Cybersecurity/Network and Information security

Available (150)

Showing 1 - 12 per page



Fernando Suárez

Country
Spain
Fellow's country
Spain
Open Call Topics
Cybersecurity/Network and Information security
Big Data & Open data
Artificial Intelligence
Digital skills
Digital learning
E-Government
Linkedin Profile
LinkedIn
Open Call
OC#1 2029
Organisation type
Government/Public Services
Organization
General Council of Computer Engineering of Spain
Organization website
General Council of Computer Engineering of Spain
Portrait Picture
Fernando
Standards Development Organisation
ISO/IEC
CEN/CENELEC
ETSI
StandICT.eu Year
2029
Year
2026

Olvis Enrique Gil Ríos

Country
Austria
Fellow's country
Austria
Open Call Topics
Cybersecurity/Network and Information security
Accessibility of ICT products and services
Artificial Intelligence
Digital skills
Digital learning
E-Invoicing
Blockchain and Distributed Ledger Technologies
Linkedin Profile
LinkedIn
Open Call
OC#1 2029
Organisation type
IT Consultancy/Development
Organization
OG Technologies EU
Organization website
OG Technologies EU
Portrait Picture
Olvis
Standards Development Organisation
ISO
CEN/CENELEC
W3C
StandICT.eu Year
2029
Year
2026

ISO/IEC FDIS 29128-2 Evaluation Methods and Activities for Cryptographic Protocols

ISO/IEC FDIS 29128-2 Information security, cybersecurity and privacy protection — Verification of Cryptographic Protocols Part 2: Evaluation Methods and Activities for Cryptographic Protocols

This document defines the evaluation methods and activities to assess the artefacts defined in Part 1 for the verification of the correctness and security of a cryptographic protocol specification using the framework from ISO/IEC 15408-4.

Daniel Waszkiewicz
Cybersecurity/Network and Information security
ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
ISO/IEC
Standard
Final text received or FDIS registered for formal approval [50.00]

ISO/IEC 18045:2022 Evaluation criteria for IT security — Methodology for IT security evaluation

ISO/IEC 18045:2022 Information security, cybersecurity and privacy protection — Evaluation criteria for IT security — Methodology for IT security evaluation

This document defines the minimum actions to be performed by an evaluator in order to conduct an ISO/IEC 15408 series evaluation, using the criteria and evaluation evidence defined in the ISO/IEC 15408 series.

> Expected to be replaced by ISO/IEC 18045 within the coming months.

Elzbieta Andrukiewicz
Cybersecurity/Network and Information security
ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
ISO/IEC
Standard

ISO/IEC 15408-5:2026 Evaluation criteria for IT security PART 5 Predefined packages of security requirements

ISO/IEC 15408-5:2026 Evaluation criteria for IT security PART 5 Predefined packages of security requirements

This document provides packages of security assurance and security functional requirements intended to be useful in supporting common usage by stakeholders.

Users of this document may include consumers, developers, and evaluators of secure IT products.

Elzbieta Andrukiewicz
Cybersecurity/Network and Information security
ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
ISO/IEC
Standard
International Standard published [60.60]

ISO/IEC 15408-4:2022 Part 4: Framework for the specification of evaluation methods and activities

ISO/IEC 15408-4:2022: Information security, cybersecurity and privacy protection — Evaluation criteria for IT security Part 4: Framework for the specification of evaluation methods and activities

 

This document provides a standardised framework for specifying objective, repeatable and reproducible evaluation methods and evaluation activities.

This document does not specify how to evaluate, adopt, or maintain evaluation methods and evaluation activities. These aspects are a matter for those originating the evaluation methods and evaluation activities in their particular area of interest.

Elzbieta Andrukiewicz
Cybersecurity/Network and Information security
ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
ISO/IEC
Standard
International Standard to be revised [90.92]

Mateusz Zych

Description of Activities

The fellowship addressed key limitations found in version 2.0 of the OASIS Collaborative Automated Course of Action Operations (CACAO) standard. While CACAO v2.0 introduced the first machine-readable format for cybersecurity playbooks, real-world use revealed gaps that limited interoperability and automation. The most critical issues included ambiguous schema elements, unclear execution semantics, and limited support for graphical and modular representations needed to visualize and exchange playbooks. From a European standpoint, these shortcomings directly affected operations. SOCs, CSIRTs, and critical infrastructure operators faced difficulties creating executable playbooks, hindering the coordinated responses envisioned by the NIS2 Directive, the Cyber Solidarity Act, and the EU Cyber Crisis Blueprint.

The fellowship, therefore, focused on three main goals:
1. Consolidating feedback from European and international stakeholders who implemented CACAO v2.0.
2. Designing and drafting CACAO v3.0 — a major revision introducing structural schema improvements, more precise execution semantics, and modular extensibility.
3. Aligning the work with EU cybersecurity policy and operational priorities so that standardized, machine-readable playbooks can support coordinated preparedness and response.

The effort resulted in the ongoing working CACAO v3.0 Draft Specification and accompanying validation outputs, now progressing toward formal adoption within OASIS. By resolving the main technical and semantic issues, the fellowship strengthened Europe’s role in cybersecurity standardization. It established a solid, vendor-neutral foundation for automated, collaborative cyber defense across the EU.
 

Country
Norway
Impact on SMEs (9th Open Call)
The development of CACAO v3.0 directly benefits European SMEs by reducing technical and financial barriers to adopting advanced cybersecurity practices. The standard’s open and vendor-neutral design allows smaller organizations to integrate automated playbooks into their operations without relying on costly, proprietary tools. This strengthens their incident response capabilities and helps them meet the security and reporting obligations set out in the NIS2 Directive and the Cyber Solidarity Act.
Beyond SMEs, CACAO v3.0 enhances resilience across European digital infrastructure by enabling harmonized, machine-readable playbooks that support faster, coordinated responses to incidents affecting critical services such as energy, healthcare, and public administration.
Impact on society (9th Open Call)
The fellowship directly supports Europe’s goals for cyber resilience, digital sovereignty, and trust in critical infrastructure. By improving CACAO’s technical maturity and usability, the work enables more organizations—especially SMEs and public-sector entities—to adopt standardized, automated cybersecurity playbooks without reliance on proprietary technologies.

The resulting CACAO v3.0, with better schematics and semantics specification, offers easier, more coordinated responses to cyber incidents, reducing disruption to essential services such as healthcare, energy, and transport. It also reinforces cross-border cooperation and preparedness through machine-readable, reusable response procedures, enabling Member States and operators of essential services to collaborate under shared frameworks like NIS2 and the Cyber Solidarity Act.

Ultimately, this work enhances Europe’s capacity to defend against complex threats while fostering open collaboration, transparency, and interoperability—key enablers of a secure and digitally independent European society
Linkedin Profile
Mateusz Zych
Open Call
OC#9 2026
OC#1 2029
Organisation type
Academia/Research
Organization
University of Oslo
Organization website
University of Oslo
Portrait Picture
Mateusz Zych
Proposal Title (9th Open Call)
CACAO v3.0: Enhancing Interoperable Cybersecurity Playbooks for EU-wide Response
Read more
OASIS TCS CACAO
Standards Development Organisation
OASIS
StandICT.eu Year
2026
2029
Year
2026
Topic (9th Open Call)
Cybersecurity/Network and Information security

Godred Fairhurst

Description of Activities

This was a one-shot contribution to provide travel support for participation to the Internet Engineering Task Force (IETF), and specifically participation at the July 2025 plenary meeting in Madrid. I attended this meeting as an Internet Transport expert contributing work and progressing standards to support the evolution of the Internet and its support for enhanced resilience, authentication and privacy. An in-person attendance at the technical sessions also allowed me to progress the work for which I am an editor: Qlog draft-ietf-tsvwg-careful-resume-qlog, a transport specification based on the “qlog” specification being developed by the IETF QUIC; and a recent work item in the IETF Congestion Control working group, “Increase of the Congestion Window when the Sender Is Rate-Limited” (draft-ietf-ccwg-ratelimited-increase). In-person participation at this meeting is particularly important in my current role as an Area Director of the WIT Area, where I will help organise and oversee the meeting as a whole and specifically support the WIT area WG chairs in organising WG sessions and supporting cross area review of emerging specifications.

Country
United Kingdom of Great Britain and Northern Ireland (the)
Open Call Topics
Cybersecurity/Network and Information security
Impact on society (8th Open Call)
Development of new IETF secure and resilient standards are important for a digital society. Since the last IETF plenary meeting 74 documents had been approved for publication in the last quarter and 83 RFCs had been published. Two new IAB workshops were announced: Joint
IAB/W3C Workshop on Age-Based Restrictions on Content Access and an IAB Workshop on IP Geolocation. The importance of standards was evident in serval meetings co-located with IETF-123. This including meetings with policy and regulators, a meeting on Multi-Stakeholder Forum on Internet Standards Deployment accompanied by an IEPG presentation by Rüdiger Martin of the Internet Governance Team from DG-CNECT, EU. This outlines plans around NIS2, and sought to develop understanding of challenges and barriers, provide timelines for deployments of protocols at scale and best current practice. The transport system is primarily concerned with robustness and resilience to disruption of the Internet service. IETF participants had various insights into the roll-out of new standards and the implications of the new regulatory landscape.
Impact on society (9th Open Call)
The IETF is the principal Internet SDO. IETF standards and guidelines are important to Broadband Infrastructure, ensuring resilience and security of Internet data.
The standards published by the IETF define the software, protocols, and practices implemented by equipment vendors and operators. When adopted by industry, these standards will be deployed by international companies such as Apple, Google, Meta, Cloudflare and others. Specifications in the working groups for which I am the responsible Area Director include: Differentiated Services, new transport protocol mechanisms and the effects of pervasive encryption, protocol design, network infrastructure operation. It is important that new specifications consider user privacy, security, resilience and robustness to build the next generation of Internet applications and service.
Open Call
OC#8 2026
OC#9 2026
Organisation type
Academia/Research
Organization
University of Aberdeen
Organization website
University of Aberdeen
Portrait Picture
Godred Fairhurst
Proposal Title (8th Open Call)
Support for IETF transport protocol standardisation at the July 2025 Plenary Meeting
Proposal Title (9th Open Call)
Travel Support for the Montreal Internet Engineering Task Force (IETF) plenary meeting
Standards Development Organisation
IETF
StandICT.eu Year
2026
Topic (8th Open Call)
Cybersecurity/Network and Information security
Topic (9th Open Call)
5G and Beyond (6G)
Subscribe to Cybersecurity/Network and Information security