Assurance, Audit, and Certification | COcyber

Language

English

Category Type

Knowledge Domain

Description

This domain refers to the methodologies, frameworks and tools that provide ground for having confidence that a system,software, service, process or network is working or has been designed to operate at the desired security target or according to a defined security policy.

In Schemes

http://data.jrc.ec.europa.eu/ontology/cybersecurity/cybersecurity-taxon…

http://data.jrc.ec.europa.eu/ontology/cybersecurity/knowledge_domain

Narrower

URI

http://data.jrc.ec.europa.eu/ontology/cybersecurity/assurance_audit_certificati…

Notation

assurance_audit_certification

SAMA PARTNERS Business Solutions GmbH

Short name

SAMA PARTNERS

Profile type

Organisation

Country

Organisation type

SME

Website

https://www.samapartners.com

Contact name

Christopher Beck

Contact phone

User role in organisation

Administrative Officer

Knowledge Domains

Assessment of information security effectiveness and degrees of control

Assurance, Audit, and Certification

Attack modelling, techniques, and countermeasures

Attack techniques

Automating security functionality

Compliance with information security and privacy policies, procedures, and regulations

Computer ethics and security

Coordination and information sharing in the context of cross-border/organizational incidents

Post-quantum cryptography

Cyber ranges, Capture the Flag exercises, simulation platforms, educational/training tools, cybersecurity awareness

Cybersecurity and cyber-safety co-engineering

Cybersecurity concepts, definitions, ontologies, taxonomies, foundational aspects

Cybersecurity regulation analysis and design

Cybersecurity-aware culture

Data Security and Privacy

Data usage control

Design, implementation, and operation of data management systems that include security and privacy functions

Digital Rights Management

Eavesdropping techniques

Privacy Enhancing Technologies

Privacy requirements for data management systems

Risk analysis and attacks with respect to de-anonymization or data re-identification

Digital forensic case studies

Digital forensic processes and workflow models

Digital watermarking

Distributed consensus techniques

Distributed systems security

Distributed systems security analysis and simulation

Economic aspects of the cybersecurity ecosystem

Education and Training

Education methodology

Professional training

Vocational training

Enhancing risk perception

Fault injection testing and analysis

Formal specification of various aspects of security

Formal specification, analysis, and verification of software and hardware

Formal verification of security assurance

Governance aspects of incident management, disaster recovery, business continuity

Human aspects of trust

Human perception of cybersecurity

Human-related risks/threats

Non-intrusive security

Privacy concerns, behaviours, and practices

Psychological models and cognitive processes

Security visualization

Socio-technical security

Transparent security

User acceptance of security policies and technologies

Identification of the impact of hardware and software changes on the management of Information Security

Identity and trust management

Identity and attribute management models, frameworks, applications, technologies, and tools

Identity management quality assurance

Legal aspects of identity management

Optical and electronic document security

Privacy and identity management

Protocols and frameworks for authentication, authorization, and rights management

Incident Handling and Digital Forensics

Incident analysis, communication, documentation, forecasting, response, and reporting

Policy issues related to digital forensics

Resilience aspects

Theories, techniques and tools for the identification, collection, attribution, acquisition, analysis and preservation of digital evidence

Vulnerability analysis and response

Information flow modelling and its application to confidentiality policies, composition of systems, and covert channel analysis

Intrusion detection and honeypots

Investigations of computer crime (cybercrime) and security violations

Legal and societal issues in information security

Malware analysis including adversarial learning of malware

Managerial aspects concerning information security

Managerial, procedural and technical aspects of network security

Measurement and assessment of security levels

Model-driven security and domain-specific modelling languages

Modelling of cross-sectoral interdependencies and cascading effects

Network and Distributed Systems

Network attack propagation analysis

Network interoperability

Network layer attacks and mitigation techniques

Network security (principles, methods, protocols, algorithms and technologies)

Network steganography

Privacy-friendly communication architectures and services

Protocols and frameworks for secure distributed computing

Requirements for network security

Secure distributed computations

Secure system interconnection

New theoretically-based techniques for the formal analysis and design of cryptographic protocols and their applications

Privacy impact assessment and risk management

Processes and procedures to ensure device end-of-life security and privacy

Quantitative security for assurance

Refinement and verification of security management policy models

Risk management, including modeling, assessment, analysis and mitigation

Runtime security verification and enforcement

Secure programming principles and best practices

Secure software architectures and design

Security and risk analysis of components compositions

Security Management and Governance

Standards for Information Security

Techniques to ensure business continuity/disaster recovery

Threats and vulnerabilities modelling

Security analytics and visualization

Security metrics, key performance indicators, and benchmarks

Validation and comparison frameworks for security metrics

Security requirements engineering with emphasis on identity, privacy, accountability, and trust

Security testing and validation

Semantics and models for security, accountability, privacy, and trust

Software and Hardware Security Engineering

Vulnerability discovery and penetration testing

Trust Management and Accountability

Trust and privacy

Trust and reputation of social and mainstream media

Trust in decision making algorithms

Trust in securing digital as well as physical assets

Trust management architectures, mechanisms and policies

Trusted computing

Sectors

Digital Services and Platforms

Manufacturing and supply chain

Safety and Security

Telecomm Infrastructure

Technologies

Artificial intelligence

Cloud, Edge and Virtualisation

Industrial IoT and Control Systems

Information systems

Operating systems

Quantum Technologies

Use Cases

Critical Infrastructure Protection

Dual-use rating

Low

Programmes

Digital Europe ECCC 2026

Profile completeness

100%