General Organisation name in national language B10SEC CIBERSEGURANÇA E PROTEÇÃO DE DADOS Department or organisational unit Cybersecurity and Data Protection Address Sintra Portugal Country Portugal Legal status Private Entity type Other Website https://b10sec.com/ Management contact details First name Flávio Family name Shiga Position Partner and Founder E-mail contacto@b10sec.pt General contact e-mail contacto@b10sec.pt Knowledge Cybersecurity knowledge domains Assurance, Audit, and CertificationCryptology (Cryptography and Cryptanalysis)Data Security and PrivacyEducation and TrainingHuman aspectsIdentity ManagementIncident Handling and Digital ForensicsLegal aspectsNetwork and Distributed SystemsSecurity Management and GovernanceSecurity MeasurementsSoftware and Hardware Security EngineeringTheoretical Foundations Assurance, Audit, and Certification Subdomains AssessmentAssuranceAuditCertification Cryptology Subdomains Asymmetric cryptographyCryptanalysis methodologies, techniques and toolsDigital signaturesHash functionsSymmetric cryptography Data Security and Privacy Subdomains Anonymity, pseudonymity, unlinkability, undetectability, or unobservabilityData integrityData usage controlDesign, implementation, and operation of data management systems that include security and privacy functionsDigital Rights Management (DRM)Privacy Enhancing Technologies (PET)Privacy requirements for data management systemsRisk analysis and attacks with respect to de-anonymization or data re-identification (e.g. inference attack) Education and Training Subdomains Cyber ranges, Capture the Flag exercises, simulation platforms, educational/training tools, cybersecurity awarenessCybersecurity-aware culture (e.g. including children education)Education methodologyHigher educationProfessional trainingVocational training Human Aspects Subdomains Computer ethics and securityGamificationHuman aspects of trustHuman perception of cybersecurityHuman-related risks/threats (social engineering, insider misuse, etc.)User acceptance of security policies and technologies Identity Management Subdomains Biometric methods, technologies and toolsIdentity management quality assuranceLegal aspects of identity managementPrivacy and identity management (e.g. privacy-preserving authentication)Protocols and frameworks for authentication, authorization, and rights management Incident Handling and Digital Forensics Subdomains Anti-forensics and malware analyticsCoordination and information sharing in the context of cross-border/organizational incidentsDigital forensic case studiesDigital forensic processes and workflow modelsIncident analysis, communication, documentation, forecasting (intelligence based), response, and reportingVulnerability analysis and response Legal Aspects Subdomains Cybercrime prosecution and law enforcementIntellectual property rightsInvestigations of computer crime (cybercrime) and security violations Network and Distributed Systems Subdomains Distributed systems securityManagerial, procedural and technical aspects of network securityNetwork attack propagation analysisNetwork interoperabilityNetwork layer attacks and mitigation techniquesNetwork security (principles, methods, protocols, algorithms and technologies)Privacy-friendly communication architectures and services (e.g. Mix-networks, broadcast protocols, and anonymous communication)Protocols and frameworks for secure distributed computingRequirements for network securitySecure distributed computationsSecure system interconnection Security Management and Governance Subdomains Assessment of information security effectiveness and degrees of controlCapability maturity models (e.g. assessment of capacities and capabilities)Compliance with information security and privacy policies, procedures, and regulationsEconomic aspects of the cybersecurity ecosystemGovernance aspects of incident management, disaster recovery, business continuityIdentification of the impact of hardware and software changes on the management of Information SecurityManagerial aspects concerning information securityPrivacy impact assessment and risk managementRisk management, including modeling, assessment, analysis and mitigationStandards for Information SecurityTechniques to ensure business continuity/disaster recoveryThreats and vulnerabilities modelling Security Measurements Subdomains Measurement and assessment of security levelsSecurity analytics and visualizationSecurity metrics, key performance indicators, and benchmarksValidation and comparison frameworks for security metrics Software and Hardware Security Engineering Subdomains Attack techniques (e.g. side channel attacks, power attacks, stealth attacks, advanced persistent attacks, rowhammer attacks)Cybersecurity and cyber-safety co-engineeringFault injection testing and analysisIntrusion detection and honeypotsMalware analysis including adversarial learning of malwarePrivacy by designRefinement and verification of security management policy modelsRuntime security verification and enforcementSecure programming principles and best practicesSecure software architectures and design (security by design)Security and risk analysis of components compositionsSecurity design patternsSecurity documentationSecurity requirements engineering with emphasis on identity, privacy, accountability, and trustSecurity support in programming environmentsSecurity testing and validationVulnerability discovery and penetration testing Theoretical Foundations Subdomains Cybersecurity concepts, definitions, ontologies, taxonomies, foundational aspectsFormal specification of various aspects of security (e.g properties, threat models, etc.)Formal specification, analysis, and verification of software and hardwareFormal verification of security assuranceInformation flow modelling and its application to confidentiality policies, composition of systems, and covert channel analysis Research context Funding and projects Member of European Cyber Security Organisation (ECSO) No Changed 13-07-2021 12:45
