Dr Elżbieta Andrukiewicz

Distinguished expert on information security and cybersecurity. Her main areas of interest are:
 methods for information and ICT security assessments,
 security processes and models’ development,
 information security policy and information security management system development and implementation,
 methods, development and integration of the risk management systems in organizations,
 information and ICT security audits.
 cybersecurity evaluation methodologies
Chair of Technical Committee no. 182 on Data Security in ICT Systems in Polish Committee for Standardization since 2006.
Chair of the Information Technology and Communications Industry Council in Polish Committee for Standardization since 2012.
Expert of the ISO/IEC JTC1 Subcommittee SC27 „Information security, cyber security and Privacy Protection” since od 1997, and editor of International Standards: ISO/IEC 27005 Information Security Risk Management (all 3 editions and 4th edition currently under review), ISO/IEC 27000 Overview and Vocabulary (all 4 editions), ISO/IEC 15408-1 Evaluation Criteria for IT security – Part 1: Introduction and general model (currently under review).
Convenor of SC27/AG-3 (Advisory Group on Concepts and Terminology).
Expert of CEN/CLC/JTC13 “Cybersecurity and Data Protection”, and co-Editor of an European standard EN 17640 Fixed-time Cybersecurity Evaluation Methodologies (in development).
Leading auditor of information security management systems and ICT systems with wide experience acquired in more than 150 security audits conducted in governmental agencies, and various industries including telecommunications, banking, insurance, energy (including one of the largest electro-energy distribution company in Poland) , gas (including the largest Polish pipeline operator), utilities and IT.
Project Manager of several R& D projects. Currently, Project Manager of R&D Projects: “Polish national schema for security evaluation and certification of ICT products” (2018-2021), and “Experimental validation platform for cryptographic algorithms and cryptographic protocols” (2020-2023) “Security framework for 5G network based on multiple providers: specification, implementation and development of evaluation process”, working for the National Institute of Telecommunications – State Research Institute.
ENISA expert since 2017, co-author of several ENISA publications. Rapporteur at the Ad Hoc Working Group on CC certification scheme established by ENISA, and member of the ad Hoc working Group on the Cybersecurity Certification for 5G networks.