18-19 November 2019, The Hotel, Brussels, Belgium

Presentations by Topic

Complete Agenda | Presentations by Track | Presentations by Topic

Assurance
Automation
Certification
Cloud
Common Criteria
Critical Infrastructure
CSPCERT
Digital Single Market
ECSO
Embedded
Energy
ENISA
ERNCIP
EU Commission
Evaluations
FIPS
FISMA
GDPR
IACS
IEC-62443
IoT
ISACA COBIT
ISCI
ISO 27001
ISO 27552
Lightweight
NIST
OWASP
SESIP
SIM
Smart Card
SoC
Standards
Trusted Computing Group

Common Criteria as Backbone of IoT Security Certification

With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of trust that protect critical assets and processes. However, for higher layers, schemes must be optimized to tackle the volume of...
Read More
Georg Stütz

Addressing the Continuity of Software Security for Embedded Devices

Modern feature-oriented development requires fast release cycles for SW of connected devices already deployed in the field. For IoT sectors such as critical infrastructures as well as industrial IoT, the security of such systems is of high importance for the business continuity as well as country level safety. Additionally, underlying...
Read More
Jasmina Omic

Agile Assurance: Modernizing IT Product Certification

Can modern product assurance programs be designed to keep pace with agile development? Yes! Not only is it possible, but a shift to “agile assurance” is a necessary step towards restoring trust and credibility to the cyber supply chain. This presentation focuses on the use of automation and supporting methodologies...
Read More
Lachlan Turner

Update on ENISA Operations and CSA Implementation

Description to come.
Sławomir Górniak

ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act?

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,...
Read More
Rachel Menda-Shabat

The Certification Landscape and What Industry Needs

This session will look at what is required to ensure that the connected world is secure. Specifically it will look at third party certification and what we need to do to verify the security of the connected products and eco-system. From the view point of a developer with many years...
Read More
John Boggie

Security Needs to be Consistent—The Role of Process in the Cybersecurity Act

The certification related parts of the Cybersecurity act generally refer to ‘products, processes, and services’. This presentation will show how these elements interact to provide meaningful confidence of cybersecurity. It will highlight benefits and issues with evaluating/certifying each aspect.
David Martin

Toward the European Cloud Security Certification Scheme: The CSPCERT Final Public-Private Recommendation

A final recommendation by CSPCERT to the European Commission was accomplished at the Amsterdam Plenary of the Digital Single Market. Co-Authored by the speaker, this presentation will focus on the results of those recommendations as they directly correlate to the European Union Cybersecurity Act. The presentation will highlight the findings...
Read More
Thomas Niessen
Aurelien Leteinturier
Saurabh Ghelani
William Ochs

The EU-SEC Framework

The project “European Security Certification Framework” (EU-SEC)* aims to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international certifications can co-exist. EU-SEC will improve the business value as well as the effectiveness and efficiency of existing cloud security...
Read More
Lefteris Skoutaris

Comparing National Lightweight Methodologies Around Europe

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national...
Read More
Javier Tallón

Embedded Systems for IOT Products: What is the Current Certification Offer ?

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our study, we have selected relevant schemes for IOT products, that are recognized in Europe and that propose self-assessment up to...
Read More
Dr. Claire Loiseaux

Foundations and Perspectives of the EU’s 2019 Cybersecurity Act Certification Legislation for the Industrial Automation and Control Systems

When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near future. Stemming from this assumption, the IACS Cybersecurity Certification Framework (ICCF) inspired the European Cybersecurity Certification Framework (ECCF). Now that...
Read More
Paul Theron

IEC62443 and NIS Directive: Needs and Opportunities

Under the NIS directive, industrial components belonging to the definition of critical infrastructure need are identified as high-risk assets. The Cyber Security Act (CSA) could make the certification of certain devices in this area to pass a formal security certification. In parallel, the industry under the umbrella of the International...
Read More
Maria Fravventura

EUROSMART IoT Security Certifiction Scheme (eIoT SCS)

Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements are intended to minimize the risks of successful attacks commonly taking advantage of poor design in IoT devices bringing severe...
Read More
Roland Atoui

OWASP IoT Project: A Great Ally for the IoT Candidate Schemes

The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. The project team...
Read More
Jose Alejandro Rivas Vidal

Updating Certified Products

This presentation will look at the processes to be applied if an already-certified product needs to be updated. The problem is known: Every product needs to be updated from time to time, based on security or functional reasons. But what are the possibilities if the product is already certified? Is...
Read More
Gabor Hornyak

Toward the European Cloud Security Certification Scheme: The CSPCERT Final Public-Private Recommendation

A final recommendation by CSPCERT to the European Commission was accomplished at the Amsterdam Plenary of the Digital Single Market. Co-Authored by the speaker, this presentation will focus on the results of those recommendations as they directly correlate to the European Union Cybersecurity Act. The presentation will highlight the findings...
Read More
Thomas Niessen
Aurelien Leteinturier
Saurabh Ghelani
William Ochs

Lessons Learnt in the Commercial Use of Security Certification—From Setting Standards to an Innovator’s Perspective

This presentation will share experiences in the use of existing security certification frameworks for commercial mass-market products, both from the perspective of chairing the Trusted Computing Group’s certification program for key security technologies, and from the point of view of an IT vendor. The presenter will discuss those different perspectives,...
Read More
Boris Balacheff

ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act?

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,...
Read More
Rachel Menda-Shabat

Update on The EU Cybersecurity Act: Is The Feared Balkanization of Common Criteria Being Reversed?

At the ICMC conference in 2018, Oracle presented concerns that the EU’s Cybersecurity Act could balkanize Common Criteria and its community. Now that the Act has come into force this talk will re-examine if these concerns have been addressed, and what the remaining challenges are in the Act’s implementation. The...
Read More
Martin Chapman

Comparing National Lightweight Methodologies Around Europe

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national...
Read More
Javier Tallón

SESIP: A Practical, Operational Light-Weight CC Methodology

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this session will show the fundamental choices in the standard and the implementation in a scheme that lead to such an...
Read More
Wouter Slegers

X-Gateway as a Modular Part of IoT

How high-secure Technologies support IoT devices on level “basic“ and “substantial.“ The question of how to secure the Internet-of-Things in a simple way is not easy to answer. It is as complex as the question how to assess the level of trust for these IoT devices and their smart services...
Read More
Markus Bartsch

Common Criteria as Backbone of IoT Security Certification

With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of trust that protect critical assets and processes. However, for higher layers, schemes must be optimized to tackle the volume of...
Read More
Georg Stütz

SOGIS View on the Cybersecurity Act

Description to come.
Bernd Kowalski

Agile Assurance: Modernizing IT Product Certification

Can modern product assurance programs be designed to keep pace with agile development? Yes! Not only is it possible, but a shift to “agile assurance” is a necessary step towards restoring trust and credibility to the cyber supply chain. This presentation focuses on the use of automation and supporting methodologies...
Read More
Lachlan Turner

Implementing and Maintaining a Cybersecurity Program—The Role of Standards

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively...
Read More
Raymond Romero

NIS Directive and the CSA

Description to come.

Toward the European Cloud Security Certification Scheme: The CSPCERT Final Public-Private Recommendation

A final recommendation by CSPCERT to the European Commission was accomplished at the Amsterdam Plenary of the Digital Single Market. Co-Authored by the speaker, this presentation will focus on the results of those recommendations as they directly correlate to the European Union Cybersecurity Act. The presentation will highlight the findings...
Read More
Thomas Niessen
Aurelien Leteinturier
Saurabh Ghelani
William Ochs

ECSO’s Outlook on the EU Cybersecurity Act

Description to come.
Luigi Rebuffi

The Certification Landscape and What Industry Needs

This session will look at what is required to ensure that the connected world is secure. Specifically it will look at third party certification and what we need to do to verify the security of the connected products and eco-system. From the view point of a developer with many years...
Read More
John Boggie

ECSO’s Outlook on the EU Cybersecurity Act

Description to come.
Luigi Rebuffi

SIMs, eSIMs and Secure Elements: Providing a Roadmap to Dynamic Security and Flexible Control for Connected Devices

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for example. With many global industry players such as OEM/device manufacturers, IoT service providers, MNOs and automotive companies now deploying these...
Read More
Remy Cricco

Embedded Systems for IOT Products: What is the Current Certification Offer ?

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our study, we have selected relevant schemes for IOT products, that are recognized in Europe and that propose self-assessment up to...
Read More
Dr. Claire Loiseaux

Addressing the Continuity of Software Security for Embedded Devices

Modern feature-oriented development requires fast release cycles for SW of connected devices already deployed in the field. For IoT sectors such as critical infrastructures as well as industrial IoT, the security of such systems is of high importance for the business continuity as well as country level safety. Additionally, underlying...
Read More
Jasmina Omic

Beyond the Theory of the Cybersecurity Act

The Cybersecurity Act was one of the most debated legal packages under the Juncker’s Commission. Its adoption has requested a number of compromises and months of discussions by hundreds of stakeholders and experts: as an example, industry, service providers, operators, regulators and legislators have been discussing since its first draft...
Read More
Stefano Bracco

Update on ENISA Operations and CSA Implementation

Description to come.
Sławomir Górniak

Update on DG Connect Operations

Description to come.
Aristotelis Tzafalias

Foundations and Perspectives of the EU’s 2019 Cybersecurity Act Certification Legislation for the Industrial Automation and Control Systems

When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near future. Stemming from this assumption, the IACS Cybersecurity Certification Framework (ICCF) inspired the European Cybersecurity Certification Framework (ECCF). Now that...
Read More
Paul Theron

Update on DG Connect Operations

Description to come.
Aristotelis Tzafalias

NIS Directive and the CSA

Description to come.

Security Needs to be Consistent—The Role of Process in the Cybersecurity Act

The certification related parts of the Cybersecurity act generally refer to ‘products, processes, and services’. This presentation will show how these elements interact to provide meaningful confidence of cybersecurity. It will highlight benefits and issues with evaluating/certifying each aspect.
David Martin

Comparing National Lightweight Methodologies Around Europe

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national...
Read More
Javier Tallón

Embedded Systems for IOT Products: What is the Current Certification Offer ?

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our study, we have selected relevant schemes for IOT products, that are recognized in Europe and that propose self-assessment up to...
Read More
Dr. Claire Loiseaux

IEC62443 and NIS Directive: Needs and Opportunities

Under the NIS directive, industrial components belonging to the definition of critical infrastructure need are identified as high-risk assets. The Cyber Security Act (CSA) could make the certification of certain devices in this area to pass a formal security certification. In parallel, the industry under the umbrella of the International...
Read More
Maria Fravventura

EUROSMART IoT Security Certifiction Scheme (eIoT SCS)

Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements are intended to minimize the risks of successful attacks commonly taking advantage of poor design in IoT devices bringing severe...
Read More
Roland Atoui

Updating Certified Products

This presentation will look at the processes to be applied if an already-certified product needs to be updated. The problem is known: Every product needs to be updated from time to time, based on security or functional reasons. But what are the possibilities if the product is already certified? Is...
Read More
Gabor Hornyak

Making Evaluation Schemes Scale Up: the Tensegrity of Process and Product

There is an increasing awareness of the need for CyberSecurity as a hygiene factor for cyber products in general, as well as for more specialised security applications. That means we need CyberSecurity evaluations schemes to scale up to deal with larger numbers of products than we have traditionally dealt with....
Read More
Tony Boswell

The ROI of Security Evaluations

With the introduction of the European Cyber Security Act (CSA), there is a lot of attention on the nature of mandatory versus optional product certification. This presentation will explore the business benefits of security evaluations as a mechanism to show accountability, due diligence, best practices and State Of the Art...
Read More
Dirk-Jan Out

Implementing and Maintaining a Cybersecurity Program—The Role of Standards

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively...
Read More
Raymond Romero

The EU-SEC Framework

The project “European Security Certification Framework” (EU-SEC)* aims to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international certifications can co-exist. EU-SEC will improve the business value as well as the effectiveness and efficiency of existing cloud security...
Read More
Lefteris Skoutaris

Addressing GDPR Requirements Using the ISO 27552 Standard. Is the CSA Looking At It?

With GDPR being the law now for 18 month and privacy legislation emerging in more jurisdictions, organizations are seeking to utilize a common framework to demonstrate their commitment to PII protection to external stakeholders. This presentation will explore ISO 27552, a new privacy standard designed as an extension to ISO...
Read More
Willy Fabritius

The ROI of Security Evaluations

With the introduction of the European Cyber Security Act (CSA), there is a lot of attention on the nature of mandatory versus optional product certification. This presentation will explore the business benefits of security evaluations as a mechanism to show accountability, due diligence, best practices and State Of the Art...
Read More
Dirk-Jan Out

Foundations and Perspectives of the EU’s 2019 Cybersecurity Act Certification Legislation for the Industrial Automation and Control Systems

When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near future. Stemming from this assumption, the IACS Cybersecurity Certification Framework (ICCF) inspired the European Cybersecurity Certification Framework (ECCF). Now that...
Read More
Paul Theron

IEC62443 and NIS Directive: Needs and Opportunities

Under the NIS directive, industrial components belonging to the definition of critical infrastructure need are identified as high-risk assets. The Cyber Security Act (CSA) could make the certification of certain devices in this area to pass a formal security certification. In parallel, the industry under the umbrella of the International...
Read More
Maria Fravventura

Embedded Systems for IOT Products: What is the Current Certification Offer ?

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our study, we have selected relevant schemes for IOT products, that are recognized in Europe and that propose self-assessment up to...
Read More
Dr. Claire Loiseaux

SESIP: A Practical, Operational Light-Weight CC Methodology

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this session will show the fundamental choices in the standard and the implementation in a scheme that lead to such an...
Read More
Wouter Slegers

EUROSMART IoT Security Certifiction Scheme (eIoT SCS)

Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements are intended to minimize the risks of successful attacks commonly taking advantage of poor design in IoT devices bringing severe...
Read More
Roland Atoui

X-Gateway as a Modular Part of IoT

How high-secure Technologies support IoT devices on level “basic“ and “substantial.“ The question of how to secure the Internet-of-Things in a simple way is not easy to answer. It is as complex as the question how to assess the level of trust for these IoT devices and their smart services...
Read More
Markus Bartsch

Common Criteria as Backbone of IoT Security Certification

With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of trust that protect critical assets and processes. However, for higher layers, schemes must be optimized to tackle the volume of...
Read More
Georg Stütz

OWASP IoT Project: A Great Ally for the IoT Candidate Schemes

The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. The project team...
Read More
Jose Alejandro Rivas Vidal

Implementing and Maintaining a Cybersecurity Program—The Role of Standards

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively...
Read More
Raymond Romero

ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act?

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,...
Read More
Rachel Menda-Shabat

Addressing GDPR Requirements Using the ISO 27552 Standard. Is the CSA Looking At It?

With GDPR being the law now for 18 month and privacy legislation emerging in more jurisdictions, organizations are seeking to utilize a common framework to demonstrate their commitment to PII protection to external stakeholders. This presentation will explore ISO 27552, a new privacy standard designed as an extension to ISO...
Read More
Willy Fabritius

Implementing and Maintaining a Cybersecurity Program—The Role of Standards

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively...
Read More
Raymond Romero

Addressing GDPR Requirements Using the ISO 27552 Standard. Is the CSA Looking At It?

With GDPR being the law now for 18 month and privacy legislation emerging in more jurisdictions, organizations are seeking to utilize a common framework to demonstrate their commitment to PII protection to external stakeholders. This presentation will explore ISO 27552, a new privacy standard designed as an extension to ISO...
Read More
Willy Fabritius

Comparing National Lightweight Methodologies Around Europe

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national...
Read More
Javier Tallón

SESIP: A Practical, Operational Light-Weight CC Methodology

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this session will show the fundamental choices in the standard and the implementation in a scheme that lead to such an...
Read More
Wouter Slegers

Implementing and Maintaining a Cybersecurity Program—The Role of Standards

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively...
Read More
Raymond Romero

OWASP IoT Project: A Great Ally for the IoT Candidate Schemes

The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. The project team...
Read More
Jose Alejandro Rivas Vidal

SESIP: A Practical, Operational Light-Weight CC Methodology

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this session will show the fundamental choices in the standard and the implementation in a scheme that lead to such an...
Read More
Wouter Slegers

SIMs, eSIMs and Secure Elements: Providing a Roadmap to Dynamic Security and Flexible Control for Connected Devices

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for example. With many global industry players such as OEM/device manufacturers, IoT service providers, MNOs and automotive companies now deploying these...
Read More
Remy Cricco

SIMs, eSIMs and Secure Elements: Providing a Roadmap to Dynamic Security and Flexible Control for Connected Devices

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for example. With many global industry players such as OEM/device manufacturers, IoT service providers, MNOs and automotive companies now deploying these...
Read More
Remy Cricco

ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act?

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,...
Read More
Rachel Menda-Shabat

ISCI WG (International Smartcard Initiative) Who Are We? What Do We Do? How Do We Do It? And How Do We Contribute to The EU Cyber Act?

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,...
Read More
Rachel Menda-Shabat

SIMs, eSIMs and Secure Elements: Providing a Roadmap to Dynamic Security and Flexible Control for Connected Devices

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for example. With many global industry players such as OEM/device manufacturers, IoT service providers, MNOs and automotive companies now deploying these...
Read More
Remy Cricco

Update on DG Connect Operations

Description to come.
Aristotelis Tzafalias

ECSO’s Outlook on the EU Cybersecurity Act

Description to come.
Luigi Rebuffi

Update on The EU Cybersecurity Act: Is The Feared Balkanization of Common Criteria Being Reversed?

At the ICMC conference in 2018, Oracle presented concerns that the EU’s Cybersecurity Act could balkanize Common Criteria and its community. Now that the Act has come into force this talk will re-examine if these concerns have been addressed, and what the remaining challenges are in the Act’s implementation. The...
Read More
Martin Chapman

Beyond the Theory of the Cybersecurity Act

The Cybersecurity Act was one of the most debated legal packages under the Juncker’s Commission. Its adoption has requested a number of compromises and months of discussions by hundreds of stakeholders and experts: as an example, industry, service providers, operators, regulators and legislators have been discussing since its first draft...
Read More
Stefano Bracco

Lessons Learnt in the Commercial Use of Security Certification—From Setting Standards to an Innovator’s Perspective

This presentation will share experiences in the use of existing security certification frameworks for commercial mass-market products, both from the perspective of chairing the Trusted Computing Group’s certification program for key security technologies, and from the point of view of an IT vendor. The presenter will discuss those different perspectives,...
Read More
Boris Balacheff