Discover our working group

CISOs importance is growing but they lack links and support at the European level. Often CISOs do not have enough resources and weight and they are not as efficient as they could be when being alone. In addition, European legislations have an increasing impact on CISOs work frame. This is why a European approach is needed to build trust among CISOs (or equivalent) across sectors and countries. 

The WG3 has evolved into “CREIS – Cyber Resilience of Economy, Infrastructure and Services”. It is now structured as a three-level pyramid.

  • At the bottom, the Community of Verticals (CoV).
  • In the middle, the CISOs European Community (CEC)
  • And at the top level, the CISOs Strategic Committee (CSC)

In the different levels of the pyramid the Traffic Light Protocol (TLP) is to be applied according to the discussions specific to that level as the confidentiality setting by default – red for the CSC, amber for the CEC, green for the CoV. 

Mission & Objectives

  • Establishing a trusted environment for information sharing and strategic threat intelligence among CISOs and peers from operators of critical sectors in a cross-border and cross-sector approach through the CISOs STRATEGIC COMMITTEE – CSC
  • Networking and trust development among CISOs and C-level equivalent operating in the European cybersecurity community. Exchange of lessons learned, best practices and information sharing (operational issues) through the CISOs EUROPEAN COMMUNITY– CEC
  • Facilitate dialogue between users (operators, companies, governments) and suppliers to understand cyber threats and needs, envisage possible solutions, and support implementation of trusted solutions for key “verticals” – through the EUROPEAN COMMUNITY OF VERTICALS - CoV

Ongoing work

  • Re-organisation of the WG3 and users / suppliers cooperation in a Community of Verticals in the following sectors: Energy, Healthcare, Smart citizens / Smart working / Smart environments, Retail / eCommerce / eServices, Finance, eGovernment, Telecom / Media & Content, Transport, Manufacturing (Industry 4.0, etc), Utilities (food, water, etc.)
  • Creation of a European network of CISOs (or C-level equivalent) across countries and verticals to exchange information, cooperate, develop common views, advocate common needs, share best practices, provide advice on trusted solutions.
  • Development and implementation of an engagement strategy with key stakeholders from EU Institutions on the NIS v2.
  • Establishment of ECSO’s CISO Strategic Committee as a recognised actor driving policy and legislative debates at European level.
  • Implementation of an IOCs (Indicator of Compromise) pan-European platform.
  • Finding a common set of Contractual Terms and Conditions (T&Cs) between users/operators and third party contractors/vendors to enhance visibility in case of compromised cybersecurity and allow users/operators to act swiftly and increase the security level ahead.


CISO Strategic Committee (CSC)

Top level intelligence sharing among CISOs

Read more

CISOs European Community (CEC)

Policy support to CISO and general information sharing

Read more

Community of Verticals (CoV)

Policy support and networking for the different vertical applications

Read more