ENISA
https://www.enisa.europa.eu
TRICK Service
https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-ra-tools/t_trick_service.html
No publisherRisk Management2014/01/08 18:15:00 GMT+2PageCloudeAssurance
https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-ra-tools/t_cloudeassurance.html
No publisherRisk Management2014/01/08 18:15:00 GMT+2PageNational-level Risk Assessments: An Analysis Report
https://www.enisa.europa.eu/publications/nlra-analysis-report
This report is based on a study and analysis of approaches to national-level risk assessment and threat modelling for cyber security which was conducted between April and October 2013. ENISA aims to provide an evidence-based methodology for establishing a National-level Risk Assessment in order to contribute to the wider objective of improving national contingency planning practices (NCPs) . This report will help towards rationalising national risk assessments in EU Member States in order to reduce or eliminate vulnerabilities of critical Information and Communication Technology (ICT) services and infrastructures. In conclusion we can see that understanding of the national approach to cyber security and how risk decisions are taken in different countries is important to ensure that the results of any National-level Risk Assessment reach key decision-makers at the right time. It is also clear that there are a variety of approaches and levels of sophistication used in National-level Risk Assessments. Qualitative tools appeared to be preferred due to the complexities of understanding risk in the cyber domain. Depending on the preconditions regarding implementation, risk assessment could be performed using a common set of methods or in a more decentralised fashion. Challenges included the diversity of methodologies and approaches to National-level Risk Assessments (which highlights the need for this guidance document) as well as the complexities of public–private cooperation. As might be expected, many countries studied drew lessons from others when preparing their National-level Risk Assessment programmes. Some countries had identified priorities that they were seeking to focus on, including greater understanding of threats, improved stakeholder engagement and better national CIIP frameworks. Based on an analysis of the data gathered we recommend the following: 1. Member States should understand better the underlying cyber threats and risks that they face and the impact to society. 2. Member States are advised to integrate National-level Risk Assessment into the lifecycle of NIS incident management and cooperation plans and procedures. 3. Member States should expand public–private sector dialogue and information sharing. 4. A practical step-by-step guide on how to perform National-level Risk Assessments should be developed, tested and maintained. Such a guide should be piloted by countries at the early stages of preparing their own National-level Risk Assessment programme. ENISA or another international institution would be appropriate bodies to oversee this action. 5. A catalogue of scenarios to help Member States in their National-level Risk Assessments should be established at EU level. Such a catalogue could be based on work already being done at ENISA on the threat landscape and incident reporting . 6. The EU community of practitioners with an interest in cyber National-level Risk Assessments should be established and strengthened as information exchange platform, e.g., within the framework of the European Commission’s NIS Platform . 7. Risk analysis expertise must be shared from other domains that assess complex cross-border risks, such as border security, financial services, aviation or public health for example within the European Commission’s NIS Platform and other activities organised by ENISA. No publisherCrisis ManagementRisk Management2013/11/19 14:25:00 GMT+2Report/Study2nd ENISA Cloud Security and Resilience Experts Group meeting
https://www.enisa.europa.eu/news/enisa-news/2nd-enisa-cloud-security-and-resilience-experts-group-meeting
Yesterday, 15th October 2013, the ENISA Cloud Security and Resilience Experts group met for the second time, in Rome.No publisherRisk ManagementcybersecurityCloud Computing Security2013/10/16 13:20:00 GMT+2News ItemTRICK light
https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-ra-tools/trick-light
No publisherRisk Management2013/05/29 12:55:00 GMT+2PageRiskSafe Assessment
https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-ra-methods/m_risksafe-assessment
No publisherRisk Management2013/05/29 12:55:00 GMT+2PageNew report on top trends in the first Cyber Threat Landscape by EU’s cyber Agency ENISA
https://www.enisa.europa.eu/news/enisa-news/new-report-on-top-trends-in-the-first-cyber-threat-landscape-by-eu2019s-cyber-agency-enisa
The EU’s cyber security agency ENISA has published the first and most comprehensive Cyber Threat Landscape analysis of 2012, summarising over 120 threat reports. The report identifies and lists the top threats and their trends, and concludes that drive-by exploits have become the top web threat.No publisherRisk ManagementThreat Intelligence2013/01/08 02:05:00 GMT+2Press ReleaseConsumerization of IT: Final report on Risk Mitigation Strategies and Good Practices
https://www.enisa.europa.eu/publications/COIT_Mitigation_Strategies_Final_Report
This report presents security policies that can be deployed to mitigate risks that are related with the trend of Consumerization of IT (COIT) and Bring Your Own Device (BYOD). The aim of this document is to identify mitigation strategies, policies and controls for the risks identified in this area. No publisherMobile SecuritycybersecurityRisk Management2013/01/07 16:55:00 GMT+2Report/StudyConsumerization of IT: Risk Assessment and Risk Mitigation Strategies and Good Practices
https://www.enisa.europa.eu/topics/cyber-threats/threats-and-trends/enisa-thematic-landscapes/COIT_Risk_Mitigation_Strategies
ENISA has produced a risk and opportunity assessment and risk mitigation strategies in the area of Consumerization of IT (COIT) and Bring Your Own Device (BYOD). The aim of this work is to assess the risks and identify mitigation strategies, policies and controls for the assessed risks. At the same time, mitigation has been proposed in a way that leaves the windows for the realization of the assessed opportunities open. No publishercybersecurityRisk ManagementMobile Security2012/12/19 16:30:00 GMT+2PageCOIT Mitigation Stategies Published Version.pdf
https://www.enisa.europa.eu/topics/cyber-threats/threats-and-trends/enisa-thematic-landscapes/COITMitigationStategiesPublishedVersion.pdf/view
No publisherMobile SecurityRisk Management2012/12/19 16:30:00 GMT+2FileIntroduction to Return on Security Investment
https://www.enisa.europa.eu/publications/introduction-to-return-on-security-investment
As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness and the cost of their information security activities. The reason for that is that security is not usually an investment that provides profit but loss prevention. So what is the right amount an organization should invest in protecting information?No publisherCSIRTsRisk Management2012/12/12 13:10:00 GMT+2Report/StudyInvesting in Security for ROI?
https://www.enisa.europa.eu/news/enisa-news/investing-in-security-for-roi
ENISA's new report "Return On Security Investment" initiates a discussion among the ‘Digital Fire Brigades’ or Computer Emergency Response Teams (CERTs) to create the basic tools and best practices to calculate their Return on Security Investment (ROSI) while it can operate as a tool to justify their business need and existence through their financial added value.No publisherCSIRTsCSIRTsRisk Management2012/12/12 00:00:00 GMT+2News ItemCyberWISER Light
https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-ra-tools/t_wiser.html
No publisherRisk Management2012/11/23 15:05:00 GMT+2PageAxur ISMS
https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-ra-tools/t_axur.html
No publisherRisk Management2012/11/23 15:05:00 GMT+2PageAcuity Stream
https://www.enisa.europa.eu/topics/risk-management/current-risk/risk-management-inventory/rm-ra-tools/t_stream.html
No publisherRisk Management2012/11/23 15:05:00 GMT+2Page