ENISA
https://www.enisa.europa.eu
Successful conclusion to the 3 day workshop: The role of the EU’s Cyber Ecosystem in the global cyber security stability
https://www.enisa.europa.eu/news/enisa-news/successful-conclusion-to-the-3-day-workshop-the-role-of-the-eu2019s-cyber-ecosystem-in-the-global-cyber-security-stability
A three-day workshop under the EU's TAIEX instrument entitled “The role of the EU’s Cyber Ecosystem in the global cyber security stability” finished today in Thessaloniki, Greece.No publisherCybersecurity2022/06/22 18:09:00 GMT+2News ItemStock taking of security requirements set by different legal frameworks on OES and DSPs
https://www.enisa.europa.eu/publications/stock-taking-of-security-requirements-set-by-different-legal-frameworks-on-oes-and-dsps
In order to support organisations in their process of identifying appropriate security measures, based on the provisions of both NISD and GDPR, this report uses as basis the pre-existing ENISA guidance and presents a mapping of already identified security objectives, between the NISD and the GDPR. The report should be used as a starting point for the above-mentioned assessment and is targeted mainly to OESs and DSPs. Following the analysis in Sections 2, 3 and 4, this report concludes that organisations could benefit from a unified risk management framework, specialized sectorial guidance and specialised guidance on emerging privacy and security techniques. It also proposes that a method of cooperation between competent NISD and GDPR authorities as well as a co-ordinated approach on certifications concerning information security issues would be beneficial for the Digital Single Market.No publisherCybersecurityOperators of Essential Services (OES)2020/03/19 17:00:00 GMT+2Report/StudyStatement on Microsoft Exchange vulnerabilities
https://www.enisa.europa.eu/news/enisa-news/statement-on-microsoft-exchange-vulnerabilities
The EU Agency for Cybersecurity (ENISA) has provided a statement with an assessment and advice on Microsoft Exchange vulnerabilities.No publisherCybersecurityVulnerabilitiesCyber Attacks2021/03/19 13:30:00 GMT+2News ItemState of Vulnerabilities 2018/2019 - Analysis of Events in the life of Vulnerabilities
https://www.enisa.europa.eu/publications/technical-reports-on-cybersecurity-situation-the-state-of-cyber-security-vulnerabilities
The purpose of this report is to provide an insight on both the opportunities and limitations the vulnerability ecosystem offers. By using the vulnerabilities published during the year of 2018 and Q1-Q2 of 2019 as a vehicle, this report goes beyond the standard exploratory analysis, which is well captured by many industry whitepapers and reports, and attempts to answer questions related to the reliability, accuracy of the vulnerability sources and the widely accepted evaluation metrics. In addition, the report leverages established vulnerability taxonomies and frameworks to explore and identify more intrinsic relationships and characteristics. No publisherCybersecurityVulnerabilitiesCERT-EUENISA(European Union Agency for Cybersecurity)2020/01/14 11:00:00 GMT+2Report/StudyStandardisation in support of the Cybersecurity Certification
https://www.enisa.europa.eu/publications/recommendations-for-european-standardisation-in-relation-to-csa-i
The document presents the value of the cybersecurity standardisation efforts for certification, the roles and responsibilities of Standards Developing Organisations (SDOs) in this context, and discusses various ways how standardisation can support efficiently the process of certification schemes creation by following a step by step methodology. The methodology described in this study can be used as guidelines for new certification schemes or standards authors. It will help setting up KPIs, useful for all stakeholders involved in the preparation or operational phase of a certification scheme. The qualification system proposed can be used also to define more precisely the requirements associated with the different assurance levels mentioned in article 52 of the Cybersecurity Act. With regard to standardisation activities, the study proposes a set of recommendations for the Standards Developing Organisations and the prospective authors of certification schemes.No publisherCybersecurityStandardsCertification2020/02/04 18:30:00 GMT+2Report/StudyStandardisation and the EU Cybersecurity Act
https://www.enisa.europa.eu/news/enisa-news/standardisation-and-the-eu-cybersecurity-act-1
The EU Agency for Cybersecurity publishes two studies related to the domain of standards supporting the Cybersecurity Act and the new Cybersecurity Certification Framework.No publisherCybersecurityStandardsENISA eventsCertification2020/02/04 18:30:00 GMT+2Press ReleaseSMESEC
https://www.enisa.europa.eu/topics/wfh-covid19/resources/associations/smesec
No publisherCybersecurity2020/05/06 10:48:19 GMT+2LinkSME Cybersecurity
https://www.enisa.europa.eu/topics/cybersecurity-education/sme_cybersecurity
No publisherSMECybersecurity2020/11/24 12:12:00 GMT+2TopicSituational Report on Microsoft Exchange Vulnerabilities
https://www.enisa.europa.eu/publications/situational-report-on-microsoft-exchange-vulnerabilities
This ENISA situation report provides an assessment as well as advice and mitigation measures for the MS Exchange vulnerabilities. The threat for the new updates has been assessed as severe and ENISA considers attacks probable and of high risk. The Agency calls on organisations using affected Microsoft Exchange versions to patch the flaws immediately and thoroughly investigate for potential signs of compromise. MS Exchange vulnerabilities once exploited may lead to network compromise, data exfiltration and ransomware attacks. Across the EU, an increasing number of MS Exchange installations have also been found to be the target of malicious attacks. No publisherCybersecurityVulnerabilities2021/03/19 13:30:00 GMT+2Report/StudySharing is caring: technical cooperation across CSIRTs, LE and the judiciary
https://www.enisa.europa.eu/news/enisa-news/sharing-is-caring-technical-cooperation-across-csirts-le-and-the-judiciary
In an effort to estimate the degree of maturity of the technical cooperation across national and governmental CSIRTs, law enforcement agencies (LEAs) and the judiciary when it comes down to cybercrime investigation, ENISA has prepared a report that focuses on the tools of these communities to cooperate among themselves and counter cybercrime.No publisherCybersecurityTrust ServicesCooperationCSIRTsInformation Sharing2020/05/07 09:00:00 GMT+2News ItemSecurity supervision changes in the new EU telecoms legislation
https://www.enisa.europa.eu/news/enisa-news/security-supervision-changes-in-the-new-eu-telecoms-legislation
ENISA, the European Union Agency for Cybersecurity analyses the main changes for telecom security supervision under the new European Electronic Communication Code (EECC).No publisherCybersecurityEECC (European Electronic Communications Code EECC)ENISA(European Union Agency for Cybersecurity)2020/01/27 11:15:00 GMT+2Press ReleaseSecurity requirements for operators of essential services and digital service providers
https://www.enisa.europa.eu/news/enisa-news/security-requirements-for-operators-of-essential-services-and-digital-service-providers
The EU Agency for Cybersecurity publishes a new report assessing security requirements.No publisherCybersecurityOperators of Essential Services (OES)2020/03/19 17:30:00 GMT+2News ItemSecurity Magazine: 7 Free Cybersecurity Planning Resources for SMEs
https://www.enisa.europa.eu/topics/wfh-covid19/resources/international/security-magazine-7-free-cybersecurity-planning-resources-for-smes
No publisherCybersecurity2020/05/06 09:56:12 GMT+2LinkSecuring smart infrastructure during the COVID-19 pandemic
https://www.enisa.europa.eu/news/enisa-news/securing-smart-infrastructure-in-covid-19-pandemic
Securing smart homes and smart buildings from cybersecurity risks becomes more relevant than ever in the light of the COVID-19 pandemic crisis. ENISA presents some fundamental measures for securing smart devices.No publisherCybersecuritySmart HomesCOVID19Internet of things2020/05/18 09:00:00 GMT+2News ItemSecuring Personal Data: a risk-based approach
https://www.enisa.europa.eu/news/enisa-news/securing-personal-data-a-risky-business
To mark Data Protection Day 2020 on 28 January, the EU Agency for Cybersecurity launches an online platform to assist in the security of personal data processing; this platform implements a risk-based approach to personal data security as a means to underpin trust. No publisherCybersecurityPrivacy ToolsENISA(European Union Agency for Cybersecurity)Personal DataGDPR2020/01/27 15:50:00 GMT+2Press Release