Best Practices

ENISA study into taxonomies for incident detection and prevention

The main objective of this report is to provide relevant good practices in terms of taxonomies for incident detection and prevention for the CSIRT community. Additionally, it aims to provide conclusions and recommendations based on the qualitative assessment of taxonomies within the current taxonomy landscape on improvements that can be made on current taxonomies, such as what fields can be extended or added to existing taxonomies.

Guidelines for SMEs on the security of personal data processing

ENISA decided to provide further guidance to SMEs on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the personal data processing operation and subsequently assess the associated security risks.

Baldrige-Based Tool for Cybersecurity

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has released a self-assessment tool to help organisations better understand the effectiveness of their cyber-security risk management efforts.

The document is called Baldrige Cybersecurity Excellence Builder and it is based on two of the main NIST resources, the organisational performance evaluation strategies from the Baldrige Performance Excellence Program and the risk management mechanism from the Cyber Security Framework.

NIST SME Security essential guide

The National Institute of Standards and Technology (NIST) last week released an essential guide to help SMEs protecting their data and information.

"Small Business Information Security: The Fundamentals" is written for small-business owners not experienced in cybersecurity and explains basic steps they can take to better protect their information systems.