MEDINA Brochure 2022.pdf
•
0 likes•39 views
The MEDINA project aims to provide continuous, real-time certification for secure cloud computing services in compliance with EU standards. It develops tools to automate evidence collection, assessment, and management to streamline the certification process. This allows cloud services to continuously monitor controls, metrics, and security risks to maintain certification more efficiently.
Report
Share
Report
Share
Download to read offline
Recommended
MEDINA brochure 2023
The MEDINA project aims to help stakeholders achieve continuous compliance with the European Union's cloud security certification scheme (EUCS) through automation. It provides a set of tools and techniques that can be accessed through a unified user interface or API to fully manage the certification status of cloud services. Early adopters can implement generic workflows comprising scenarios and roles to streamline the EUCS certification process through guidance and evidence management automation.
Medina general presentation
General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme
MEDINA project brochure 2021
The document discusses a security framework called MEDINA that aims to provide a holistic framework supporting cloud service providers' (CSPs) continuous certification in compliance with the EU cloud security certification scheme. The framework will include a repository of security metrics and measures, tools for selecting controls based on risk levels, a certification language, evidence management tools, a certificate evaluator, and a risk-based auditor tool. This will help CSPs more easily achieve and maintain certification, reducing costs and efforts. Two example use cases are provided for Bosch regarding IoT solutions and Fabasoft regarding SaaS solutions for the public sector.
Medina general presentation
This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is meant to provide guidance to help cloud providers more easily implement security controls and collect evidence of compliance, reducing the costs and efforts of certification.
Medina general presentation
This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is intended to provide guidance to cloud service providers on implementing security controls and collecting evidence of compliance, making the certification process more efficient.
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
This document discusses the EU-funded MEDINA Project, which aims to address challenges around continuous monitoring and certification of security compliance for dynamic cloud environments. The project is developing an open-source framework with components like a repository of metrics and measures, tools for continuous evidence management and evaluation, and a risk-based auditor tool. Upon completion, the framework will help cloud service providers and auditors more easily ensure frequent infrastructure changes remain compliant with security policies. The goal is to leverage automation to enhance trust for hybrid cloud approaches.
MEDINA General Presentation
General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme
Automation-based Certification for Cloud Services in Euro
This document discusses automation-based certification for cloud services in Europe. It provides an overview of the MEDINA project, which aims to enable continuous audit-based certification for cloud services through automation. The MEDINA framework collects technical evidence, assesses compliance automatically, and manages certificates in order to streamline the certification process defined in the EUCS standard. After MEDINA concludes, the lessons learned may be applied to the new COBALT project focusing on certification of AI-enabled systems and quantum computing.
Recommended
MEDINA brochure 2023
The MEDINA project aims to help stakeholders achieve continuous compliance with the European Union's cloud security certification scheme (EUCS) through automation. It provides a set of tools and techniques that can be accessed through a unified user interface or API to fully manage the certification status of cloud services. Early adopters can implement generic workflows comprising scenarios and roles to streamline the EUCS certification process through guidance and evidence management automation.
Medina general presentation
General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme
MEDINA project brochure 2021
The document discusses a security framework called MEDINA that aims to provide a holistic framework supporting cloud service providers' (CSPs) continuous certification in compliance with the EU cloud security certification scheme. The framework will include a repository of security metrics and measures, tools for selecting controls based on risk levels, a certification language, evidence management tools, a certificate evaluator, and a risk-based auditor tool. This will help CSPs more easily achieve and maintain certification, reducing costs and efforts. Two example use cases are provided for Bosch regarding IoT solutions and Fabasoft regarding SaaS solutions for the public sector.
Medina general presentation
This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is meant to provide guidance to help cloud providers more easily implement security controls and collect evidence of compliance, reducing the costs and efforts of certification.
Medina general presentation
This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is intended to provide guidance to cloud service providers on implementing security controls and collecting evidence of compliance, making the certification process more efficient.
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...
This document discusses the EU-funded MEDINA Project, which aims to address challenges around continuous monitoring and certification of security compliance for dynamic cloud environments. The project is developing an open-source framework with components like a repository of metrics and measures, tools for continuous evidence management and evaluation, and a risk-based auditor tool. Upon completion, the framework will help cloud service providers and auditors more easily ensure frequent infrastructure changes remain compliant with security policies. The goal is to leverage automation to enhance trust for hybrid cloud approaches.
MEDINA General Presentation
General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme
Automation-based Certification for Cloud Services in Euro
This document discusses automation-based certification for cloud services in Europe. It provides an overview of the MEDINA project, which aims to enable continuous audit-based certification for cloud services through automation. The MEDINA framework collects technical evidence, assesses compliance automatically, and manages certificates in order to streamline the certification process defined in the EUCS standard. After MEDINA concludes, the lessons learned may be applied to the new COBALT project focusing on certification of AI-enabled systems and quantum computing.
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
The European Project MEDINA is analysing how to leverage OSCAL to achieve a continuous certification, one step beyond continuous compliance, as required by the European cloud services certification scheme. Presented in the US NIST OSCAL Workshop on February 2021
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
The document discusses the EU Cybersecurity Scheme for Cloud Services (EUCS) and its requirements for continuous monitoring and certification. It introduces the MEDINA project, funded by the EU, which aims to develop a framework for achieving continuous audit-based certification aligned with the EUCS through continuous monitoring. The project will leverage the Open Security Controls Assessment Language (OSCAL) for machine-readable representation of security controls and certificates. It seeks collaboration with NIST on further development and adoption of OSCAL to support its goals.
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
This document summarizes the results of an experiment conducted to test requirements for continuous monitoring and certification from the European Union's Cloud Services (EUCS) certification scheme. The experiment found that:
1) Existing tools can automate assessment of some EUCS requirements, but coverage is currently limited.
2) A machine-readable format like NIST's OSCAL shows promise for specifying and reporting on automated assessments.
3) While some level of automation is possible now, auditors will still need to review evidence to ensure trustworthy compliance. Standardization of audit processes could help leverage the full potential of automation in the future.
Paving the road towards continuous auditbased certification for cloud service...
This document summarizes a presentation about the MEDINA project, which aims to facilitate the adoption of the EU Cybersecurity Certification Scheme (EUCS) for cloud services. The MEDINA project is developing a security framework and tools to support continuous, automated certification based on evidence management. This will help address challenges with the current point-in-time certification approach and high costs of certification. The MEDINA framework collects evidence, assesses compliance, and manages certification, with the goal of easing the process of continuous certification as required by EUCS. While progress has been made, challenges remain around regulating automated certification and sustaining the project's tools after its completion.
Remote Video Inspection (RVI) software for fire and safety inspections
Remote video inspections (RVIs) are now widely used and have been adopted by the National Fire Protection Association (NFPA). RVIs ensure fire safety by maximizing the direct interaction between clients, fire protection engineers, technicians, and fire department personnel while maintaining COVID-19 guidelines. CloudVisit’s remote video inspection software satisfies the requirements for fire and safety inspections with proven functionality for scheduling, documenting, and client acceptance, mirroring onsite inspection processes.
First Impressions on Experimenting with Automated Monitoring Requirements of ...
This whitepaper reports on lessons learned related to the experimentation performed by the MEDINA team on the topic of continuous (automated) monitoring, just as required by the High Assurance baseline of the draft version of the European Cybersecurity Certification Scheme for Cloud Service (EUCS). Besides the reported process and obtained results, we also provide a set of recommendations to relevant stakeholders (in particular Cloud Service Providers and Auditors) with the goal of supporting the uptake of EUCS for High Assurance.
CloudVisit Remote Video Inspection and Collaboration Software
CloudVisit provides video communication, collaboration, virtual inspection, and maintenance software solutions for multiple industries, which provide cost savings, time savings, as well as improve health and safety during the COVID-19 pandemic and beyond. The inspection software created by CloudVisit enhances the process of several types of commercial or consumer inspections with paperless digital checklists, cloud-based visual data collection, inspection report generation, and robust appointment creation features.
CloudVisit video collaboration platform allows organizations to maximize operational efficiency, profitability, and workforce productivity by simplifying workflows and eliminating the need for onsite inspections and quality assurances.
CloudVisit currently serves many industries, including maritime, aviation, construction, telecommunications, transportation, and telemedicine, and is expanding. The company is backed by 16+ years of success in software programming, video conferencing, telemedicine, and telecommunications. CloudVisit has a proven record of excellence, efficiency, security, and quality customer service.
MEDINA ESG (Expert Stakeholder Group) presentation
This document summarizes an expert stakeholder group meeting for the MEDINA project. The meeting agenda included an introduction to MEDINA, demonstrations of two tools (SATRA and AMOE), and a discussion of next steps. MEDINA aims to facilitate adoption of the EU Cybersecurity Certification Scheme for continuous cloud certification. Progress after 18 months includes initial prototypes and testing of tools for self-assessment, evidence management, and certificate lifecycle management. Upcoming plans include full validation of MEDINA with industry partners and progressing standardization and exploitation activities.
MEDINA: Standardization to enable continuous cloud cybersecurity certification
This project called MEDINA received funding from the EU Horizon 2020 programme to develop standardization to enable continuous cloud cybersecurity certification. MEDINA aims to provide a security framework and tools to achieve continuous audit-based certification aligned with the EU Cybersecurity Certification Scheme for Cloud Services. The project runs from November 2020 to October 2023 with a budget of over 4 million euros. One of MEDINA's objectives is to engage standard development organizations to adopt requirements for continuous compliance assessments and automation in line with the EU certification scheme. Achievements so far include supporting the development of the EU certification scheme and contributing to related standards.
Pots pan case study swansea met
The document describes a pilot project at Swansea Metropolitan University to test the use of electronic signatures for authenticating online documents, finding that using open source OpenOffice software with the free CAcert certification authority provided a secure and cost-effective solution that met verification standards for signed documents. The pilot confirmed electronic signatures could authenticate remotely submitted administrative and assessment documents in an accessible way that satisfied quality assurance requirements.
Pots pan workpackage 3
The document outlines a plan to pilot the use of digital signatures for authenticating documents at Swansea Metropolitan University. It will focus on using digital signatures to authenticate online assessments as the university is considering online distance learning courses. The pilot will use Open Office software and a free certification authority to apply signatures to test documents. The signed documents will be shared electronically and evaluated to assess the security and trustworthiness of the electronic signatures. The pilot aims to identify the lowest cost digital signature options and evaluate their potential benefits for authenticating online assessments.
Project COLA - Project Flyer EN Web
Project COLA received funding from the European Union's Horizon 2020 research and innovation programme to develop a framework called MiCADO that provides dynamic and automated resource scalability for cloud applications. MiCADO services allow application developers to define quality of service parameters and optimize how applications are deployed and scaled across multiple clouds at runtime based on those parameters. The goal is to increase adoption of cloud computing by small and medium enterprises and the public sector through more efficient cloud resource utilization and security.
Cruatech Services Intro
Cruatech is a software development company that specializes in hardware integration, product development for physical security, energy management and IoT sectors, and project management. It develops integration modules and platforms like CruzControl. Cruatech has experience integrating over 80 security systems and developing solutions for challenges like retrofitting energy management hardware and developing access control using facial recognition. It ensures reliable delivery through a phased, tested approach and has received praise from partners for responsiveness.
Quality Assurance Framework for the OpenVM E+ project
This document summarizes the objectives and work of the Open Virtual Mobility Erasmus+ project. The project aims to (1) enhance uptake of open virtual mobility by improving skills of educators and students, (2) create a European OpenVM Learning Hub for skills achievement, assessment and recognition, and (3) develop innovative tools and methods for skills assessment and recognition. The project is working on designing quality assurance standards, processes, and instruments for the Learning Hub and its components using a design-based research approach. An evaluation of the quality assurance strategy was conducted with partners and external experts.
proposal on assessment of qualified signature creation devices compliant with...
A presentation about a proposal on assessment of qualified signature creation devices compliant with #eIDAS requirements and based on EU standards
PkBox as simple and secure cloud electronic signature creation and validation...
In Italy remote signature solutions are key for mass-diffusion of qualified electronic signature solutions and demonstrated to be barrier-free for the end users. The key role of this kind of solutions for adoption of electronic signatures is also recognized by the eIDAS Regulation.
The presentation will focus firstly on use cases where real solutions implemented by the presenter enabling signatures in mobile and cloud environment based on server signing architectures, are the key to ease of use and massive adoption. The solutions described are based on qualified electronic signatures complying with the requirements specified by Directive 1993/93/EC for Secure Signature Creation Devices.
The presentation then will focus on the importance of standards in relation to the various aspects of the signature solution usability and feasibility: signature formats, signature creation and validation, conformity assessment of the signature creation trust services and trustworthiness of the system supporting server signing.
The presentation then will conclude, on the basis of the concrete business perspective and experience of the presenter, with requirements and recommendations for the standardization work in this area aiming to guarantee on one hand the feasibility of easy to use signature solutions, on the other hand that the signature creation environment is reliable, trustable and used under the sole control of the signatory.
1rst ARCADIA bronchure
This document summarizes the ARCADIA project, which aims to design and validate a new paradigm for developing highly distributed applications that can dynamically reconfigure based on changes to programmable infrastructure. The project received over 3.5 million Euros in funding from the European Union's Horizon 2020 program and will last 36 months. It involves developing new approaches for application deployment and management over distributed systems while maintaining network reliability, security, and efficiency.
Cyber Tekes Safety and Security programme 2013
The document describes several cyber security solutions from Tekes Safety and Security Programme. The first solution discussed is a total IT asset data erasure solution that can completely erase digital data from all IT assets such that the data cannot be recovered with any existing technology. The solution has the most comprehensive certification in the industry. The second solution discussed is a flexible and secure authentication solution that aims to improve authentication for internet services. The third solution is a testing-as-a-service called Fuzz-o-Matic that can test applications for vulnerabilities and ensure their safety.
Whitepaper MEDINA Metric Recommender NLP
The document describes a metric recommender system developed as part of the MEDINA project. The system uses natural language processing techniques to automatically associate metrics with security requirements. It plays a key role in the MEDINA framework by translating requirements expressed in natural language to measurable metrics. Initial validation results demonstrate the system's ability to efficiently recommend relevant metrics for requirements based on textual similarity.
Performing One Audit Using Zero Trust Principles
In this 45 minute webinar ControlCase, TAG Cyber & Evolve MGA cover the following:
- Introductions – ControlCase, Tag Cyber & Evolve MGA
- What has current cyber security research uncovered so far?
- What are Zero Trust Principles?
- How can Zero Trust Principles be implemented in remote working environments?
- Cyber insurance for modern day exposures
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
This document provides an overview of the MEDINA framework for continuous life cycle management of cloud security certifications. It describes the key components, including the Continuous Certification Evaluation component that aggregates assessment results, the Risk Assessment and Optimization Framework that evaluates risk, and the Automated Certificate Life Cycle Manager that determines certificate status and publishes certificates using a self-sovereign identity system. The framework aims to enable automated, continuous assessment and management of certifications to address the dynamic nature of cloud environments.
Whitepaper MEDINA CNL
The document provides an overview of the MEDINA Controlled Natural Language (CNL) which was designed to facilitate the automated assessment of compliance with cybersecurity certification schemes for cloud services. It discusses how CNLs can bridge the gap between natural language security requirements and machine-readable representations. The MEDINA CNL builds upon an existing CNL called CNL4DSA and allows expressing cloud security certification requirements from schemes like EUCS in a formal way using fragments consisting of resource types, metrics, operators, and target values. This enables automated compliance checks for certifications.
More Related Content
Similar to MEDINA Brochure 2022.pdf
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
The European Project MEDINA is analysing how to leverage OSCAL to achieve a continuous certification, one step beyond continuous compliance, as required by the European cloud services certification scheme. Presented in the US NIST OSCAL Workshop on February 2021
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
The document discusses the EU Cybersecurity Scheme for Cloud Services (EUCS) and its requirements for continuous monitoring and certification. It introduces the MEDINA project, funded by the EU, which aims to develop a framework for achieving continuous audit-based certification aligned with the EUCS through continuous monitoring. The project will leverage the Open Security Controls Assessment Language (OSCAL) for machine-readable representation of security controls and certificates. It seeks collaboration with NIST on further development and adoption of OSCAL to support its goals.
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
This document summarizes the results of an experiment conducted to test requirements for continuous monitoring and certification from the European Union's Cloud Services (EUCS) certification scheme. The experiment found that:
1) Existing tools can automate assessment of some EUCS requirements, but coverage is currently limited.
2) A machine-readable format like NIST's OSCAL shows promise for specifying and reporting on automated assessments.
3) While some level of automation is possible now, auditors will still need to review evidence to ensure trustworthy compliance. Standardization of audit processes could help leverage the full potential of automation in the future.
Paving the road towards continuous auditbased certification for cloud service...
This document summarizes a presentation about the MEDINA project, which aims to facilitate the adoption of the EU Cybersecurity Certification Scheme (EUCS) for cloud services. The MEDINA project is developing a security framework and tools to support continuous, automated certification based on evidence management. This will help address challenges with the current point-in-time certification approach and high costs of certification. The MEDINA framework collects evidence, assesses compliance, and manages certification, with the goal of easing the process of continuous certification as required by EUCS. While progress has been made, challenges remain around regulating automated certification and sustaining the project's tools after its completion.
Remote Video Inspection (RVI) software for fire and safety inspections
Remote video inspections (RVIs) are now widely used and have been adopted by the National Fire Protection Association (NFPA). RVIs ensure fire safety by maximizing the direct interaction between clients, fire protection engineers, technicians, and fire department personnel while maintaining COVID-19 guidelines. CloudVisit’s remote video inspection software satisfies the requirements for fire and safety inspections with proven functionality for scheduling, documenting, and client acceptance, mirroring onsite inspection processes.
First Impressions on Experimenting with Automated Monitoring Requirements of ...
This whitepaper reports on lessons learned related to the experimentation performed by the MEDINA team on the topic of continuous (automated) monitoring, just as required by the High Assurance baseline of the draft version of the European Cybersecurity Certification Scheme for Cloud Service (EUCS). Besides the reported process and obtained results, we also provide a set of recommendations to relevant stakeholders (in particular Cloud Service Providers and Auditors) with the goal of supporting the uptake of EUCS for High Assurance.
CloudVisit Remote Video Inspection and Collaboration Software
CloudVisit provides video communication, collaboration, virtual inspection, and maintenance software solutions for multiple industries, which provide cost savings, time savings, as well as improve health and safety during the COVID-19 pandemic and beyond. The inspection software created by CloudVisit enhances the process of several types of commercial or consumer inspections with paperless digital checklists, cloud-based visual data collection, inspection report generation, and robust appointment creation features.
CloudVisit video collaboration platform allows organizations to maximize operational efficiency, profitability, and workforce productivity by simplifying workflows and eliminating the need for onsite inspections and quality assurances.
CloudVisit currently serves many industries, including maritime, aviation, construction, telecommunications, transportation, and telemedicine, and is expanding. The company is backed by 16+ years of success in software programming, video conferencing, telemedicine, and telecommunications. CloudVisit has a proven record of excellence, efficiency, security, and quality customer service.
MEDINA ESG (Expert Stakeholder Group) presentation
This document summarizes an expert stakeholder group meeting for the MEDINA project. The meeting agenda included an introduction to MEDINA, demonstrations of two tools (SATRA and AMOE), and a discussion of next steps. MEDINA aims to facilitate adoption of the EU Cybersecurity Certification Scheme for continuous cloud certification. Progress after 18 months includes initial prototypes and testing of tools for self-assessment, evidence management, and certificate lifecycle management. Upcoming plans include full validation of MEDINA with industry partners and progressing standardization and exploitation activities.
MEDINA: Standardization to enable continuous cloud cybersecurity certification
This project called MEDINA received funding from the EU Horizon 2020 programme to develop standardization to enable continuous cloud cybersecurity certification. MEDINA aims to provide a security framework and tools to achieve continuous audit-based certification aligned with the EU Cybersecurity Certification Scheme for Cloud Services. The project runs from November 2020 to October 2023 with a budget of over 4 million euros. One of MEDINA's objectives is to engage standard development organizations to adopt requirements for continuous compliance assessments and automation in line with the EU certification scheme. Achievements so far include supporting the development of the EU certification scheme and contributing to related standards.
Pots pan case study swansea met
The document describes a pilot project at Swansea Metropolitan University to test the use of electronic signatures for authenticating online documents, finding that using open source OpenOffice software with the free CAcert certification authority provided a secure and cost-effective solution that met verification standards for signed documents. The pilot confirmed electronic signatures could authenticate remotely submitted administrative and assessment documents in an accessible way that satisfied quality assurance requirements.
Pots pan workpackage 3
The document outlines a plan to pilot the use of digital signatures for authenticating documents at Swansea Metropolitan University. It will focus on using digital signatures to authenticate online assessments as the university is considering online distance learning courses. The pilot will use Open Office software and a free certification authority to apply signatures to test documents. The signed documents will be shared electronically and evaluated to assess the security and trustworthiness of the electronic signatures. The pilot aims to identify the lowest cost digital signature options and evaluate their potential benefits for authenticating online assessments.
Project COLA - Project Flyer EN Web
Project COLA received funding from the European Union's Horizon 2020 research and innovation programme to develop a framework called MiCADO that provides dynamic and automated resource scalability for cloud applications. MiCADO services allow application developers to define quality of service parameters and optimize how applications are deployed and scaled across multiple clouds at runtime based on those parameters. The goal is to increase adoption of cloud computing by small and medium enterprises and the public sector through more efficient cloud resource utilization and security.
Cruatech Services Intro
Cruatech is a software development company that specializes in hardware integration, product development for physical security, energy management and IoT sectors, and project management. It develops integration modules and platforms like CruzControl. Cruatech has experience integrating over 80 security systems and developing solutions for challenges like retrofitting energy management hardware and developing access control using facial recognition. It ensures reliable delivery through a phased, tested approach and has received praise from partners for responsiveness.
Quality Assurance Framework for the OpenVM E+ project
This document summarizes the objectives and work of the Open Virtual Mobility Erasmus+ project. The project aims to (1) enhance uptake of open virtual mobility by improving skills of educators and students, (2) create a European OpenVM Learning Hub for skills achievement, assessment and recognition, and (3) develop innovative tools and methods for skills assessment and recognition. The project is working on designing quality assurance standards, processes, and instruments for the Learning Hub and its components using a design-based research approach. An evaluation of the quality assurance strategy was conducted with partners and external experts.
proposal on assessment of qualified signature creation devices compliant with...
A presentation about a proposal on assessment of qualified signature creation devices compliant with #eIDAS requirements and based on EU standards
PkBox as simple and secure cloud electronic signature creation and validation...
In Italy remote signature solutions are key for mass-diffusion of qualified electronic signature solutions and demonstrated to be barrier-free for the end users. The key role of this kind of solutions for adoption of electronic signatures is also recognized by the eIDAS Regulation.
The presentation will focus firstly on use cases where real solutions implemented by the presenter enabling signatures in mobile and cloud environment based on server signing architectures, are the key to ease of use and massive adoption. The solutions described are based on qualified electronic signatures complying with the requirements specified by Directive 1993/93/EC for Secure Signature Creation Devices.
The presentation then will focus on the importance of standards in relation to the various aspects of the signature solution usability and feasibility: signature formats, signature creation and validation, conformity assessment of the signature creation trust services and trustworthiness of the system supporting server signing.
The presentation then will conclude, on the basis of the concrete business perspective and experience of the presenter, with requirements and recommendations for the standardization work in this area aiming to guarantee on one hand the feasibility of easy to use signature solutions, on the other hand that the signature creation environment is reliable, trustable and used under the sole control of the signatory.
1rst ARCADIA bronchure
This document summarizes the ARCADIA project, which aims to design and validate a new paradigm for developing highly distributed applications that can dynamically reconfigure based on changes to programmable infrastructure. The project received over 3.5 million Euros in funding from the European Union's Horizon 2020 program and will last 36 months. It involves developing new approaches for application deployment and management over distributed systems while maintaining network reliability, security, and efficiency.
Cyber Tekes Safety and Security programme 2013
The document describes several cyber security solutions from Tekes Safety and Security Programme. The first solution discussed is a total IT asset data erasure solution that can completely erase digital data from all IT assets such that the data cannot be recovered with any existing technology. The solution has the most comprehensive certification in the industry. The second solution discussed is a flexible and secure authentication solution that aims to improve authentication for internet services. The third solution is a testing-as-a-service called Fuzz-o-Matic that can test applications for vulnerabilities and ensure their safety.
Whitepaper MEDINA Metric Recommender NLP
The document describes a metric recommender system developed as part of the MEDINA project. The system uses natural language processing techniques to automatically associate metrics with security requirements. It plays a key role in the MEDINA framework by translating requirements expressed in natural language to measurable metrics. Initial validation results demonstrate the system's ability to efficiently recommend relevant metrics for requirements based on textual similarity.
Performing One Audit Using Zero Trust Principles
In this 45 minute webinar ControlCase, TAG Cyber & Evolve MGA cover the following:
- Introductions – ControlCase, Tag Cyber & Evolve MGA
- What has current cyber security research uncovered so far?
- What are Zero Trust Principles?
- How can Zero Trust Principles be implemented in remote working environments?
- Cyber insurance for modern day exposures
Similar to MEDINA Brochure 2022.pdf (20)
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
Paving the road towards continuous auditbased certification for cloud service...
Paving the road towards continuous auditbased certification for cloud service...
Remote Video Inspection (RVI) software for fire and safety inspections
Remote Video Inspection (RVI) software for fire and safety inspections
First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...
CloudVisit Remote Video Inspection and Collaboration Software
CloudVisit Remote Video Inspection and Collaboration Software
MEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentation
MEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certification
Quality Assurance Framework for the OpenVM E+ project
Quality Assurance Framework for the OpenVM E+ project
proposal on assessment of qualified signature creation devices compliant with...
proposal on assessment of qualified signature creation devices compliant with...
PkBox as simple and secure cloud electronic signature creation and validation...
PkBox as simple and secure cloud electronic signature creation and validation...
More from MEDINA
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
This document provides an overview of the MEDINA framework for continuous life cycle management of cloud security certifications. It describes the key components, including the Continuous Certification Evaluation component that aggregates assessment results, the Risk Assessment and Optimization Framework that evaluates risk, and the Automated Certificate Life Cycle Manager that determines certificate status and publishes certificates using a self-sovereign identity system. The framework aims to enable automated, continuous assessment and management of certifications to address the dynamic nature of cloud environments.
Whitepaper MEDINA CNL
The document provides an overview of the MEDINA Controlled Natural Language (CNL) which was designed to facilitate the automated assessment of compliance with cybersecurity certification schemes for cloud services. It discusses how CNLs can bridge the gap between natural language security requirements and machine-readable representations. The MEDINA CNL builds upon an existing CNL called CNL4DSA and allows expressing cloud security certification requirements from schemes like EUCS in a formal way using fragments consisting of resource types, metrics, operators, and target values. This enables automated compliance checks for certifications.
Whitepaper EUROSCAL MEDINA
The document introduces EUROSCAL, an initiative to promote the use of NIST's Open Security Controls Assessment Language (OSCAL) for automating cloud security certification processes in Europe. OSCAL aims to standardize how security controls and frameworks are represented, making it easier to assess compliance and monitor controls continuously. The EU-funded MEDINA project is exploring how OSCAL could help address challenges in achieving continuous monitoring and certification as envisioned by the European Union's cloud security certification scheme. EUROSCAL seeks to influence stakeholders to adopt OSCAL standards to fully realize automation benefits for certification.
Assessing the Trustworthiness of AI Systems
Dr. Jesus Luna Garcia discusses assessing the trustworthiness of AI systems. He notes that while AIoT systems are growing, consumer trust in them has declined in recent years. There are challenges to defining and measuring AI trustworthiness as well as developing risk management frameworks for AI. Current work includes collaborating with standards bodies to help pave the road to establishing trustworthy AI and certification methods.
MEDINA - towards continuous (automated) certification of cloud services in Eu...
Jesus Luna Garcia talked about the certification of cloud services in Europe
Whitepaper MEDINA Architecture
The document provides an architecture proposal for the MEDINA framework, which aims to provide continuous certification of cloud services aligned with the EUCS. It describes the main components of the MEDINA framework, which include a catalogue of controls and metrics, natural language processing techniques, risk assessment, continuous evaluation, an orchestrator, evidence collection, certificate management, and a user interface. The document also provides an overview of the MEDINA architecture, roles, workflows, and integration approach.
More from MEDINA (6)
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
Whitepaper MEDINA Continuous Life Cycle Management of Cloud Security Certific...
MEDINA - towards continuous (automated) certification of cloud services in Eu...
MEDINA - towards continuous (automated) certification of cloud services in Eu...
Recently uploaded
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications.
Epistemic Interaction - tuning interfaces to provide information for AI support
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
20240605 QFM017 Machine Intelligence Reading List May 2024
Everything I found interesting about machines behaving intelligently during May 2024
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
Video Streaming: Then, Now, and in the Future
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
By Design, not by Accident - Agile Venture Bolzano 2024
As presented at the Agile Venture Bolzano, 4.06.2024
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentationsFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar
Pushing the limits of ePRTC: 100ns holdover for 100 days
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Recently uploaded (20)
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
MEDINA Brochure 2022.pdf
- 1. Security framework to achieve a continuous audit-based certification in compliance with the EU-wide cloud security certification scheme. Lifecycle management of certificates Continuous compliance Automated evidence management Certification metrics and specification languages
- 2. Main goal The objective of the Horizon 2020 MEDINA project is to provide access to secure, real-time certified cloud computing. In the future, the MEDINA platform that has been developed by the Euro- pean project partners strife for enabling continuous certification through a series of efficient tools. This is based on the European Cybersecuri- ty Certification Scheme for Cloud Services (EUCS), which have been ad- dressed in the project by means of uniform “assessment rules” – meas- ures, metrics, and measurement procedures. EU Continuous Cybersecurity Certification Orchestrator Dashboard/UI Certificate Auditor Cloud Service Provider Cyber Security framework Assessment of Cyber Security Risk & optimisation Trustworthiness and certificate lifecycle management Assessment of collected evidence (traditional & NLP enhanced) Automatic Evidence Collection Catalogue of Controls & Metrics
- 3. Increase in Efficiency with MEDINA By integrating and implementing MEDINA, compliance managers at cloud service providers can work with audit catalogs either via a MEDINA unified UI or a company compliance dashboard and delegate them for subsequent in-house processing. The measurement procedures have already been established, and the current status can be tracked easily. Accredited auditors use secure access points to access the evidence. The continuous assurance of comprehensive data and information se- curity enhances the trustworthiness and the transparency of cloud ser- vices, while delivering a major boost to efficiency. Benefits Documented guidance on how to perform the checks, what actions to take, and what supporting evidence is required greatly minimizes the overall time commitment. Comprehensive support regarding continuous compliance with metrics related to the EUCS reduces the labor, cost, and risk involved in achieving and maintaining certification. Automatic collection and evaluation of evidence significantly minimizes both workload and costs. A seamless audit trail of the evidence provides traceability and protection against manipulation, ensuring document integrity at all times.
- 4. This project has received funding from the European Union’s Horizon 2020 research and innovation programm under grant agreement No 952633 www.medina-project.eu CONSORTIUM: BOSCH European Certification of Multi-cloud backends for IoT Solutions USE CASES: FABASOFT Continuous Audit of SaaS Solutions – Public and Private Project Manager: Cristina Martínez CONTACT: cristina.martinez@tecnalia.com +34 946 430 850