Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

EU: ENISA issues interoperable EU risk management framework report

The European Union Agency for Cybersecurity ('ENISA') issued, on 13 January 2022, a report providing an analysis of the interoperability potential of cybersecurity risk management frameworks and methodologies to improve decision-making. In particular, ENISA stated that the report is primarily designed to assess the existing risk management frameworks and methodologies in order to identify those with the most prominent interoperable features. In addition, ENISA highlighted that the key outcomes of the report included the following information:

  • the identification of fully developed national and sectorial risk management frameworks and methodologies and their components;
  • the identification of specific features such as national or international scope, target sectors, size of target audience, maturity, compliance with relevant standards, and compatibility with EU regulation and legislation, among other things.;
  • the development of a methodology for the assessment of the interoperability potential of the identified frameworks based on a set of factors such as risk identification, risk assessment, and risk treatment; and
  • the application of the methodology to identify frameworks with a higher interoperability potential.

Furthermore, ENISA stated that the elements gathered in the study serve the purpose of providing keys to potentially form a more coherent EU-wide risk management framework. Moreover, ENISA noted that the report also includes a proposal for a new ENISA inventory of risk management frameworks and methodologies, the Compendium of Risk Management Frameworks with Potential Interoperability.

You can read the press release here, and download the report here and the compendium here.