Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project & beyond
•
0 likes•13 views
This document discusses the EU-funded MEDINA Project, which aims to address challenges around continuous monitoring and certification of security compliance for dynamic cloud environments. The project is developing an open-source framework with components like a repository of metrics and measures, tools for continuous evidence management and evaluation, and a risk-based auditor tool. Upon completion, the framework will help cloud service providers and auditors more easily ensure frequent infrastructure changes remain compliant with security policies. The goal is to leverage automation to enhance trust for hybrid cloud approaches.
Report
Share
Report
Share
Download to read offline
Recommended
MEDINA brochure 2023
The MEDINA project aims to help stakeholders achieve continuous compliance with the European Union's cloud security certification scheme (EUCS) through automation. It provides a set of tools and techniques that can be accessed through a unified user interface or API to fully manage the certification status of cloud services. Early adopters can implement generic workflows comprising scenarios and roles to streamline the EUCS certification process through guidance and evidence management automation.
MEDINA General Presentation
General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme
Medina general presentation
This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is meant to provide guidance to help cloud providers more easily implement security controls and collect evidence of compliance, reducing the costs and efforts of certification.
Medina general presentation
This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is intended to provide guidance to cloud service providers on implementing security controls and collecting evidence of compliance, making the certification process more efficient.
Automation-based Certification for Cloud Services in Euro
This document discusses automation-based certification for cloud services in Europe. It provides an overview of the MEDINA project, which aims to enable continuous audit-based certification for cloud services through automation. The MEDINA framework collects technical evidence, assesses compliance automatically, and manages certificates in order to streamline the certification process defined in the EUCS standard. After MEDINA concludes, the lessons learned may be applied to the new COBALT project focusing on certification of AI-enabled systems and quantum computing.
MEDINA Brochure 2022.pdf
The MEDINA project aims to provide continuous, real-time certification for secure cloud computing services in compliance with EU standards. It develops tools to automate evidence collection, assessment, and management to streamline the certification process. This allows cloud services to continuously monitor controls, metrics, and security risks to maintain certification more efficiently.
Medina general presentation
General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme
Paving the road towards continuous auditbased certification for cloud service...
This document summarizes a presentation about the MEDINA project, which aims to facilitate the adoption of the EU Cybersecurity Certification Scheme (EUCS) for cloud services. The MEDINA project is developing a security framework and tools to support continuous, automated certification based on evidence management. This will help address challenges with the current point-in-time certification approach and high costs of certification. The MEDINA framework collects evidence, assesses compliance, and manages certification, with the goal of easing the process of continuous certification as required by EUCS. While progress has been made, challenges remain around regulating automated certification and sustaining the project's tools after its completion.
Recommended
MEDINA brochure 2023
The MEDINA project aims to help stakeholders achieve continuous compliance with the European Union's cloud security certification scheme (EUCS) through automation. It provides a set of tools and techniques that can be accessed through a unified user interface or API to fully manage the certification status of cloud services. Early adopters can implement generic workflows comprising scenarios and roles to streamline the EUCS certification process through guidance and evidence management automation.
MEDINA General Presentation
General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme
Medina general presentation
This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is meant to provide guidance to help cloud providers more easily implement security controls and collect evidence of compliance, reducing the costs and efforts of certification.
Medina general presentation
This project called MEDINA aims to develop a security framework to help cloud service providers continuously achieve and maintain compliance with the EU Cloud Security Certification Scheme. The framework will include tools, techniques and processes to support continuous auditing and certification where security and accountability can be measured over time. This will help cloud customers gain more control and trust in the cloud services they use. The framework is intended to provide guidance to cloud service providers on implementing security controls and collecting evidence of compliance, making the certification process more efficient.
Automation-based Certification for Cloud Services in Euro
This document discusses automation-based certification for cloud services in Europe. It provides an overview of the MEDINA project, which aims to enable continuous audit-based certification for cloud services through automation. The MEDINA framework collects technical evidence, assesses compliance automatically, and manages certificates in order to streamline the certification process defined in the EUCS standard. After MEDINA concludes, the lessons learned may be applied to the new COBALT project focusing on certification of AI-enabled systems and quantum computing.
MEDINA Brochure 2022.pdf
The MEDINA project aims to provide continuous, real-time certification for secure cloud computing services in compliance with EU standards. It develops tools to automate evidence collection, assessment, and management to streamline the certification process. This allows cloud services to continuously monitor controls, metrics, and security risks to maintain certification more efficiently.
Medina general presentation
General description of the MEDINA project (GA 952633), funded by the European Commission under H2020 programme
Paving the road towards continuous auditbased certification for cloud service...
This document summarizes a presentation about the MEDINA project, which aims to facilitate the adoption of the EU Cybersecurity Certification Scheme (EUCS) for cloud services. The MEDINA project is developing a security framework and tools to support continuous, automated certification based on evidence management. This will help address challenges with the current point-in-time certification approach and high costs of certification. The MEDINA framework collects evidence, assesses compliance, and manages certification, with the goal of easing the process of continuous certification as required by EUCS. While progress has been made, challenges remain around regulating automated certification and sustaining the project's tools after its completion.
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
The European Project MEDINA is analysing how to leverage OSCAL to achieve a continuous certification, one step beyond continuous compliance, as required by the European cloud services certification scheme. Presented in the US NIST OSCAL Workshop on February 2021
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
The document discusses the EU Cybersecurity Scheme for Cloud Services (EUCS) and its requirements for continuous monitoring and certification. It introduces the MEDINA project, funded by the EU, which aims to develop a framework for achieving continuous audit-based certification aligned with the EUCS through continuous monitoring. The project will leverage the Open Security Controls Assessment Language (OSCAL) for machine-readable representation of security controls and certificates. It seeks collaboration with NIST on further development and adoption of OSCAL to support its goals.
MEDINA: Standardization to enable continuous cloud cybersecurity certification
This project called MEDINA received funding from the EU Horizon 2020 programme to develop standardization to enable continuous cloud cybersecurity certification. MEDINA aims to provide a security framework and tools to achieve continuous audit-based certification aligned with the EU Cybersecurity Certification Scheme for Cloud Services. The project runs from November 2020 to October 2023 with a budget of over 4 million euros. One of MEDINA's objectives is to engage standard development organizations to adopt requirements for continuous compliance assessments and automation in line with the EU certification scheme. Achievements so far include supporting the development of the EU certification scheme and contributing to related standards.
First Impressions on Experimenting with Automated Monitoring Requirements of ...
This whitepaper reports on lessons learned related to the experimentation performed by the MEDINA team on the topic of continuous (automated) monitoring, just as required by the High Assurance baseline of the draft version of the European Cybersecurity Certification Scheme for Cloud Service (EUCS). Besides the reported process and obtained results, we also provide a set of recommendations to relevant stakeholders (in particular Cloud Service Providers and Auditors) with the goal of supporting the uptake of EUCS for High Assurance.
Whitepaper MEDINA Metric Recommender NLP
The document describes a metric recommender system developed as part of the MEDINA project. The system uses natural language processing techniques to automatically associate metrics with security requirements. It plays a key role in the MEDINA framework by translating requirements expressed in natural language to measurable metrics. Initial validation results demonstrate the system's ability to efficiently recommend relevant metrics for requirements based on textual similarity.
MEDINA project brochure 2021
The document discusses a security framework called MEDINA that aims to provide a holistic framework supporting cloud service providers' (CSPs) continuous certification in compliance with the EU cloud security certification scheme. The framework will include a repository of security metrics and measures, tools for selecting controls based on risk levels, a certification language, evidence management tools, a certificate evaluator, and a risk-based auditor tool. This will help CSPs more easily achieve and maintain certification, reducing costs and efforts. Two example use cases are provided for Bosch regarding IoT solutions and Fabasoft regarding SaaS solutions for the public sector.
ECIL: EU Cybersecurity Package and EU Certification Framework
In September 2017 the EU Cybersecurity Package was proposed by the European Commission. The European cybersecurity industry leaders (ECIL) had delivered valuable advice and input to the EU’S CS strategy. In its latest recommendation to the EU Commission ECIL demands a more harmonized cyber policy across the Union. To secure Europe’s Digital Sovereignty and efficient Single Market oriented digital capabilities, Europe needs a holistic platform approach. Technology elements like 5G, Cloud, IoT together should be part of such a platform.
Whitepaper MEDINA CNL
The document provides an overview of the MEDINA Controlled Natural Language (CNL) which was designed to facilitate the automated assessment of compliance with cybersecurity certification schemes for cloud services. It discusses how CNLs can bridge the gap between natural language security requirements and machine-readable representations. The MEDINA CNL builds upon an existing CNL called CNL4DSA and allows expressing cloud security certification requirements from schemes like EUCS in a formal way using fragments consisting of resource types, metrics, operators, and target values. This enables automated compliance checks for certifications.
Enabling Privacy and Security for Data Outsourced to the Cloud
Presentation by Nicola Franchetto, Senior Associate of ICT Legal Consulting & member of the DPSP European Cluster, at Cloudscape Brazil 2017 & WCN 2017
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
This document summarizes a webinar on cybersecurity challenges for the fintech industry during the coronavirus pandemic. The webinar will feature a presentation by Professor Georges Ataya on how fintech companies can be reliable partners for the financial sector during this crisis. Topics will include case studies, methods for improving cybersecurity, and skills lacking in the industry. There will also be discussions of European regulations, certification for small and medium enterprises, and assessing cybersecurity competencies. The goal is to provide guidance on cybersecurity best practices for fintech companies.
proposal on assessment of qualified signature creation devices compliant with...
A presentation about a proposal on assessment of qualified signature creation devices compliant with #eIDAS requirements and based on EU standards
PkBox as simple and secure cloud electronic signature creation and validation...
In Italy remote signature solutions are key for mass-diffusion of qualified electronic signature solutions and demonstrated to be barrier-free for the end users. The key role of this kind of solutions for adoption of electronic signatures is also recognized by the eIDAS Regulation.
The presentation will focus firstly on use cases where real solutions implemented by the presenter enabling signatures in mobile and cloud environment based on server signing architectures, are the key to ease of use and massive adoption. The solutions described are based on qualified electronic signatures complying with the requirements specified by Directive 1993/93/EC for Secure Signature Creation Devices.
The presentation then will focus on the importance of standards in relation to the various aspects of the signature solution usability and feasibility: signature formats, signature creation and validation, conformity assessment of the signature creation trust services and trustworthiness of the system supporting server signing.
The presentation then will conclude, on the basis of the concrete business perspective and experience of the presenter, with requirements and recommendations for the standardization work in this area aiming to guarantee on one hand the feasibility of easy to use signature solutions, on the other hand that the signature creation environment is reliable, trustable and used under the sole control of the signatory.
ENISA-EuroCloud-Forum-2015.pptx
This document summarizes a presentation by ENISA on cloud security. It discusses ENISA's activities related to assessing risks in cloud computing, developing security tools and frameworks, and its work with certification schemes and governments to help secure cloud adoption in Europe. Next steps mentioned include an analysis of cloud security incidents and work on ICT security in e-health.
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
This document summarizes a presentation by ENISA (the European Union Agency for Network and Information Security) on cloud security. It discusses the benefits and risks of cloud computing, ENISA's activities to promote cloud security such as risk assessments and certification schemes, and next steps around incident reporting and analyzing cloud adoption in sectors like healthcare. The presentation provides an overview of ENISA's work to help both public and private entities securely leverage cloud computing.
MEDINA ESG (Expert Stakeholder Group) presentation
This document summarizes an expert stakeholder group meeting for the MEDINA project. The meeting agenda included an introduction to MEDINA, demonstrations of two tools (SATRA and AMOE), and a discussion of next steps. MEDINA aims to facilitate adoption of the EU Cybersecurity Certification Scheme for continuous cloud certification. Progress after 18 months includes initial prototypes and testing of tools for self-assessment, evidence management, and certificate lifecycle management. Upcoming plans include full validation of MEDINA with industry partners and progressing standardization and exploitation activities.
Whitepaper EUROSCAL MEDINA
The document introduces EUROSCAL, an initiative to promote the use of NIST's Open Security Controls Assessment Language (OSCAL) for automating cloud security certification processes in Europe. OSCAL aims to standardize how security controls and frameworks are represented, making it easier to assess compliance and monitor controls continuously. The EU-funded MEDINA project is exploring how OSCAL could help address challenges in achieving continuous monitoring and certification as envisioned by the European Union's cloud security certification scheme. EUROSCAL seeks to influence stakeholders to adopt OSCAL standards to fully realize automation benefits for certification.
Using cloud services: Compliance with the Security Requirements of the Spanis...
Cloud Security Alliance EMEA Congress
Using cloud services: Compliance with the Security Requirements of the Spanish Public Sector
Text of the presentation by Miguel A. Amutio
Using cloud services: Compliance with the Security Requirements of the Spanis...
Cloud Security Alliance EMEA Congress: Using cloud services: Compliance with the Security Requirements of the Spanish Public Sector
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
This document summarizes the results of an experiment conducted to test requirements for continuous monitoring and certification from the European Union's Cloud Services (EUCS) certification scheme. The experiment found that:
1) Existing tools can automate assessment of some EUCS requirements, but coverage is currently limited.
2) A machine-readable format like NIST's OSCAL shows promise for specifying and reporting on automated assessments.
3) While some level of automation is possible now, auditors will still need to review evidence to ensure trustworthy compliance. Standardization of audit processes could help leverage the full potential of automation in the future.
SerIoT Fog Substrate and SDN Security
This document summarizes research conducted by the University of Essex on securing Internet of Things (IoT) networks. It discusses research projects on (1) developing a service-based fog architecture incorporating concepts like Information-Centric Networking to provide flexible IoT services and network resilience, (2) using blockchain and machine learning techniques to improve security of software-defined networking (SDN) on the edge of IoT networks, and (3) building an experimental testbed to test and validate the proposed IoT security solutions.
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
More Related Content
Similar to Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project & beyond
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
The European Project MEDINA is analysing how to leverage OSCAL to achieve a continuous certification, one step beyond continuous compliance, as required by the European cloud services certification scheme. Presented in the US NIST OSCAL Workshop on February 2021
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
The document discusses the EU Cybersecurity Scheme for Cloud Services (EUCS) and its requirements for continuous monitoring and certification. It introduces the MEDINA project, funded by the EU, which aims to develop a framework for achieving continuous audit-based certification aligned with the EUCS through continuous monitoring. The project will leverage the Open Security Controls Assessment Language (OSCAL) for machine-readable representation of security controls and certificates. It seeks collaboration with NIST on further development and adoption of OSCAL to support its goals.
MEDINA: Standardization to enable continuous cloud cybersecurity certification
This project called MEDINA received funding from the EU Horizon 2020 programme to develop standardization to enable continuous cloud cybersecurity certification. MEDINA aims to provide a security framework and tools to achieve continuous audit-based certification aligned with the EU Cybersecurity Certification Scheme for Cloud Services. The project runs from November 2020 to October 2023 with a budget of over 4 million euros. One of MEDINA's objectives is to engage standard development organizations to adopt requirements for continuous compliance assessments and automation in line with the EU certification scheme. Achievements so far include supporting the development of the EU certification scheme and contributing to related standards.
First Impressions on Experimenting with Automated Monitoring Requirements of ...
This whitepaper reports on lessons learned related to the experimentation performed by the MEDINA team on the topic of continuous (automated) monitoring, just as required by the High Assurance baseline of the draft version of the European Cybersecurity Certification Scheme for Cloud Service (EUCS). Besides the reported process and obtained results, we also provide a set of recommendations to relevant stakeholders (in particular Cloud Service Providers and Auditors) with the goal of supporting the uptake of EUCS for High Assurance.
Whitepaper MEDINA Metric Recommender NLP
The document describes a metric recommender system developed as part of the MEDINA project. The system uses natural language processing techniques to automatically associate metrics with security requirements. It plays a key role in the MEDINA framework by translating requirements expressed in natural language to measurable metrics. Initial validation results demonstrate the system's ability to efficiently recommend relevant metrics for requirements based on textual similarity.
MEDINA project brochure 2021
The document discusses a security framework called MEDINA that aims to provide a holistic framework supporting cloud service providers' (CSPs) continuous certification in compliance with the EU cloud security certification scheme. The framework will include a repository of security metrics and measures, tools for selecting controls based on risk levels, a certification language, evidence management tools, a certificate evaluator, and a risk-based auditor tool. This will help CSPs more easily achieve and maintain certification, reducing costs and efforts. Two example use cases are provided for Bosch regarding IoT solutions and Fabasoft regarding SaaS solutions for the public sector.
ECIL: EU Cybersecurity Package and EU Certification Framework
In September 2017 the EU Cybersecurity Package was proposed by the European Commission. The European cybersecurity industry leaders (ECIL) had delivered valuable advice and input to the EU’S CS strategy. In its latest recommendation to the EU Commission ECIL demands a more harmonized cyber policy across the Union. To secure Europe’s Digital Sovereignty and efficient Single Market oriented digital capabilities, Europe needs a holistic platform approach. Technology elements like 5G, Cloud, IoT together should be part of such a platform.
Whitepaper MEDINA CNL
The document provides an overview of the MEDINA Controlled Natural Language (CNL) which was designed to facilitate the automated assessment of compliance with cybersecurity certification schemes for cloud services. It discusses how CNLs can bridge the gap between natural language security requirements and machine-readable representations. The MEDINA CNL builds upon an existing CNL called CNL4DSA and allows expressing cloud security certification requirements from schemes like EUCS in a formal way using fragments consisting of resource types, metrics, operators, and target values. This enables automated compliance checks for certifications.
Enabling Privacy and Security for Data Outsourced to the Cloud
Presentation by Nicola Franchetto, Senior Associate of ICT Legal Consulting & member of the DPSP European Cluster, at Cloudscape Brazil 2017 & WCN 2017
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
This document summarizes a webinar on cybersecurity challenges for the fintech industry during the coronavirus pandemic. The webinar will feature a presentation by Professor Georges Ataya on how fintech companies can be reliable partners for the financial sector during this crisis. Topics will include case studies, methods for improving cybersecurity, and skills lacking in the industry. There will also be discussions of European regulations, certification for small and medium enterprises, and assessing cybersecurity competencies. The goal is to provide guidance on cybersecurity best practices for fintech companies.
proposal on assessment of qualified signature creation devices compliant with...
A presentation about a proposal on assessment of qualified signature creation devices compliant with #eIDAS requirements and based on EU standards
PkBox as simple and secure cloud electronic signature creation and validation...
In Italy remote signature solutions are key for mass-diffusion of qualified electronic signature solutions and demonstrated to be barrier-free for the end users. The key role of this kind of solutions for adoption of electronic signatures is also recognized by the eIDAS Regulation.
The presentation will focus firstly on use cases where real solutions implemented by the presenter enabling signatures in mobile and cloud environment based on server signing architectures, are the key to ease of use and massive adoption. The solutions described are based on qualified electronic signatures complying with the requirements specified by Directive 1993/93/EC for Secure Signature Creation Devices.
The presentation then will focus on the importance of standards in relation to the various aspects of the signature solution usability and feasibility: signature formats, signature creation and validation, conformity assessment of the signature creation trust services and trustworthiness of the system supporting server signing.
The presentation then will conclude, on the basis of the concrete business perspective and experience of the presenter, with requirements and recommendations for the standardization work in this area aiming to guarantee on one hand the feasibility of easy to use signature solutions, on the other hand that the signature creation environment is reliable, trustable and used under the sole control of the signatory.
ENISA-EuroCloud-Forum-2015.pptx
This document summarizes a presentation by ENISA on cloud security. It discusses ENISA's activities related to assessing risks in cloud computing, developing security tools and frameworks, and its work with certification schemes and governments to help secure cloud adoption in Europe. Next steps mentioned include an analysis of cloud security incidents and work on ICT security in e-health.
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
This document summarizes a presentation by ENISA (the European Union Agency for Network and Information Security) on cloud security. It discusses the benefits and risks of cloud computing, ENISA's activities to promote cloud security such as risk assessments and certification schemes, and next steps around incident reporting and analyzing cloud adoption in sectors like healthcare. The presentation provides an overview of ENISA's work to help both public and private entities securely leverage cloud computing.
MEDINA ESG (Expert Stakeholder Group) presentation
This document summarizes an expert stakeholder group meeting for the MEDINA project. The meeting agenda included an introduction to MEDINA, demonstrations of two tools (SATRA and AMOE), and a discussion of next steps. MEDINA aims to facilitate adoption of the EU Cybersecurity Certification Scheme for continuous cloud certification. Progress after 18 months includes initial prototypes and testing of tools for self-assessment, evidence management, and certificate lifecycle management. Upcoming plans include full validation of MEDINA with industry partners and progressing standardization and exploitation activities.
Whitepaper EUROSCAL MEDINA
The document introduces EUROSCAL, an initiative to promote the use of NIST's Open Security Controls Assessment Language (OSCAL) for automating cloud security certification processes in Europe. OSCAL aims to standardize how security controls and frameworks are represented, making it easier to assess compliance and monitor controls continuously. The EU-funded MEDINA project is exploring how OSCAL could help address challenges in achieving continuous monitoring and certification as envisioned by the European Union's cloud security certification scheme. EUROSCAL seeks to influence stakeholders to adopt OSCAL standards to fully realize automation benefits for certification.
Using cloud services: Compliance with the Security Requirements of the Spanis...
Cloud Security Alliance EMEA Congress
Using cloud services: Compliance with the Security Requirements of the Spanish Public Sector
Text of the presentation by Miguel A. Amutio
Using cloud services: Compliance with the Security Requirements of the Spanis...
Cloud Security Alliance EMEA Congress: Using cloud services: Compliance with the Security Requirements of the Spanish Public Sector
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
This document summarizes the results of an experiment conducted to test requirements for continuous monitoring and certification from the European Union's Cloud Services (EUCS) certification scheme. The experiment found that:
1) Existing tools can automate assessment of some EUCS requirements, but coverage is currently limited.
2) A machine-readable format like NIST's OSCAL shows promise for specifying and reporting on automated assessments.
3) While some level of automation is possible now, auditors will still need to review evidence to ensure trustworthy compliance. Standardization of audit processes could help leverage the full potential of automation in the future.
SerIoT Fog Substrate and SDN Security
This document summarizes research conducted by the University of Essex on securing Internet of Things (IoT) networks. It discusses research projects on (1) developing a service-based fog architecture incorporating concepts like Information-Centric Networking to provide flexible IoT services and network resilience, (2) using blockchain and machine learning techniques to improve security of software-defined networking (SDN) on the edge of IoT networks, and (3) building an experimental testbed to test and validate the proposed IoT security solutions.
Similar to Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project & beyond (20)
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
Day2.2 Paving the Road Towards Continuous Certification: OSCAL and the EUCS
MEDINA: Standardization to enable continuous cloud cybersecurity certification
MEDINA: Standardization to enable continuous cloud cybersecurity certification
First Impressions on Experimenting with Automated Monitoring Requirements of ...
First Impressions on Experimenting with Automated Monitoring Requirements of ...
ECIL: EU Cybersecurity Package and EU Certification Framework
ECIL: EU Cybersecurity Package and EU Certification Framework
Enabling Privacy and Security for Data Outsourced to the Cloud
Enabling Privacy and Security for Data Outsourced to the Cloud
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
Fintech Belgium_Webinar 3: Cybersecurity / Covid-19: Home Working Challenge ...
proposal on assessment of qualified signature creation devices compliant with...
proposal on assessment of qualified signature creation devices compliant with...
PkBox as simple and secure cloud electronic signature creation and validation...
PkBox as simple and secure cloud electronic signature creation and validation...
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
Juan miguel-velasco-lopez-urda-enisa-euro cloud-forum-2015(1)
MEDINA ESG (Expert Stakeholder Group) presentation
MEDINA ESG (Expert Stakeholder Group) presentation
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
Using cloud services: Compliance with the Security Requirements of the Spanis...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
TAS-S Seminar “From Continuous Monitoring to Continuous Cloud Cybersecurity C...
Recently uploaded
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Communications Mining Series - Zero to Hero - Session 1
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Securing your Kubernetes cluster_ a step-by-step guide to success !
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
A tale of scale & speed: How the US Navy is enabling software delivery from l...
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
DevOps and Testing slides at DASA Connect
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Artificial Intelligence for XMLDevelopment
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentationsRecently uploaded (20)
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AI
Towards Continuous Security Compliance in the Cloud Continuum -MEDINA Project & beyond
- 1. This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 952633 Towards Continuous Security Compliance in the Cloud Continuum - MEDINA Project & beyond Juncal Alonso TECNALIA, Spain / EU MEDINA Project
- 2. Why the EU-funded MEDINA Project? Let’s understand the real-world implications from an EUCS perspective… …and one day we will fully realize automation in EUCS processes! 06.10.2023 NexusForum2023 ‘basic’ level ‘substantial’ level ‘high’ level 🤞 👍 👮 Continuous monitoring of compliance * Preliminary analysis documented in our whitepaper. The implementation of “continuous monitoring” brings some *challenges to Cloud Service Providers, but also to Conformance Assessment Bodies auditing those requirements
- 3. MEDINA Framework – OS components Auditors CSPs CAB, NCCA 06.10.2023 NexusForum2023 Repository of Metrics and Measures Risk Based Selection of controls to reach certification assurance levels Certification language Continuous Evidence Management tools Continuous Cloud Certificate Evaluator Risk based Auditor tool
- 4. Towards Continuous Certification as a Service in the Cloud: EMERALD IA action 06.10.2023 NexusForum2023
- 5. Addressed challenges Security compliance in Cloud is becoming a must Dynamic infrastructure needs a high sample rate Complex Cloud-Edge environments can auto-scale up rapidly Cloud Nature services abstract underlying infrastructure Resources in cloud environments often have dependencies on each other Hybrid approaches are the new “Business as usual” 06.10.2023 NexusForum2023 Ensuring that frequent application and infrastructure changes comply with security and compliance policies is challenging
- 6. Leveraging automation, ensuring compliance, enhancing trust. @MedinaprojectEU MEDINA Project - Continuous cloud security certification @MedinaprojectEU www.medina-project.eu // juncal.alonso@tecnalia.com Thank you! www.medina-project.eu