Reinforcing trust and security in the area of electronic communications and online services
This study provides an overview of well-established security practices, for the purpose of sketching the notion of “state-of-the-art” in a number of categories of measures, as they are listed in ENISA’s guidelines for SMEs on the security of…
ENISA Threat Landscape Report 2018
2018 was a year that has brought significant changes in the cyberthreat landscape. Those changes had as source discrete developments in motives and tactics of the most important threat agent groups, namely cyber-criminals and state-sponsored actors
Good practices on the implementation of regulatory technical standards
MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is…
IoT Security Standards Gap Analysis
This study analyses the gaps and provides guidelines for, in particular, the development or repositioning of standards, facilitating the adoption of standards and governance of EU standardisation in the area of NIS.
Towards global acceptance of eIDAS audits
The goal of the study is to explore the eIDAS Conformity Assessment Report (CAR), the corresponding audit requirements, gaps arising from comparison with competing audit schemes, and the emergent issues at the core of the global conversation between…
State of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities
The purpose of this report is to provide an insight on both the opportunities and limitations the vulnerability ecosystem offers. By using the vulnerabilities published during the year of 2018 and Q1-Q2 of 2019 as a vehicle, this report goes beyond…
Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary
This report aims to support the cooperation between CSIRTs and Law Enforcement, as well as their interaction with the judiciary in their fight against cybercrime, by providing information on the legal, organisational, technical and cultural aspects…
Cyber Europe 2018 - After Action Report
ENISA has compiled all the information gathered during the exercise and produced an after-action report, identifying challenges and main takeaways, and making useful recommendations for the participants.
Analysis of the European R&D priorities in cybersecurity
The present document provides a series of recommendations for the priorities in the EU for R&D in the domain of ICT security made after analysis of a wide series of interviews with domain experts.
The proposed research priorities have the aim to…
Economics of Vulnerability Disclosure
Vulnerability disclosure refers to the process of identifying, reporting and patching weaknesses of software, hardware or services that can be exploited. The different actors within a vulnerability disclosure process are subject to a range of…