TOPIC : Risk management and assurance models
|Publication date:||11 December 2013|
|Types of action:||IA Innovation action|
|DeadlineModel: Opening date:||single-stage 11 December 2013||Deadline:||28 August 2014 17:00:00|
|Time Zone : (Brussels time)|
Specific challenge: The ability to assess, manage, reduce, mitigate and accept risk is paramount for an effective protections against cybersecurity threats and incidents. The dependence of networks and information systems, that are essential for the functioning of our societies and economies (including Critical Infrastructures), on public communication networks and off-the-shelf components is an additional risk. However, in the area of cybersecurity, recent developments and trends render traditional (i.e. static and iterative) risk management methodologies ineffective and rapidly obsolete.
There are however no generally accepted best practices guidelines for risk management, nor a consensus on the minimal requirements for the market actors concerned, neither at a sectorial, nor at cross-sector level. For this reason, the NIS* public-private platform (Network Information Security Platform) will seek to identify best practices on risk management, including information assurance, risks metrics and awareness raising.
Scope: The proposals should implement a pilot to demonstrate the viability and scalability of state-of-the-art risk management frameworks. The risk management framework will have to encompass methods to assess and mitigate the risks in real time. Work should include a socio-economic assessment to evaluate the cost-benefit of implementing the framework. The framework should be dynamic, continuously adapted to new ways of managing risk to keep up with the ever evolving threat and vulnerability landscape. New ways of dealing with the security risk resulting from on-demand composition of services and massive interconnectivity should be developed.
The work on risk management frameworks can be complemented with the development of tools to evaluate the risks and its impact on business, tools for preventive assessment of risk and trustworthiness of customers and providers, tools providing a simple view and understanding of a complex system, and tools to detect social engineering attacks. Where necessary risk management can include ICT supply chain security.
Current assurance models and the resulting control and audit frameworks should be revisited. The applicability of the methods to the calculation of insurance premiums should also be investigated.
The selected pilots will have to engage with the NIS platform, contribute to its objectives and take due consideration of its recommendations.
The Commission considers that proposals requesting a contribution from the EU of between €2m and €5m EURO would allow this topic to be addressed appropriately. Nonetheless, this does not preclude submission and selection of proposals requesting other amounts.
Proposals have to address the specific needs of the end-user, private and public security end user alike. Proposals are encouraged to include public security end-users and/or private end users.
A risk management framework has to be put in place allowing the comprehensive comparison between sector specific or national approaches, and providing an assessment on the residual risk. The framework will facilitate the implementation of legal obligations on risk management, identify gaps in existing legislation, while remaining adaptive to possible changes in the legal frameworks.
Type of action: Innovation actions
The conditions related to this topic are provided at the end of this call and in the General Annexes.
Topic conditions and documents
Please read carefully all provisions below before the preparation of your application.
To see the budget earmarked for this topic, please look at the call budget distribution table by topic.
- List of countries and applicable rules for funding: described in part A of the General Annexes of the General Work Programme.
- Eligibility and admissibility conditions: described in part B and C of the General Annexes of the General Work Programme
3.1 Evaluation criteria and procedure, scoring and threshold: described in part H of the General Annexes of the General Work Programme
3.2 Guide to the submission and evaluation process
- Proposal page limits and layout: Please refer to Part B of the standard proposal template.
- Indicative timetable for evaluation and grant agreement:
Information on the outcome of one-stage evaluation: maximum 5 months from the final date for submission.
Signature of grant agreements: maximum 3 months from the date of informing successful applicants.
- Provisions, proposal templates and evaluation forms for the type(s) of action(s) under this topic:
Specific provisions and funding rates
Standard proposal template (administrative forms and structure of technical annex)
Standard evaluation form
Annotated Model Grant Agreement
- Additional provisions:
Horizon 2020 budget flexibility
- Open access must be granted to all scientific publications resulting from Horizon 2020 actions, and proposals must refer to measures envisaged. Where relevant, proposals should also provide information on how the participants will manage the research data generated and/or collected during the project, such as details on what types of data the project will generate, whether and how this data will be exploited or made accessible for verification and re-use, and how it will be curated and preserved.
No submission system is open for this topic.
National Contact Points (NCP) – contact your NCP for further assistance.
Enterprise Europe Network – contact your EEN national contact point for advice to businesses with special focus on SMEs. The support includes guidance on the EU research funding.
B2Match networking platform with project ideas and participant profiles following the networking event in ICT 2013 in Vilnius
Ideal-IST partner search facility
Research Enquiry Service – ask questions about any aspect of European research in general and the EU Research Framework Programmes in particular.
IT Helpdesk – contact the Participant Portal IT helpdesk for questions such as forgotten passwords, access rights and roles, technical aspects of submission of proposals, etc.
European IPR Helpdesk assists you on intellectual property issues.
Partner Search Services helps you find a partner organisation for your proposal.
H2020 Online Manual your online guide on the procedures from proposal submission to managing your grant.