Home » Free webinar - Cybersecurity standards and certification - the challenges

Free webinar - Cybersecurity standards and certification - the challenges

One of the challenges in cybersecurity is having to get certification in different countries.  

In this webinar, we will cover the issues of the gaps in cybersecurity certification, including harmonization.   We will touch upon some key areas, such as trust, harmonisation, GDPR, governance, risk management, among other topics of interest within the cybersecurity community.

The webinar will be held on Wednesday, September 5, 2018, at 10:30 CET

Who should attend

The webinar is open to all interested in the cybersecurity landscape, especially those concerned with certification and compliance, i.e., those who need to certify, those who need to provide technical solutions, those who want to buy certified solutions and systems, those who need to advise.


Time Session
10:30 - 10:35 Cyberwatching.eu - The EU Cybersecurity & Privacy Observatory
Nicholas Ferguson.  Trust-IT Services & Cyberwatching.eu project
10:35 - 10:45

Certification: a government view
Colin Whorlow, National Cyber Security Center UK

10:45 - 10:55

The European Security Certification Framework: Initial Results From the EU-SEC Project
Jürgen Großmann, Fraunhofer FOKUS & EU-SEC project

10:55 - 11:05 Architecture and composition in security standards
Holger Blasum, SYSGO & CertMLS project
11:05 - 11:15 Q&A
11:15 - 11:25 Does certification engender trust?
Scott Cadzow, Cadzow Communications Consulting & StandICT EAG
11:25 - 11:35 GDPR: the possible value of certification in data protection compliance and accountability
Paolo Balboni, ICT Legal Consulting
11:35 - 11:45 About ECSO Working Group1
Standardisation, certification, labelling and supply chain management

Mark Miller, CONCEPTIVITY, Cyberwatching.eu
11:45 - 11:55 Risk Management In the Certification and GDPR Realm
Francesco Manca, AON
11:55 - 12:05 TRUst-Enhancing certified Solutions for SEcurity & protection of Citizens’ rights in digital Europe
Jon Kingsbury, Knowledge Transfer Network
12:05 - 12:15 Q&A




Paolo Balboni
Paolo Balboni (Ph.D.) is a top tier European ICT, Privacy & Data Protection lawyer and serves as Data Protection Officer (DPO) for multinational companies. Professor of Privacy, Cybersecurity, and IT Contract Law at the European Centre on Privacy and Cybersecurity (ECPC) within the Maastricht University Faculty of Law. Lead Auditor BS ISO/IEC 27001:2013 (IRCA Certified). Dr. Balboni (qualified lawyer admitted to the Milan Bar) is a Founding Partner of ICT Legal Consulting (ICTLC), a law firm with offices in Milan, Bologna, Rome, an International Desk in Amsterdam, and multiple Partner Law Firms around the world. He is the Co-Chair of the CSA Privacy Level Agreement Working Group, President of the European Privacy Association based in Brussels and the Cloud Computing Sector Director and Responsible for Foreign Affairs at the Italian Institute for Privacy based in Rome.

Holger Blasum

Holger Blasum is a research engineer at SYSGO and doing PikeOS verification at SYSGO. He previously studied mathematics at LMU Munich (diploma in mathematical logic). In the Verisoft XT project he has worked on static analysis of PikeOS systems code, in particular memory management, with the Verifying C Compiler (VCC). In EURO-MILS and certMILS he has supported CC artefact generation and researched on their use for compositional certification.He is active in the MILS community (http://mils.community/) and the Common Criteria User's Forum Separation Kernel Working Group. Before, he had also participated in the Formal Methods subgroup of the DO-178C.

Scott Cadzow
Scott Cadzow has over the past 20 years become a recognized standards development expert, primarily for security standards, in a number of international standards development organizations including ETSI, ITU-T and ISO. Scott has also contributed to reports from ENISA on network resilience, supply chain integrity and on measures to counter internet bullying. More recently Scott has been involved in a number of projects under the FP7/CIP/H2020 umbrella looking at security and privacy aspects of smart cities. This has led Scott to take a wider view at the whole interoperability conundrum and to address the need to look more deeply at the problems we will face with the IoT and dynamic self-configuring equipment in the world of GDPR, NIS and the CyberSecurity acts to come.

Nicholas Ferguson
Nicholas Ferguson, Digital Communications Strategist & Project Manager. Nicholas has an MSc in Educational Management and a BA Hons in Politics and Sociology. He is the coordinator of the Common Dissemination Booster (CDB) as well as the coordinator of cyberwatching.eu. Previously, he was the coordinator of the CloudWATCH2 project and deputy coordinator of CloudWATCH, SLA-Ready, SIENA and OGF-Europe. He excels in building & promoting innovative tools and services in the ICT innovation landscape. His work focuses on raising awareness of novel tools and services in ICT, in the private, especially SMEs and public sectors as well as providing contributions to the adoption of ICT Standards. Since its launch in 2009, Nicholas managed the Cloudscape Series, www.cloudscapeseries.eu that grew from a funded initiative by the EC to becoming a self-sustaining event attracting international thought leaders in the cloud space in Europe. Nicholas has also played an instrumental role in the evolution of the yearly concertation meetings of the CloudWATCH & CloudWATCH2 projects.

Jürgen Grossmann
Dr.-Ing. Jürgen Großmann is team leader at Fraunhofer FOKUS and member of the Competence Center "System Quality Center" (SQC). He is responsible for validation, verification and testing projects on next generation networks and software technologies for embedded systems. Jürgen Großmann is an expert on model-based development, model driven testing as well as in security risk assessment, security engineering and security testing. He has experiences in numerous standardization activities for various standardization bodies, including OMG, ETSI and AUTOSAR.

Jon Kingsbury
Jon’s industry experience includes 15 years of senior business, production and commissioning roles at Channel 4.com and at BBC Online, including responsibility for operational technical and editorial quality across www.bbc.co.uk. As Head of External Supply, Jon oversaw the opening up of BBC Online’s production to a wide range of more than 500 innovative digital companies. He was also Director of Creative Economy programmes at Nesta, where he set up and ran the Creative Business Mentor Network and the Digital R&D Fund for the Arts, and funded several open data initiatives. A passionate advocate of design and media education, Jon is a board governor at Ravensbourne College of Art & Design. His role as Head of Digital Economy & Creative Industries at KTN includes coverage of Immerse UK, leading the UK’s immersive technology advancement.

Francesco Manca
Francesco Manca is Cyber Security Senior Specialist at AON Global Risk Consulting Italy. Gained with highest honors the Master’s Degree in Management Engineering at the Università di Napoli Federico II. He began his career in Management Consulting in the Governance, Risk, Compliance field in Information Security. His experience an experience in projects in national and international companies (Banking, IT providers, Energy & Resource, Financial Services, Technology, Utilities) with the below main skills: support the client to assess and reach the conformity with the standards and laws in IT and privacy (e.g. GDPR, ISO27001, ISO 22301, eIDAS, AGID, ITIL, COBIT, etc.), process, policy and procedures definition in the IT and IT security field, assess the Cyber Risk Exposure Level, IT Internal and third party Audit, Defining Business Continuity and Disaster Recovery Plans and Related Operating Procedures following Best Practices (e.g. ISO22301; ISO31000...), Cyber Risk Assessment, Business Impact Analysis, supporting the clients to achieve compliance with the GDPR. With the Aon’s team he defined a Cyber Risk impact quantification model and in his career supported the certification 3 companies in ISO27001:2013 standard, 2 companies to be a QTSP (qualified trusted service provider). Has a significant experience in providing IT security services for the largest IT provider for the Italian social and healthcare field. He’s a ISO 22301 Lead Auditor.

Mark Miller
Mark Miller is the Founder and CEO of CONCEPTIVITY and is part of the cyberwatching.eu consortium.  He has over 29 years of experience in defence, security, information technology and international supply chain security issues. He brings a breadth of expertise, which addresses key areas for cyberwatching.eu. He is the Vice Chairman of the European Organisation for Security (EOS) as well a Member of the Board of Directors of the European Cyber Security Organisation (ECSO). He is a graduate of the Massachusetts Institute of Technology (MIT) holding a degree from the MIT Electrical Engineering and Computer Science Department as well as an MBA from the International Institute for Management Development (IMD). He has competed certificates in 10 areas as a cyber-security expert under the US DHS (FEMA) covering broad aspects such as policy, legislation, regulation, ethics, white collar crime, planning, prevention, mitigation, and forensics. He is also a designated expert in the ERNCIP Smart Grids and Industrial Control Systems Expert Group (under the EC JRC) addressing cyber security issues in the industrial and smart grids context. He also was an important contributor to the development of the European Security Label concept as part of ESRIF.

Colin Whorlow

Colin Whorlow has worked in the UK National Cyber Security Centre (NCSC), and its predecessor CESG, for 20 years. Now Head of International Standards he was formerly Head of International Relations where he led CESG's engagement on EU and NATO information assurance issues. Colin has spearheaded NCSC's active involvement in global security standards work including within ETSI and 3GPP. He convened the ETSI QSC ISG, now a Working Group within TC Cyber, and is a Programme Committee member for the annual ETSI/IQC Quantum-safe cryptography workshops. Colin is a member of the Management Board of ENISA (European Network and Information Security Agency) and of the SOG-IS Management Committee. He has led workshops on the impact of Cybersecurity on Critical Information Infrastructure Protection as part of the Meridian Process and at the Budapest Conference on Cyberspace. Previously Head of Export Control Colin chaired the Information Security Technical Working Group at the Wassenaar Arrangement for some years. Colin's degree is in mathematics, which he read at Oxford University.


On the event of the adoption of the draft regulation laying down measures for a high common level of cybersecurity at the institutions, bodies, offices and agencies of the Union, the AI4HealthSec project kicked off a process to provide its opinion.