Digital Training Handbooks
The Digital Avatar on a Blockchain: E-Identity, Anonymity and Human Dignity
Nora Schreier (University of Graz), Robin Renwick (Trilateral Research), Tina Ehrke-Rabel (University of Graz).
Austrian Law Journal (2021), DOI: 10.25364/01.8:2021.2.3
CC-BY 4.0
Abstract
In order to comply with specific regulations (eIDAS, Payment Services Directive, Anti-Money Laundering Directive) and reduce risk profiles, financial service providers increasingly collect large amounts of information from their customers. The increasing opportunities and technical means for data collection afforded from digitalisation raise legal concerns related to proportionality, necessity, and data minimization. However, the concerns go beyond just GDPR compliance and legislative balance, as distinct architectures and technological deployments potentially impact rights, freedoms, and ethics. This paper will address the issue by examining aspects of digital identity, especially those that have proposed the use of a permissioned distributed ledger or blockchain as architecture for know your customer and onboarding evidential frameworks, using specific hashing schemes that derive unique identifiers from the combination of specific personal data points. Evidence is appended to a data structure, for the purpose of auditing and/or record keeping, potentially ensuring an immutable record of events is maintained. After elaborating on the notion of identity in the digital sphere and the applicability of the GDPR to such a data structure, the discussion will be developed to critically assess the current trend towards using the financial institutions’ customers’ mobile devices as interfaces to the distributed data structure and the legal and sociological implications of this technological development. The potential impact of the analysis goes beyond digital identity within the finance sector, positioning the discussion towards approaches for e-governance and the regulation of digital identity in a way that human dignity is preserved and the risks of creating a ubiquitous “digital avatar” are adequately addressed by the law.
Objectives
The objective of this work package is to coordinate the project communication and dissemination activities to raise public awareness of SOTER and widely disseminate the project developments and findings.
Description of Work
- Develop a detailed communication and dissemination plan to ensure that information on SOTER’s activities and solutions are shared with the appropriate target audiences, channels and timelines
- Establish an online and media presence for the project via the website, social media and videos
- Publish scientific results through academic journal articles and participation in third-party events, such as academic conferences, industry expos and networking events
- Develop synergies with other relevant national, European and international projects
- Organise a final event to gather lead-users, experts, industry and potential clients in order to publicise the SOTER platform and demonstrate the results of the project
Objectives
In this work package the general aspects related to cybersecurity and cyber threats will be analysed, but from a “human perspective”, focusing on the human factor and the behavioural patterns that can represent cybersecurity threats.
Description of Work
- Mapping and understanding human factors in effective cyber-security
- Conduct a Privacy Impact Assessment + (PIA+) to ensure that SOTER and its tools adopt an ethics-, data protection- and privacy-by-design approach
Results
D2.1 – Mapping of human behaviour related threats and mitigation measures
This document examines the human factor aspects of cybersecurity and provides an overview of four dimensions of human behaviour: individual, organisational, sociological and psychological.
D2.2 – Mapping of human behaviour related threats and mitigation measures (II)
This document compiles the mapping of threats linked to human behaviour resulting from the desk and ethnographic research and the evaluation of employees awareness. It also includes the risk assessment framework and mitigation actions for the privacy and cybersecurity risks identified.
This document provides a Public Summary of work undertaken so far, as part of the Privacy Impact Assessment and Privacy-by-Design task. It summarises the operationalisation of Privacy-by-Design methodology, and complementary Privacy Impact Assessment reporting for the SOTER project. The process considers privacy, ethical, legal, and societal concerns. The document also provides an outline of the identification and mitigation of risk moving forward.
This document is the second iteration of the report on the Privacy Impact Assessment and Privacy-by-Design task.
Objectives
This work package focuses on the financial sector, in particular on how to help participants share information in a secure way through the use of a cloud platform for an improved digital onboarding system.
Description of Work
- Set up the SOTER onboarding platform and integrate the new technologies and solutions
- Assess risks and countermeasures to protect the platform in order to adhere with NIS Directive
- Identify the critical aspects necessary to ensure security in the SOTER blockchain technology
- Develop a public-private blockchain hybrid architecture for the secure storage and transfer of digital identities
- Analyse the potential security issues and prepare an “incident response plan” for the platform
- Audit the platform to assess efficacy of the countermeasures in place
Results
D3.5 Blockchain Security Focus whitepaper (I)
This document provides information regarding the proposed blockchain implementation of the SOTER platform. It introduces a high-level overview of blockchain systems and provides a description of specific characteristics as they relate to the SOTER platform, including initial recommendations for the project.
D3.6 Blockchain Security Focus whitepaper (II)
This document discusses the security issues that were pending from the first iteration, together with new questions that arose during the definition and design phase of the blockchain infrastructure. It takes into consideration the new user-centric philosophy, which has been increasingly implemented across security solutions.
Objectives
This work package deals with two different kind of pilots: one is devoted to the deployment of the technology developed in the previous WPs in real settings (case of pilot #1) and the second one is devoted to cybersecurity awareness training (case of pilot #2).
Description of Work
- Define use cases objectives (case of pilot #1) and define the training itinerary (case of pilot #2)
- Set up pilots and carry out on-field tests to guarantee all features are functioning correctly
- Monitor pilot functionality
- Assess the impact on a user’s perceived privacy confidence and user experience
- Ensure that pilots meet all legal requirements and legislations both on the European level, including data management, as well as on the national level
Results
D4.6 Report on pilots’ legal compliance
This document presents the analysis of all legislation relevant to SOTER and the advice provided to pilot partners on testing and implementing the SOTER solution in their context.
D4.7 Public version of the D4.1 + D4.2 + D4.3
This document provides the public summary of the 2 pilots , i.e. the Digital Onboarding platform and the cybersecurity training platform.
Objectives
The main objective of this work package is to evaluate current cybersecurity threats and also future trends with the aim of planning measures to avoid and solve them.
Description of Work
- Provide knowledge on how security incidents should be addressed to comply with all European regulations
- Creating a basis for further standardisation work in cybersecurity with a focus on the human factor
- Draft a Common European Security Reporting Methodology (CESRM) to report incidents adhering with European law
- Organise a workshop to bring together standardisation, certification experts and end-users in the finance sector to further current standardisation work in this field and promote good practice and common standards
Results
D5.1 Standardised system to security incidences handling and monitoring
This documents includes the mapping and evaluation of current standardisation work in cybersecurity, with a focus on standards development. It considers existing standards, standards currently under development (e.g., CWAs) and standards under discussion or planned new work items. The review also includes academic, policy and grey literature, as well as reviews deliverables from European projects in this field.
D5.2 White Paper on Cybersecurity standards
This documents includes cybersecurity standards as response to present and future risk in the finance sector, including human factor aspects.
Objectives
This work package is focused on providing useful training tools and actions to the key players in the finance sector in order to improve their skills and awareness towards cybersecurity issues.
Description of Work
- Develop a Competence Catalogue and define the essential competencies for responding to cybersecurity threats and attacks
- Carry out hands-on training actions for bank employees
- Carry out hands-on training actions for new key players, such as Third-Party Providers (TPPs)
- Conduct masterclasses in cybersecurity training on “Managing cybersecurity, privacy and data protection risks in financial organisations”
- Develop a Digital Training Handbook for cybersecurity competencies
Results
This report outlines a number of Cybersecurity Competencies for cybersecurity trainings. The Catalogue is based on research of current best practices, the legal context and cybersecurity considerations and specifically focuses on the human factor in cybersecurity.
D6.2 Competence Catalogue (II)
The Competence Catalogue is based on the activities developed in T2.1, and the definition of essential competencies for responding to cybersecurity threats and attacks.
D6.3 Training modules compilation (I)
This document reports on the training actions performed in the WP.
D6.4 Training modules compilation (II)
This deliverable provides a brief introduction to the training development process as well as to the goals and scope of the SOTER Cyber Security Competence Training (CSCT) actions.
D6.5 Report on training actions (I)
This document reports on all necessary initial information and guidelines for the start of the development and deployment of the SOTER Cybersecurity Competence Training actions.
D6.6 Report on training actions (II)
This document provides an update on the SOTER Cybersecurity Competence Training actions. It includes the SOTER indexes for awareness, skills and attitudes, the training pilot use case (including the assessment methodology) and the concept for the cybersecurity masterclass.
D6.7 Report on training actions (III)
This document provides an update on the SOTER Cybersecurity Competence Training actions. It includes the documentation for the deployment and final outlook of the cybersecurity training pilot.
D6.8 Digital Training Handbook
This documents reports on the development of the SOTER Digital Training Handbook.
Objectives
The objective of this work package is to coordinate the project communication and dissemination activities to raise public awareness of SOTER and widely disseminate the project developments and findings.
Description of Work
- Develop a detailed communication and dissemination plan to ensure that information on SOTER’s activities and solutions are shared with the appropriate target audiences, channels and timelines
- Establish an online and media presence for the project via the website, social media and videos
- Publish scientific results through academic journal articles and participation in third-party events, such as academic conferences, industry expos and networking events
- Develop synergies with other relevant national, European and international projects
- Organise a final event to gather lead-users, experts, industry and potential clients in order to publicise the SOTER platform and demonstrate the results of the project
Results
The SOTER dissemination and communication plan outlines the project’s strategy for developing content and deploying tools and channels in order to reach our stakeholders, convey the project’s key messages, and achieve the expected impact.
D7.2 SOTER dissemination activities report 1st version (I)
This document reports on the dissemination and communication activities carried out during the first 18 months of the project.
D7.3 SOTER dissemination activities report 2nd version (II)
This document reports on the dissemination and communication activities carried out throughout the project.
Objectives
The main objective of this work package is to ensure the sustainability of the project and maximise its impact by contributing to the market uptake of the project results.
Description of Work
- Develop an Exploitation and business plan to ensure a successful uptake of the project outcomes
- Define IPR and Innovation Management Plans
- Develop an Integrated Technology Roadmap of the SOTER Solution to enable users to use the platform and obtain maximum benefit from the solution
Results
D8.9 SOTER Integrated Technology Roadmap
This document includes the roadmap for the appropriate use of the technological tools resulting from SOTER project, i.e., the Digital Onboarding Platform.