Work package 7: Recommendations for Trustworthiness Enhancement Labels
This WP aims to define recommendations for trust-enhancing labels, so as to promote their use of and ultimately enhance the perception of cyber-risks, with the aim to promote the integration of tools that assess and certify the level of compliance with European cybersecurity and privacy regulations by manufacturers and suppliers of cyber-physical systems (CPS), both the traditional ones and also those belonging to new domains (e.g., healthcare, wearable devices, cloud services, IoT, critical infrastructures, SCADA). Rather than creating “yet another” trustworthiness label, TRUESSEC.EU will provide recommendations that existing or new trustworthiness labels can take.In order to achieve this objective, the project will:
- Study existing trustworthiness labels and security and privacy assessment and assurance tools in Europe from the dimensions of: cost/benefit, technological realms addressed (e.g. IoT, healthcare, wearables, cloud services, etc.), social perception based on citizen profile aspects (including gender), and incentives and barriers to their adoption. This information will be collected in WP2 by SHOP and studied here in WP7.
- Collect security and privacy requirements, criteria and indicators of cybersecurity perception identified in WP 3, 4, 5, and 6, and the feedback from WP2 SHOP, and define the levels associated to the fulfilment of these requirements.
- Propose a set of recommendations that tools should stick to, in order to evaluate the level of fulfilment of the security and privacy requirements by trustworthiness labels used in Europe, and state an easy-to- understand way to show the assured level of security and privacy to end users and citizens.
- Define a roadmap to guide stakeholders on launching ETEL awareness campaigns to inform citizens and end users about the levels of trust the label should show, depending on the kind of ICT product or service provided, based on the kind and sensibility of information collected from the end user, and of the service itself.
- Feed the recommendations issued to associated cluster projects, for their inclusion in their own developments.
This WP is related to all the other WPs of the project: WP2 from which requirements are captured and where feedback is provided; WP3-6 whose conclusions feed the Recommendations for an ETEL
Deliverable 7.1 - Evaluation of exiting trustworthiness seals and labels