Browsing Category

Knowledge

Threat Modeling for Data Protection

When evaluating the security of an application and data model ask the questions: What is the sensitivity of the data? What are the regulatory, compliance, or privacy requirements for the data? What is the attack vector that a data owner is hoping to mitigate? What is the overall security posture of the environment, is it a hostile…

ENISA CSIRT Training Resources

ENISA CSIRT training material was introduced in 2008. In 2012, 2013 and 2014 it was complemented with new exercise scenarios containing essential material for success in the CSIRT community and in the field of information security. In these pages you will find the ENISA CSIRT training material, containing Handbooks for teachers, Toolsets for…

European Cybersecurity Month Guidelines

This section reflects the effort of ENISA to support organizations on the design and implementation of European Cyber Security Month awareness campaigns, though a set of guidelines. ENISA’s Vision for ECSM The vision of ENISA for ECSM is to support the EU Member States with the design and implementation of their awareness raising campaigns and to…

Roadmap for NIS education programmes in Europe

Author: European Union Agency for Cybersecurity (ENISA) ENISA is one of the key stakeholders in Europe in the area of Network and Information Security (NIS). Given its positioning, ENISA is active in the area of education and awareness, using its knowledge to promote NIS skills and supporting the Commission in enhancing the skills and competence…

Good practice guide for Incident Management

Author: European Union Agency for Cybersecurity (ENISA) This guide complements the existing set of ENISA guides that support Computer Emergency Response Teams. It describes good practices and provides practical information and guidelines for the management of network and information security incidents with an emphasis on incident…

SANS Institute’s Incident Handler’s Handbook

Author: Patrick Kral One of the greatest challenges facing today’s IT professionals is planning and preparing for the unexpected, especially in response to a security incident. An incident is described as any violation of policy, law, or unacceptable act that involves information assets, such as computers, networks, smartphones, etc…

Handbook: Cyber security and resilience for Smart Hospitals

Author: European Union Agency for Cybersecurity (ENISA)   This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are supporting a healthcare organisation…

Handbook: Cybersecurity for Hospitals and Healthcare Facilities

Author: Ayala, Luis Learn how to detect and prevent the hacking of medical equipment at hospitals and healthcare facilities. A cyber-physical attack on building equipment pales in comparison to the damage a determined hacker can do if he/she gains access to a medical-grade network as a medical-grade network controls the diagnostic, treatment,…