Transparency as a Security Control: Rebuilding Trust in Technology
As governments increasingly deploy powerful digital tools—biometrics, surveillance AI, predictive analytics—the public trust in those same institutions is eroding. Transparency is often framed as a communications exercise or regulatory compliance task. But what if we treated it as a core cybersecurity control? This session explores real-world models of proactive transparency, where government agencies have used […]
The governance of the PQC transition in the EU
This intervention will analyse the aspects of the governance of the PQC transition in the EU. It will explore the relevant provisions in the EU legal acts containing general implicit requirements to adopt PQC (e.g. NIS2, CRA, GDPR, DORA, eIDAS2 and other) and how they are complimented by the various policy documents making specific references […]
The Attribution Minefield in Ransomware Investigations
Ransomware attacks pose a growing threat to both digital and physical infrastructures. When a ransomware incident occurs, victim organizations often face pressure to restore operations quickly—even if that means paying the ransom. However, payment introduces serious legal and financial risks: if the attacker is a sanctioned entity, making a payment could result in violation of […]
DORA TLPT: Strengthening financial cyber resilience
Abstract draft: The Digital Operational Resilience Act (DORA), which came into force on January 17, 2025, mandates financial institutions to conduct Threat Led Penetration Testing (TLPT) to enhance their cyber resilience within the European Union. TLPT simulates realistic cyber attacks based on the TIBER-EU framework, aiming to identify vulnerabilities and improve the institution’s detection and […]
Discussion: teaching ethics to (future) IT professionals
As society is digitalizing and we depend more on technology, securing IT systems and preventing the abuse thereof is increasingly becoming more important. To protect these systems, there is a need for cybersecurity professionals and ethical hackers that build in security and test the safety of systems. However, learning how systems can be protected oftentimes […]
CRA: let’s talk about opportunities
The Cyber Resilience Act (or CRA) will be a gamechanger for the cybersecurity sector. From December 2027, all producers of hard- and software have to ensure that their products meet the CRA requirements before they can be placed on the European market. Making sure that products are CRA-proof is a challange for companies in the […]
AP vs 32000 data breaches: Supervision & Lessons learned
How would you deal with 32.000 data breaches per year? Two inspectors of the Dutch Data Protection Authority (AP) will provide a unique insight into the inner workings of the AP as an actor within the cyber security field. First we give insights into the AP as an organization and discuss how the AP handles […]
