This ECSO publication explores how the Open Security Controls Assessment Language (OSCAL) could support the automation and standardisation of cybersecurity compliance processes across Europe. Set against the growing complexity of EU cybersecurity legislation, it examines how machine-readable control frameworks and OSCAL-based governance, risk, and compliance tools can enable faster assessments, continuous monitoring, and more efficient audits. The document also outlines the conditions needed for broader adoption, including pilot testing, institutional support, and alignment across national authorities and supply chains.
Operational and Compliance Training
Access a wealth of resources including articles, whitepapers, tools, and guides to support your learning.
Category
Type
More
Difficulty Level
- Compliance Standards
NIS2 Implementation – Challenges, Fragmentation and Readiness Across the EU
- Published date:
- Author: European Cyber Security Organisation
This white paper provides a comprehensive analysis of the current state of NIS2 implementation across EU Member States and affected organisations. Drawing on a Europe-wide survey of cybersecurity practitioners and sectoral case studies, it highlights fragmentation in national transpositions, inconsistencies in incident reporting timelines and classification approaches, and significant gaps in budget allocation and management engagement. The report offers actionable recommendations to support harmonised implementation and strengthen organisational readiness under the NIS2 Directive.
- Risk Management
Protecting Data from Ransomware and Data Loss (NIST NCCoE, 2020)
- Published date:
- Author: National Institute of Standards and Technology
This NIST NCCoE guide provides practical recommendations to help Managed Service Providers (MSPs) design, maintain, and test backup files to reduce the impact of ransomware and other data loss events (e.g., hardware failure, accidental or malicious deletion). It supports implementation of the NIST Cybersecurity Framework subcategory PR.IP-4 by outlining considerations for backup planning, selecting backup services/products, ensuring backup availability and integrity, and strengthening disaster recovery readiness. The guidance is adaptable—MSPs can apply only the recommendations relevant to their operational context.
- Data Protection and Privacy
Online Tracking and User Protection Mechanisms: Technical Implementation of User Consent and Do Not Track (DNT)
- Published date:
- Author: European Union Agency for Cybersecurity (ENISA)
This ENISA study examines online tracking technologies and the technical mechanisms available to protect users’ privacy, with a particular focus on user consent, privacy settings, and the implementation of the Do Not Track (DNT) standard. Set against the evolving EU legal landscape, including the GDPR and the proposed ePrivacy Regulation, the report analyses tracking risks and provides targeted recommendations for service providers, user agents, policymakers, and regulators to strengthen user protection and ensure meaningful, technically valid consent online.
- Risk Management
Guide for Conducting Risk Assessments
- Published date:
- Author: National Institute of Standards and Technology (NIST)
NIST Special Publication 800-30 Rev. 1 provides structured guidance for conducting cybersecurity risk assessments across information systems and organizations. It supports decision-making at all levels of the risk management hierarchy by outlining methodologies to identify threats, vulnerabilities, impacts, and residual risks. The guide complements NIST SP 800-39 and serves as a foundational reference for integrating risk assessment into enterprise-wide risk management and security control selection.
- Risk Management
#StopRansomware Guide: Prevention and Response Best Practices
- Published date:
- Author: Cybersecurity and Infrastructure Security Agency (CISA)
This guide from CISA, MS-ISAC, NSA, and the FBI provides actionable best practices for preventing and responding to ransomware and data extortion attacks. It includes two core parts: (1) Prevention guidance based on common attack vectors, including credential compromise and social engineering, and (2) A detailed response checklist with detection and threat hunting steps. The guide aligns recommendations with CISA’s Cross-Sector Cybersecurity Performance Goals and highlights the evolving tactics of ransomware actors, including double extortion. Ideal for IT and cybersecurity professionals across sectors.
- Data Protection and Privacy
Right to Erasure (GDPR) Request Form and Guidance
- Published date:
- Author: GDPR.EU
This resource provides a comprehensive template and legal guidance for submitting a Right to Erasure (Right to be Forgotten) request under Article 17 of the General Data Protection Regulation (GDPR). It includes a structured form to facilitate data subject requests, outlines the legal basis and exceptions for erasure, and explains when organizations are obligated—or allowed to refuse—to erase personal data. Ideal for both individuals seeking to exercise their data rights and organizations aiming to streamline compliance with GDPR obligations.
- Compliance Standards
European Cybersecurity Skills Framework (ECSF): Defining Roles, Skills, and Competencies Across the EU
- Published date:
- Author: European Union Agency for Cybersecurity (ENISA)
The European Cybersecurity Skills Framework (ECSF), developed by ENISA, is the EU’s official reference model for identifying and articulating cybersecurity professional roles and the skills, knowledge, and competencies they require. Featuring 12 role profiles, practical mappings to ESCO, NIS2, and AI domains, and a comprehensive user manual, the ECSF supports workforce planning, training design, skills attestation, and policy alignment. Widely adopted by public and private stakeholders, it underpins the Cybersecurity Skills Academy and contributes to closing the cybersecurity talent gap across the EU.
- Data Protection and Privacy
GDPR Compliance Checklist for Data Controllers
- Published date:
- Author: GDPR.eu
This practical GDPR checklist offers a comprehensive overview of key compliance areas for data controllers, including lawful data processing, data security, accountability, and privacy rights. Designed to help organizations of all sizes reduce risk and improve data protection practices, it provides actionable steps—from conducting impact assessments to managing data subject rights. While not legal advice, it serves as a valuable reference for navigating GDPR obligations and strengthening compliance posture.
- Compliance Standards
Streamlining Regulatory Obligations: ECSO Action Plan for EU Cybersecurity Alignment (2025)
- Published date:
- Author: European Cyber Security Organisation (ECSO)
Published by the European Cyber Security Organisation (ECSO) in July 2025, this Action Plan offers a roadmap to harmonise cybersecurity regulatory requirements across the EU. Focusing on incident reporting, risk management, supply chain security, and audit practices, it presents actionable recommendations to improve cross-border coordination and reduce administrative burden—particularly for SMEs. Developed through stakeholder consultations, the plan supports a more resilient, efficient, and strategically autonomous cybersecurity environment in Europe.