Opendata, web and dolomites

EU-SEC SIGNED

The European Security Certification Framework

Total Cost €

0

EC-Contrib. €

0

Partnership

0

Views

0

Project "EU-SEC" data sheet

The following table provides information about the project.

Coordinator
FRAUNHOFER GESELLSCHAFT ZUR FOERDERUNG DER ANGEWANDTEN FORSCHUNG E.V. 

Organization address
address: HANSASTRASSE 27C
city: MUNCHEN
postcode: 80686
website: www.fraunhofer.de

contact info
title: n.a.
name: n.a.
surname: n.a.
function: n.a.
email: n.a.
telephone: n.a.
fax: n.a.

 Coordinator Country Germany [DE]
 Project website https://www.sec-cert.eu/
 Total cost 3˙842˙450 €
 EC max contribution 2˙997˙812 € (78%)
 Programme 1. H2020-EU.3.7. (Secure societies - Protecting freedom and security of Europe and its citizens)
2. H2020-EU.2.1.1. (INDUSTRIAL LEADERSHIP - Leadership in enabling and industrial technologies - Information and Communication Technologies (ICT))
 Code Call H2020-DS-LEIT-2016
 Funding Scheme IA
 Starting year 2017
 Duration (year-month-day) from 2017-01-01   to  2019-12-31

 Partnership

Take a look of project's partnership.

# participants  country  role  EC contrib. [€] 
1    FRAUNHOFER GESELLSCHAFT ZUR FOERDERUNG DER ANGEWANDTEN FORSCHUNG E.V. DE (MUNCHEN) coordinator 893˙450.00
2    CLOUD SECURITY ALLIANCE (EUROPE) LBG UK (EDINBURGH) participant 929˙375.00
3    NIXU OYJ FI (ESPOO) participant 406˙875.00
4    CAIXABANK SA ES (BARCELONA) participant 182˙875.00
5    FABASOFT R&D GMBH AT (LINZ) participant 174˙737.00
6    MINISTRSTVO ZA JAVNO UPRAVO SI (LJUBLJANA) participant 165˙625.00
7    MINISTERSTVO FINANCII SLOVENSKEJ REPUBLIKY SK (BRATISLAVA) participant 155˙625.00
8    PRICEWATERHOUSECOOPERS AKTIENGESELLSCHAFT WIRTSCHAFTSPRUFUNGSGESELLSCHAFT DE (FRANKFURT AM MAIN) participant 89˙250.00
9    FABASOFT CLOUD GMBH AT (LINZ) participant 0.00
10    SIXSQ SARL CH (GENEVE) participant 0.00

Map

 Project objective

In recent years the ICT market has evolved toward a cloud-based approach. This shift together with the rapidly changing legal and regulatory landscape has heavily impacted security assurance, governance and compliance. The information security market players have tried to provide suitable solutions to cope with issues such as i) lack of means to provide higher level of assurance (e.g continuous monitoring and auditing), ii) privacy not adequately taken into account, iii) limited transparency and iv) lack of means to streamline risk management and compliance. In the certification space this has resulted in the creation of several schemas creating an additional problem, i.e. the proliferation of certification scheme. The project EU-SEC will improve the effectiveness and efficiency of existing approaches for assurance and compliance. The EU-SEC aims to create a framework under which existing, certification and assurance approaches can co-exist. The three core ideas behind the EU-SEC project are that an effective and efficient approach to trust, assurance and compliance has to: (1) balance the need of nations and business sectors to develop their specific certification schemas with the need of CSPs to reduce compliance costs (2) avoid that humans (auditors) do activities that can be performed by machines (e.g. collecting data) (3) make sure that accurate and reliable evidences/information are provided to relevant people, in a timely fashion, leveraging as much as possible automatic means. The EU-SEC framework will equip stakeholders in the ICT security ecosystem with a validated governance structure, a reference architecture, and the corresponding set of tools to improve the efficiency and effectiveness of their current approach to security governance, risks management, assurance and compliance. The EU-SEC aims to enhancing trustworthiness and transparency in the ICT supply chain through business cases developed and piloted by industrial partners.

 Deliverables

List of deliverables.
Pilot preparation report Documents, reports 2020-04-20 13:49:34
Multiparty recognition framework for cloud security certifications Documents, reports 2020-04-20 13:49:34
Exploitation Plan Documents, reports 2020-04-20 13:49:34
Consolidation and analysis the pilot results Documents, reports 2020-04-20 13:49:34
Integration framework - Final documentation Documents, reports 2020-04-20 13:49:34
Website and Dissemination and Standardisation Plan Documents, reports 2020-04-20 13:49:34
TRA Methodology Documents, reports 2020-04-20 13:49:34
Integration framework V1 Documents, reports 2020-04-20 13:49:34
Continuous Auditing / Monitoring certification scheme Documents, reports 2020-04-20 13:49:34
EU-SEC Framework – First Version Documents, reports 2020-04-20 13:49:34
Principles, criteria and requirements for a multiparty recognition and continuous monitoring based certifications Documents, reports 2020-04-20 13:49:34
Architecture and tools for evidence storage V1 Documents, reports 2020-04-20 13:49:34
Architecture and tools for auditing V1 Documents, reports 2020-04-20 13:49:34
Auditing and assessment requirements Documents, reports 2020-04-20 13:49:34
Architecture for security controls V1 Documents, reports 2020-04-20 13:49:34
EU-SEC Framework Final Version Documents, reports 2020-04-20 13:49:35
Privacy Code of Conduct Documents, reports 2020-04-20 13:49:35
Technical report on pilot integration for provider selection and continuous certification Documents, reports 2020-04-20 13:49:34
Annual report on dissemination, standardisation and exploitation Documents, reports 2020-04-20 13:49:34
Final annual report on dissemination, standardisation and exploitation Documents, reports 2020-04-20 13:49:35
Security and privacy requirements and controls Documents, reports 2020-04-20 13:49:35
Requirements and validation criteria – Pilot results Documents, reports 2020-04-20 13:49:34
Training and awareness plan Documents, reports 2020-04-20 13:49:34

Take a look to the deliverables list in detail:  detailed list of EU-SEC deliverables.

 Publications

year authors and title journal last update
List of publications.
2019 André Koot
EU-SEC helpt auditors
published pages: , ISSN: , DOI:
de IT-Auditor IT Auditor 2-2019 2020-04-20
2019 Großmann, Jürgen; Knoblauch, Dorian
\"Neue Wege in der IT-Sicherheitszertifizierung von Cloud-Infrastrukturen: Beitrag auf der Internetseite OBJEKTspektrum, Online Themenspecial \"\"Cloud Computing - Dynamische IT- Leistung aus der Wolke\"\" (https://www.sigs-datacom.de/)\"
published pages: , ISSN: , DOI:
Fraunhofer FOKUS 3 2020-04-20
2019 Dorian Knoblauch, Jim de Haas
Cloud Provider Continuous Assurance: EU SEC Framework for Continuous Assurance in the Cloud
published pages: , ISSN: , DOI:
ISSA Journal Oct 2019 Volume 17 Issue 10 2020-04-20
2018 Anton Ujčič, Bojan Pohar
EU-SEC pilot use case, from ISO 27001 to ISO 27017
published pages: , ISSN: , DOI:
IJU 2018 Informatics in Public Administration 2020-04-20
2018 Martin Labaj, Karol Rástočný, Daniela Chudá
Semiautomatizované porovnávanie certifikačných schém cloudových služieb
published pages: 183-186, ISSN: , DOI:
DaZ & WIKT 2018 2020-04-20
2017 Anton Ujčič, Darja Lihteneger
The European Security Cerification Framework EU-ESC
published pages: , ISSN: , DOI:
IJU 2017 Informatics in Public administration 2020-04-20
2018 Anton Ujčič, Bojan Pohar
Development of the new EU-SEC certification framework for cloud computer services
published pages: , ISSN: , DOI:
DSI 2018 Days of Slovenian Informatics 2020-04-20

Are you the coordinator (or a participant) of this project? Plaese send me more information about the "EU-SEC" project.

For instance: the website url (it has not provided by EU-opendata yet), the logo, a more detailed description of the project (in plain text as a rtf file or a word file), some pictures (as picture files, not embedded into any word file), twitter account, linkedin page, etc.

Send me an  email (fabio@fabiodisconzi.com) and I put them in your project's page as son as possible.

Thanks. And then put a link of this page into your project's website.

The information about "EU-SEC" are provided by the European Opendata Portal: CORDIS opendata.

More projects from the same programme (H2020-EU.3.7.;H2020-EU.2.1.1.)

certMILS (2017)

Compositional security certification for medium- to high-assurance COTS-based systems in environments with emerging threats

Read More  

VESSEDIA (2017)

VERIFICATION ENGINEERING OF SAFETY AND SECURITY CRITICAL DYNAMIC INDUSTRIAL APPLICATIONS

Read More  

ANASTACIA (2017)

Advanced Networked Agents for Security and Trust Assessment in CPS/IOT Architectures

Read More