Knowledge

A common idea in cybersecurity is that the human factor is the weakest link in the cybersecurity chain. It is believed that people and human behaviour are the main risk for maintaining cybersecurity, because people make bad decisions, ignore warning signs, or might not care about cybersecurity at all. As a result, a lot of attention is brought to…

When evaluating the security of an application and data model ask the questions: What is the sensitivity of the data? What are the regulatory, compliance, or privacy requirements for the data? What is the attack vector that a data owner is hoping to mitigate? What is the overall security posture of the environment, is it a hostile…

ENISA CSIRT training material was introduced in 2008. In 2012, 2013 and 2014 it was complemented with new exercise scenarios containing essential material for success in the CSIRT community and in the field of information security. In these pages you will find the ENISA CSIRT training material, containing Handbooks for teachers, Toolsets for…

This section reflects the effort of ENISA to support organizations on the design and implementation of European Cyber Security Month awareness campaigns, though a set of guidelines. ENISA’s Vision for ECSM The vision of ENISA for ECSM is to support the EU Member States with the design and implementation of their awareness raising campaigns and to…

Author: European Union Agency for Cybersecurity (ENISA) ENISA is one of the key stakeholders in Europe in the area of Network and Information Security (NIS). Given its positioning, ENISA is active in the area of education and awareness, using its knowledge to promote NIS skills and supporting the Commission in enhancing the skills and competence…

Author: European Union Agency for Cybersecurity (ENISA) The present report is concerned with human aspects of cybersecurity including not only psychology and sociology, but also ethnography, anthropology, human biology, behavioural economics and any other subject that takes humans as its main focal point. Download the report here:…

Author: European Union Agency for Cybersecurity (ENISA) This guide complements the existing set of ENISA guides that support Computer Emergency Response Teams. It describes good practices and provides practical information and guidelines for the management of network and information security incidents with an emphasis on incident…

Author: Patrick Kral One of the greatest challenges facing today’s IT professionals is planning and preparing for the unexpected, especially in response to a security incident. An incident is described as any violation of policy, law, or unacceptable act that involves information assets, such as computers, networks, smartphones, etc…

Author: European Union Agency for Cybersecurity (ENISA)   This study proposes key recommendations for hospital information security executives and industry to enhance the level of information security in Smart Hospitals. Through the identification of assets and the related threats when IoT components are supporting a healthcare organisation…

Author: Ayala, Luis Learn how to detect and prevent the hacking of medical equipment at hospitals and healthcare facilities. A cyber-physical attack on building equipment pales in comparison to the damage a determined hacker can do if he/she gains access to a medical-grade network as a medical-grade network controls the diagnostic, treatment,…