Periodic Reporting for period 1 - SENTINEL (Bridging the security, privacy and data protection gap for smaller enterprises in Europe)
Berichtszeitraum: 2021-06-01 bis 2022-11-30
European SMEs/MEs face multiple challenges related to personal data protection; ranging from awareness to a clear and practical roadmap to compliance. Unlike large enterprises, SMEs/MEs lack access to enterprise-grade cybersecurity technology and capacity-building for compliance, making them victims of costly data breaches. SENTINEL aspires to bridge the cybersecurity and personal data protection gap for European SMEs/MEs by raising awareness and boosting SMEs/MEs capabilities in this domain. The project has specified the following six (6) objectives.
Develop and support an end-to-end digital Privacy and Personal Data Protection (PDP) compliance framework and Identity Management System (IdMS).
Provide scientific and technological advances in SMEs’ and MEs’ data protection compliance assessment, orchestrated and leaned towards the comprehensive digital Privacy and PDP compliance framework for SMEs/MEs.
Provide novel tools and services for enabling highly automated PDP compliance in SMEs/MEs.
Facilitate an efficient exploration of cost-efficient, intelligent, and automated PDP compliance and Identity Management full potential in SMEs/MEs environments and realize societal and economic opportunities by validating SENTINEL framework in real-world settings via use cases driven by complementary industries.
Consolidate international and European links, raise awareness, collaborate with standardization bodies and ensure the technology transfer of the project’s results via EU digital innovation hubs.
Boost the effectiveness of the EU data economy by offering high TRL solutions (TRL 6-7).
Develop and support an end-to-end digital Privacy and Personal Data Protection (PDP) compliance framework and Identity Management System (IdMS).
Provide scientific and technological advances in SMEs’ and MEs’ data protection compliance assessment, orchestrated and leaned towards the comprehensive digital Privacy and PDP compliance framework for SMEs/MEs.
Provide novel tools and services for enabling highly automated PDP compliance in SMEs/MEs.
Facilitate an efficient exploration of cost-efficient, intelligent, and automated PDP compliance and Identity Management full potential in SMEs/MEs environments and realize societal and economic opportunities by validating SENTINEL framework in real-world settings via use cases driven by complementary industries.
Consolidate international and European links, raise awareness, collaborate with standardization bodies and ensure the technology transfer of the project’s results via EU digital innovation hubs.
Boost the effectiveness of the EU data economy by offering high TRL solutions (TRL 6-7).
The main results achieved during the reference period are presented below for each work package.
In WP1 an innovative Requirements Engineering methodology known as Security Capability-Oriented Requirements Engineering was developed and deployed based on an extensive review of organisational, legal and technical issues. This was used to form the reference model of the integrated SENTINEL solution which, in turn, eventually resulted in the MVP. In parallel, a detailed experimentation protocol was defined considering both technical and business requirements, enabling the evaluation of the performance of the SENTINEL platform. Within WP2 the delivery of the Self-Assessment module for GDPR compliance as well as developing the integrated Identity Management System have been initiated. Furthermore, state-of-the-art security- and privacy-enhancing modules have been developed to meet specific needs of end-users. Finally, continuous monitoring of various sources to meet the core objectives of GDPR and other legal data protection regulations has been performed. Within WP3 various open data security platforms to be accessed and used by the Observatory have been investigated and expanded with the addition of CONCORDIA MISP. In addition, the Recommendation Engine has been formulated to provide a list of Organisational and Technical Measures, plugins and trainings. Finally, the Policy Drafting module has been designed and developed as part of the Policy Drafting Use case. In WP4 the design and implementation of SENTINEL’s SMEs/MEs self-assessment services have been implemented. In addition, a stable shared data model for the SME profile, record of processing activities (ROPA) related functionality and user flows have been designed and implemented. In parallel, formulation of simulations and training for SMEs/MEs, and integration of ACS’s CyberRange platform in the SENTINEL environment have been started. In WP5, User Journeys have been developed to specify the interaction of the system with the SMEs/MEs representative, to design the required User Interfaces (UIs) as well as to communicate with the other SENTINEL modules. After successful realise the SENTINEL Minimum Viable Product (MVP), the interim version of the SENTINEL integrated solution has been released incorporating with all seven (7) use cases identified in the SENTINEL technical architecture. In WP6 the experimental protocol has been revised aligned with the project’s activities and end-user expectations. Four real-life demonstrators tested the MVP functionalities under 4 use cases. In WP7, the project’s results have been transferred to wider scientific and technical networks via publishing papers, generating numerous promotional material, organising events, participating in third-party events, networking with EU projects and Digital Innovation Hubs. Finally, the project’s Key Exploitable Results and individual exploitation plans have been collected. WP8 set a day-to-day project management structure to enable effective internal and external communication and decision making while WP9 analyzed the ethical implications of the SENTINEL project, to comply with legal and ethical requirements set of the project.
In WP1 an innovative Requirements Engineering methodology known as Security Capability-Oriented Requirements Engineering was developed and deployed based on an extensive review of organisational, legal and technical issues. This was used to form the reference model of the integrated SENTINEL solution which, in turn, eventually resulted in the MVP. In parallel, a detailed experimentation protocol was defined considering both technical and business requirements, enabling the evaluation of the performance of the SENTINEL platform. Within WP2 the delivery of the Self-Assessment module for GDPR compliance as well as developing the integrated Identity Management System have been initiated. Furthermore, state-of-the-art security- and privacy-enhancing modules have been developed to meet specific needs of end-users. Finally, continuous monitoring of various sources to meet the core objectives of GDPR and other legal data protection regulations has been performed. Within WP3 various open data security platforms to be accessed and used by the Observatory have been investigated and expanded with the addition of CONCORDIA MISP. In addition, the Recommendation Engine has been formulated to provide a list of Organisational and Technical Measures, plugins and trainings. Finally, the Policy Drafting module has been designed and developed as part of the Policy Drafting Use case. In WP4 the design and implementation of SENTINEL’s SMEs/MEs self-assessment services have been implemented. In addition, a stable shared data model for the SME profile, record of processing activities (ROPA) related functionality and user flows have been designed and implemented. In parallel, formulation of simulations and training for SMEs/MEs, and integration of ACS’s CyberRange platform in the SENTINEL environment have been started. In WP5, User Journeys have been developed to specify the interaction of the system with the SMEs/MEs representative, to design the required User Interfaces (UIs) as well as to communicate with the other SENTINEL modules. After successful realise the SENTINEL Minimum Viable Product (MVP), the interim version of the SENTINEL integrated solution has been released incorporating with all seven (7) use cases identified in the SENTINEL technical architecture. In WP6 the experimental protocol has been revised aligned with the project’s activities and end-user expectations. Four real-life demonstrators tested the MVP functionalities under 4 use cases. In WP7, the project’s results have been transferred to wider scientific and technical networks via publishing papers, generating numerous promotional material, organising events, participating in third-party events, networking with EU projects and Digital Innovation Hubs. Finally, the project’s Key Exploitable Results and individual exploitation plans have been collected. WP8 set a day-to-day project management structure to enable effective internal and external communication and decision making while WP9 analyzed the ethical implications of the SENTINEL project, to comply with legal and ethical requirements set of the project.
The foremost state of the art scientific and technological advances of SENTINEL with considerable potential impact on the relevant societal and business/private sectors include. The project has proposed a capability-oriented approach that builds upon and advances current research in the context of CS and PDP (risk-orientation, goal-orientation, service-orientation) in order to ensure that the delivered technical solution is aligned with the needs and capabilities of SMEs. It thus provides a methodological and conceptually robust way of supporting SME self-assessment and raising awareness of internal or external services for boosting their CS and PDP capabilities. Furthermore, SENTINEL develops a wide range of data protection technologies for SMEs/MEs. These include a self-assessment tool (GDPR CSA) allowing users to assess their compliance level regarding GDPR and cybersecurity risk of the infrastructure of SMEs/MEs. In addition, the Identity Management system developed within the project settles compliance and security issues and reduces the complexity of existing personal Data Management systems by allowing the SMEs/MEs to seamlessly interface with the platform for managing and processing personal information and data. Furthermore, SENTINEL capitalises on existing assessment frameworks brought by the consortium partners to deliver a complete compliance emphasising simplicity and automation and minimising the need for costly training and external consulting and assessment by third parties. In addition, the envisioned cyber range training services focus on the easier and usable training service provision for SMEs/MEs, providing economically viable solution for data privacy and compliance. Finally, it provides a set of open-source components and training materials that help SMEs/MEs to properly address security and privacy while providing capabilities to continuously monitor current and upcoming regulations in the field of security and privacy. The sustainability of the SENTINEL platform will be tested and validated in 3 different pilots addressing the end-users’ business and technical challenges allowing them to thoroughly evaluate the impact of the SENTINEL innovations. In this respect, both verification and validation variables will be used to ensure the performance of the SENTINEL platform from technical and business perspectives. Finally, towards boosting the effectiveness of the EU data economy the consortium has undertaken a plethora of dissemination and exploitation activities to raise awareness, collaborate with international and EU links and promote the technology transfer of the project’s results.