REFERENCES

1. Shafin SS, Karmakar G, Mareels I. Obfuscated memory malware detection in resource-constrained iot devices for smart city applications. Sensors 2023;23:5348.

2. Kara I, Aydos M. The rise of ransomware: forensic analysis for windows based ransomware attacks. Expert Syst Appl 2022;190:116198.

3. Maurer T, Nelson A. The global cyber threat. Available from: https://www.imf.org/external/pubs/ft/fandd/2021/03/global-cyber-threat-to-financial-systems-maurer.htm [Last accessed on 25 Apr 2024].

4. European Parliament and Council. Regulation (EU) 2019/881 of the European Parliament and of the council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act). Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32019R0881 [Last accessed on 25 Apr 2024].

5. European Commission. Internal market, industry, entrepreneurship and SMEs. Available from: https://single-market-economy.ec.europa.eu/single-market/european-standards_en [Last accessed on 25 Apr 2024].

6. Eckmaier R, Fumy W, Mouille S, et al. Risk management standards: analysis of standardisation requirements in support of cybersecurity policy. Available from: https://op.europa.eu/en/publication-detail/-/publication/df32fe7f-dc9d-11ec-a534-01aa75ed71a1/language-en [Last accessed on 25 Apr 2024].

7. ENISA. European cybersecurity skills framework (ECSF). Available from: https://www.enisa.europa.eu/publications/european-cybersecurity-skills-framework-role-profiles/@@download/fullReport [Last accessed on 25 Apr 2024].

8. Nai Fovino I, Neisse R, Lazari A, Ruzzante G, Polemi N, Figwer M. European cybersecurity centres of expertise map-definitions and taxonomy. Available from: https://op.europa.eu/en/publication-detail/-/publication/07c5b4c0-b656-11e8-99ee-01aa75ed71a1 [Last accessed on 25 Apr 2024].

9. CEN and CENELEC European Standards. What is a standard? Available from: https://www.cencenelec.eu/european-standardization/european-standards [Last accessed on 25 Apr 2024].

10. European telecommunications standards institute (ETSI). Available from: https://www.etsi.org [Last accessed on 25 Apr 2024].

11. CEN and CENELEC European Standards. Types of deliverables. Available from: https://www.cencenelec.eu/european-standardization/european-standards/types-of-deliverables/ [Last accessed on 25 Apr 2024].

12. Kalogeraki E, Papastergiou S, Panayiotopoulos T. An attack simulation and evidence chains generation model for critical information infrastructures. Electronics 2022;11:404.

13. Cisco. The internet of everything. IoE value index study. Available from: https://www.cisco.com/c/dam/en_us/about/business-insights/docs/ioe-value-index-faq.pdf [Last accessed on 25 Apr 2024].

14. Di Franco F. Analysis of the European R&D priorities in cybersecurity Strategic priorities in cybersecurity for a safer Europe. Available from: https://www.enisa.europa.eu/publications/analysis-of-the-european-r-d-priorities-in-cybersecurity/ [Last accessed on 25 Apr 2024].

15. ENISA Research and Innovation Brief. Artificial intelligence and cybersecurity research. Available from: https://www.enisa.europa.eu/publications/artificial-intelligence-and-cybersecurity-research [Last accessed on 25 Apr 2024].

16. Soler Garrido J, Fano Yela D, Panigutti C, et al. Analysis of the preliminary AI standardisation work plan in support of the AI Act. Available from: https://op.europa.eu/en/publication-detail/-/publication/b14d9c86-faa3-11ed-a05c-01aa75ed71a1/language-en [Last accessed on 25 Apr 2024].

17. EUR. Directive (EU) 2022/2555 of the European parliament and of the council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending regulation (EU) No 910/2014 and directive (EU) 2018/1972, and repealing directive (EU) 2016/1148 (NIS 2 Directive) (text with EEA relevance). Available from: https://eur-lex.europa.eu/eli/dir/2022/2555/oj [Last accessed on 25 Apr 2024].

18. Official journal of the European Union. Directive (EU) 2022/2557 of the European parliament and of the council of 14 December 2022 on the resilience of critical entities and repealing council directive 2008/114/EC (text with EEA relevance). Available from:https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2557&qid=1691105450257 [Last accessed on 25 Apr 2024].

19. EUR. Proposal for a regulation of the EU parliament and of the council on horizontal cybersecurity requirements for products with digital elements and amending Regulation (EU) 2019/1020. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:52022PC0454 [Last accessed on 25 Apr 2024].

20. ETSI. Cyber security (CYBER); Implementation of the revised network and information security (NIS2) directive applying critical security controls. Available from: https://cdn.standards.iteh.ai/samples/63989/c249c46a4f66419fbc0234515f29e319/ETSI-TR-103-866-V1-1-1-2023-02-.pdf [Last accessed on 25 Apr 2024].

21. CEN CENELEC. Security standardization matters. Available from: https://www.cencenelec.eu/media/CEN-CENELEC/News/Publications/2020/2020-11-23_brochure_security.pdf [Last accessed on 25 Apr 2024].

22. ETSI. Cyber, methods and protocols. part 1: method and pro forma for threat, vulnerability, risk analysis (TVRA). Available from: https://www.etsi.org/deliver/etsi_ts/102100_102199/10216501/05.02.03_60/ts_10216501v050203p.pdf [Last accessed on 25 Apr 2024].

23. Kyranoudi P, Kalogeraki EM, Michota A, Polemi N. Cybersecurity certification requirements for supply chain services. 2021 IEEE Symposium on Computers and Communications (ISCC); Athens, Greece, 2021, pp. 1-7.

24. ENISA. Cybersecurity certification EUCC, a candidate cybersecurity certification scheme to serve as a successor to the existing SOG-IS. Available from: https://www.enisa.europa.eu/publications/cybersecurity-certification-eucc-candidate-scheme-v1-1.1 [Last accessed on 25 Apr 2024].

25. Commission implementing regulation (EU) 2024/482 of 31 January 2024 laying down rules for the application of regulation (EU) 2019/881 of the European parliament and of the council as regards on the adoption of the European common criteria-based cybersecurity certification scheme (EUCC). Available from: https://eur-lex.europa.eu/eli/reg_impl/2024/482/oj [Last accessed on 25 Apr 2024].

26. ENISA. EUCS - cloud service scheme: EUCS, a candidate cybersecurity certification scheme for cloud services. Available from: https://www.enisa.europa.eu/publications/eucs-cloud-service-scheme [Last accessed on 25 Apr 2024].

27. ENISA. 5G cybersecurity certification scheme. Available from: https://www.enisa.europa.eu/topics/certification/copy_of_adhoc_wg_calls/ad-hoc-working-group-on-5g-cybersecurity-certification/ad-hoc-working-group-on-5g-cybersecurity-certification [Last accessed on 25 Apr 2024].

28. ISO/IEC 15408-1:2022 international standard. Information security, cybersecurity and privacy protection - evaluation criteria for IT security. Available from: https://www.iso.org/standard/72891.html [Last accessed on 25 Apr 2024].

29. ISO/IEC 18045:2022 international standard. Information security, cybersecurity and privacy protection - evaluation criteria for IT security - methodology for IT security evaluation. Available from: https://www.iso.org/standard/72889.html [Last accessed on 25 Apr 2024].

30. ISO/IEC 17065:2012 international standard. Conformity assessment - requirements for bodies certifying products, processes and services. Available from: https://www.iso.org/standard/46568.html [Last accessed on 25 Apr 2024].

31. ETSI EN 303 645v 2.1.1. CYBER; Cyber security for consumer internet of things: baseline requirements. Available from: https://www.etsi.org/deliver/etsi_en/303600_303699/303645/02.01.01_60/en_303645v020101p.pdf [Last accessed on 25 Apr 2024].

32. Fagan M, Megas K, Watrobski P, Marron J, Cuthill B. Profile of the IoT core baseline for consumer IoT products). Available from: https://csrc.nist.gov/pubs/ir/8425/final [Last accessed on 25 Apr 2024].

33. Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation). Available from: https://eur-lex.europa.eu/eli/reg/2016/679/oj [Last accessed on 25 Apr 2024].

34. Regulation (EU) No 910/2014 of the European parliament and of the council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC. Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG [Last accessed on 25 Apr 2024].

35. European Commission. Proposal for a regulation of the European parliament and of the council concerning the respect for private life and the protection of personal data in electronic communications and repealing directive 2002/58/EC (regulation on privacy and electronic communications). Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A52017PC0010 [Last accessed on 25 Apr 2024].

36. EN 17529:2022. Data protection and privacy by design and by default. Available from: https://standards.iteh.ai/catalog/standards/cen/7988285e-71fa-4a6b-845c-71ddadb1e33f/en-17529-2022 [Last accessed on 25 Apr 2024].

37. ISO/IEC 33001:2015 international standard. Information technology - process assessment - concepts and terminology. Available from: https://www.iso.org/standard/54175.html [Last accessed on 25 Apr 2024].

38. CEN ISO/IEC/TS 27006-2:2022. Requirements for bodies providing audit and certification of information security management systems - part 2: privacy information management systems (ISO/IEC TS 27006-2:2021). Available from: https://standards.iteh.ai/catalog/standards/cen/e97266b2-de16-49e1-9853-625f1a96ac04/cen-iso-iec-ts-27006-2-2022 [Last accessed on 25 Apr 2024].

39. ISO/IEC 27701:2019 international standard. Security techniques - extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - requirements and guidelines. Available from: https://www.iso.org/standard/71670.html [Last accessed on 25 Apr 2024].

40. European Commission. Data act: commission welcomes political agreement on rules for a fair and innovative data economy. Available from: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3491 [Last accessed on 25 Apr 2024].

41. Regulation (EU) 2022/868 of the European parliament and of the council of 30 May 2022 on European data governance and amending regulation (EU) 2018/1724 (data governance act). Available from: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R0868 [Last accessed on 25 Apr 2024].

42. European Commission. European chips act. Available from: https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-chips-act_en [Last accessed on 25 Apr 2024].

43. CEN CENELEC. Stakeholders’ workshop on trusted chips: standardization landscape and opportunities for Europe. Available from: https://www.cencenelec.eu/news-and-events/news/2022/brief-news/2022-12-05-stakeholders-workshop-on-trusted-chips/ [Last accessed on 25 Apr 2024].

44. Proposal for a regulation of the European parliament and of the council laying down harmonised rules on artificial intelligence (artificial intelligence act) and amending certain Union legislative acts. Available from: https://eur-lex.europa.eu/resource.html?uri=cellar:e0649735-a372-11eb-9585-01aa75ed71a1.0001.02/DOC_1&format=PDF [Last accessed on 25 Apr 2024].

45. CEN/CLC/JTC 21. Artificial intelligence. Available from: https://standards.iteh.ai/catalog/tc/clc/f2e11393-2c03-4a0a-9bc4-92326e0118fc/cen-clc-jtc-21 [Last accessed on 25 Apr 2024].

46. ENISA. EU cybersecurity certification. Available from: https://certification.enisa.europa.eu/ [Last accessed on 25 Apr 2024].

47. European Commission. Proposed regulation on the cyber solidarity act. Available from: https://digital-strategy.ec.europa.eu/en/library/proposed-regulation-cyber-solidarity-act [Last accessed on 25 Apr 2024].

48. ISO/IEC 27035-1:2023 international standard. Information technology - information security incident management - part 1: principles and process. Available from: https://www.iso.org/standard/78973.html [Last accessed on 25 Apr 2024].

49. Cichonski P, Millar T, Grance T, Scarfone K. Computer security incident handling guide recommendations of the national institute of standards and technology. Available from: https://nvlpubs.nist.gov/nistpubs/specialpublications/nist.sp.800-61r2.pdf [Last accessed on 25 Apr 2024].

50. Joint communication to the European parliament and the council. The EU's cybersecurity strategy for the digital decade. Available from: https://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A52020JC0018 [Last accessed on 25 Apr 2024].

51. Rutkowski A. Global standards collaboration: is it possible? Available from: https://circleid.com/posts/20230203-global-standards-collaboration-is-it-possible [Last accessed on 25 Apr 2024].

52. Abdelkafi N, Bekkers R, Bolla R, Rodriguez-Ascaso A, Wetterwald M. Understanding ICT standardization - principles and practices. Available from: https://pure.tue.nl/ws/portalfiles/portal/192511633/Slideset_Understanding_ICT_Standardization.pdf [Last accessed on 25 Apr 2024].

53. Taherdoost H. Understanding cybersecurity frameworks and information security standards-a review and comprehensive overview. Electronics 2022;11:2181.

54. Syafrizal M, Selamat SR, Zakaria NA. Analysis of cybersecurity standard and framework components. Available from: https://www.ijcnis.org/index.php/ijcnis/article/view/4817 [Last accessed on 25 Apr 2024].

55. Tsohou A, Kokolakis S, Lambrinoudakis C, Gritzalis S. Information systems security management: a review and a classification of the ISO standards. In: Sideridis AB, Patrikakis CZ, editors. Next Generation Society. Technological and Legal Issues. Berlin: Springer Berlin Heidelberg; 2010. pp. 220-35.

56. Information technology laboratory, computer security resource center. NIST glossary. Available from: https://csrc.nist.gov/glossary/term/standard [Last accessed on 25 Apr 2024].

57. ISO/IEC/IEEE 21841:2019 international standard. Systems and software engineering - taxonomy of systems of systems. Available from: https://www.iso.org/standard/71957.html. [Last accessed on 25 Apr 2024].

58. ISO/IEC 27000:2018 international standard. Information technology - security techniques - information security management systems - overview and vocabulary. Available from: https://www.iso.org/obp/ui/#iso:std:iso-iec:27000:ed-5:v1:en. [Last accessed on 25 Apr 2024].

59. ISO 28004-1:2007 international standard. Security management systems for the supply chain guidelines for the implementation of ISO 28000-Part 1: general principles. Available from: https://www.iso.org/standard/44962.html. [Last accessed on 25 Apr 2024].

60. ISO 28000:2022 international standard. Security and resilience - security management systems - requirements. Available from: https://www.iso.org/standard/79612.html [Last accessed on 25 Apr 2024].

61. International Electrotechnical Commission (IEC). Technical specification and publicly available specification. Available from: https://www.iec.ch/publications/specifications. [Last accessed on 25 Apr 2024].

62. A free, open-source ontology editor and framework for building intelligent systems. Available from: https://protege.stanford.edu/ [Last accessed on 25 Apr 2024].