Abstract:

Cyber-attacks can be more dangerous to the stability of democracies and economies than guns and tanks,
Jean-Claude Juncker, European Commission President, 2017

Our daily life depends on ICT working seamlessly. The prosperity increasingly depends on ICT and particularly on the stable, responsive and secure Internet. On the other hand, according to 2019 Cyber Threat Report of CyberEdge Group, the success rate of cyber attacks for 2019 is 78% and for 7 countries over 80% of companies are compromised by at least one successful attack in the past 12 months.

Cyberspace should be protected from attacks. Free and safe cyberspace is significantly ensured by governments. Nevertheless, all levels of the users (from beginners to experts and managers) need awareness about potential incidents, malicious activities, and misuse. They need appropriate training.

This paper dials with curriculum design of training in cybersecurity for learners spanning from teenagers to seniors. The authors have experience designing, developing and providing ICT solutions, courses, programmes and training in cybersecurity. The wide range of learning approaches is applicable to a different type of learners and the learning goals (for several user levels: basic, intermediate, advanced, and managers) which have to be achieved. The learning process is based on the design thinking approach. It consists of few steps: Empathize = to know the learner; Define the Problem = to define to what extent the types of cybersecurity activities will be disclosed and trained; Ideate = to look critically and select the competence framework in cybersecurity (based on the European e-Competence Framework, NATO Competence Framework, Competency Model Clearinghouse, and others); Prototype = to develop a training course corresponding to the users’ level (according to revised Bloom’s Taxonomy); Test = Course delivery and adapting to the target group. The results of pilot learning are analysed and tuned for the next training.

Issues relating to cybersecurity exist since the inception of the Internet and became a hot topic during the last decade. The strategies, principles and standards that should guide the cybersecurity policy in EU at both national and international level are defined, but not always affordable to SMEs.

The exponential connection of the devices to the Internet and new online services increase the security problems. The private sector and mainly the small and medium enterprises (SMEs) need support and awareness about potential risk exposure and problems originating from unsecured Net.

The Erasmus+ project REDucing the CYBERsecurity Management Skills Gap in SMEs (2018-1-LV01-KA202-046987) focuses on the cybersecurity risk management for SMEs. The competence framework for managers was developed and six modules defined to be designed and developed. Each module is conceived for a duration of 8 hours and will be accessible from distance learning via a Learning Management System. The modules structure will follow common frameworks and be enriched by a set of scenarios attentively selected by the consortium partners: one from Bulgaria, two from Italy, two from Latvia, one from Switzerland and two from Turkey. The leading partner is from Latvia. The previous experience of the authors will be used in this particular case

Acknowledgments:
This paper is supported by the project REDucing the CYBERsecurity Management Skills Gap in SMEs 2018-1-LV01-KA202-046987 co-funded by the Erasmus+ Programme

Keywords:

Cybersecurity, training, SMEs.