Periodic Reporting for period 2 - SENTINEL (Bridging the security, privacy and data protection gap for smaller enterprises in Europe)
Période du rapport: 2022-12-01 au 2024-05-31
European SMEs/MEs face multiple challenges related to personal data protection; ranging from awareness to a clear and practical roadmap to compliance. Unlike large enterprises, SMEs/MEs lack access to enterprise-grade cybersecurity technology and capacity-building for compliance, making them victims of costly data breaches. SENTINEL aspires to bridge the cybersecurity and personal data protection gap for European SMEs/MEs by raising awareness and boosting SMEs/MEs capabilities in this domain. The project has specified the following six (6) objectives which were successfully achieved by the end of the project.
Develop and support an end-to-end digital Privacy and Personal Data Protection (PDP) compliance framework and Identity Management System (IdMS).
Provide scientific and technological advances in SMEs’ and MEs’ data protection compliance assessment, orchestrated and leaned towards the comprehensive digital Privacy and PDP compliance framework for SMEs/MEs.
Provide novel tools and services for enabling highly automated PDP compliance in SMEs/MEs.
Facilitate an efficient exploration of cost-efficient, intelligent, and automated PDP compliance and Identity Management full potential in SMEs/MEs environments and realize societal and economic opportunities by validating SENTINEL framework in real-world settings via use cases driven by complementary industries.
Consolidate international and European links, raise awareness, collaborate with standardization bodies and ensure the technology transfer of the project’s results via EU digital innovation hubs.
Boost the effectiveness of the EU data economy by offering high TRL solutions (TRL 6-7).
Develop and support an end-to-end digital Privacy and Personal Data Protection (PDP) compliance framework and Identity Management System (IdMS).
Provide scientific and technological advances in SMEs’ and MEs’ data protection compliance assessment, orchestrated and leaned towards the comprehensive digital Privacy and PDP compliance framework for SMEs/MEs.
Provide novel tools and services for enabling highly automated PDP compliance in SMEs/MEs.
Facilitate an efficient exploration of cost-efficient, intelligent, and automated PDP compliance and Identity Management full potential in SMEs/MEs environments and realize societal and economic opportunities by validating SENTINEL framework in real-world settings via use cases driven by complementary industries.
Consolidate international and European links, raise awareness, collaborate with standardization bodies and ensure the technology transfer of the project’s results via EU digital innovation hubs.
Boost the effectiveness of the EU data economy by offering high TRL solutions (TRL 6-7).
In WP1, an innovative Requirements Engineering methodology known as Security Capability-Oriented Requirements Engineering was designed and deployed to form the reference model of the integrated SENTINEL solution. In parallel, an experimentation protocol was defined enabling the evaluation of the SENTINEL platform. Within WP2 the final versions of the GDPR Compliance Self-Assessment module (GDPR CSA) and the Identity Management System (IdMS) were delivered. Furthermore, state-of-the-art security- and privacy-enhancing modules have been delivered to meet specific needs of end-users. Finally, continuous monitoring of various sources to meet the GDPR objectives and other data protection regulations has been finalised. In WP3 open data security platforms have been accessed and used by Observatory which was expanded with the addition of CONCORDIA MISP. In addition, the Recommendation Engine has been finalised to provide recommendations to the users in the form of Organisational and Technical Measures (OTMs), trainings and tools. Finally, the Policy Drafting module has been designed comprising 175 OTMs including 37 new GDPR measures. In WP4, the SENTINEL’s SMEs/MEs self-assessment services were implemented. A stable shared data model for the SME profile, record of processing activities (ROPA) functionality and user flows have been established. Finally, integration of the CyberRange platform and new gaming interface in the SENTINEL platform have been finalized. In WP5, User Journeys were developed to specify the interaction of the system with the SMEs/MEs users and design the User Interfaces (UIs). After successful release of the SENTINEL Minimum Viable Product (MVP) and Full-Featured Version (FFV), WP5 continued supporting the evolution of the platform to accommodate new features, bug fixes and adjustments based on the feedback received from the SENTINEL end-users. To that end, the SENTINEL final version was released with improved user experience and more approachable to the stakeholders. The SENTINEL platform was tested and validated at distinct periods of technical achievements. In this regard, the SENTINEL MVP, Full-Featured and Final Versions were tested and validated through sectorial and generic experiments as part of WP6 activities. To that end, multiple SME-centric workshop activities were organised to address the end-users’ business and technical challenges allowing them to thoroughly evaluate the impact of the SENTINEL innovations. In WP7, the project’s results have been transferred to wider scientific and technical networks via publishing papers, generating numerous promotional materials, organising events, participating in third-party events, networking with EU projects and Digital Innovation Hubs. Furthermore, the project’s Key Exploitable Results together with joint and individual exploitation strategies have been formulated. SENTINEL applied for the Horizon Booster initiative to strengthen its dissemination and exploitation strategy and maximise the project's impact. Finally, WP8 enabled smooth project execution, effective internal and external communications while WP9 analyzed the ethical implications of the SENTINEL project, to comply with legal and ethical requirements.
The foremost state of the art scientific and technological advances of SENTINEL with considerable potential impact on the relevant societal and business/private sectors are presented below:
The project has proposed a capability-oriented approach that builds upon and advances current research in the context of Cybersecurity (CS) and Personal Data Protection (PDP) (risk-orientation, goal-orientation, service-orientation) to ensure that the SENTINEL solution is aligned with the needs and capabilities of SMEs. It provides a methodological and conceptually robust way of supporting SME self-assessment, raising awareness and boosting their CS and PDP capabilities. Furthermore, SENTINEL develops a wide range of data protection technologies for SMEs/MEs. These include self-assessment tools allowing users to assess their compliance level regarding GDPR and cybersecurity risk of their infrastructures. In addition, the Identity Management system developed within the project settles compliance and security issues and reduces the complexity of existing personal Data Management systems by allowing the SMEs/MEs to seamlessly interface with the platform for managing and processing personal information and data. Furthermore, SENTINEL capitalises on existing assessment frameworks brought by the consortium partners to deliver a complete compliance emphasising simplicity and automation and minimising the need for costly training and external consulting by third parties. In addition, Cyber Range training service offers a gamification interface for testing cybersecurity setups and focuses on easier and usable training service provision for SMEs/MEs. Finally, it provides a set of open-source components and training materials that help SMEs/MEs to properly address security and privacy while providing capabilities to continuously monitor current and upcoming regulations in the field of security and privacy. The sustainability of the SENTINEL platform was tested and validated in 3 different pilots addressing the end-users’ business and technical challenges. In this respect, both verification and validation variables were used to validate the performance of the SENTINEL platform from technical and business perspectives. Finally, the consortium has undertaken a plethora of dissemination and exploitation activities to raise awareness, collaborate with international and EU links, promote the technology transfer of the project’s results and boost the effectiveness of the EU data economy.
The project has proposed a capability-oriented approach that builds upon and advances current research in the context of Cybersecurity (CS) and Personal Data Protection (PDP) (risk-orientation, goal-orientation, service-orientation) to ensure that the SENTINEL solution is aligned with the needs and capabilities of SMEs. It provides a methodological and conceptually robust way of supporting SME self-assessment, raising awareness and boosting their CS and PDP capabilities. Furthermore, SENTINEL develops a wide range of data protection technologies for SMEs/MEs. These include self-assessment tools allowing users to assess their compliance level regarding GDPR and cybersecurity risk of their infrastructures. In addition, the Identity Management system developed within the project settles compliance and security issues and reduces the complexity of existing personal Data Management systems by allowing the SMEs/MEs to seamlessly interface with the platform for managing and processing personal information and data. Furthermore, SENTINEL capitalises on existing assessment frameworks brought by the consortium partners to deliver a complete compliance emphasising simplicity and automation and minimising the need for costly training and external consulting by third parties. In addition, Cyber Range training service offers a gamification interface for testing cybersecurity setups and focuses on easier and usable training service provision for SMEs/MEs. Finally, it provides a set of open-source components and training materials that help SMEs/MEs to properly address security and privacy while providing capabilities to continuously monitor current and upcoming regulations in the field of security and privacy. The sustainability of the SENTINEL platform was tested and validated in 3 different pilots addressing the end-users’ business and technical challenges. In this respect, both verification and validation variables were used to validate the performance of the SENTINEL platform from technical and business perspectives. Finally, the consortium has undertaken a plethora of dissemination and exploitation activities to raise awareness, collaborate with international and EU links, promote the technology transfer of the project’s results and boost the effectiveness of the EU data economy.