About this paper

Appears in:
Pages: 10434-10440
Publication year: 2019
ISBN: 978-84-09-14755-7
ISSN: 2340-1095
doi: 10.21125/iceri.2019.2554

Conference name: 12th annual International Conference of Education, Research and Innovation
Dates: 11-13 November, 2019
Location: Seville, Spain

CYBERSECURITY TRAINING FOR SME: FILLING THE GAP OR CORPORATE STRATEGY?

A. Consoli1, E. Kovatcheva2

1University of Applied Sciences and Arts of Italian Switzerland (SWITZERLAND)
2University of Library Studies and Information Technologies (BULGARIA)
Cyber-attacks can be more dangerous to the stability of democracies and economies than guns and tanks,
Jean-Claude Juncker, European Commission President, 2017

Our daily life depends on ICT working seamlessly. The prosperity increasingly depends on ICT and particularly on the stable, responsive and secure Internet. On the other hand, according to 2019 Cyber Threat Report of CyberEdge Group, the success rate of cyber attacks for 2019 is 78% and for 7 countries over 80% of companies are compromised by at least one successful attack in the past 12 months.

Cyberspace should be protected from attacks. Free and safe cyberspace is significantly ensured by governments. Nevertheless, all levels of the users (from beginners to experts and managers) need awareness about potential incidents, malicious activities, and misuse. They need appropriate training.

This paper dials with curriculum design of training in cybersecurity for learners spanning from teenagers to seniors. The authors have experience designing, developing and providing ICT solutions, courses, programmes and training in cybersecurity. The wide range of learning approaches is applicable to a different type of learners and the learning goals (for several user levels: basic, intermediate, advanced, and managers) which have to be achieved. The learning process is based on the design thinking approach. It consists of few steps: Empathize = to know the learner; Define the Problem = to define to what extent the types of cybersecurity activities will be disclosed and trained; Ideate = to look critically and select the competence framework in cybersecurity (based on the European e-Competence Framework, NATO Competence Framework, Competency Model Clearinghouse, and others); Prototype = to develop a training course corresponding to the users’ level (according to revised Bloom’s Taxonomy); Test = Course delivery and adapting to the target group. The results of pilot learning are analysed and tuned for the next training.

Issues relating to cybersecurity exist since the inception of the Internet and became a hot topic during the last decade. The strategies, principles and standards that should guide the cybersecurity policy in EU at both national and international level are defined, but not always affordable to SMEs.

The exponential connection of the devices to the Internet and new online services increase the security problems. The private sector and mainly the small and medium enterprises (SMEs) need support and awareness about potential risk exposure and problems originating from unsecured Net.

The Erasmus+ project REDucing the CYBERsecurity Management Skills Gap in SMEs (2018-1-LV01-KA202-046987) focuses on the cybersecurity risk management for SMEs. The competence framework for managers was developed and six modules defined to be designed and developed. Each module is conceived for a duration of 8 hours and will be accessible from distance learning via a Learning Management System. The modules structure will follow common frameworks and be enriched by a set of scenarios attentively selected by the consortium partners: one from Bulgaria, two from Italy, two from Latvia, one from Switzerland and two from Turkey. The leading partner is from Latvia. The previous experience of the authors will be used in this particular case

Acknowledgments:
This paper is supported by the project REDucing the CYBERsecurity Management Skills Gap in SMEs 2018-1-LV01-KA202-046987 co-funded by the Erasmus+ Programme
@InProceedings{CONSOLI2019CYB,
author = {Consoli, A. and Kovatcheva, E.},
title = {CYBERSECURITY TRAINING FOR SME: FILLING THE GAP OR CORPORATE STRATEGY?},
series = {12th annual International Conference of Education, Research and Innovation},
booktitle = {ICERI2019 Proceedings},
isbn = {978-84-09-14755-7},
issn = {2340-1095},
doi = {10.21125/iceri.2019.2554},
url = {http://dx.doi.org/10.21125/iceri.2019.2554},
publisher = {IATED},
location = {Seville, Spain},
month = {11-13 November, 2019},
year = {2019},
pages = {10434-10440}}
TY - CONF
AU - A. Consoli AU - E. Kovatcheva
TI - CYBERSECURITY TRAINING FOR SME: FILLING THE GAP OR CORPORATE STRATEGY?
SN - 978-84-09-14755-7/2340-1095
DO - 10.21125/iceri.2019.2554
PY - 2019
Y1 - 11-13 November, 2019
CI - Seville, Spain
JO - 12th annual International Conference of Education, Research and Innovation
JA - ICERI2019 Proceedings
SP - 10434
EP - 10440
ER -
A. Consoli, E. Kovatcheva (2019) CYBERSECURITY TRAINING FOR SME: FILLING THE GAP OR CORPORATE STRATEGY?, ICERI2019 Proceedings, pp. 10434-10440.
User:
Pass: