This ENISA report offers technical guidance to help entities in digital infrastructures, ICT service management, and digital provider sectors comply with the NIS2 Directive. It maps out the security requirements set by the EU Regulation (EU) 2024/2690, and provides practical advice, suggested evidence, and examples to assist organizations in implementing those requirements. It is specifically aimed at private sector entities and covers topics such as risk management, incident management, certification and standards, and skills & competences.
Operational and Compliance Training
Access a wealth of resources including articles, whitepapers, tools, and guides to support your learning.
Category
Type
More
Difficulty Level
- Compliance Standards
Acceptable Use Policy (AUP) – Framework, Templates, Best Practices, and Common Pitfalls
- Published date:
- Author: ISO-Docs
This resource explores the development and implementation of an Acceptable Use Policy (AUP) aligned with the ISO/IEC 27001:2022 standard. It outlines the purpose, scope, acceptable and prohibited uses, user responsibilities, enforcement measures, and review procedures essential for integrating the AUP into an organization’s Information Security Management System (ISMS). The document highlights the benefits of a strong AUP, such as risk reduction, improved user accountability, regulatory compliance, and enhanced operational efficiency. It also identifies common drafting and implementation pitfalls to avoid and offers practical guidance on stakeholder involvement, training, communication, and policy maintenance. Importantly, the resource includes customizable templates to help organizations develop ISO-compliant AUPs efficiently and effectively. Ideal for IT managers, CISOs, compliance teams, and security professionals.
- Compliance Standards
Digital Operational Resilience Act (DORA) for the Financial Sector
- Published date:
- Author: European Parliament and Council of the EU
This EU Regulation, formally known as Regulation (EU) 2022/2554, enacts the Digital Operational Resilience Act (DORA)—a comprehensive legal framework designed to enhance the digital operational resilience of financial entities across the European Union. Published in the Official Journal on 27 December 2022 (OJ L 333), DORA introduces unified requirements for managing ICT-related risks, testing resilience, reporting major ICT disruptions, and overseeing third-party service providers within the financial sector. The regulation entered into effect on 17 January 2025 and applies directly across all EU Member States, harmonizing previously fragmented ICT risk regulations and strengthening the EU’s financial system against cyber threats and operational disruptions.
- Data Protection and Privacy
Data Processing Agreement (DPA) Template for Controllers and Processors
- Published date:
- Author: GDPR.EU
This Data Processing Agreement (DPA) template is a customizable legal tool designed to help organizations comply with the EU General Data Protection Regulation (GDPR) when outsourcing services involving personal data processing. It formalizes the relationship between a Data Controller and a Data Processor, outlining roles, responsibilities, and legal obligations related to data protection, including data breach notification, subprocessing, data subject rights, audit rights, and cross-border data transfers. Suitable for businesses of all sizes, the DPA ensures that personal data is processed securely, lawfully, and transparently in accordance with EU data protection standards.
- Compliance Standards
State of Cybersecurity in the European Union: Comprehensive Assessment and Policy Recommendations
- Published date:
- Author: European Union Agency for Cybersecurity
This report presents an evidence-based overview of the current cybersecurity landscape and capabilities across the European Union. It serves as a foundational resource for EU policymakers by identifying key strengths and shortcomings in Member States’ cybersecurity readiness. In addition to assessing the state of play, the report offers strategic policy recommendations aimed at enhancing the EU’s overall cybersecurity posture and ensuring greater resilience across the Union.
- Risk Management
A Critical Guide to Closing Your Exposure Management Gaps
- Published date:
- Author: Bitsight
As CISOs transform their position in the enterprise from technical managers to business risk leaders, they need better visibility and data about cyber risks in order to credibly advise the business. As digital footprints keep expanding and cybersecurity threats keep snowballing, prioritize action around the biggest risks to the business.
Download this guide to get details on why leading CISOs credit exposure management as one of the top tools and practices that will help them drive better prioritization of action, better transparency to the board and CEOS and better accountability from their direct reports.
- Risk Management
5 Ways to Evaluate the ROI of Your Cybersecurity Program
- Published date:
- Author: Bitsight
Cybersecurity ROI isn’t about cost savings. It’s about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn’t measure success in cost savings, how do you measure it?
Bitsight is providing five steps that help CISOs and executive teams evaluate their company’s cybersecurity performance.
Download the eBook to learn how to:
– Frame success
– Establish & understand your cyber risk appetite
– Assess & quantify risk
– Benchmark to gain perspective
– Facilitate continuous improvement
- Compliance Standards
Enhancing Cybersecurity for SMEs: Challenges, Recommendations, and Actions
- Published date:
- Author: European Union Agency for Cybersecurity (ENISA)
This comprehensive report addresses the unique cybersecurity challenges faced by Small and Medium Enterprises (SMEs) in the European Union, particularly exacerbated by the COVID-19 pandemic. It offers an in-depth analysis of the current state of SMEs’ digital security and their preparedness for crises, based on extensive research including a two-month survey and targeted interviews. The findings reveal that SMEs are critically dependent on their ICT infrastructure yet often underestimate the cybersecurity risks involved. The report provides a tri-fold set of recommendations focused on people, processes, and technology to help SMEs enhance their cybersecurity posture. These include updates to software, strict access control, effective use of cloud services, and comprehensive cyber-incident planning. Additionally, the report offers guidance for national and European authorities on supporting SMEs in this vital area. A supplementary guide provides SMEs with 12 high-level steps to secure their systems and business effectively.
- Compliance Standards
Streamlining Regulatory Obligations of EU Cybersecurity Policies: Insights and Recommendations
- Published date:
- Author: European Cyber Security Organisation (ECSO)
This resource outlines the findings from a comprehensive analysis and a Europe-wide survey conducted to identify key compliance challenges faced by EU companies, particularly SMEs, under current EU cybersecurity regulations. These challenges include complex, overlapping regulatory requirements and the burdensome need to report cybersecurity incidents to multiple authorities. The European Cyber Security Organisation (ECSO) has provided a set of actionable recommendations aimed at streamlining these obligations to enhance the competitiveness of European companies. The insights are intended to inform and shape discussions on the regulatory landscape with European authorities, including upcoming submissions to the Polish Presidency in January 2025. This document serves as an essential guide for organizations navigating EU cybersecurity policy complexities.
- Compliance Standards
The European Action Plan on the Cybersecurity of Hospitals and Healthcare Providers
- Published date:
- Author: European Commission
Launched on January 15, 2025, by the European Commission, this action plan aims to significantly bolster the cybersecurity of hospitals and healthcare providers across Europe. As part of the 2024-2029 Commission’s Political Guidelines, the initiative focuses on enhancing threat detection, improving preparedness, and strengthening crisis response capabilities within the healthcare sector. The plan outlines the deployment of tailored guidance, tools, services, and training specifically designed for healthcare environments. Scheduled for progressive rollout in 2025 and 2026, the initiative involves collaboration with healthcare providers, Member States, and the broader cybersecurity community. This marks a pioneering sector-specific effort to apply comprehensive EU cybersecurity measures in healthcare.