ENISA released the Threat Landscape Methodology

Pierluigi Paganini July 07, 2022

I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology.

Policy makers, risk managers and information security practitioners need up-to-date and accurate information on the current threat landscape, supported by threat intelligence. The EU Agency for Cybersecurity (ENISA) Threat Landscape report has been published on an annual basis since 2013. The report uses publicly available data and provides an independent view on observed threat agents, trends and attack vectors.

ENISA aims at building on its expertise and enhancing this activity so that its stakeholders receive relevant and timely information for policy-creation, decision-making and applying security measures, as well as in increasing knowledge and information for specialised cybersecurity communities or for establishing a solid understanding of the cybersecurity challenges related to new technologies.

The added value of ENISA cyberthreat intelligence efforts lies in offering updated information on the dynamically changing cyberthreat landscape. These efforts support risk mitigation, promote situational awareness and proactively respond to future challenges.
Following the revised form of the ENISA Threat Landscape Report 2021, ENISA continues to further improve this flagship initiative.
ENISA seeks to provide targeted as well as general reports, recommendations, analyses and
other actions on future cybersecurity scenarios and threat landscapes, supported through a clear
and publicly available methodology.

By establishing the ENISA Cybersecurity Threat Landscape (CTL) methodology, the Agency
aims to set a baseline for the transparent and systematic delivery of horizontal, thematic, and
sectorial cybersecurity threat landscapes. The following threat landscapes could be considered
as examples.

  • Horizontal threat landscapes, such as the overarching ENISA Threat Landscape (ETL), a product which aims to cover holistically a wide-range of sectors and industries.
  • Thematic threat landscapes, such as the ENISA Supply Chain Threat Landscape, a product which focuses on a specific theme, but covers many sectors.
  • Sectorial threat landscape, such as the ENISA 5G Threat Landscape, focuses on a specific sector. A sectorial threat landscape provides more focused information for a particular constituent or target group.

Recognising the significance of systematically and methodologically reporting on the threat landscape, ENISA has set up an ad hoc Working Group on Cybersecurity Threat Landscapes2 (CTL WG) consisting of experts from European and international public and private sector entities.

The scope of the CTL WG is to advise ENISA in designing, updating and reviewing the methodology for creating threat landscapes, including the annual ENISA Threat Landscape (ETL) Report. The WG enables ENISA to interact with a broad range of stakeholders for the purpose of collecting input on a number of relevant aspects. The overall focus of the methodological framework involves the identification and definition of the process, methods, stakeholders and tools as well as the various elements that, content-wise, constitute the cyberthreat Landscape (CTL).

You can download the ENISA Threat Landscape Methodology here:

ENISA Threat Landscape Methodology

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ENISA Threat Landscape Methodology)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment