DIGITAL LIBRARY
CYBER-SECURITY AWARENESS FOR SME MANAGERS
1 SUPSI - University of Applied Sciences and Arts of Southern Switzerland - Scuola Universitaria Professionale della Svizzera Italiana (SWITZERLAND)
2 University of Library Studies and Information Technologies (BULGARIA)
About this paper:
Appears in: ICERI2020 Proceedings
Publication year: 2020
Pages: 7287-7296
ISBN: 978-84-09-24232-0
ISSN: 2340-1095
doi: 10.21125/iceri.2020.1559
Conference name: 13th annual International Conference of Education, Research and Innovation
Dates: 9-10 November, 2020
Location: Online Conference
Abstract:
The use of new technologies brings about new opportunities for enhanced business performance and operations as well as introduces information security and privacy risks. Addressing these risks plays a significant role regarding success and development of business nowadays, as growing security threats may potentially disrupt business continuity and cause monetary, reputational and other types of losses to SMEs. The European Union Agency for Network and Information Security (ENISA) provides a set of relevant recommendation regarding how to increase the adoption of cyber-security in SMEs. In terms of these necessities, it is important to determine and mitigate risk to an acceptable level and maintain risk lever for an integrated cyber risk management.

The SMEs are required to assess the threats and opportunities, which affect their information systems, and the developments in current information technologies, publishing and creating of business information via internet. Also social media tools being a part of basic marketing strategies of SMEs make them generally more fragile against cybercrimes and attacks.

Since cyber-risk management and assessment are considered as backbones of a secure IT environment, the presented Erasmus+ project RedCyberSG: REDucing the CYBERsecurity Management Skills Gap in SMEs 2018-1-LV01-KA202-046987 aims to improve cyber-security management skills of SMEs by filling gaps in SMEs in partner countries and to provide a comprehensive guide for integrating best practices into their procedures in order to mitigate cyber-risk.
This paper describes the authors’ experience in creating vocational education training under the RedCyberSG project. The project phases are identification of cybersecurity management skill gaps; identification of the competences for gaps decreasing and creation of competence framework; design and development of training modules: Identify the Market and Compliance with Cybersecurity Laws and Legislations, Identifying the cybersecurity risks, Analyzing cybersecurity risks in SMEs, Prioritizing the cybersecurity risks, Responding to cybersecurity risks, Monitoring the cybersecurity risks.

The developed training provide awareness of cyber-security of SMEs and try to increase the awareness level with organizational measures.
Keywords:
Cyber-security, training, VET training.