Best Practices

ENISA study into taxonomies for incident detection and prevention

The main objective of this report is to provide relevant good practices in terms of taxonomies for incident detection and prevention for the CSIRT community. Additionally, it aims to provide conclusions and recommendations based on the qualitative assessment of taxonomies within the current taxonomy landscape on improvements that can be made on current taxonomies, such as what fields can be extended or added to existing taxonomies.

Guidelines for SMEs on the security of personal data processing

ENISA decided to provide further guidance to SMEs on how to adopt security measures for the protection of personal data, following a risk-based approach. In particular, the objectives of the study were to facilitate SMEs in understanding the context of the personal data processing operation and subsequently assess the associated security risks.

Baldrige-Based Tool for Cybersecurity

The U.S. Commerce Department’s National Institute of Standards and Technology (NIST) has released a self-assessment tool to help organisations better understand the effectiveness of their cyber-security risk management efforts.

The document is called Baldrige Cybersecurity Excellence Builder and it is based on two of the main NIST resources, the organisational performance evaluation strategies from the Baldrige Performance Excellence Program and the risk management mechanism from the Cyber Security Framework.

NIST SME Security essential guide

The National Institute of Standards and Technology (NIST) last week released an essential guide to help SMEs protecting their data and information.

"Small Business Information Security: The Fundamentals" is written for small-business owners not experienced in cybersecurity and explains basic steps they can take to better protect their information systems.

Protecting Smart Hospitals - ENISA recommendations for cyber security

A new study by the European Union for Network and Information Security (ENISA) investigates threats and vulnerabilities in hospitals using the Internet of Things (IoT). The risk-based approach analyses attack scenarios and maps common good practices.

Smart solutions help hospitals improve patient care, including remote care but not enough attention is paid to security and safety issues as cost estimates for data breaches in hospital cyber incidents show.

ENISA's best practice on the design and implementation of a National Cyber Security Strategy

In a constantly changing cyber threats environment, EU Member States need to have flexible and dynamic cyber security strategies to meet new, global threats.

ENISA recently published its second National Cyber Security Strategy Good Practice Guide, providing an update to the 2012 ENISA guidebook on the design and implementation of a National Cyber Security Strategy.