-
An evaluation framework for Cyber Security Strategies
-
ENISA work on the evaluation of National Cyber Security Strategies (NCSS) addressing to policy experts and government officials who design, implement and evaluate an NCSS policy. It aims to be a flexible and pragmatic tool based on principles rather than prescriptive checklists, in alignment with the provisions of the EU Cyber Security Strategy.
The evaluation framework developed by ENISA, consists of a logic model presenting a set of steps and a list of possible key performance indicators (KPIs); illustrating the underlying logic of recurring components of NCSS. The suggested KPIs are mapped to the objectives of the evaluation model, making it easier for stakeholders to choose the most useful according to their priorities.
Located in
Publications
-
Network and Information Security in the Finance Sector
-
Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of prevention and protection measures in all sectors, naturally including the finance sector.
This research aimed at understanding and comparing the obligations relevant to Information Security within the finance sector in most of the EU28 Member States, to compare them with the Industry’s prospects, and to draw a clear vision of important priorities for the future.
Located in
Publications
-
Good Practice Guide on Information Sharing
-
The main aim of this guide is to assist Member States and other relevant stakeholders in setting up and running Network Security Information Exchanges in their own countries. Hopefully the guide will pave the way for an accelerated deployment of national NSIE and consequently co-operation among public and private stakeholders at pan European level.
Located in
Publications
-
Incentives and Barriers to Information Sharing
-
Given the acknowledged importance of information sharing, this report sets out findings from a research project into the barriers to and incentives for information sharing in the field of network and information security, in the context of peer-to-peer groups such as Information Exchanges (IE) and Information Sharing Analysis Centres (ISACs).
Located in
Publications
-
ENISA Workshop on Cyber security for IoT in Smart Home Environments
-
The European Union Agency for Network and Information security (ENISA) is organising a one day conference focused on Cyber Security for the Internet of Things (IoT) in Smart Home Environments.
Located in
Events
-
ENISA Workshop on Cyber security for Public Transport in Smart Cities
-
The European Union Agency for Network and Information security (ENISA) is organising a one day conference focused on Cyber Security for Public Transport in Smart Cities.
Located in
Events
-
Information sharing and common taxonomies between CSIRTs and Law Enforcement
-
This Report on Information Sharing and Common Taxonomies between CSIRTs and Law Enforcement Agencies (LEAs) was produced at the initiative of ENISA with the objective to enhance cooperation both between the Member States (MS) of the EU and between related Network and Information Security (NIS) communities. With this study, which is a continuation of ENISA’s work done in the area of fight against cybercrime, ENISA aims at identifying which information can be shared between CSIRTs and LEAs and how this can be achieved from a technical and organisational perspective.
Located in
Publications
-
Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches
-
This study aims to present the regulatory and non-regulatory approaches of EU Member States as well as EEA and EFTA countries to share information on cyber incidents, the different sector regulation challenges of managing cyber security issues, and their key practices in addressing them. The study identifies three types of approaches to share information on cyber security incidents: 1) traditional regulation; 2) alternative forms of regulation, such as self- and co-regulation; 3) other approaches to enable information sharing, such as information and education schemes.
Located in
Publications
-
Definition of Cybersecurity - Gaps and overlaps in standardisation
-
This document analyses the usage of this term by various stakeholders and reviews standardisation activities in the area of Cybersecurity, providing an overview of overlaps and gaps in available standards. It has been written by CSCG and ENISA experts as a response to the Recommendation #2 and forms a logical entity together with the response to the CSCG Recommendation #1, Governance framework of the European standardisation – Aligning Policy, Industry and Research, published by ENISA at the same time.
Located in
Publications
-
Recommended cryptographic measures - Securing personal data
-
This document addresses the protection measures applied to safeguard sensitive and/or personal data, which has been acquired legitimately by a data controller. In this respect it discusses how information technology users, who have a basic knowledge of information security, can employ cryptographic techniques to protect personal data. Finally, it addresses the need for a minimum level of requirements for cryptography across European Union (EU) Member States (MSs) in their effort to protect personal and/or sensitive data. This document is complemented with a set of technical recommendations for algorithms, key sizes, parameters and protocols, which is part of another study published by ENISA.
Located in
Publications