Publications

Featured publications

2024 Report on the State of the Cybersecurity in the Union

Download

This document marks the first report on the state of cybersecurity in the Union, adopted by ENISA in cooperation with the NIS Cooperation Group and the European Commission, in accordance with Article 18 of the Directive (EU) 2022/2555 (…

ENISA Threat Landscape 2024

Download

ENISA Threat Landscape (ETL) report is an annual report on the status of the cybersecurity threat landscape that identifies prime threats, major trends observed with respect to threats, threat actors and attack techniques, and also describes…

Best Practices for Cyber Crisis Management

Download

This study highlights the complexities behind the notion of cyber crisis and the degree of subjectivity it involves. The elevation of a large-scale cyber incident into a cyber crisis relies predominantly on a political decision, and depends…

All publications

By topics

By type

Publish Date

Strategies for incident response and cyber crisis cooperation

This document was prepared for the NIS Platform WG2 members introducing the main functions of CSIRTs from incident handling to crisis coordination – a high-level summary of the basics of incident response based on ENISA’s previous work on CSIRTs and…
National / EU authorities

Common practices of EU-level crisis management and applicability to the cyber crises

Despite a number of initiatives within the European Network and Information Security community to establish frameworks and standard operating procedures, the EU-level response to cyber incidents, and in particular these which lead to crisis…
National / EU authorities

Impact evaluation on the implementation of Article 13a incident reporting scheme within EU

As several years have passed since the publication and implementation of the Framework Directive 2009/140 including Art. 13a, an impact evaluation of the new article was necessary. The evaluation has the purpose of assessing the changes in outcome…
National / EU authorities

NIS Directive and national CSIRTs

This is an informative note on what provisions of the upcoming NIS Directive might mean for CSIRTs. It contains references to parts of the Directive, and some comments and proposals from our side. By no means we consider this document fix or final,…
National / EU authorities

Good Practice Guide on Vulnerability Disclosure. From challenges to recommendations

Vulnerabilities are ‘flaws’ or ‘mistakes’ in computer-based systems that may be exploited to compromise the network and information security of affected systems. They provide a point-of-entry or gateway to exploit a system and as such pose…
National / EU authoritiesPrivate Sector

Window of exposure… a real problem for SCADA systems?

Much of Europe’s critical infrastructure which resides in sectors such as energy, transportation,water supply is largely managed and controlled by SCADA (Supervisory Control and Data Acquisition) systems, a subgroup of Industrial Control Systems…

National / EU authorities
Cooperative models for effective public private partnerships

Good Practice Guide on Cooperatve Models for Effective PPPs

This Good Practice Guide on Cooperative Models for Effective Public Private Partnerships (PPPs) classifies PPPs for security and resilience and reveals the main five components addressing Why, Who, How, What and When questions associated with…

National / EU authorities

Who-is-Who Directory on NIS - Ed. 2010

The ENISA Who-is-Who Directory on Network and Information Security (NIS) contains information on NIS stakeholders (such as national and European authorities and NIS organisations), contact details, websites, and areas of responsabilities or…

National / EU authorities

Security Issues in Cross-border Electronic Authentication

Improving the interoperability of electronic identification and authentication systems is a European task and a task for all Member States. Considerable efforts have been made in several projects to face the challenges of pan-European…

National / EU authorities