Titulo Estágio
2025/26_N31 CyberSec Compliance Framework
Local do Estágio
Altice Labs
Enquadramento
The consequences of neglecting cybersecurity responsibilities can be catastrophic for European businesses. High-profile breaches such as the
British Airways attack
, which compromised up to 500 000 customer records and resulted in a £20 million fine, and the
Health Service Executive ofIreland ransomware attack
, which led to a complete shutdown of Ireland's public healthcare IT systems at a cost exceeding €600 million,underscore the devastating impact of cybersecurity failures.
These incidents not only expose organizations to severe financial penalties under existing regulations like the GDPR but also cause significantreputational damage, operational disruptions, and loss of trust among customers and stakeholders.
The growing sophistication of cyber threats, combined with the newly established EU regulations like NIS2 and CRA, means that Europeanbusinesses can no longer afford to view cybersecurity as optional. Proactive measures and strategic partnerships are essential to safeguardingoperations and ensuring compliance in this high-stakes environment.
Objetivo
The main goal of this project is to produce a framework that maps the new European legislations (e.g., GDPR, NIS2, CRA), legislations from othergeographies, and certifications (e.g., ISO 27001, SOC2) in the cybersecurity scope to documents, policies, and processes that a company shouldown or adopt. Other mappings could be explored, namely with standards, best practices, and maturity models. A portal should also be created tofacilitate the navigation across all this data, taking advantage of features such as filtering (e.g., per sector or area) and links to the organization'sdocumentation. Additionally, this project could result in a contribution to
OpenCRE.
Plano de Trabalhos - Semestre 1
Research cybersecurity legislation and certifications, as well as standard organization documents, policies, and processes in thecybersecurity context;
Explore Altice Labs' current documents, policies, and processes concerning cybersecurity;
Write a Interim Report
Plano de Trabalhos - Semestre 2
Map the legislations and certifications with the existing and standard organization documents, policies, and processes;
Implement a portal that correlates all this data and facilitates its navigation;
Write a final report with the main findings of the project.
Condições
Integração no Programa GENIUS Investigação da Inova-Ria.
Entidade Promotora: Inova-Ria
Entidade de acolhimento: Altice Labs
Com possibilidade de integrar uma Bolsa de Investigação - Programa GENIUS - durante a realização do projeto de Dissertação - Integração numa equipa de I&D na Empresa Altice Labs .
Valor de bolsa de acordo com tabelas da FCT (ver pdf em (www.Inova-Ria.pt).
Período de realização de acordo com o enquadramento da Universidade.
• Horário: De acordo com enquadramento da Universidade
• Formato: (a combinar na entrevista)
• Meios: atribuição de um PC portátil e acessos à rede Interna da Altice Labs
• Kit de Acolhimento
• Onboarding nas equipas da Altice Labs, com atribuição de um tutor full-time
• Possibilidade de participar em todas as iniciativas de partilha de conhecimento ou de entretenimento levadas a cabo pela Altice Labs
• Possibilidade de entrada nos quadros da empresa
Os alunos interessados deverão enviar para genius@inova-ria.pt ao cc Dra Regina Maia Sacchetti (963618710).
• Curriculum Vitae;
• Disciplinas realizadas até ao momento com médias; simples documento eletrónico, que poderá obter no portal académico .
Processo de Seleção: Entrevista Inova-Ria - PROGRAMA GENIUS na qual fará parte o Orientador do projeto de forma a esclarecer a temática envolvida.
Observações
Aspetos Inovadores
Creating structured mappings between GDPR, NIS2, CRA, ISO 27001, and SOC2 articles/controls.
Contributing to an open-source project (potential integration with OpenCRE).
Enabling organizations to efficiently adapt to evolving cybersecurity regulations.
Ferramentas a utilizar
Programming languages (e.g., Java, Python)
Databases (e.g., MySQL, MongoDB, Neo4j)
Frameworks and web development (e.g., Django, HTML, JavaScript)
Referências Bibliográficas
https://www.dell.com/en-uk/blog/navigating-new-eu-cybersecurity-regulations-nis2-cra-and-dora/
https://www.enisa.europa.eu/topics/state-of-cybersecurity-in-the-eu/cybersecurity-policies
https://www.enisa.europa.eu/topics/certification-and-standards
https://digital-strategy.ec.europa.eu/en/policies/cyber-resilience-act
https://digital-strategy.ec.europa.eu/en/policies/nis2-directive
https://www.iso.org/standard/27001
https://www.opencre.org/
Orientador
Mafalda Guimarães Nunes
mafalda-g-nunes@alticelabs.com 📩