ENISA
https://www.enisa.europa.eu
Tech UK - COVID-19: Cyber Security Guidance and Advice Repository
https://www.enisa.europa.eu/topics/wfh-covid19/resources/international/tech-uk-covid-19-cyber-security-guidance-and-advice-repository
No publisherCybersecurity2020/05/06 09:53:24 GMT+2LinkEC - Join the AI-ROBOTICS vs COVID-19 initiative of the European AI Alliance
https://www.enisa.europa.eu/topics/wfh-covid19/resources/information-for-specialists/ec-join-the-ai-robotics-vs-covid-19-initiative-of-the-european-ai-alliance
No publisherCybersecurity2020/05/06 09:51:19 GMT+2LinkEC - Coronavirus: Recommendation for the use of mobile data in response to the pandemic
https://www.enisa.europa.eu/topics/wfh-covid19/resources/information-for-specialists/ec-coronavirus-recommendation-for-the-use-of-mobile-data-in-response-to-the-pandemic
No publisherCybersecurity2020/05/06 09:50:09 GMT+2LinkFlypig - Google/Apple's “privacy-safe contact tracing“, a summary
https://www.enisa.europa.eu/topics/wfh-covid19/resources/business/flypig-google-apples-201cprivacy-safe-contact-tracing201c-a-summary
No publisherCybersecurity2020/05/06 09:42:08 GMT+2LinkThe Register - UK snubs Apple-Google coronavirus app API
https://www.enisa.europa.eu/topics/wfh-covid19/resources/business/the-register-uk-snubs-apple-google-coronavirus-app-api
No publisherCybersecurity2020/05/06 09:40:25 GMT+2LinkEuropean Cybersecurity Organisation - Covid19 Cybersecurity Response Package
https://www.enisa.europa.eu/topics/wfh-covid19/resources/associations/european-cybersecurity-organisation-covid19-cybersecurity-response-package
No publisherCybersecurity2020/05/05 12:55:00 GMT+2LinkNational Cybersecurity Alliance - COVID-19 Security Resource Library
https://www.enisa.europa.eu/topics/wfh-covid19/resources/associations/national-cybersecurity-alliance-covid-19-security-resource-library
No publisherCybersecurity2020/05/05 12:54:01 GMT+2LinkEncrypted Traffic Analysis
https://www.enisa.europa.eu/publications/encrypted-traffic-analysis
This report explores the current state of affairs in Encrypted Traffic Analysis and in particular discusses research and methods in 6 key use cases; viz. application identification, network analytics, user information identification, detection of encrypted malware, file/device/website/location fingerprinting and DNS tunnelling detection. In addition, the report discusses recent research in TLS practices identifying common improper practices and proposing simple but efficient countermeasures like certificates validation and pinning, minimize exposed data over HTTP redirects, using proper private keys and the latest versions of TLS (i.e. 1.2 and 1.3), deprecating older ones and employing certificate signing and by a trusted CA.No publisherCybersecurityCSIRTs2020/04/23 14:30:00 GMT+2Report/StudyAdvancing Software Security in the EU
https://www.enisa.europa.eu/publications/advancing-software-security-through-the-eu-certification-framework
This study discusses some key elements of software security and provides a concise overview of the most relevant existing approaches and standards while identifying shortcomings associated with the secure software development landscape, related to different inherent aspects of the process. Lastly, it provides a number of practical considerations relevant to the different aspects of software development within the newly established EU cybersecurity certification framework and the EU cybersecurity certification schemes.No publisherCybersecurityCertification2020/04/15 15:00:00 GMT+2Report/StudyUnderpinning software security: the role of the EU cybersecurity certification framework
https://www.enisa.europa.eu/news/enisa-news/Underpinning-software-security
The EU Agency for Cybersecurity publishes a study on existing approaches for secure software development and maintenance while highlighting aspects to be considered under the EU cybersecurity certification framework.No publisherCybersecuritySecurity MeasuresData protection2020/04/15 15:00:00 GMT+2News ItemOverview of standards related to eIDAS
https://www.enisa.europa.eu/publications/assessment-of-standards-related-to-eidas-i
The scope of this document is to assess the suitability of the recently published ENs to fulfil the eIDAS Regulation requirements, and to describe the differences with the previous TSs, in view of a possible update of the list of standards referenced in the Decisions in force. It also aims at evaluating the consequences of such update and defines the timeline for a possible transition to the exclusive usage of the new ENs.No publisherCybersecurityeIDAS2020/04/14 13:30:00 GMT+2Report/StudyeIDAS compliant eID Solutions
https://www.enisa.europa.eu/publications/eidas-compliant-eid-solutions
This report provides an overview of the legislative framework under eIDAS for electronic identification, presents the landscape of notified and pre-notified eID schemes and identifies key trends in the electronic identification field. Moreover, it discusses preliminary security considerations and recommendations related to the underlying technologies used for eID means and makes a proposal on the role that ENISA could play in the eIDAS compliant eID ecosystem. Since Germany notified in September 2017 the first European eID scheme under the eIDAS Regulation, an increasing number of countries have started an eID scheme notification process. Other schemes are pre-notified and more will undoubtedly follow, thus demonstrating the success of eID across the European Union.No publisherCybersecurityeIDAS2020/04/14 13:30:00 GMT+2Report/StudyAssessment of ETSI TS 119 403-3 related to eIDAS
https://www.enisa.europa.eu/publications/assessment-of-standards-related-to-eidas-ii
This document assesses the eligibility of [ETSI TS 119 403-3], and the standards it builds upon, to be referenced in an implementing act adopted pursuant to Art.20(4) of the eIDAS Regulation. The findings suggest that if certain revisions take place, [ETSI TS 119 403-3] is a good and eligible candidate to be referenced in an implementing act.No publisherCybersecurityeIDAS2020/04/14 13:30:00 GMT+2Report/StudyRecommendations for technical implementation of the eIDAS Regulation
https://www.enisa.europa.eu/publications/towards-a-harmonised-conformity-assessment-scheme-for-qtsp-qts
The present report aims to propose ways in which the eIDAS assessment regime can be strengthened based on the current regime of the eIDAS Regulation, the stakeholders’ concerns and the legitimate need to move towards a more harmonised approach with regards to the assessment by CABs of the conformity of QTSP/QTSs with the requirements of that Regulation. It focuses in particular on actions towards a harmonised conformity assessment scheme for QTSP/QTS.No publisherCybersecurityeIDAS2020/04/14 13:30:00 GMT+2Report/StudyRoadmap on the cooperation between CSIRTS and LE
https://www.enisa.europa.eu/publications/support-the-fight-against-cybercrime-roadmap-on-csirt-le-cooperation
The purpose of this roadmap is to further explore the cooperation across computer security incident response teams (CSIRTs) in particular with national and governmental - law enforcement (LE) and the Judiciary (prosecutors and judges). This roadmap aims to support the cooperation between CSIRTs and LE, as well as their interaction with the Judiciary in their fight against cybercrime, by providing information on the organisational, legal, technical and cultural cooperation aspects and by identifying current shortcomings and making recommendations to further enhance cooperation. The geographical coverage of this roadmap is mainly the EU and European Free Trade Association (EFTA).No publisherCybersecurityCooperationCSIRTs2020/04/02 12:00:00 GMT+2Report/Study