENISA NIS360 report is the third to assess the cybersecurity maturity and criticality of all sectors of high criticality as identified under Annex I of the NIS2 directive. The assessment covers the entire ecosystem of a sector…

NIS Investments 2025

The annual NIS Investments report presents the findings of a study conducted by ENISA to explore how cybersecurity policy translates in practice across organisations in the EU and its effects on their investments, resources, and operations.

NIS2 Technical Implementation Guidance

This report provides technical guidance to support the implementation of the NIS2 Directive for several types of entities in the NIS2 digital infrastructure, ICT service management and digital providers sectors. The cybersecurity requirements for…

All publications

Publish Date

ENISA Threat Landscape mid year 2013

ENISA presents in this short paper a first “taste” of current developments related to the Threat Landscape 2013.

Annual Incident Reports 2012

This report provides an overview of the process and an aggregated analysis of the 79 incident reports of severe outages of electronic communication networks or services which were reported by national regulators during 2012.

Flash Note: Can Recent Attacks Really Threaten Internet Availability?

ENISA is recommending that Internet network providers implement long-known traffic filtering techniques, which could have countered a major cyber incident that hit services across western Europe last Month (March 2013)

Flash note: Cyber-attacks – a new edge for old weapons

The EU’s cyber security agency ENISA has analysed recent major cyber-attacks and is calling for Europe’s businesses and government organisations to take urgent action to combat emerging attack trends. These are characterised by established attack…

Critical Cloud Computing-A CIIP perspective on cloud computing services

In this report we look at cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective and we look at a number of scenarios and threats relevant from a CIIP perspective, based on a survey of public sources on uptake of…

ENISA Threat Landscape 2012

The ENISA Threat Landscape provides an overview of threats, together with current and emerging trends. It is based on publicly available data and provides an independent view on observed threats, threat agents and threat trends. Over 140 recent…

Emergency Communications Stocktaking

The Emergency Communications Stocktaking project is an initiative of the European Network and Information Security Agency (ENISA) to determine how emergency services communicate within their own organisations and with each other in times of…

Appropriate security measures for smart grids

This document introduces a set of cyber security measures for smart grids. These measures are organised in ten (10) domains and three sophistication levels.

Consumerization of IT: Final report on Risk Mitigation Strategies and Good Practices

This report presents security policies that can be deployed to mitigate risks that are related with the trend of Consumerization of IT (COIT) and Bring Your Own Device (BYOD). The aim of this document is to identify mitigation strategies,…

Implementation of Art 15: Security breaches notifications in trust services

The European Commission proposed on July 2012 a draft regulation on electronic identification and trust services for electronic transactions in the internal market, which will replace the existing Electronic Signature Directive 1999/93/EC.…