Latest Files for Download


Secure Communications for CERTs and Stakeholders

December 29, 2011

ENISA seeks to identify the most suitable technology and platform to provide secure channels to improve communications with CERTs and other stakeholders. Secure transportation of information assures some combination of confidentiality, integrity and authenticity of the data...

Comments  (0)


ENISA Releases Industrial Control Systems Security Report

December 19, 2011

"These systems have faced a notable number of incidents. These include the Stuxnet attack, believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users..."

Comments  (0)


ENISA on Cyber Security: Future Challenges and Opportunities

December 13, 2011

Our society has become irreversibly dependent on Information and Communication Technologies (ICTs). Unfortunately, the adoption of them has been accompanied by the development of a new set of cyber threats which are developing in ever more rapid, sophisticated and sinister ways...

Comments  (0)


ENISA Report: Proactive Detection of Network Security Incidents

December 09, 2011

The report reveals that not all available tools are used by the ‘’digital fire-brigades’’, the Computer Emergency Response Teams (CERTs) to effectively fight cyber threats. Therefore, the Agency issues 35 recommendations to data providers and consumers to mitigate the shortcomings...

Comments  (0)


ENISA Smartphone Secure Development Guidelines

December 07, 2011

This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...

Comments  (0)


(Almost) All Your (BASE) Are Belong to Us!

December 01, 2011

The HTML element Cross Site Scripting (XSS) I will discuss abuses the "best practice" among web developers to use relative links and the tendency of web browsers to parse incorrect HTML. HTML tags are often used in XSS attacks to an attacker inject dangerous javascript or html content...

Comments  (2)


Internet Security Alliance Endorses Cyber Security Legislation

November 18, 2011

"The House Cyber Security Task Force Report highlights the need to create a menu of economic incentives for the private sector to enhance its cyber security, rather than creating a large and unspecified regulatory apparatus at the Department of Homeland Security," Clinton said...

Comments  (0)


Tracking Performance of Software Security Assurance

October 19, 2011

This paper reveals the five SSA program KPIs, their methods of collection, their importance to the organization, and how to present them in a way that demonstrates measurable success of your security strategy, and sets the groundwork to advance beyond simple metrics...

Comments  (0)


A New Approach to Data Centric Security

October 18, 2011

Data has to be independently classified based on availability, integrity and confidentiality. It needs to be data centric, not focusing on the systems or databases so that while data “travels” through the infrastructure it will keep these attributes without relying on source systems...

Comments  (0)


ISA: Financial Management of Cyber Risk

October 04, 2011

ISA President Larry Clinton was joined by former ISA Chair Ty Sagalow, ISA Chief outside counsel Tom Jackson and Ed Stull from DCR in illustrating how and why cyber events are often misanalyzed by organizations leading to financial impacts which can also be underestimated...

Comments  (0)


The Leaking Vault 2011: Six Years of Data Breaches

September 15, 2011

The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organizations that track these events, as well as government sources...

Comments  (0)


Defending the Castle by Actively Abusing It

April 25, 2011

Contrary to popular belief, realistic “adversarial” testing can be accomplished in a responsible manner without the consequences of “bringing down the house". Offered are arguments and counterpoints against organizational decisions that disallow certain types of testing...

Comments  (2)


Cyber Deterrence - Methods and Effectiveness

March 28, 2011

The term "Cyber Deterrence" is gaining traction lately, with regard to the act of deterring cyber attacks. I've seen at least one author (Richard Clarke) use it in his book about Cyber Warfare. In many cases the proponents of this term invoke existing Deterrence Strategies such as the MAD doctrine...

Comments  (0)


Cyberwarfare and Its Damaging Effects on Citizens

February 17, 2011

In order to analyze the real damage that a hypothetical cyberwar or individual act of cyberwarfare could do to the citizens of any nation coming under attack, it is fundamental to begin with some reflections which will help us reach a full understanding of the phenomenon and its related practical implications.

Comments  (1)


Beyond Due Diligence

October 21, 2010

Beyond Due Diligence (free PDF) is a reference and awareness guide for professional services providers, private equity investors, commercial lenders, industry senior management and Business Owners.

Comments  (1)


Justifying IT Security

September 21, 2010

One of the most difficult issues security managers have is justifying how they spend their limited budgets. For the most part, information security budgets are determined by percentages of the overall IT budget. This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization. The fact is that security can provide value to the organization, if there...

Comments  (1)

« < | 3 - 4 - 5 - 6 - 7 | > »

Most Liked