
ENISA THREAT LANDSCAPE 2024
September 2024
119
Identity Management, Authentication, and Access Control (PR.AA):
Access to physical and logical assets is limited to authorized users,
services, and hardware and managed commensurate with the
assessed risk of unauthorized access
PR.AT-01: Personnel are provided with awareness and training so
that they possess the knowledge and skills to perform general tasks
with cybersecurity risks in mind
PR.PS-01: Configuration management practices are established
and applied
PR.PS-04: Log records are generated and made available for
continuous monitoring
Data security auditing: The support of security auditing is key to identify organisational gaps and vulnerabilities, as well
as data misuse. 631 Security audits can be performed either by security experts or by a third party (e.g. penetration
testing model), evaluating the risk of data breaches. 632
ISO/IEC 27001:2022
A8.34 Protection of information systems during audit
testing
A5.35 Independent review of information security
A5.36 Conformance with policies, rules and standards for
information security
NIST Cybersecurity Framework (CSF)
PR.PS-04: Log records are generated and made available for
continuous monitoring
ID.RA-01: Vulnerabilities in assets are identified, validated, and
recorded
PR.PS-01: Configuration management practices are established
and applied
DE.AE-03: Information is correlated from multiple sources
Data sanitisation: Data sanitisation enables end-users to protect their data by decreasing the quality of data according
to different techniques including anonymisation, generalisation, encryption, masking, filtering. Manipulated data can
then be used for testing, training, processing. 633 634
Countermeasures against data poisoning: Countermeasures against data poisoning are important to increase the
robustness of the model by using datasets of higher quality. The dataset is evaluated to filter out poisoned data points,
including poisoned data points removal,635 replacement and healing.636 Countermeasures should also aim to increase
the strength of the model itself, for instance, by using an ensemble of models to reduce the impact of a poisoning
attack. 637 638
Adversarial training: Adversarial training is important to protect a ML model against inference-time attacks. It builds on
training set augmentation (adversarial training),639 where adversarial data points are added to the training set to
increase the resilience of the model against malicious data points.
ISO/IEC 27001:2022
A5.37 Documented operating procedures
A7.10 Storage media
A8.1 User endpoint devices
A8.19 Installation of software on operational systems
A8.21 Security of network services
A8.24 Use of cryptography
A8.25 Secure development life cycle
A8.26 Application security requirements
NIST Cybersecurity Framework (CSF)
DE.CM-09: Computing hardware and software, runtime
environments, and their data are monitored to find potentially
adverse events
GV.OC-03: Legal, regulatory, and contractual requirements
regarding cybersecurity - including privacy and civil liberties
obligations - are understood and managed
ID.AM-03: Representations of the organization’s authorized
network communication and internal and external network data
flows are maintained
ID.RA-07: Changes and exceptions are managed, assessed for risk
impact, recorded, and tracked
631 EU H2020 CONCORDIA, D4.3
632 EU H2020 CONCORDIA, D4.3
633 EU H2020 CONCORDIA, D4.3
634 Marco Anisetti, Claudio A. Ardagna, Chiara Braghin, Ernesto Damiani, Antongiacomo Polimeno, and Alessandro Balestrucci. 2021. Dynamic and
Scalable Enforcement of Access Control Policies for Big Data. Proceedings of the 13th International Conference on Management of Digital
EcoSystems.
635 N. Peri, N. Gupta, W. R. Huang, L. Fowl, C. Zhu, S. Feizi, T. Goldstein, and J. P. Dickerson, ‘Deep k-NN Defence Against Clean-Label Data
Poisoning Attacks,’ in Proc. of ECCV 2020, August 2020.
636 E. Rosenfeld, E. Winston, P. Ravikumar, and Z. Kolter, ‘Certified Robustness to Label-Flipping Attacks via Randomised Smoothing,’ in Proc. of
ICML 2020, Virtual, June 2020.
637 J. Jia, X. Cao, and N. Z. Gong, ‘Intrinsic Certified Robustness of Bagging against Data Poisoning Attacks,’ in Proc. of AAAI 2021, Virtual, February
2021.
638 W. Wang, A. Levine, and S. Feizi, ‘Improved Certified Defences against Data Poisoning with (Deterministic) Finite Aggregation,’ arXiv preprint
arXiv:2202.02628, 2022.
639 A. Kurakin, D. Boneh, F. Tramèr, I. Goodfellow, N. Papernot, and P. McDaniel, ‘Ensemble Adversarial Training: Attacks and Defences,’ in Proc. of
ICLR 2018, Vancouver, BC, Canada, April, May 2018.