The European Security Certification Framework

Informations projet

EU-SEC

N° de convention de subvention: 731845

Site Web du projet

DOI

10.3030/731845

Projet clôturé

Date de signature de la CE 12 Decembre 2016

Date de début 1 Janvier 2017

Date de fin 31 Decembre 2019

Financé au titre de

INDUSTRIAL LEADERSHIP - Leadership in enabling and industrial technologies - Information and Communication Technologies (ICT)

Coût total

€ 3 842 450,00

Contribution de l’UE

€ 2 997 812,50

2 997 812,50

844 637,50

Coordonné par

FRAUNHOFER GESELLSCHAFT ZUR FORDERUNG DER ANGEWANDTEN FORSCHUNG EV
Germany

CORDIS fournit des liens vers les livrables publics et les publications des projets HORIZON.

Les liens vers les livrables et les publications des projets du 7e PC, ainsi que les liens vers certains types de résultats spécifiques tels que les jeux de données et les logiciels, sont récupérés dynamiquement sur OpenAIRE .

Livrables

Integration framework - Final documentation

update of D3.2, D3.3 and D3.4

TRA Methodology

This deliverable will include the description of the approach that will be followed for assessing the technology readiness of the EU-SEC solutions

Security and privacy requirements and controls

This deliverable will be a report that includes security and privacy requirements

Consolidation and analysis the pilot results

This deliverable will analyse principles, rules and mechanism for multiparty recognition framework and consolidate and summarise the results of pilot conducted in T4.1, 4.2, 4.3 and 4.4

Annual report on dissemination, standardisation and exploitation

The deliverable will be a document, which will be updated on an annual to report on the assessment of the activities related to dissemination, standardisation and exploitation.

Pilot preparation report

This deliverable will report the results of task 5.1.

EU-SEC Framework Final Version

This deliverable will refine the content of D2.4 based on the input and feedback collected during the pilot phase.

EU-SEC Framework – First Version

This deliverable will integrate the components of the governance structure defined in D2.1, D2.2 and D2.3

Training and awareness plan

This deliverable includes the training and awareness plan that will support the market uptake of the results of the EU-SEC project. The plan will include trainings, educational activities (e.g. workshops, webinars, booklet, events) and education material (e.g. guidelines, white papers, etc.) addressed to the target audience.

Architecture and tools for evidence storage V1

This deliverable describes the design of and implements trustworthy storage and management of evidence.

Multiparty recognition framework for cloud security certifications

This deliverable will include the governance structure of the EU-SEC Framework, including the governance bodies, their roles and responsibilities, the rules and mechanisms for the establishment of a multiparty recognition schema.

Technical report on pilot integration for provider selection and continuous certification

This deliverable will describe the activities conducted in the context of task 5.2

Principles, criteria and requirements for a multiparty recognition and continuous monitoring based certifications

This deliverable will be a report that defines the principles, criteria and requirements for a multipart recognition scheme and continuous auditing based certification.

Privacy Code of Conduct

This deliverable will include the governance of the Privacy Code of Conduct.

Continuous Auditing / Monitoring certification scheme

This deliverable will include the certification scheme and governance structure for the continuous monitoring / auditing-based certification.

Architecture for security controls V1

This deliverable consists of documentation and description of methods and tools to manage security controls for cloud services

Architecture and tools for auditing V1

In this deliverable, the approach to unified configuration of existing security audit tools will be described and implemented.

Auditing and assessment requirements

This deliverable will be a report that includes auditing requirements

Integration framework V1

In this deliverable, the approach how to determine the maturity of existing security audit tools for cloud services will be described and implemented. Furthermore, a methodology to seamlessly integrate existing tools into cloud services certification systems will be detailed and demonstrated.

Requirements and validation criteria – Pilot results

This deliverable will consolidate and summarise the results of the pilot as described in T5.3.

Final annual report on dissemination, standardisation and exploitation

This deliverables is an update of D6.3 and D6.4

Website and Dissemination and Standardisation Plan

This deliverable includes the project’s website and the dissemination plan guiding WP6’s communication activities for maximizing the value proposition and market uptake by spreading the project’s results with relevant target audiences. The first version of the standardization strategy (including a survey of related standards/best practices) will be also documented in this report.

Exploitation Plan

This deliverable presents the first exploitation plan guiding WP6’s activities in terms long-term sustainability of the certification framework and its components that shall enable auditors and ICT companies to exploit the project’s results for their business.

Publications

"Neue Wege in der IT-Sicherheitszertifizierung von Cloud-Infrastrukturen: Beitrag auf der Internetseite OBJEKTspektrum, Online Themenspecial ""Cloud Computing - Dynamische IT- Leistung aus der Wolke"" (https://www.sigs-datacom.de/)"

Auteurs: Großmann, Jürgen; Knoblauch, Dorian
Publié dans: Fraunhofer FOKUS, Numéro 3, 2019
Éditeur: SIGS DATACOM GmbH

EU-SEC pilot use case, from ISO 27001 to ISO 27017

Auteurs: Anton Ujčič, Bojan Pohar
Publié dans: IJU 2018 Informatics in Public Administration, 2018
Éditeur: Slovenian Society informatika

Cloud Provider Continuous Assurance: EU SEC Framework for Continuous Assurance in the Cloud

Auteurs: Dorian Knoblauch, Jim de Haas
Publié dans: ISSA Journal Oct 2019, Numéro Volume 17 Numéro 10, 2019
Éditeur: Information Systems Security Association

A Process Model to Support Continuous Certification of Cloud Services

Auteurs: Immanuel Kunz, Philipp Stephanow
Publié dans: 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), 2017, Page(s) 986-993, ISBN 978-1-5090-6029-0
Éditeur: IEEE
DOI: 10.1109/AINA.2017.106

Towards Continuous Security Certification of Software-as-a-Service Applications Using Web Application Testing Techniques

Auteurs: Philipp Stephanow, Koosha Khajehmoogahi
Publié dans: 2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA), 2017, Page(s) 931-938, ISBN 978-1-5090-6029-0
Éditeur: IEEE
DOI: 10.1109/AINA.2017.107

Continuous Location Validation of Cloud Service Components

Auteurs: Philipp Stephanow, Mohammad Moein, Christian Banse
Publié dans: 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), 2017, Page(s) 255-262, ISBN 978-1-5386-0692-6
Éditeur: IEEE
DOI: 10.1109/cloudcom.2017.29

Reducing Implementation Efforts in Continuous Auditing Certification Via an Audit API

Auteurs: Dorian Knoblauch, Christian Banse
Publié dans: 2019 IEEE 28th International Conference on Enabling Technologies: Infrastructure for Collaborative Enterprises (WETICE), 2019, Page(s) 88-92, ISBN 978-1-7281-0676-2
Éditeur: IEEE
DOI: 10.1109/wetice.2019.00025

Evaluating the Performance of Continuous Test-Based Cloud Service Certification

Auteurs: Philipp Stephanow, Christian Banse
Publié dans: 2017 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), 2017, Page(s) 1117-1126, ISBN 978-1-5090-6611-7
Éditeur: IEEE
DOI: 10.1109/ccgrid.2017.134

Semiautomatizované porovnávanie certifikačných schém cloudových služieb

Auteurs: Martin Labaj, Karol Rástočný, Daniela Chudá
Publié dans: DaZ & WIKT 2018, 2018, Page(s) 183-186
Éditeur: Ústav informatiky, informačných systémov a softvérového inžinierstva

Development of the new EU-SEC certification framework for cloud computer services

Auteurs: Anton Ujčič, Bojan Pohar
Publié dans: DSI 2018 Days of Slovenian Informatics, 2018
Éditeur: Slovenian Society informatika

The European Security Cerification Framework EU-ESC

Auteurs: Anton Ujčič, Darja Lihteneger
Publié dans: IJU 2017 Informatics in Public administration, 2017
Éditeur: Slovenian Society informatika

Europäisches Rahmenwerk für Continuous Auditing based Certification

Auteurs: Dorian Knoblauch, Jürgen Großmann, Linda Strick, Alain Pannetrat
Publié dans: IT-Sicherheit als Voraussetzung für eine erfolgreiche Digitalisierung, 2019, ISBN 978-3-922746-82-9
Éditeur: SecuMedia (Verlag)

EU-SEC helpt auditors

Auteurs: André Koot
Publié dans: de IT-Auditor, Numéro IT Auditor 2-2019, 2019
Éditeur: NOREA

Towards Automatic Comparison of Cloud Service Security Certifications

Auteurs: Martin Labaj, Karol Rástočný, Daniela Chudá
Publié dans: SOFSEM 2019: Theory and Practice of Computer Science - 45th International Conference on Current Trends in Theory and Practice of Computer Science, Nový Smokovec, Slovakia, January 27-30, 2019, Proceedings, Numéro 11376, 2019, Page(s) 298-309, ISBN 978-3-030-10800-7
Éditeur: Springer International Publishing
DOI: 10.1007/978-3-030-10801-4_24

Recherche de données OpenAIRE...

Livrables

Publications

Partager cette page Partager cette page sur les réseaux sociaux

Télécharger Télécharger le contenu de la page