http://www.enisa.europa.eu/publications

http://www.enisa.europa.eu/publications

ENISA reports

http://www.enisa.europa.eu/publications/studies

In this section, you can find ENISA’s Reports, which give you a structured overview of the work done by the Agency. These documents aim to promote a better understanding of the work of our Experts in the field of NIS.

Procure Secure: A guide to monitoring of security service levels in cloud contracts

Date: Apr 02, 2012

A practical guide aimed at the procurement and governance of cloud services. This guide provides advice on questions to ask about the monitoring of security. The goal is to improve public sector customer understanding of the security of cloud services and the potential indicators and methods which can be used to provide appropriate transparency during service delivery. One-off or periodic...

Read More…

Study on monetising privacy. An economic model for pricing personal information

Date: Feb 28, 2012

Do some individuals value their privacy enough to pay a mark-up to an online service provider who protects their information better? How is this related to personalisation of services? This study analyses the monetisation of privacy. ‘Monetising privacy’ refers to a consumer’s decision of disclosure or non-disclosure of personal data in relation to a purchase transaction. The main goal of...

Read More…

Cooperation between CERTs and Law Enforcement Agencies in the fight against cybercrime - The first collection of practices

Date: Feb 28, 2012

The essential aim of this report is to improve the capability of CERTs, with a focus on the national/governmental CERTs (n/g CERTs), to address the network and information security (NIS) aspects of cybercrime. It focuses particularly on supporting n/g CERTs and their hosting organizations in the European Union (EU) the Member States in their collaboration with the LEAs. It also intends to be a first...

Read More…

Study on data collection and storage in the EU

Date: Feb 23, 2012

Given the clear contrast between the importance of the privacy by design principle on the one hand, and the reality of lax data protection practices with many online service providers, on the other hand, the aim of this study is to present an analysis of the relevant legal framework of European Member States on the principles of minimal disclosure and the minimum duration of the storage of...

Read More…

Recommendations for technical implementation of Art.4

Date: Dec 22, 2011

In 2011 ENISA has set up an Expert Group composed of representatives of the EU institutions, Art.29 Working Party, national DPAs, and industry. This group helped in the development of the specific technical recommendations for the implementation of the Article 4 of the ePrivacy Directive, including a practical and usable definition of a data breach, and in particular its relation to the definition...

Read More…

Ontology and taxonomies of resilience

Date: Dec 21, 2011

Existing standards in the field have so far only addressed resilience indirectly and thus without a detailed definition of the taxonomy and thus of the semantics of security. The primary purpose of an ontology and taxonomies defined in this context is to use them as the basis of definitions and processes in the future work. A taxonomy is most often defined as a classification of terms and has close...

Read More…

Secure Communication with the CERTs & Other Stakeholders

Date: Dec 21, 2011

The main objective of the project “Secure Communications with the CERTs and other Stakeholders”, which is one of the ENISA activities related to reinforcing communications between CERTs in the Member States, is the preparation work for a report on secure communication channel(s) with the CERTs and other stakeholders and a roadmap for implementation and future development. THIS CONCISE...

Read More…

Technologies with potential to improve the resilience of the Internet infrastructure

Date: Dec 21, 2011

In 2011 ENISA performed the review of its studies on resilient technologies from 2008-2010, complementing the findings of the previous years and investigating the deployment status of technologies enhancing resilience. Initial review of supply chain integrity-assuring methods was also investigated.

Read More…

Survey and analysis of security parameters in cloud SLAs across the European public sector

Date: Dec 21, 2011

In the past, organizations would buy IT equipment (hardware or software) and manage it themselves. Today many organizations prefer to use cloud computing and outsourced IT services. The work of an organization's IT officer has changed as a consequence: Instead of setting up hardware or installing software, IT officers now have to manage IT service contracts with vendors (cloud, datacentre,...

Read More…

Survey and analysis of security parameters in cloud SLAs across the European public sector

Date: Dec 21, 2011

In the past, organizations would buy IT equipment (hardware or software) and manage it themselves. Today many organizations prefer to use cloud computing and outsourced IT services. The work of an organization's IT officer has changed as a consequence: Instead of setting up hardware or installing software, IT officers now have to manage IT service contracts with vendors (cloud, datacentre,...

4/12/2012