This year’s topic is “Ensuring Trust in a Decentralized World”.
It is subtitled “Control and Audit of Interactions in a Decentralized System”.
This topic is detailled in a dedicated page.
In this context, C&ESAR solicits submissions presenting clear surveys, innovative solutions, or insightful experience reports on the subject “Ensuring Trust in a Decentralized World”.
The scope covers:
all steps of cybersecurity, from system design to operational cyberdefense or pentesting, including DevSecOps loops and disposal/retirement of equipment and systems;
all types of systems as long as they have a decentralized architecture (every type of decentralized information system, IoT, extended enterprise networks, …) ;
all types of trust, control, and audit-related technologies and methodologies (as long as a focus on the decentralized setting is made).
The topics include (without being limited to them and applied in a decentralized world setting) those mentioned above and below:
- the trust-related keywords in the first and second areas of Wavestone’s Global CISO Radar (https://www.wavestone.com/app/uploads/2020/12/Radar_CISO_2021_v1-1.jpg);
- Zero Trust concepts related to trust inference and evaluation;
- identity, authentication, and access management;
- usage of blockchain technologies for trust, control, and audit (but not blockchain technologies for their own sake);
- methods and techniques to improve trust in the supply chain (but not supply chain attack reports);
- technical and legal issues related to handling and exploitation of control and audit data in the Edge Computing and Tactile Internet settings ;
Keywords (all applied in a decentralized context): Zero Trust [ Network [Access] | Architecture | Security Model ] (ZT…), Trust Algorithm (TA), Continuous Adaptive Risk and Trust Assessment (CARTA), Identity and Access Management (IAM), Identity, Credential, and Access Management (ICAM), Password, Passwordless Authentication, Multi-Factor Authentication (MFA), Single Sign-On (SSO), Trusted Platform Module (TPM), Access Policy Manager (APM), Identity Aware Proxy (IAP), Policy Decision Point (PDP), Policy Enforcement Point (PEP), Continuous Diagnostics and Mitigation (CDM), Identity Governance Program (IGP), Secure Access Service Edge (SASE), Work-from-Home, Hybrid Multi-Cloud, Edge Computing, “Tactile Internet”, IoT, Cybersecurity Mesh Architecture.