-
Best Practices for Cyber Crisis Management
This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends largely...
Published on February 28, 2024 -
ENISA CSIRT Maturity Framework - Updated and improved
This document presents the updated and improved version of ENISA’s Computer Security Incident Response Teams (CSIRT) Maturity Framework that is intended to contribute to the enhancement of the capacity to manage cyber incidents, with a focus on...
Published on February 23, 2022 -
ENISA CSIRT maturity assessment model
This is the updated version of the "Challenges for National CSIRTs in Europe in 2016: Study on CSIRT Maturity" published by ENISA in 2017. The study takes all relevant information sources into account, with a special emphasis on the NIS Directive...
Published on April 30, 2019 -
ENISA Maturity Evaluation Methodology for CSIRTs
This is the updated version of the "Study on CSIRT Maturity – Evaluation Process" published by ENISA in 2017. The new version (v.2) reflects values that are consistent with other documents and studies on CSIRT maturity.
Published on April 09, 2019 -
Maturity Reference for CSIRTs – Executive Summary
The target audience for this study is primarily the middle management layer in the CSIRTs, responsible for increasing the team’s maturity. The study will help them to more easily and quickly implement real maturity improvement, following...
Published on January 15, 2018 -
CSIRT Capabilities. How to assess maturity? Guidelines for national and governmental CSIRTs
This report focuses on the maturity of national and governmental Computer Security and Incident Response Teams (CSIRTs) and the Trusted Introducer1 certification scheme for CSIRTs as an indicator of the maturity level of teams. The issues covered...
Published on January 11, 2016 -
National/governmental CERTs - ENISA's recommendations on baseline capabilities
Having a national / governmental CERTs in place that fulfils the requirements for ’baseline capabilities’ as defined in this document is essential for CIIP in all Member States. However these teams should not be considered as the one and only...
Published on March 20, 2015 -
CERT community - Recognition mechanisms and schemes
This document provides an overview of existing mechanisms supporting Computer Emergency Response Teams (CERTs) to deploy capabilities necessary for their operations and their maturity level. It introduces these mechanisms according to the CERT...
Published on December 12, 2013 -
Baseline Capabilities of n/g CERTs - Updated Recommendations 2012
This document lists updated set of recommendations on gaps and shortcomings identified in the Status Report 2012. The number of gaps and shortcomings that still need to be addresssed in order for n/g CERTs to fully meet their baseline capabilities...
Published on December 17, 2012 -
Deployment of Baseline Capabilities of n/g CERTs - Status Report 2012
This document will familiarise the reader with the current situation in Europe with regards to the n/g CERTs' capabilities, and how these capabilities are deployed.
Published on December 17, 2012 -
Introduction to Return on Security Investment
As for any organization, CERTs need to measure their cost-effectiveness, to justify their budget usage and provide supportive arguments for their next budget claim. But organizations often have difficulties to accurately measure the effectiveness...
Published on December 12, 2012 -
Baseline Capabilities of National/Governmental CERTs (Part 2 Policy Recommendations)
This document constitutes a very first attempt to define policy recommendations of capabilities that a Computer Emergency Response Team (CERT) in charge of protecting critical information infrastructure (CIIP) in the Member States should possess to...
Published on December 17, 2010 -
Baseline capabilities for national / governmental CERTs (Part 1 Operational Aspects)
This document constitutes a very first attempt to define a minimum set of capabilities that a Computer Emergency Response Team (CERT) in charge of protecting critical information infrastructure (CIIP) in the Member States should possess to take part...
Published on December 15, 2009
Browse the Topics