Presentations by Topic

Can modern product assurance programs be designed to keep pace with agile development? Yes! Not only is it possible, but a shift to “agile assurance” is a necessary step towards restoring trust and credibility to the cyber supply chain. This presentation focuses on the use of automation and supporting methodologies... Read More

This panel, featuring founding and contributing partners to the Charter of Trust, will discuss some of Key Principles of the Charter: (Principle 2) Responsibility throughout the digital supply chain, and (Principle 7) mandatory independent third-party certifications (based on future-proof definitions, where life and limb is at risk in particular) for... Read More

Securing network and information systems in the European Union has been deemed as a key objective in an effort to keep the EU online economy functional and secure. The purpose of the EU cybersecurity certification framework under the Regulation (EU) 2019/881 (“EU Cybersecurity Act”) is to establish and maintain the... Read More

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,... Read More

This session will look at what is required to ensure that the connected world is secure. Specifically it will look at third party certification and what we need to do to verify the security of the connected products and eco-system. From the view point of a developer with many years... Read More

The certification related parts of the Cybersecurity act generally refer to ‘products, processes, and services’. This presentation will show how these elements interact to provide meaningful confidence of cybersecurity. It will highlight benefits and issues with evaluating/certifying each aspect.

A final recommendation by CSPCERT to the European Commission was accomplished at the Amsterdam Plenary of the Digital Single Market. Co-Authored by the speaker, this presentation will focus on the results of those recommendations as they directly correlate to the European Union Cybersecurity Act. The presentation will highlight the findings... Read More

Description to come.

The project “European Security Certification Framework” (EU-SEC)* aims to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international certifications can co-exist. EU-SEC will improve the business value as well as the effectiveness and efficiency of existing cloud security... Read More

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national... Read More

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our study, we have selected relevant schemes for IOT products, that are recognized in Europe and that propose self-assessment up to... Read More

When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near future. Stemming from this assumption, the IACS Cybersecurity Certification Framework (ICCF) inspired the European Cybersecurity Certification Framework (ECCF). Now that... Read More

IEC 62443 has steadily developed into an internationally recognized standard for the security of connected products. Initially designed to serve the domain of Industrial Control Systems and Applications, IEC 62443 is now widely regarded as a reference standard for the assessment of industrial components, as well as medical devices, network... Read More

Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements are intended to minimize the risks of successful attacks commonly taking advantage of poor design in IoT devices bringing severe... Read More

The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. The project team... Read More

This presentation will look at the processes to be applied if an already-certified product needs to be updated. The problem is known: Every product needs to be updated from time to time, based on security or functional reasons. But what are the possibilities if the product is already certified? Is... Read More

A final recommendation by CSPCERT to the European Commission was accomplished at the Amsterdam Plenary of the Digital Single Market. Co-Authored by the speaker, this presentation will focus on the results of those recommendations as they directly correlate to the European Union Cybersecurity Act. The presentation will highlight the findings... Read More

Description to come.

This presentation will share experiences in the use of existing security certification frameworks for commercial mass-market products, both from the perspective of chairing the Trusted Computing Group’s certification program for key security technologies, and from the point of view of an IT vendor. The presenter will discuss those different perspectives,... Read More

This panel, featuring founding and contributing partners to the Charter of Trust, will discuss some of Key Principles of the Charter: (Principle 2) Responsibility throughout the digital supply chain, and (Principle 7) mandatory independent third-party certifications (based on future-proof definitions, where life and limb is at risk in particular) for... Read More

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,... Read More

At the ICMC conference in 2018, Oracle presented concerns that the EU’s Cybersecurity Act could balkanize Common Criteria and its community. Now that the Act has come into force this talk will re-examine if these concerns have been addressed, and what the remaining challenges are in the Act’s implementation. The... Read More

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national... Read More

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this session will show the fundamental choices in the standard and the implementation in a scheme that lead to such an... Read More

How high-secure Technologies support IoT devices on level “basic“ and “substantial.“ The question of how to secure the Internet-of-Things in a simple way is not easy to answer. It is as complex as the question how to assess the level of trust for these IoT devices and their smart services... Read More

With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of trust that protect critical assets and processes. However, for higher layers, schemes must be optimized to tackle the volume of... Read More

Description to come.

Description to come.

Can modern product assurance programs be designed to keep pace with agile development? Yes! Not only is it possible, but a shift to “agile assurance” is a necessary step towards restoring trust and credibility to the cyber supply chain. This presentation focuses on the use of automation and supporting methodologies... Read More

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively... Read More

Description to come.

A final recommendation by CSPCERT to the European Commission was accomplished at the Amsterdam Plenary of the Digital Single Market. Co-Authored by the speaker, this presentation will focus on the results of those recommendations as they directly correlate to the European Union Cybersecurity Act. The presentation will highlight the findings... Read More

Description to come.

Description to come.

This session will look at what is required to ensure that the connected world is secure. Specifically it will look at third party certification and what we need to do to verify the security of the connected products and eco-system. From the view point of a developer with many years... Read More

The next generation of cybersecurity required for the digital economy will be led by a collective effort from ICT vendors, government agencies, and academia. Their collaboration in regulation and standardization, with a focus on establishing rigorous technology testing by qualified agencies and labs, will be crucial in securing the digital... Read More

Description to come.

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for example. With many global industry players such as OEM/device manufacturers, IoT service providers, MNOs and automotive companies now deploying these... Read More

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our study, we have selected relevant schemes for IOT products, that are recognized in Europe and that propose self-assessment up to... Read More

Modern feature-oriented development requires fast release cycles for SW of connected devices already deployed in the field. For IoT sectors such as critical infrastructures as well as industrial IoT, the security of such systems is of high importance for the business continuity as well as country level safety. Additionally, underlying... Read More

The Cybersecurity Act was one of the most debated legal packages under the Juncker’s Commission. Its adoption has requested a number of compromises and months of discussions by hundreds of stakeholders and experts: as an example, industry, service providers, operators, regulators and legislators have been discussing since its first draft... Read More

Description to come.

Securing network and information systems in the European Union has been deemed as a key objective in an effort to keep the EU online economy functional and secure. The purpose of the EU cybersecurity certification framework under the Regulation (EU) 2019/881 (“EU Cybersecurity Act”) is to establish and maintain the... Read More

Description to come.

When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near future. Stemming from this assumption, the IACS Cybersecurity Certification Framework (ICCF) inspired the European Cybersecurity Certification Framework (ECCF). Now that... Read More

Description to come.

Description to come.

Description to come.

The certification related parts of the Cybersecurity act generally refer to ‘products, processes, and services’. This presentation will show how these elements interact to provide meaningful confidence of cybersecurity. It will highlight benefits and issues with evaluating/certifying each aspect.

Description to come.

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national... Read More

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our study, we have selected relevant schemes for IOT products, that are recognized in Europe and that propose self-assessment up to... Read More

IEC 62443 has steadily developed into an internationally recognized standard for the security of connected products. Initially designed to serve the domain of Industrial Control Systems and Applications, IEC 62443 is now widely regarded as a reference standard for the assessment of industrial components, as well as medical devices, network... Read More

Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements are intended to minimize the risks of successful attacks commonly taking advantage of poor design in IoT devices bringing severe... Read More

This presentation will look at the processes to be applied if an already-certified product needs to be updated. The problem is known: Every product needs to be updated from time to time, based on security or functional reasons. But what are the possibilities if the product is already certified? Is... Read More

Description to come.

There is an increasing awareness of the need for CyberSecurity as a hygiene factor for cyber products in general, as well as for more specialised security applications. That means we need CyberSecurity evaluations schemes to scale up to deal with larger numbers of products than we have traditionally dealt with.... Read More

With the introduction of the European Cyber Security Act (CSA), there is a lot of attention on the nature of mandatory versus optional product certification. This presentation will explore the business benefits of security evaluations as a mechanism to show accountability, due diligence, best practices and State Of the Art... Read More

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively... Read More

The project “European Security Certification Framework” (EU-SEC)* aims to create a European framework for certification schemes and evaluation concepts to secure cloud infrastructures. Within this framework, existing national and international certifications can co-exist. EU-SEC will improve the business value as well as the effectiveness and efficiency of existing cloud security... Read More

With GDPR being the law now for 18 month and privacy legislation emerging in more jurisdictions, organizations are seeking to utilize a common framework to demonstrate their commitment to PII protection to external stakeholders. This presentation will explore ISO/IEC 27701, a new privacy standard designed as an extension to ISO... Read More

With the introduction of the European Cyber Security Act (CSA), there is a lot of attention on the nature of mandatory versus optional product certification. This presentation will explore the business benefits of security evaluations as a mechanism to show accountability, due diligence, best practices and State Of the Art... Read More

When the Joint Research Centre’s IACS cybersecurity certification Thematic Group started in 2014, it was quickly obvious that IACS components would be the right object to certify in the near future. Stemming from this assumption, the IACS Cybersecurity Certification Framework (ICCF) inspired the European Cybersecurity Certification Framework (ECCF). Now that... Read More

IEC 62443 has steadily developed into an internationally recognized standard for the security of connected products. Initially designed to serve the domain of Industrial Control Systems and Applications, IEC 62443 is now widely regarded as a reference standard for the assessment of industrial components, as well as medical devices, network... Read More

Description to come.

This panel, featuring founding and contributing partners to the Charter of Trust, will discuss some of Key Principles of the Charter: (Principle 2) Responsibility throughout the digital supply chain, and (Principle 7) mandatory independent third-party certifications (based on future-proof definitions, where life and limb is at risk in particular) for... Read More

The IOT certification landscape is huge and it is probably an area where regulation is more than desirable as certification schemes are heterogeneous in so many ways. To conduct our study, we have selected relevant schemes for IOT products, that are recognized in Europe and that propose self-assessment up to... Read More

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this session will show the fundamental choices in the standard and the implementation in a scheme that lead to such an... Read More

Millions of IoT devices are expected to be granted security certifications with a Substantial security assurance level as defined by the Cybersecurity Act. At this level of assurance, the requirements are intended to minimize the risks of successful attacks commonly taking advantage of poor design in IoT devices bringing severe... Read More

How high-secure Technologies support IoT devices on level “basic“ and “substantial.“ The question of how to secure the Internet-of-Things in a simple way is not easy to answer. It is as complex as the question how to assess the level of trust for these IoT devices and their smart services... Read More

With a great variety of devices, new attack schemes, complex software, and limited security awareness, IoT represents a challenge for security certification. Traditional approaches remain suitable for the roots of trust that protect critical assets and processes. However, for higher layers, schemes must be optimized to tackle the volume of... Read More

The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. The project team... Read More

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively... Read More

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,... Read More

With GDPR being the law now for 18 month and privacy legislation emerging in more jurisdictions, organizations are seeking to utilize a common framework to demonstrate their commitment to PII protection to external stakeholders. This presentation will explore ISO/IEC 27701, a new privacy standard designed as an extension to ISO... Read More

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively... Read More

With GDPR being the law now for 18 month and privacy legislation emerging in more jurisdictions, organizations are seeking to utilize a common framework to demonstrate their commitment to PII protection to external stakeholders. This presentation will explore ISO/IEC 27701, a new privacy standard designed as an extension to ISO... Read More

Cyber-attacks know no borders and therefore cybersecurity standards and certifications play an indispensable role in achieving a safer ICT environment. While working towards a common cybersecurity product certification framework, the use of different lightweight certification schemes, is already a reality throughout Europe. Currently they are being used mainly by national... Read More

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this session will show the fundamental choices in the standard and the implementation in a scheme that lead to such an... Read More

As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively... Read More

The Open Web Application Security Project (OWASP) IoT Project is designed to help manufacturers, developers, and consumers better understand the security issues associated with the Internet of Things, and to enable users in any context to make better security decisions when building, deploying, or assessing IoT technologies. The project team... Read More

SESIP (Security Evaluation Standard for IoT Platforms) is a light-weight standard and methodology to apply Common Criteria to IoT Platforms. From the experience of the already running operational scheme, this session will show the fundamental choices in the standard and the implementation in a scheme that lead to such an... Read More

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for example. With many global industry players such as OEM/device manufacturers, IoT service providers, MNOs and automotive companies now deploying these... Read More

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for example. With many global industry players such as OEM/device manufacturers, IoT service providers, MNOs and automotive companies now deploying these... Read More

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,... Read More

ISCI is a working group which works for decades in Europe for developing methodology and supportive documents for Common Criteria Standard. This presentation will present: The uniqueness mixture of the team—working group of developers, laboratories and certification schemes public and provide which work together. They will explain their working methodology,... Read More

Today, SIMs & Secure Elements (SEs) are well proven hardware components, enabling various devices to be connected and trusted across many different applications such as payment, travel and authentication for example. With many global industry players such as OEM/device manufacturers, IoT service providers, MNOs and automotive companies now deploying these... Read More

Description to come.

Description to come.

At the ICMC conference in 2018, Oracle presented concerns that the EU’s Cybersecurity Act could balkanize Common Criteria and its community. Now that the Act has come into force this talk will re-examine if these concerns have been addressed, and what the remaining challenges are in the Act’s implementation. The... Read More

The Cybersecurity Act was one of the most debated legal packages under the Juncker’s Commission. Its adoption has requested a number of compromises and months of discussions by hundreds of stakeholders and experts: as an example, industry, service providers, operators, regulators and legislators have been discussing since its first draft... Read More

Discussion on standardization efforts under various national frameworks.

Description to come.

The next generation of cybersecurity required for the digital economy will be led by a collective effort from ICT vendors, government agencies, and academia. Their collaboration in regulation and standardization, with a focus on establishing rigorous technology testing by qualified agencies and labs, will be crucial in securing the digital... Read More

This presentation will share experiences in the use of existing security certification frameworks for commercial mass-market products, both from the perspective of chairing the Trusted Computing Group’s certification program for key security technologies, and from the point of view of an IT vendor. The presenter will discuss those different perspectives,... Read More