Abstractions Lab released the Alpha version of IDPS-ESCAPE on GitHub. IDPS-ESCAPE, part of the CyFORT suite of open-source cybersecurity software solutions, addresses various aspects of cybersecurity as an ensemble, targeting different user groups, ranging from public to private and from CIRT/CSIRT to system administrators. The design of IDPS-ESCAPE is targeted to cloud-native deployments, with an eye on CERT/CSIRT-operated monitoring systems. Click here to read the whole article
Posts By: Lynn Pinto
itrust Abstractions Lab released the Beta version of C5-DEC on GitHub
itrust Abstractions Lab released the Beta version of C5-DEC on GitHub. This release includes many new functionalities, mainly to assist with Common Criteria evaluations and efficient creation of technical documentation throughout the Secure Software Development Lift Cycle (SSDLC). We will be happy to receive your feedback at info@abstractionslab.lu
“The public administration sector is the main target of cyber attacks”
Succeed your NIS2 transition: Advice and solutions from itrust consulting
Interview with Smart Cities, translation by itrust consulting. The NIS2 Directive, Europe’s cybersecurity legislation, introduces legal measures designed to strengthen the protection of networks and information in a Europe faced with increasingly sophisticated threats and malicious acts. It will come into force in Autumn, at which time public and private entities actors will be requested to proof their credentials to the regulator, responsible for sanctioning any related breaches. Carlo Harpes, founder and managing director of itrust consulting, an expert in cybersecurity since 2007, sheds light on the challenges of compliance, and presents the tools specially developed by the company to meet those challenges. “When it comes to cybersecurity, everyone is responsible, especially managers, including sworn civil servants”. The European NIS2 directive will come into force this autumn. What do we need to know about it? Its noble aim is to prepare the public sector and certain new private sectors for the challenge of cybersecurity. It must be transposed by October 15, 2024, by which time all European entities concerned must be compliant. From that date onwards, they will be expected to manage cybersecurity according to “applicable international standards”, based on an “assessment of the probability and consequences” of a series of risk scenarios. It should be noted that they will be obliged to justify themselves to a national regulator, namely the Institut luxembourgeois de Régulation (ILR) or the CSSF for the financial sector. This second draft of the directive is worrying because it announces penalties similar to those for non-compliance with the GDPR and gives the ILR the right to impose measures including the removal of the top management. What the penalties will really punish is ignorance. Thus, top management is allowed to knowingly refuse to invest in important security measures and choose to run a risk, provided that such decisions are documented and justified. But it will not be entitled to ignore a request for information, or a binding instruction the regulator. How do your customers react to these requirements? They’re fed up with regulation and compliance. But there’s no point complaining: it’s all part of the zeitgeist. When we carry out GDPR compliance projects, we observe that about a third of the work is linked to documentation and may indeed seem tedious. But another third is devoted to training and empowering staff, a very productive step that many entities neglect. The final third of the effort… Read more »
C5-DEC CAD
C5-DEC, short for “Common Criteria for Cybersecurity, Cryptography, Clouds – Design, Evaluation and Certification”, is a sub-project of the CyFORT project, which in turn stands for “Cloud Cybersecurity Fortress of Open Resources and Tools for Resilience”. C5-DEC CAD, the software component of C5-DEC, is a suite of tools for computer-aided design and development (CAD), mainly dealing with: the creation and evaluation of secure IT systems according to the Common Criteria standards, secure software development life cycle (SSDLC), and what we refer to as cyber-physical system security assessment (CPSSA). This repository contains the source code and full documentation (requirements, technical specifications, user manual, test case specifications and test reports) of C5-DEC CAD, exemplifying the C5-DEC method, which relies on storing, interlinking and processing all software development life cycle (SDLC) artifacts in a unified manner.