Medina general presentation

Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS

Maitena Ilardia

SerIot Hypothesis Testing Module

SerIoT: Penetration testing

This document discusses penetration testing of the SerIoT system funded by Horizon 2020. It describes an approach to penetration testing that includes 1) unified modeling of security requirements and vulnerabilities, 2) implementing specific test cases that simulate attacks, and 3) generating code-based security tests. The overview explains that the testing involves defining a secure model and vulnerability model, analyzing vulnerabilities, implementing test cases as scripts, executing the test cases on SerIoT components, and reporting results. An example shows how an SQL injection vulnerability test case verifies a security requirement.

Multi Agent Anomaly detection Module

CTO-CyberSecurityForum-2010-Anthony dyhouse

segughana

The Knowledge Transfer Networks (KTNs) were set up in the UK to facilitate knowledge sharing and collaboration between business, government, and academia. The Digital Systems KTN focuses on key digital technologies and brings together experts to address challenges like cybersecurity, cloud computing, and smart transportation. Collaboration is important for tackling issues in a digital society by sharing expertise, innovations, and understanding of problems. The KTN promotes collaboration through events, funding, special interest groups, and knowledge sharing to help overcome challenges like data security and privacy. There is potential to expand this model internationally to form a coordinated global response to cybersecurity threats.

CTO-CybersecurityForum-2010-Des Ward

segughana

The document discusses challenges with third party access to business information and proposes a new framework called the Common Assurance Maturity Model (CAMM) to address these challenges. CAMM aims to provide a standardized way to objectively measure a third party's information risk management maturity using predefined controls. It would leverage existing standards and audit spending, allow third parties to showcase their maturity levels for transparency, and help businesses incorporate risk management into procurement decisions. The framework is intended to be modular to suit different business needs and remove duplicate auditing of third parties.

The document discusses increasing the security posture of Janet-connected organizations. It proposes updating the Janet Security Policy to block high-risk inbound traffic by default, require annual security reviews, and allow proactive vulnerability scanning. A maturity model is suggested to help with reviews. It also proposes a Jisc Cyber Threat Intelligence Sharing Group using the open-source MISP platform to enable threat information sharing between participating organizations.

ARIES Project Presentation

Nicolás Notario

This document discusses the ARIES project, which aims to create a reliable European identity ecosystem. The project received funding from the European Union's Horizon 2020 program to address identity management, strengthen the link between physical and virtual identities, and address all aspects of identity-related crimes. The consortium includes large companies, SMEs, research institutions, law enforcement agencies, and online service providers. The project will develop use cases around identity virtualization and secure e-commerce and validate results through a vision for a secure identity ecosystem.

SerIoT Traffic Generator and Detector of malicious traffic patterns

HITSerIoTProject

This document discusses the creation of an annotated dataset for malicious network traffic patterns using the Secure and Safe Internet of Things (SerIoT) project. It describes how a bot network with multiple virtual machines was used to generate both benign and malicious (SYN TCP attack) network traffic. The raw packet captures were analyzed and segmented into 5-second windows annotated with the number of half-open TCP connections to create a labeled dataset for training artificial intelligence models to detect malicious traffic patterns. Random neural networks were found to more accurately detect denial of service attacks compared to other models like LSTM when trained on this dataset. The attack detector is being deployed in use cases of the SerIoT system to help inform its routing engine of malicious activity.

2016 02-14-nis directive-overview isc2 chapter

Open & Agile Smart Cities

The document discusses the key aspects of the upcoming EU Directive concerning measures for a high common level of security of network and information systems across the Union. It outlines that the directive will require all EU member states to have a national cybersecurity strategy and designate authorities to cooperate on strategic and operational cybersecurity issues. It also establishes security and incident notification requirements for operators of essential services, such as energy and transport, and digital service providers.

2019 04-08 hopu-aj

This document discusses standardization activities related to the ACTIVAGE project. It describes contributions to standards for body area networks, sensor integration, and data modeling. It discusses the development of an extension to the SAREF standard for eHealth and aging well domains. It also covers the IEEE P2510 standard for establishing quality of data sensor parameters, and the opportunities for digital innovation hubs around this standard. The document concludes that data quality is crucial for industries like health, and that certification processes for vendors will be important to integrate as work continues.

InteGrid SRA & Replication Roadmap (02/06/2020)

Sergio Potenciano Menci

13th International Conference on Network Security & Applications (CNSA 2020)

Presentation on EU Directives Impacting Cyber Security for Information Securi...

Brian Honan

This document discusses current and upcoming cybersecurity policies and directives in Europe. It summarizes that the EU considers cybercrime a major threat and has made it a priority between 2014-2017. Key policies and directives discussed include the EU's Critical Infrastructure Protection policy from 2009, directives on combating child abuse and attacks against information systems, and the upcoming Cyber Security and Data Protection directives. The document outlines the objectives and focus areas of these policies to enhance cybersecurity capabilities and cooperation across Europe.

13th International Conference on Network Security & Applications (CNSA 2020)

pijans

Call for papers - 13th International Conference on Network Security & Appli...

13th International Conference on Network Security & Applications (CNSA 2020) focuses on all technical and practical aspects of security and its applications for wired and wireless networks. The goal of this conference is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and counter measures and establishing new collaborations in these areas. Authors are solicited to contribute to the conference by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the areas of Security & its applications.

20190523 archiver fim

This document provides an overview of federated identity management for the ARCHIVER project. It discusses key concepts like identity providers, service providers and protocols. It recommends that ARCHIVER select a service provider proxy, research institutes ensure they have SAML identity providers, and services support SAML or OIDC. Next steps include deciding on a service provider proxy, ensuring identity providers and services support federated protocols, and complying with policies to encourage attribute sharing. Testing tools and further help are also referenced.

2016 02-14 - tlp-white ce2016 presentation

This document describes a cybersecurity simulation exercise taking place between April and October 2016. It will involve the staged release of scenarios related to technical cybersecurity incidents, business continuity, and crisis management. Participants will include IT security and business continuity teams who will handle incidents virtually and develop relationships with national and EU authorities. The goals are to test incident response and build expertise in addressing large-scale cybersecurity events. Details are provided on the types of incidents that will be covered as well as registration information.

Call for Papers - 8th International Conference of Security, Privacy and Trust...

8th International Conference of Security, Privacy and Trust Management (SPTM 2020) looks for significant contributions to Trust management for networks. Original papers are invited on Security, Privacy and Trust Management of wireless and wired networks. The goal of this Conference is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.

Cyberwatching - Niccolo Zazzeri

The document discusses latest trends in EU research and innovation in cybersecurity and privacy. It highlights the increased reliance on digital infrastructure and cyber attacks, creating a need for improved cyber resilience at both the national and EU level. The EU has implemented new laws and directives like the Network Information Security Directive and General Data Protection Regulation to address this need by increasing cooperation, improving national cybersecurity capabilities, and harmonizing risk management practices across Europe. The document also describes several European cybersecurity and privacy services developed through EU-funded research projects that are ready for testing and adoption.

Geant cloud peering-v2

This document provides an introduction to GÉANT and its Cloud Peering service. GÉANT operates a pan-European research and education network that interconnects National Research and Education Networks (NRENs) across Europe. It also manages a portfolio of services to support collaboration. The Cloud Peering service allows cloud providers to connect directly to GÉANT's network or through local NRENs to reach research communities. Options for connection include going through an NREN, direct peering at a GÉANT point of presence, or at an internet exchange. Costs vary depending on the connection method and capacity.

A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...

The Research Council of Norway, IKTPLUSS

CSA Cloud Trust Protocol and A4Cloud: Enforcing cloud accountability through ...

The document discusses the Cloud Security Alliance (CSA) Cloud Trust Protocol (CTP) and the A4Cloud project. The CTP is designed to allow cloud service clients to request and receive security-related information from cloud providers to promote transparency and trust. The A4Cloud project focuses on accountability in the cloud and developing mechanisms and tools to help cloud providers demonstrate compliance and allow for effective governance. The CSA and A4Cloud are working to standardize security attributes, integrate the CTP into frameworks like the Open Certification Framework, and establish a CTP working group to further define and implement the protocol.

MEDINA General Presentation

Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project...

This document discusses the EU-funded MEDINA Project, which aims to address challenges around continuous monitoring and certification of security compliance for dynamic cloud environments. The project is developing an open-source framework with components like a repository of metrics and measures, tools for continuous evidence management and evaluation, and a risk-based auditor tool. Upon completion, the framework will help cloud service providers and auditors more easily ensure frequent infrastructure changes remain compliant with security policies. The goal is to leverage automation to enhance trust for hybrid cloud approaches.

MEDINA Brochure 2022.pdf

What's hot

SerIoT: Formal Verification

Cognitive Packet Network with Software Defined Networks using the Random Neur...

Tech 2 Tech: increasing security posture and threat intelligence sharing

Jisc

ARIES Project Presentation

Nicolás Notario

SerIoT Traffic Generator and Detector of malicious traffic patterns

HITSerIoTProject

2016 02-14-nis directive-overview isc2 chapter

Open & Agile Smart Cities

2019 04-08 hopu-aj

InteGrid SRA & Replication Roadmap (02/06/2020)

Sergio Potenciano Menci

13th International Conference on Network Security & Applications (CNSA 2020)

Presentation on EU Directives Impacting Cyber Security for Information Securi...

Brian Honan

13th International Conference on Network Security & Applications (CNSA 2020)

pijans

Call for papers - 13th International Conference on Network Security & Appli...

20190523 archiver fim

2016 02-14 - tlp-white ce2016 presentation

Call for Papers - 8th International Conference of Security, Privacy and Trust...

Cyberwatching - Niccolo Zazzeri

Geant cloud peering-v2

A Proposal to Apply a Risk Assessment Methodology for IoT Systems to a Smart ...