Welcome to LSEC, an internationally renowned Information security cluster, a not for profit organization that has the objective to promote Information Security and the expertise in BeNeLux and Europe. Founded by the University of Leuven (K.U. Leuven), supported by European Commission FP7 and leading a unique PAN European Private partnership that interacts with Public Institutions, LSEC connects security industry experts, research institutes and universities, government agencies, end users, funding bodies and technical experts who are driving national and European research agendas. LSEC activities aim to raise cyber security awareness, support innovation and competitiveness of the European IT- Security market and promote the visibility of its members.
May 25th, a historical day we've celebrated considering GDPR as a piece of cake. LSEC kicked off the official starting date of the GDPR (General Data Protection Regulation) offering its constuency experiences, technology and birthday cake. ForgeRock presented some considerations on using the core identity as the main architecture also for data protection. During the cases by FireEye, Excellium Services and BNP Paribas Fortis various views and perspectives were presented on how the transition has taken place, what the current actions and activities were and what the next steps are beyond the transition.
GDPR is a process that started years ago by many, and where adoption will continue over the years to come. Companies and organizations facing multiple challenges and developments. IBM and Symantec presented their ideas on identity, monitoring and data leakage prevention. Bitsensor presented a perspective on managing GDPR with DevOpps and agile in mind. CSI Tools presented a user management perspective from their experience in governance control for ERP-environments. Debates were held around ethics with Cathrin Sondergraard, future challenges, the state and development of the regulator. Ulrich Seldeslachts pointed to the challenging messages presented by the different DPA and the speed of ttransforming into national laws.
If you missed it, presentation materials are now available for download from GDPR Birthday Event page or look for the 2018-05-25 event on the activities.
April 26th, LSEC - and the Belgian Cyber Security Coalition (CSC) organised the an Experience Sharing day at the VBO / FEB in Brussels. Main topic was NIS and its developments. Especially for Belgian companies, the development of the NIS Directive which was published in June 2016, being transposed into Belgian law required an update. Thanks to the CCB (Center for Cybersecurity in Belgium), an update was presented on its current "under development" status, as this is the authority of the Belgian regulator. Many ingredients are taken from the Critical Infrastructure Protection (CIP)-legislation. The Operators of Essential Services (OES) have not yet been defined, but the list will be in line with the other Member States. Some indications were in any case presented during the day, some experiences from previous legislations shared amongst the attendees. FireEye opened the day with an overview of the relevance of NIS and Critical Infrastructure Protection from an adversary perspective, still (and increasingly) today. Forgerock presented some of its experiences and best practices from a GDPR perspective. Other talks were focused on the developments of GDPR (Jan Leonard of Orange Belgium and Willem De Beuckelaere of the developing Belgian DPA). Some a somewhat more practical challenging and concerns perspective, the other a somewhat more at ease point of view.
If you missed it, presentation materials are now available for download from NIS, GDPR and PSD2 in Practice, LSEC & the Cyber Security Coalition page or look for the 2018-04-26 event on the activities.
On April 27th, LSEC - cyber security hub - in collaboration with B-Hive - fintech hub - organized a first joint event focused on the ongoing innovative developments in the financial services domain impacting not only financial services, but also its supply chain and operational transactions such as cyber security and information security components.
An insightfull perspective by authentication expert Isabel group introduced us into some of the challenges, including authentication developments and helping understanding some of the complexities which resulted in the current RTS (regulatory technical standard) and SCA (Strong Customer Authentication) for TTP (trusted third parties). The PSD2 directive already exists since January 2016, and is currently being adopted by the European Member States, in particular their NCA (national competent authorities), usually the regulators. Next to the PSD2 directive that amongst other enables other companies to access account information for payment services, new developments such as API's are equally seeing their routes into market. The Glue and Oracle presented insightful views of the current developments towards Open API. The NBB (National Bank of Belgium), one of the co-authors of the RTS, keynoted the event with the core fundamental behind these developments and insights in some of the working that had led to its current state. He also indicated some future routes. Identity technology provider TrustBuilder and authentication providers Vasco and SDO presented their views on the role of existing and developing authentication technologies. During some of the panels, the operators such as Ingenico and Twiki reasoned on their current challenges and how they got there; Finally other security challenges were brought by BAE Systems, indicating that there is much more than authentication in securing these new developments.
For more information and documentation background, visit the event page.