SOG-IS View on the Cybersecurity Act, Bernd Kowalski, Chairman, SOG-IS, Germany
Cloud Candidate Scheme Recommendations by CSP CERT Working Group, The European Cloud Service Provider Certification Working Group
Update on DG Connect Operations, Aristotelis Tzafalias, Policy Officer, Cybersecurity and Digital Privacy, European Commission, Belgium
Security Needs to be Consistent—The Role of Process in the Cybersecurity Act, David Martin, Head of International Assurance, NCSC, United Kingdom
Overview of Current and Future NIAP and US Government Certification Initiatives, Mary Baish, Director, NIAP, United States
Update on ENISA Operations and CSA Implementation, Slawomir Górniak, Security Tools and Architecture Expert, ENISA, Greece
BSI View on the EU Cybersecurity Act, BSI, Germany
ECSO’s Outlook on the EU Cybersecurity Act, Roberto Cascella, Senior Policy Manager, ECSO, Belgium
The EU-SEC Framework, Lefteris Skoutaris, Research Analyst, Cloud Security Alliance, Greece
The Cybersecurity Act will establish a European cybersecurity certification framework for ICT products, services and processes. Current schemes may be incorporated into this new framework, or may need to evolve to the fit the regulatory changes. The Conference will cover the potential effect on current schemes and regulatory mandates like Common Criteria, eIDAS, Payment Services Directive 2, GDPR, ISO 27001, and EU standards for cryptographic modules. The conference will also cover the effect on current private schemes like GSMA, GlobalPlatform, EMVCo, PCI PTS, PCI SPoC, Eurosmart, Felica, Mifare, and OWASP and will discuss the new potential candidate schemes for key industry verticals such as IoT, cloud, communications, payments, automotive, and more.
The conference will take place in Brussels on November 18-19, starting with a plenary keynote session then breaking into 4 separate tracks covering technology and certification issues, customer requirements, policy, and market issues.
Conference topics will be of interest to the entire standards community, including Certification Bodies, Evaluation Laboratories, Researchers, Evaluators, Policy Makers, Product Developers, Sellers and Buyers interested in the specification, development, evaluation, and certification of IT security. The Cybersecurity Act will also affect organizations beyond the EU, including government schemes, testing laboratories, product developers, and technology companies in North America and Asia.
The conference is conveniently located in Central Brussels—steps away from the Gare Centrale and many of the top attractions in the city, including: Galeries Royales Saint-Hubert, a gorgeous glass roofed arcade with specialised boutiques, cafés and a theatre; Place du Grand Sablon, one of the oldest neighborhoods of Brussels with two lovely squares, a neo-gothic church and many old streets and houses with art galleries, pastry shops, cafés, and a weekend antiques market; and Rue Antoine Dansaert, home to fine jewellers and edgy European fashion boutiques.
Industry Alignment: Efforts by the international technical community to align frameworks with government standards while responding to the needs of the market.
Industrial Strategies: An analysis of current voluntary certification standards for industrial automation and energy, and potential transitions to mandatory international certification.
IoT Challenges: A survey of the large, fast-growing certification landscape for connected devices and the cost, performance, and power constraints that necessitate security compromises.
Public Policy: Updates from public schemes and associations on the development of standards in response to evolving security risks across multiple sectors.
Cloud and GDPR Frameworks: A look at cloud scheme initiatives and efforts to leverage existing certifications in the transition to frameworks that align with international regulations such as GDPR.
Outlook/Opportunities: Updates on leading government initiatives for global certification and perspectives on the business benefits of security evaluations.
Standards for Success: Review of standardization efforts under various national frameworks (a key factor for CSA success) and the limitations of standards in a real-world environment.
Innovations in Assurance: Best practices for maintaining certification in the face of new cybersecurity regulations, expanding product lines, and frequent product updates.