MEDINA: Security framework to achieve a continous audit-based certification in compliance with the EU-wide cloud security certification scheme

Part of EU Open Research Repository
Published November 29, 2023 | Version v1
Software Open

RAOF - Static Risk Assessment and Optimization Framework

Creators

Description

The main goal of RAOF is to support the MEDINA certification verification process with a risk-based evaluation of non-conformities of a cloud service. 
SATRA (Self-Assessment Tool for Risk Analysis) is based on a simple and quick approach to cyber risk self-assessment. 
The tool requires two types of input: information about security measures and information about key assets of the enterprise. When these inputs are provided, the tool estimates the expected risk level and computes a deviation from the expected risk level for the same service but with all requirements implemented. This risk-based approach ensures that all important requirements are implemented and the missing ones do not significantly affect the risk level for this cloud service.

Other

https://git.code.tecnalia.com/medina/public/static-risk-assessment-and-optimization-framework

Files

static-risk-assessment-and-optimization-framework-main.zip

Files (6.8 MB)

Additional details

Funding

European Commission
Security framework to achieve a continuous audit-based certification in compliance with the EU-wide cloud security certification scheme 952633