Latest Files for Download
December 29, 2011
ENISA seeks to identify the most suitable technology and platform to provide secure channels to improve communications with CERTs and other stakeholders. Secure transportation of information assures some combination of confidentiality, integrity and authenticity of the data...
December 19, 2011
"These systems have faced a notable number of incidents. These include the Stuxnet attack, believed to have used bespoke malware to target nuclear control systems in Iran, and the recent DuQu -‘upgraded variant’ of this malware. These incidents caused great security concerns among ICS users..."
December 13, 2011
Our society has become irreversibly dependent on Information and Communication Technologies (ICTs). Unfortunately, the adoption of them has been accompanied by the development of a new set of cyber threats which are developing in ever more rapid, sophisticated and sinister ways...
December 09, 2011
The report reveals that not all available tools are used by the ‘’digital fire-brigades’’, the Computer Emergency Response Teams (CERTs) to effectively fight cyber threats. Therefore, the Agency issues 35 recommendations to data providers and consumers to mitigate the shortcomings...
December 07, 2011
This document was produced jointly with the OWASP mobile security project. It is also published as an ENISA deliverable in accordance with our work programme 2011. It is written for developers of smartphone apps as a guide to developing secure applications...
December 01, 2011
November 18, 2011
"The House Cyber Security Task Force Report highlights the need to create a menu of economic incentives for the private sector to enhance its cyber security, rather than creating a large and unspecified regulatory apparatus at the Department of Homeland Security," Clinton said...
October 19, 2011
This paper reveals the five SSA program KPIs, their methods of collection, their importance to the organization, and how to present them in a way that demonstrates measurable success of your security strategy, and sets the groundwork to advance beyond simple metrics...
October 18, 2011
Data has to be independently classified based on availability, integrity and confidentiality. It needs to be data centric, not focusing on the systems or databases so that while data “travels” through the infrastructure it will keep these attributes without relying on source systems...
October 04, 2011
ISA President Larry Clinton was joined by former ISA Chair Ty Sagalow, ISA Chief outside counsel Tom Jackson and Ed Stull from DCR in illustrating how and why cyber events are often misanalyzed by organizations leading to financial impacts which can also be underestimated...
September 15, 2011
The Leaking Vault 2011 presents data gathered from studying 3,765 publicly disclosed data breach incidents, and is the largest study of its kind to date. Information was gleaned from the organizations that track these events, as well as government sources...
April 25, 2011
Contrary to popular belief, realistic “adversarial” testing can be accomplished in a responsible manner without the consequences of “bringing down the house". Offered are arguments and counterpoints against organizational decisions that disallow certain types of testing...
March 28, 2011
The term "Cyber Deterrence" is gaining traction lately, with regard to the act of deterring cyber attacks. I've seen at least one author (Richard Clarke) use it in his book about Cyber Warfare. In many cases the proponents of this term invoke existing Deterrence Strategies such as the MAD doctrine...
February 17, 2011
In order to analyze the real damage that a hypothetical cyberwar or individual act of cyberwarfare could do to the citizens of any nation coming under attack, it is fundamental to begin with some reflections which will help us reach a full understanding of the phenomenon and its related practical implications.
September 21, 2010
One of the most difficult issues security managers have is justifying how they spend their limited budgets. For the most part, information security budgets are determined by percentages of the overall IT budget. This implies that security is basically a “tax” on IT, as opposed to providing value back to the organization. The fact is that security can provide value to the organization, if there...
Steps Toward Weaponizing the Android Platfor... Freid Jerome on 05-17-2013