There is a concern in the energy sector about the low level of cybersecurity training in the company staff, what it is considered a risk in the security of the company and in the infrastructures they operate.
The standard IEC-62443-2-1, considers that security awareness for all personnel is an essential tool for reducing cyber security risks. Companies are aware that they need to improve the cybersecurity competences of their employees, especially those that are operating the most critical assets. However, cybersecurity training cannot be done in an improvised way, when the company or society has suffered some type of cyber-attack, nor can it be left to the employees themselves. It is necessary to define and deploy in the organisation a set of processes and practices to provide to each employee an awareness and training in cybersecurity specific to its working activity.
SDN-microSENSE addressing this challenge has developed a Cybersecurity Awareness and Training Model and an Evaluation Tool to help energy companies to improve their cybersecurity training processes. The model establishes the set of processes and practices that must be deployed in the company to manage the cybersecurity awareness and training of its personnel, and the evaluation tool helps to assess the level of maturity reached by the company in the deployment of these processes and practices. Furthermore, a competency framework has also been developed with a set of cybersecurity knowledge, skills and abilities to be adopted by the people according to their working role
Cybersecurity Awareness and Training Model and the Evaluation Tool defined in the context of SDN-microsense project is composed by three main components:
1. Cybersecurity Capability Maturity Model
2. Cybersecurity Competency Model
3. Evaluation tool
In this newsletter we are presenting the first component you can find more information about the developed solutions at the project website.