• 2021 Report on CSIRT-Law Enforcement Cooperation

    The purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in particular national and governmental CSIRTs, and Law enforcement agencies (LEAs) and their interactions with...

    Published on March 08, 2022

  • Aspects of Cooperation between CSIRTs and LE - Toolset 2021

    This training material is an updated version of the ENISA training material Aspects of Cooperation between CSIRT and LE - Toolset, Document for trainees3, that was developed based particularly on the ENISA 2020 Report on CSIRT-LE Cooperation.

    Published on March 08, 2022

  • Aspects of Cooperation between CSIRTs and LE - Handbook 2021

    This training material is an updated version of the training material Aspects of Cooperation between CSIRT and LE - Handbook, Document for trainers3, that was developed based particularly on the ENISA 2020 Report on CSIRT-LE Cooperation.

    Published on March 08, 2022

  • PSIRT Expertise and Capabilities Development

    This study focuses on the Sectoral CSIRT and PSIRT capabilities status and development within the Energy and Health sectors as specified within the NIS directive. A desk research has been conducted, followed by a survey which was answered by 7...

    Published on June 03, 2021

  • Situational Report on Microsoft Exchange Vulnerabilities

    This ENISA situation report provides an assessment as well as advice and mitigation measures for the MS Exchange vulnerabilities. The threat for the new updates has been assessed as severe and ENISA considers attacks probable and of high risk. The...

    Published on March 19, 2021

  • 2020 Report on CSIRT-LE Cooperation: study of roles and synergies among selected countries

    The purpose of this report is to further explore and support the cooperation between computer security incident response teams (CSIRTs), in particular national and governmental (n/g) CSIRTs, and law enforcement agencies (LEAs) and their interactions...

    Published on January 26, 2021

  • Sectoral CSIRT Capabilities - Energy and Air Transport

    This study provides a continuation of work on Sectoral IRC at European level following the publication of the 2019 “EU Member States incident response development status report”. The report focuses on trends in Energy and Air Transport Incident...

    Published on December 10, 2020

  • How to set up CSIRT and SOC

    This publication provides results-driven guidance for those who are interested in establishing a computer security incident response team (CSIRT) or security operations centre (SOC), and guidance on possible improvements for different types of...

    Published on December 10, 2020

  • Proactive detection - Good practices gap analysis recommendations

    The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident...

    Published on May 26, 2020

  • Proactive detection – Measures and information sources

    The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident...

    Published on May 26, 2020

  • Proactive detection – Survey results

    The current project aims to provide a complete inventory of all available methods, tools, activities and information sources for proactive detection of network security incidents, which are used already or potentially could be used by incident...

    Published on May 26, 2020

  • An overview on enhancing technical cooperation between CSIRTs and LE

    This report aims to support the cooperation between CSIRTs - in particular, national and governmental CSIRTs, LEAs and the Judiciary – in particular, prosecutors and judges, in their fight against cybercrime, by providing information on the...

    Published on May 07, 2020

  • Roadmap on the cooperation between CSIRTS and LE

    The purpose of this roadmap is to further explore the cooperation across computer security incident response teams (CSIRTs) in particular with national and governmental - law enforcement (LE) and the Judiciary (prosecutors and judges). This roadmap...

    Published on April 02, 2020

  • EU Member States incident response development status report

    Following the recent transposition of the NIS Directive1 (NISD) into European Member States (MS) legislation, this study aims to analyse the current operational Incident Response set-up within NISD sectors2 and identify the recent changes. The study...

    Published on November 27, 2019

  • Secure Group Communications for incident response and operational communities

    With a number of cybersecurity incidents and an attack surface that increase every day, spanning from large infrastructures to the end users, there is the need to improve operational cooperation, preparedness and information exchange by promoting...

    Published on September 04, 2019

  • Cooperation between CSIRTs and Law Enforcement: interaction with the Judiciary

    This report aims to support the cooperation between CSIRTs and Law Enforcement, as well as their interaction with the judiciary in their fight against cybercrime, by providing information on the legal, organisational, technical and cultural aspects...

    Published on January 09, 2019

  • Reference Incident Classification Taxonomy

    This taxonomy resulted from collaboration initiatives such as the annual ENISA/EC3 Workshop which involved CSIRTs, LEAs, ENISA, and EC3. Other examples include the eCSIRT.net taxonomy2 which was developed in 2003, and the eCSIRT.net mkVI taxonomy3...

    Published on January 26, 2018

  • Tools and Methodologies to Support Cooperation between CSIRTs and Law Enforcement

    This report aims to support the cooperation between CSIRTs - in particular national/governmental CSIRTs - and LEAs in their fight against cybercrime, by providing information on the framework and on the technical aspects of the cooperation...

    Published on December 15, 2017

  • Improving Cooperation between CSIRTs and Law Enforcement: Legal and Organisational Aspects

    This report aims to support the cooperation between CSIRTs - in particular national/governmental CSIRTs - and LEAs in their fight against cybercrime, by providing information on the legal and organisational aspects, identifying current shortcomings...

    Published on December 15, 2017

  • Report on Cyber Security Information Sharing in the Energy Sector

    The purpose of this report is to understand and learn the development of CSIRTs, ISACs, as well as relevant initiatives on information sharing on cyber security incidents in the energy sector by focusing on the subsectors identified in the NIS...

    Published on February 03, 2017

  • Information sharing and common taxonomies between CSIRTs and Law Enforcement

    This Report on Information Sharing and Common Taxonomies between CSIRTs and Law Enforcement Agencies (LEAs) was produced at the initiative of ENISA with the objective to enhance cooperation both between the Member States (MS) of the EU and between...

    Published on January 26, 2016

  • Cyber Security Information Sharing: An Overview of Regulatory and Non-regulatory Approaches

    This study aims to present the regulatory and non-regulatory approaches of EU Member States as well as EEA and EFTA countries to share information on cyber incidents, the different sector regulation challenges of managing cyber security issues, and...

    Published on December 16, 2015

  • Electronic evidence - a basic guide for First Responders

    This report is a continuation of the work done by ENISA in the field of good practices for CSIRTs and LEAs in the fight against cybercrime. It aims at providing a guide for first responders, with a special emphasis in evidence gathering. It aims at...

    Published on March 25, 2015

  • EISAS Deployment feasibility study

    EISAS – European Information Sharing and Alerting – has proven to be a great opportunity to enhance collaboration and foster awareness-raising actions across Europe. ENISA helped design EISAS, but now EISAS has to run by itself. The deployment...

    Published on December 09, 2013

  • Good practice guide for CERTs in the area of Industrial Control Systems - Computer Emergency Response Capabilities considerations for ICS

    This document builds upon the current practice of CSIRTs with responsibilities for ICS networks, and also on the earlier work of ENISA on a baseline capabilities scheme for national/ governmental (n/g) CSIRTs. The document is an initial attempt to...

    Published on December 04, 2013

  • A Good Practice Collection for CERTs on the Directive on attacks against information systems

    This Good Practice Collection was produced at the initiative of ENISA in the context of its support activities to ensure the efficient functioning of CSIRTs and their cooperation with Law Enforcement Agencies (LEAs) in the face of a new development...

    Published on November 28, 2013

  • Good Practice Guide for Addressing Network and Information Security Aspects of Cybercrime

    In 2010 ENISA started its support for operational collaboration between the Computer Emergency Response Teams (CERTs) in the Member States on the one hand and Law Enforcing Agencies (LEA) on the other hand. Various activities have since been...

    Published on November 28, 2012

  • Cooperation between CERTs and Law Enforcement Agencies in the fight against cybercrime - A first collection of practices

    The essential aim of this report is to improve the capability of CERTs, with a focus on the national/governmental CERTs (n/g CERTs), to address the network and information security (NIS) aspects of cybercrime. It focuses particularly on supporting...

    Published on February 28, 2012

  • Secure Communication with the CERTs & Other Stakeholders

    The main objective of the project “Secure Communications with the CERTs and other Stakeholders”, which is one of the ENISA activities related to reinforcing communications between CERTs in the Member States, is the preparation work for a report on...

    Published on December 21, 2011

  • EISAS (enhanced) report on implementation

    The 'EISAS (enhanced) report is an implementation plan for further development and deployment of EISAS concept. It's a 'how-to' method for implementing a fully functional EISAS framework until 2013 in the European Union Member States.

    Published on December 14, 2011

  • EISAS Basic toolset

    This study describes how EU Member States can deploy the European Information Sharing and Alert System (EISAS) framework for its target group comprised of citizens and small & medium enterprises (SMEs). The report highlights the way to reach...

    Published on December 14, 2011

  • EISAS Roadmap

    The EISAS Roadmap provide the direction to further the development and deployment of the European Information Sharing and Alert System (EISAS). It has been produced by ENISA upon request of the EU Commission as communicated in the Communication on...

    Published on February 16, 2011

Didn't find what you were looking for?

Browse the Topics

This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies