EU-SEC has produced bundled training packages to distribute the ideas of its innovations.
For more information on the innovations visit:
Continuous Auditing based Certification Training and Awareness Package
EU-SEC’s continuous auditing approach will bring continuous assurance by addressing the lack of regularity and proactivity of traditional “point-in-time” certifications. The method developed for this is called continuous auditing based certification. By using technology to monitor and flag non-compliant activity on an ongoing basis, continuous auditing delivers an enhancement to traditional certification. It increases the assessment frequency via a continuous workflow. State of the art security monitoring systems supervise the IT security status by collecting data from the CSP information system. This collected data is further assessed and used as the basis for continuous auditing.
A high level motivation and explanation of continuous auditing based certification can be found in our explanation video.
In addition, the EU-SEC continuous auditing based certification training and awareness package contains guidelines, slides and documents that allow auditors, CSPs, Cloud Service Customers and regulators to understand the principles and details that are required for an implementation of continuous auditing based certification.
Scientific Papers
- Continuous Location Validation of Cloud Service Components
- A Process Model to Support Continuous Certification of Cloud Services
- Towards Continuous Security Certification of SaaS Applications Using Web Application Testing Techniques
- Evaluating the Performance of Continuous Test-based Cloud Service Certification
Multi Party Recognition Framework Training and Awareness Package
Cloud service providers are under considerable pressure to comply with several international, national, and sector specific standards and requirements. Such a proliferation of standards and requirements demands more resources be spent, increases compliance acquisition costs, and potentially also creates room for security vulnerabilities. As a consequence, the process of adhering to different standards, laws and regulations for CSPs is inefficient, with a lot of duplicated work that unduly increases costs and complexity. The EU-SEC project has worked on addressing these issues by, for instance, identifying the common denominators between widely known standards and presenting them under a well-defined and comprehensive framework, namely the EU-SEC’s Multi Party Recognition Framework (MPRF). The Framework has been validated by 4 consortium members in a 12 month pilot, the results of which have been used to improve the Framework.
A high level motivation and explanation of EU-SEC’s Multi Party Recognition approach can be found in our videos.
In addition, the EU-SEC multi party recognition training and awareness package contains guidelines, slides and documents that allow auditors, CSPs, Cloud Service Customers and regulators to understand the principles and details that are required for the implementation of multi party recognition between existing cloud security certification schemes such as ISO27001, SOC2, CSA STAR Certification and Attestation, BSI C5, and other national schemes or requirements in the domain of cloud security.