Whose side is Enisa on?

I’d have thought “mapping the IT security position of each country” and publishing it in a report just provides hackers with a handy guide that facilitates spear phishing by making it easy to track down the right personnel (European nations fail to develop anti-cyber attack strategies).

I’d be extremely surprised if security personnel in the EU states were all that happy to comply with requests for information about their approach for exactly that reason. It seems a contradiction to refer to this as best practice.

Is Enisa simply touting for additional budget?

Lord Gaga