The European Security Certification Framework

Projektinformationen

EU-SEC

ID Finanzhilfevereinbarung: 731845

Projektwebsite

DOI

10.3030/731845

Projekt abgeschlossen

EK-Unterschriftsdatum 12 Dezember 2016

Startdatum 1 Januar 2017

Enddatum 31 Dezember 2019

Finanziert unter

INDUSTRIAL LEADERSHIP - Leadership in enabling and industrial technologies - Information and Communication Technologies (ICT)

Gesamtkosten

€ 3 842 450,00

EU-Beitrag

€ 2 997 812,50

2 997 812,50

844 637,50

Koordiniert durch

FRAUNHOFER GESELLSCHAFT ZUR FORDERUNG DER ANGEWANDTEN FORSCHUNG EV
Germany

CORDIS bietet Links zu öffentlichen Ergebnissen und Veröffentlichungen von HORIZONT-Projekten.

Links zu Ergebnissen und Veröffentlichungen von RP7-Projekten sowie Links zu einigen Typen spezifischer Ergebnisse wie Datensätzen und Software werden dynamisch von OpenAIRE abgerufen.

Leistungen

Integration framework - Final documentation

update of D3.2, D3.3 and D3.4

TRA Methodology

This deliverable will include the description of the approach that will be followed for assessing the technology readiness of the EU-SEC solutions

Security and privacy requirements and controls

This deliverable will be a report that includes security and privacy requirements

Consolidation and analysis the pilot results

This deliverable will analyse principles, rules and mechanism for multiparty recognition framework and consolidate and summarise the results of pilot conducted in T4.1, 4.2, 4.3 and 4.4

Annual report on dissemination, standardisation and exploitation

The deliverable will be a document, which will be updated on an annual to report on the assessment of the activities related to dissemination, standardisation and exploitation.

Pilot preparation report

This deliverable will report the results of task 5.1.

EU-SEC Framework Final Version

This deliverable will refine the content of D2.4 based on the input and feedback collected during the pilot phase.

EU-SEC Framework – First Version

This deliverable will integrate the components of the governance structure defined in D2.1, D2.2 and D2.3

Training and awareness plan

This deliverable includes the training and awareness plan that will support the market uptake of the results of the EU-SEC project. The plan will include trainings, educational activities (e.g. workshops, webinars, booklet, events) and education material (e.g. guidelines, white papers, etc.) addressed to the target audience.

Architecture and tools for evidence storage V1

This deliverable describes the design of and implements trustworthy storage and management of evidence.

Multiparty recognition framework for cloud security certifications

This deliverable will include the governance structure of the EU-SEC Framework, including the governance bodies, their roles and responsibilities, the rules and mechanisms for the establishment of a multiparty recognition schema.

Technical report on pilot integration for provider selection and continuous certification

This deliverable will describe the activities conducted in the context of task 5.2

Principles, criteria and requirements for a multiparty recognition and continuous monitoring based certifications

This deliverable will be a report that defines the principles, criteria and requirements for a multipart recognition scheme and continuous auditing based certification.

Privacy Code of Conduct

This deliverable will include the governance of the Privacy Code of Conduct.

Continuous Auditing / Monitoring certification scheme

This deliverable will include the certification scheme and governance structure for the continuous monitoring / auditing-based certification.

Architecture for security controls V1

This deliverable consists of documentation and description of methods and tools to manage security controls for cloud services

Architecture and tools for auditing V1

In this deliverable, the approach to unified configuration of existing security audit tools will be described and implemented.

Auditing and assessment requirements

This deliverable will be a report that includes auditing requirements

Integration framework V1

In this deliverable, the approach how to determine the maturity of existing security audit tools for cloud services will be described and implemented. Furthermore, a methodology to seamlessly integrate existing tools into cloud services certification systems will be detailed and demonstrated.

Requirements and validation criteria – Pilot results

This deliverable will consolidate and summarise the results of the pilot as described in T5.3.

Final annual report on dissemination, standardisation and exploitation

This deliverables is an update of D6.3 and D6.4

Website and Dissemination and Standardisation Plan

This deliverable includes the project’s website and the dissemination plan guiding WP6’s communication activities for maximizing the value proposition and market uptake by spreading the project’s results with relevant target audiences. The first version of the standardization strategy (including a survey of related standards/best practices) will be also documented in this report.

Exploitation Plan

This deliverable presents the first exploitation plan guiding WP6’s activities in terms long-term sustainability of the certification framework and its components that shall enable auditors and ICT companies to exploit the project’s results for their business.

Veröffentlichungen

"Neue Wege in der IT-Sicherheitszertifizierung von Cloud-Infrastrukturen: Beitrag auf der Internetseite OBJEKTspektrum, Online Themenspecial ""Cloud Computing - Dynamische IT- Leistung aus der Wolke"" (https://www.sigs-datacom.de/)"

Autoren: Großmann, Jürgen; Knoblauch, Dorian
Veröffentlicht in: Fraunhofer FOKUS, Ausgabe 3, 2019
Herausgeber: SIGS DATACOM GmbH

EU-SEC pilot use case, from ISO 27001 to ISO 27017

Autoren: Anton Ujčič, Bojan Pohar
Veröffentlicht in: IJU 2018 Informatics in Public Administration, 2018
Herausgeber: Slovenian Society informatika

Cloud Provider Continuous Assurance: EU SEC Framework for Continuous Assurance in the Cloud

Autoren: Dorian Knoblauch, Jim de Haas
Veröffentlicht in: ISSA Journal Oct 2019, Ausgabe Volume 17 Ausgabe 10, 2019
Herausgeber: Information Systems Security Association

A Process Model to Support Continuous Certification of Cloud Services

Autoren: Immanuel Kunz, Philipp Stephanow
Veröffentlicht in: 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), 2017, Seite(n) 986-993, ISBN 978-1-5090-6029-0
Herausgeber: IEEE
DOI: 10.1109/AINA.2017.106

Towards Continuous Security Certification of Software-as-a-Service Applications Using Web Application Testing Techniques

Autoren: Philipp Stephanow, Koosha Khajehmoogahi
Veröffentlicht in: 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), 2017, Seite(n) 931-938, ISBN 978-1-5090-6029-0
Herausgeber: IEEE
DOI: 10.1109/AINA.2017.107

Continuous Location Validation of Cloud Service Components

Autoren: Philipp Stephanow, Mohammad Moein, Christian Banse
Veröffentlicht in: 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2017, Seite(n) 255-262, ISBN 978-1-5386-0692-6
Herausgeber: IEEE
DOI: 10.1109/cloudcom.2017.29

Reducing Implementation Efforts in Continuous Auditing Certification Via an Audit API

Autoren: Dorian Knoblauch, Christian Banse
Veröffentlicht in: 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), 2019, Seite(n) 88-92, ISBN 978-1-7281-0676-2
Herausgeber: IEEE
DOI: 10.1109/wetice.2019.00025

Evaluating the Performance of Continuous Test-Based Cloud Service Certification

Autoren: Philipp Stephanow, Christian Banse
Veröffentlicht in: 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2017, Seite(n) 1117-1126, ISBN 978-1-5090-6611-7
Herausgeber: IEEE
DOI: 10.1109/ccgrid.2017.134

Semiautomatizované porovnávanie certifikačných schém cloudových služieb

Autoren: Martin Labaj, Karol Rástočný, Daniela Chudá
Veröffentlicht in: DaZ & WIKT 2018, 2018, Seite(n) 183-186
Herausgeber: Ústav informatiky, informačných systémov a softvérového inžinierstva

Development of the new EU-SEC certification framework for cloud computer services

Autoren: Anton Ujčič, Bojan Pohar
Veröffentlicht in: DSI 2018 Days of Slovenian Informatics, 2018
Herausgeber: Slovenian Society informatika

The European Security Cerification Framework EU-ESC

Autoren: Anton Ujčič, Darja Lihteneger
Veröffentlicht in: IJU 2017 Informatics in Public administration, 2017
Herausgeber: Slovenian Society informatika

Europäisches Rahmenwerk für Continuous Auditing based Certification

Autoren: Dorian Knoblauch, Jürgen Großmann, Linda Strick, Alain Pannetrat
Veröffentlicht in: IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, 2019, ISBN 978-3-922746-82-9
Herausgeber: SecuMedia (Verlag)

EU-SEC helpt auditors

Autoren: André Koot
Veröffentlicht in: de IT-Auditor, Ausgabe IT Auditor 2-2019, 2019
Herausgeber: NOREA

Towards Automatic Comparison of Cloud Service Security Certifications

Autoren: Martin Labaj, Karol Rástočný, Daniela Chudá
Veröffentlicht in: SOFSEM 2019: Theory and Practice of Computer Science - 45th International Conference on Current Trends in Theory and Practice of Computer Science, Nový Smokovec, Slovakia, January 27-30, 2019, Proceedings, Ausgabe 11376, 2019, Seite(n) 298-309, ISBN 978-3-030-10800-7
Herausgeber: Springer International Publishing
DOI: 10.1007/978-3-030-10801-4_24

Suche nach OpenAIRE-Daten ...

Leistungen

Veröffentlichungen

Diese Seite teilen Diese Seite in sozialen Netzwerken teilen

Herunterladen Den Inhalt der Seite herunterladen