Questo sito utilizza cookies. Se continui la navigazione significa che approvi i nostri termini di utilizzo di cookies. Per saperne di più, leggi qui.
Launch of Prometheus-X new website! - Welcome to the future of Data Spaces in Europe

Technical group

Technical Working Group of the Education and Skills Data Space

Modifiche a "What are the key security issues to consider for DASES? "

Modalità di visualizzazione confronto:
Modalità visualizzazione HTML:

Titolo (Français)

  • +What are the key security issues to consider for DASES?
  • +What are the key security issues to consider for DASES?
Eliminazioni
Aggiunte
  • +What are the key security issues to consider for DASES?
Eliminazioni
Aggiunte
  • +What are the key security issues to consider for DASES?

Descrizione (Français)

  • +

    We are witnessing records amount of cyberattacks. Cybersecurity will be key to ensure the trust framework we wants for the Dataspace of Education and Skills.

    Cyberattacks are now carried out by professional hackers organised in gangs. There are several types of cyber attacks to consider:

    • ransomware
    • Log4j
    • SolarWinds
    • Malware
    • Emotet
    • denial of service (DoS) 
    • man-in-the-middle (MITM)
    • Phishing
    • SQL Injection
    • Password Attacks

    As some of the data exchanged within the dataspace may be personal data (eg learning traces), we will need to make sure those data are properly protected according to Art. 32 GDPR Security of processing. This article lists 4 actions:

    • a) the pseudonymisation and encryption of personal data;
    • b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
    • c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
    • d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.


    The questions we need to discuss are :

    • What are the potential security issues associated to our dataspace?
    • What barriers we can set up to avoid these issues?
    • What are the priorities?
    • What new or specific developments are required?
    • How to fund these developments?


  • +<p>We are witnessing <a href="https://www.pwc.co.uk/press-room/press-releases/two-thirds-of-uk-business-leaders-expect-cyber-security-threat-t.html" rel="noopener noreferrer" target="_blank">records amount of cyberattacks</a>. Cybersecurity will be key to ensure the <strong>trust framework</strong> we wants for the Dataspace of Education and Skills.</p><p>Cyberattacks are now carried out by professional hackers organised in gangs. There are several types of cyber attacks to consider:</p><ul><li>ransomware</li><li>Log4j</li><li>SolarWinds</li><li>Malware</li><li>Emotet</li><li>denial of service (DoS)&nbsp;</li><li>man-in-the-middle (MITM)</li><li>Phishing</li><li>SQL Injection</li><li>Password Attacks</li></ul><p>As some of the data exchanged within the dataspace may be personal data (eg learning traces), we will need to make sure those data are properly protected according to <a href="https://gdpr.eu/article-32-security-of-processing/" rel="noopener noreferrer" target="_blank">Art. 32 GDPR Security of processing</a>. This article lists 4 actions:</p><ul><li>a) the pseudonymisation and encryption of personal data;</li><li>b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;</li><li>c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;</li><li>d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.</li></ul><p><br></p><p>The questions we need to discuss are :</p><ul><li>What are the potential security issues associated to our dataspace?</li><li>What barriers we can set up to avoid these issues?</li><li>What are the priorities?</li><li>What new or specific developments are required?</li><li>How to fund these developments?</li></ul><p><br></p>
Eliminazioni
  • Log4j
  • SolarWinds
  • Malware
  • Emotet
  • denial of service (DoS) 
  • man-in-the-middle (MITM)
  • Phishing
  • SQL Injection
  • Password Attacks

As some of the data exchanged within the dataspace may be personal data (eg learning traces), we will need to make sure those data are properly protected according to Art. 32 GDPR Security of processing. This article lists 4 actions:

  • a) the pseudonymisation and encryption of personal data;
  • b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
  • c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
  • d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.


The questions we need to discuss are :

  • What are the potential security issues associated to our dataspace?
  • What barriers we can set up to avoid these issues?
  • What are the priorities?
  • What new or specific developments are required?
  • How to fund these developments?


Aggiunte
  • +

    We are witnessing records amount of cyberattacks. Cybersecurity will be key to ensure the trust framework we wants for the Dataspace of Education and Skills.

    Cyberattacks are now carried out by professional hackers organised in gangs. There are several types of cyber attacks to consider:

    • ransomware
    • Log4j
    • SolarWinds
    • Malware
    • Emotet
    • denial of service (DoS) 
    • man-in-the-middle (MITM)
    • Phishing
    • SQL Injection
    • Password Attacks

    As some of the data exchanged within the dataspace may be personal data (eg learning traces), we will need to make sure those data are properly protected according to Art. 32 GDPR Security of processing. This article lists 4 actions:

    • a) the pseudonymisation and encryption of personal data;
    • b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
    • c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
    • d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.


    The questions we need to discuss are :

    • What are the potential security issues associated to our dataspace?
    • What barriers we can set up to avoid these issues?
    • What are the priorities?
    • What new or specific developments are required?
    • How to fund these developments?


Eliminazioni
Aggiunte
  • +<p>We are witnessing <a href="https://www.pwc.co.uk/press-room/press-releases/two-thirds-of-uk-business-leaders-expect-cyber-security-threat-t.html" rel="noopener noreferrer" target="_blank">records amount of cyberattacks</a>. Cybersecurity will be key to ensure the <strong>trust framework</strong> we wants for the Dataspace of Education and Skills.</p><p>Cyberattacks are now carried out by professional hackers organised in gangs. There are several types of cyber attacks to consider:</p><ul><li>ransomware</li><li>Log4j</li><li>SolarWinds</li><li>Malware</li><li>Emotet</li><li>denial of service (DoS)&nbsp;</li><li>man-in-the-middle (MITM)</li><li>Phishing</li><li>SQL Injection</li><li>Password Attacks</li></ul><p>As some of the data exchanged within the dataspace may be personal data (eg learning traces), we will need to make sure those data are properly protected according to <a href="https://gdpr.eu/article-32-security-of-processing/" rel="noopener noreferrer" target="_blank">Art. 32 GDPR Security of processing</a>. This article lists 4 actions:</p><ul><li>a) the pseudonymisation and encryption of personal data;</li><li>b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;</li><li>c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;</li><li>d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.</li></ul><p><br></p><p>The questions we need to discuss are :</p><ul><li>What are the potential security issues associated to our dataspace?</li><li>What barriers we can set up to avoid these issues?</li><li>What are the priorities?</li><li>What new or specific developments are required?</li><li>How to fund these developments?</li></ul><p><br></p>
Numero della versione 1 di 1 Mostra tutte le versioni Torna al dibattito
Autore della versione
Avatar: Matt Sonnati Matt Sonnati
Versione creata il 05/01/2022 14:13