The main objective of the NCAF is to measure the maturity level of the cybersecurity capabilities of the Member States to support them in conducting an evaluation of their national cybersecurity capability, enhancing awareness of the country maturity level, identifying areas for improvement and building cybersecurity capabilities.

This tool allows port operators to conduct cyber risk management with a four-phase approach which follows common principles of risk management. The approach is also compatible with the steps of the risk assessment methodology of the ISPS code. Port operators can navigate through this tool starting at any of the four phases, identify security measures based on their priorities and assess their maturity in the implementation of these measures.

How to secure your employees and business from cyberattacks. Cybersecurity doesn’t necessarily have to be costly for SMEs to implement and maintain. There are several measures that can be implemented, without the company having to invest a large amount.

Navigate through this tool and gain knowledge on cybersecurity requirements for procurement of services, products and infrastructure in Hospitals. Information can be directly used in the RfP of any related service or product.

This tool helps CSIRTs to self-assess their team’s maturity in terms of 44 parameters of the SIM3 model. SIM3 is also at the base of TI certification scheme under the TF-CSIRT and considered by FIRST for membership process. For several parameters, ENISA CSIRT maturity assessment model requires higher assessment level then it is required under the TI certification scheme. This is due to NIS Directive requirements that have been recently identified for EU MS designated CSIRTs.

This is a comprehensive toolkit for establishing and developing Information Sharing and Analysis Centres, or ISACs. It includes activities, documents and tools, everything you need to set up and run an ISAC. The toolkit is divided into 4 different phases corresponding to the development of the ISAC. Each phase contains different topics for developing the organisation in that particular phase.

The assessment of risks is the first step towards the adoption of appropriate security measures for the protection of personal data. Within the next steps we present a simplified approach that can guide the SMEs through their specific data processing operation and help them evaluate the relevant security risks.

Interactive table of the NIS Cooperation Group Security Measures for OES

The Mapping of Security Measures for OES Tool provides the mapping of security measures for OESs to international standards used by operators in the business sectors (namely energy, transport, banking, financial market infrastructures, health, drinking water supply & distribution and digital infrastructures).

The Tool contributes to achieve a common and converged level of security in network and information systems (Article 3 of the NIS Directive) at EU level and it does not intends to replace existing standards, frameworks or good-practices in use by OESs.

The European CSIRT Inventory gives an overview of the actual situation concerning CSIRT teams in Europe. It provides a list of publicly listed incident response teams that can be visualised by the interactive mapping tool. This tool allows the reader to filter the displayed teams by (NIS Directive) CSIRTs Network membership, per-country, region, or type of CSIRT (e.g. national CSIRTs). ENISA’s CSIRT-relations team updates the Inventory twice a year (Q2, Q4).

The ENISA NCSS Interactive Map lists all the documents of National Cyber Security Strategies in the EU together with their strategic objectives and good examples of implementation. ENISA's goal is to create an info-hub with information provided by the Member States on their efforts to enhance national cybersecurity.

The ENISA - EU Cybersecurity Institutional Map is an attempt to depict the complex landscape of actors involved in cybersecurity at the EU level. This map aims to provide a clear picture of the responsibilities and roles of the different EU institutions, agencies and bodies in cybersecurity.

Mapping of National Laws, Competent Authorities, Supervision Authorities and Incident reporting Authorities for Payment Services Directive 2.

For more details please visit "Good practices on the implementation of regulatory technical standards".

A web tool which presents the mapping of indicators to the corresponding information security standards/frameworks (ISO, NIST, COBIT5) in an easy-to-use web-based format.

The Interdependencies tool contributes to the NIS Directive (Article 3) objective for a common and converged level of security in network and information systems at EU level and it does not intend to replace existing standards, frameworks or good practices in use by OESs.

The Mapping of Security Measures for Smartphone Guidelines (SMASHING - Smartphone Secure development Guidelines) Tool provides the mapping of security measures for developers of smartphone applications as a guide for developing secure mobile applications.

The NIS Directive is EU-wide cybersecurity legislation harmonizing national cybersecurity capabilities, cross-border collaboration and the supervision of critical sectors across the EU. 
Click on a sector to find out the national authority responsible in each EU country. Clicking the shield displays the national laws under this directive. Scroll down for more information.

ENISA created this tool to help Member States evaluate their strategic priorities and objectives related to National Cyber Security Strategies.

Select your country's cyber security priorities and answer a few simple questions (with a YES or a NO) to reveive ideas and advice for improvement. The questionnaire is sectioned in 15 objectives and no data are being collected.

This tool intends to provide an aggregated view of the ENISA Good Practices for IoT and Smart Infrastructure that have been published the last years.

For further help on how to use the tool please consult this help guide.

The Cybersecurity Higher Education Database (CyberHEAD) is the largest validated cybersecurity higher education database in the EU and EFTA countries. It has been the main point of reference for all citizens looking to upskill their knowledge in the cybersecurity field. This list allows young talents to make informed decisions on the variety of possibilities offered by higher education in cybersecurity and helps universities attract high-quality students motivated in keeping Europe cyber-secure.

by topics
by tags
by publishing date

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information