• Zoning and Conduits for Railways

    This document gives guidance on building zones and conduits for a railway system. To do so, first the methodology is described. This approach is based on the recently published CENELEC Technical Specification 50701 (CLC/CLC/TS 50701:2021).

    Published on February 28, 2022
  • Railway Cybersecurity - Good Practices in Cyber Risk Management

    This report aims to be a reference point for current good practices for cyber risk management approaches that are applicable to the railway sector. It offers a guide for railway undertakings and infrastructure managers to select, combine or adjust...

    Published on November 25, 2021
  • NIS Investments Report 2021

    Following the 2020 NIS Investment publication, this report covers all 27 EU Member States and offering additional insights into the allocation of NIS budgets of OES/DSP, the economic impact of cybersecurity incidents and the organisation of...

    Published on November 17, 2021
  • CSIRT Capabilities in Healthcare Sector

    An attack directed at a critical infrastructure, such as a hospital, can lead to physical damages and put the lives of patients at risk. Therefore, there is a need for solid Incident Response Capabilities (IRC) in the health sector, in particular...

    Published on November 11, 2021
  • PSIRT Expertise and Capabilities Development

    This study focuses on the Sectoral CSIRT and PSIRT capabilities status and development within the Energy and Health sectors as specified within the NIS directive. A desk research has been conducted, followed by a survey which was answered by 7...

    Published on June 03, 2021
  • EU Cybersecurity Initiatives in the Finance Sector

    The finance sector is a heavily regulated sector, and cybersecurity provisions are already included in multiple EU policies and legislations (e.g. PSD 2 , MIFID II ). EU institutions, agencies, bodies, regulators and other groups of stakeholders run...

    Published on March 05, 2021
  • Cloud Security for Healthcare Services

    This study aims to provide Cloud security practices for the healthcare sector and identify security aspects, including relevant data protection aspects, to be taken into account when procuring Cloud services for the healthcare industry. The set of...

    Published on January 18, 2021
  • Guidelines - Cyber Risk Management for Ports

    This report aims to provide port operators with good practices for cyber risk assessment that they can adapt to whatever risk assessment methodology they follow. In order to achieve this, this report introduces a four-phase approach to cyber risk...

    Published on December 17, 2020
  • NIS Investments Report 2020

    Four years after the NIS Directive entered into force and two years after the transposition by Member States into their national laws, this report presents the findings of a survey of 251 organisations across five EU Member States (France, Germany...

    Published on December 11, 2020
  • Railway Cybersecurity

    This ENISA study regards the level of implementation of cybersecurity measures in the railway sector, within the context of the enforcement of the NIS Directive in each European Member State. It presents a thorough list of essential railway...

    Published on November 13, 2020
  • Procurement Guidelines for Cybersecurity in Hospitals

    As cybersecurity becomes more of a priority for hospitals, it is essential that it is integrated holistically in the different processes, components and stages influencing the healthcare ICT ecosystem. Procurement is a key process shaping the ICT...

    Published on February 24, 2020
  • Port Cybersecurity - Good practices for cybersecurity in the maritime sector

    Developed in collaboration with several EU ports, this report intends to provide a useful foundation on which CIOs and CISOs of entities involved in the port ecosystem, especially port authorities and terminal operators, can build their...

    Published on November 26, 2019
  • ICT security certification opportunities in the healthcare sector

    The scope of this report covers functional requirements for a potential ICT security certification scheme for a widely understood healthcare sector.

    Published on January 31, 2019
  • Good practices on the implementation of regulatory technical standards

    MS approaches on PSD 2 implementation: commonalities in risk management and incident reporting - The main objective of this study is to identify the differences introduced by Member States in the implementation of the PSD2. In particular, the aim is...

    Published on January 24, 2019
  • Distributed Ledger Technology & Cybersecurity - Improving information security in the financial sector

    This paper aims to provide financial professionals in both business and technology roles with an assessment of the various benefits and challenges that their institutions may encounter when implementing a distributed ledger.

    Published on January 18, 2017
  • Security of Mobile Payments and Digital Wallets

    The primary objective of this paper is the production of guidelines to assist mobile payment developers and mobile payment providers towards recommended security controls which if implemented would help ensure that consumers, retailers and financial...

    Published on December 19, 2016
  • Cyber security and resilience for Smart Hospitals

    This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are...

    Published on November 24, 2016
  • Security and Resilience in eHealth Infrastructures and Services

    The aim of this study is to investigate the approaches and measures MS take to protect critical healthcare systems, having as a main goal improved healthcare and patient safety. In that respect this study analyses: - The policy context in Europe...

    Published on December 18, 2015
  • Secure Use of Cloud Computing in the Finance Sector

    In creating this report we analysed input from a number of different sources to better understand the usage of cloud services in the finance sector. Based on the analysis we provide recommendations to financial institutions, regulators and cloud...

    Published on December 07, 2015
  • Network and Information Security in the Finance Sector

    Securing cyberspace and e-communications has become both a governmental and an Industry priority worldwide. The growing relevance of information and communication technologies in the essential functions of the economy has reinforced the necessity of...

    Published on January 15, 2015
Browse the Topics

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information