PUBLICATIONS
EVENTS
NEWS
Security by Default
Achieving Security by Default for processes, operations & architectures
17 Baseline Requirements aimed at enabling security into the design of processes, operations and architectures.
Read more
August 18, 2022
• 5 min read
Education
CoT Education White Paper 2021: Transforming Human Behavior in Cybersecurity
In its White Paper 2021, the Charter of Trust Principle 6 Education Taskforce shares practical advice on how to create a cybersafe culture based on the experience of CoT leaders. To this end, the paper outlines seven key recommendations for industry and government, which at the same time are a joint commitment of CoT Partners and Associated Partners.
Read more
October 12, 2024
• 5 min read
Security by Default
Achieving Security by Default: An Explanatory Document for the Phase 2 “Processes, Operations, Architectures” Baseline Requirements
The objective of this Explanatory Document is to provide additional information on the Phase 2 “Processes, Operations, Architectures” Baseline Requirements.
Read more
December 07, 2021
• 2 min read
Security by Default
Achieving Security by Default: An Explanatory Document for the Phase 1 “Products, Functionalities, Technologies” Baseline Requirements
The objective of this Explanatory Document is to define the critical cybersecurity requirements needed to deliver secure products, processes, services and business models.
Read more
June 02, 2021
• 5 min read
Security by Default
Achieving Security by Default for products, functionalities & technologies
Baseline Requirements aimed at enabling security into the design of products, functionalities and technologies.
Read more
May 19, 2020
• 2 min read
Security by Default
COVID 19 and how to securely work from home – key recommendations
The current COVID 19 crisis has led to an exponential increase in the numbers of WFH – people working from home – to safeguard public health. At the same time, there is an increased risk in terms of Cybersecurity.
Read more
March 20, 2020
• 5 min read
Supply Chain Security
Common risk-based approach for the Digital Supply Chain
Responsibility throughout the digital supply chain
Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as
– Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.
– Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.
– Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable life cycle for their products, systems, and services via a secure update mechanism.
Based on this statement, the CoT members developed a common risk-based approach aligned with international norms to help improve cybersecurity and provide visibility through the supply chain. Three elements form this risk-based approach:
– Baseline requirements are common for all digital suppliers and define the fundamentals that a supplier must address in order to ensure the cybersecurity foundations for their product/service
– Supplier criticality Digital suppliers have different criticalities depending on risk factors, which are also dependent on the context viewed by the purchaser
– Verification Verification to the baseline requirements is dependent on the criticality of the supplier
The purpose of this document is to describe such a risk-based approach and its impact on the digital supply chain with a focus on the various stakeholders throughout the digital supply chain.
Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards, such as
– Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.
– Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.
– Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable life cycle for their products, systems, and services via a secure update mechanism.
Based on this statement, the CoT members developed a common risk-based approach aligned with international norms to help improve cybersecurity and provide visibility through the supply chain. Three elements form this risk-based approach:
– Baseline requirements are common for all digital suppliers and define the fundamentals that a supplier must address in order to ensure the cybersecurity foundations for their product/service
– Supplier criticality Digital suppliers have different criticalities depending on risk factors, which are also dependent on the context viewed by the purchaser
– Verification Verification to the baseline requirements is dependent on the criticality of the supplier
The purpose of this document is to describe such a risk-based approach and its impact on the digital supply chain with a focus on the various stakeholders throughout the digital supply chain.
Read more
February 19, 2020
External Engagement
Seeing cybersecurity as an opportunity
How to protect your business effectively: specific measures for small and medium-sized enterprises.
Read more
January 16, 2020
• 5 min read
