National Projects
—
| Title | Description |
|---|---|
| MOBI-MUL-SEC | This project, which is funded by the General Secretariat for Research and Technology, is a research project on "Interdomain AAA and context-aware Security of Mobile Multimedia Services over ALL-IP based wireless network infrastructures" Duration: 2006-2008 |
| Public Key Infrastructure Services in the Public Sector of the European Union Member States | The main objective of this study was to identify the requirements of the public sector as far as the development and utilization of PKI services in the EU member states are concerned. Duration: 2003- |
| ICISnet (Integrated Customs Information System) Security Study | Aiming at the best possible security level for the new ICIS, the project will: a) assess the risks and analyze the business impact in case of a security incident, b) develop a security plan that will include the appropriate technical, organizational and procedural countermeasures and c) develop an operational security policy that on top of the general security guidelines it will include the organizational structure (role description and hierarchy) for IS security. Duration: 2007-2008 |
| Security Study for the Internet Portal of the Central Greece Region’s Municipalities | The aim of this project was to develop a security policy and propose the appropriate countermeasures for the portal of the municipalities belonging to the region of Central Greece. Duration: 2007-2007 |
| The Greek e-Government Digital Authentication framework | Τhe Greek Authentication Framework aims at assisting public organizations, which offer electronic services, to select the appropriate authentication, registration and identification mechanisms. This is achieved through the provision of specific guidelines that have been based on the existing legal and regulatory framework. Duration: 2007-2008 |
| Security study for the Fire Department Information System | The aim of this project was to develop a security policy and propose the appropriate countermeasures for the Greek Fire Department’s information system and portal. The security plan has been based on a full risk assessment. Duration: 2006-2007 |
| Security Study for the “Police On Line” Information System | The main objective was to identify the risks, propose the appropriate security measures and develop a generic security policy for the new nationwide information system of the Greek Police. Duration: 2006-2007 |
| Security study for the Ministry for the Interior and Public Administration (National Registry of Greek Citizens) | The main objective was to identify the risks, propose the appropriate security measures and develop a generic security policy for the information system that supports the National registry of Greek citizens. Furthermore, the existing disaster recovery plan will be evaluated/updated. Duration: 2006-2007 |
| Security study for the Information System of the Regional Health System of South Aegean and Creta | The aim of this project was to develop a security policy and propose the appropriate countermeasures for the information system that will support the Regional Health System of South Aegean and Creta. Duration: 2006-2007 |
| e-University | The "e-University" project aims at the development of a modular system that will support most of the administrative functions of Greek universities. Our role in the project has been to specify user requirements for the module that will offer services directly to the students. Duration: 2005-2006 |
| Security study for the medical information system of the Korinthos Hospital. | The aim of this project was to provide a plan for the protection of sensitive information processed by the hospital's information systems. The security plan was based on a full risk assessment. A code of conduct for the non-medical personnel has also been developed. Duration: 2005- |
| Study, Design and Implementation of a Comprehensive Security Plan for the Greek Lottery S.A | Perform risk analyses surveys at a number of healthcare centers, in order to identify the needs for improved security; develop specific guidelines for enhancing security of existing systems, development of future systems and systems using computer network; develop an encryption prototype suitable for use in healthcare environments. Duration: 2004- |
| Security Plan for the Information Systems of the Greek Ministry of Foreign Affairs | The aim was the development of a security plan that would facilitate the selection and maintenance of all technical, organizational and procedural security measures that would be necessary for achieving an acceptable (adequate) security level for the information systems of the Greek Ministry of Foreign Affairs. Duration: 2003-2004 |
| Security Study for the National Schengen Information System (NSIS) | The aim of this study was to investigate and propose the technical, administrative and organizational measures that were necessary for achieving an acceptable (adequate) security level for the Greek Schengen Information System. Duration: 2002- |
| Security Plan for the Information Systems of the Greek Social Security Organisation | The aim was to perform a risk analysis and management study for the information systems of the Greek Social Security Organisation Duration: 2002- |
| Security Plan for the Information Systems of the Greek Ministry of Finance (TAXIS) | The aim was the development of a security plan that would facilitate the selection and maintenance of all technical, organizational and procedural security measures that would be necessary for achieving an acceptable (adequate) security level for the information systems of the Greek Ministry of Finance. Duration: 1999- |
| Security Plan for the Information System of the Greek Authority for the Protection of Personal Data. | The aim was to perform a risk analysis and management study for the information systems of the Greek Authority for the protection of personal data and the development of a security plan for the organisation. Duration: 1999-2000 |
| Development of a Trusted Third Party for the Clearing House of the Athens Chamber of Commerce and Industry | The aim of the project was the development of software applications that would support, through a TTP, the operations of the e-Commerce Center of the Athens Chamber of Commerce and Industry. Duration: 1997-1999 |
International Projects
—
| Title | Description |
|---|---|
| SERENITY: System Engineering for Security and Dependability | SERENITY aims to enhance security and dependability for AmI ecosystems by providing a framewok supporting the automated integration, configuration, monitoring and adaptation of security and dependability mechanisms for such ecosystems. Duration: 2006-2008 |
| e-SENSE: Capturing Ambient Intelligence for Mobile Communications through Wireless Sensor Networks | e-SENSE aims to specify Ambient Intelligence mobile systems beyond 3G. Info-Sec-Lab is involved in the development of a comprehensive architecture for security and privacy. Duration: 2006-2007 |
| CSI Review: Scalability of Certificate Revocation and Certificate Suspension and enhancements on the respective mechanisms | The objective was to study ways for handling large numbers of revoked certificates used in electronic signatures. The study dealt with the performance and management issues for both the use of delta CRLs and OCSP responses. Duration: 2000- |
| COSSAC: Co-ordination of security activities between Chambers of Commerce | The main objectives of this project was: To identify current and future business scenarios for Chambers of Commerce (CoCs), which can be handled electronically; to expand the CoCs functionality, which will permit them to act as a vehicle for international electronic commerce; to provide a secure link between CoCs in order to enable them to transfer documents electronically; to emphasize the use of TTP technology in promoting Electronic Commerce through CoCs. Duration: 1998-2000 |
| EUROMED-ETS: Trusted Third Party Services for Health Care in Europe | The project aimed at identifying, defining and verifying the operational, organisational, technical and legal aspects of the TTPs for telemedical applications over the Web. Duration: 1997- |
| MEDSEC: Health Care Security and Privacy in the Information Society | The main objectives of the project were to: Codify existing and emerging standards for security and privacy in Health Care Information Systems; identify gaps in existing and emerging standards thereby recommending additional standardization work to appropriate bodies; assess the applicability and technical feasibility of selected standards via field trials thereby providing input to standardization bodies; investigate the degree of compliance with these standards of European Health Care Institutions and HC Information Systems developers; promote the awareness on the existence and usefulness of such standards among European Health Care Institutions and HC Information Systems developers. Duration: 1997-1998 |
| ENCRESS: European Network of Clubs for Reliability and Safety of Software-Intensive Systems | The aim of the project was to establish a European Special Interest Group linking users, experts and practitioners with shared concerns on safety, reliability, quality and security of software-intensive systems. Duration: 1996-1997 |
| ISHTAR: Implementing Secure Healthcare Telematics in Europe | The project aimed to activate the awareness process, and to ensure that HCEs and Health Telematics projects are kept in touch with the legal, security, and safety issues arising from the widespread utilization of Health Telematics in the context of patient care and the resulting EU recommendations and directives. Duration: 1995-1998 |
| SEISMED: Secure Environment for Information Systems in Medicine | The main objectives of the project were to: examine, across the EU, the legal issues of data protection and privacy within healthcare information systems and develop a relevant code of Ethics; develop a High Level Security Policy to enable organizations using information systems to follow a consistent path. Duration: 1991-1995 |
| PASSIVE: Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments |
The PASSIVE project proposes an improved model of security for virtualised systems to ensure that:
-Adequate separation of concerns (e.g. policing, judiciary) can be achieved even in large scale deployments; -Threats from co-hosted operating systems are detected and dealt with; -Public trust in application providers is maintained even in a hosting environment where the underlying infrastructure is highly dynamic. Duration: - |