About this paper

Appears in:
Pages: 2367-2373
Publication year: 2019
ISBN: 978-84-09-12031-4
ISSN: 2340-1117
doi: 10.21125/edulearn.2019.0639

Conference name: 11th International Conference on Education and New Learning Technologies
Dates: 1-3 July, 2019
Location: Palma, Spain

A NEW APPROACH FOR IMPLEMENTATION THE EU NIS DIRECTIVE IN ROMANIAN INSTITUTIONS – INFORMATION SECURITY MANAGER TRAINING PROGRAM

A.M. Udroiu

National Institute for Research and Development in Information (ROMANIA)
As part of the EU Cybersecurity strategy the European Commission proposed the EU Network and Information Security Directive. The NIS (Network Information Security) Directive (see EU 2016/1148) is the first piece of EU-wide cybersecurity legislation. The goal is to enhance cybersecurity across the EU. Romania has some legislation about information security and cybersecurity such as Decision no. 271/2013 for the approval of the Cyber Security Strategy of Romania and the National Action Plan on the Implementation of the National Cyber Security System published at 25 March 2013. In this context, the NIS Directive successfully complements the legislative framework in the field of cyber security.

The Information Security Manager training program represents a part of strategy to implement NIS Directive in Romanian institutions, because it is very important to institutions has a qualified human resource to implement this Directive. In this context, National Institute for Research and Development in Informatics (ICI - Bucharest) develops, through Lifelong Learning Centre, the CISO program focused on specialization in information security.

The Information Security Manager training program addresses people who design, develop and manage the security of organizational information and who have experience in areas such as Information Security Governance, Information Risk Management, Development of the information security program, Information security program management and Incident management.

The competencies obtained after graduating from the training program are:
• Establishment of strategy and management in the field of information security, harmonized with the strategy of the organization,
• Planning, designing, implementing and evaluating the information security management system based on risks and requirements
• Designing the organization's security measures in accordance with the risk analysis of information security
• Integrate information security requirements at the organization level set out in third-party contracts and activities and so on.

The program consists of 6 training modules, with a duration of about 40 hours, with a weekly distribution, but accessible according to the student's needs. Each module contains a theoretical, interactive module that uses game-based self-learning methods, interactive phrases puzzles, and an application part with problem-solving methods based on scenarios the student needs to solve.

These training modules are:
• Module I – Information security – basic concepts
• Module II – Information security Management system (ISMS. Designing
• Module III – Risk Management
• Module IV – Designing security measures for implementing the ISMS
• Module V - Information security Management system. Implementing
• Module VI - Monitoring, evaluation, improvement of ISMS.

In the future we intend to certify this course at national level and to align with the national occupational standards on information security management system.
@InProceedings{UDROIU2019ANE2,
author = {Udroiu, A.M.},
title = {A NEW APPROACH FOR IMPLEMENTATION THE EU NIS DIRECTIVE IN ROMANIAN INSTITUTIONS – INFORMATION SECURITY MANAGER TRAINING PROGRAM},
series = {11th International Conference on Education and New Learning Technologies},
booktitle = {EDULEARN19 Proceedings},
isbn = {978-84-09-12031-4},
issn = {2340-1117},
doi = {10.21125/edulearn.2019.0639},
url = {http://dx.doi.org/10.21125/edulearn.2019.0639},
publisher = {IATED},
location = {Palma, Spain},
month = {1-3 July, 2019},
year = {2019},
pages = {2367-2373}}
TY - CONF
AU - A.M. Udroiu
TI - A NEW APPROACH FOR IMPLEMENTATION THE EU NIS DIRECTIVE IN ROMANIAN INSTITUTIONS – INFORMATION SECURITY MANAGER TRAINING PROGRAM
SN - 978-84-09-12031-4/2340-1117
DO - 10.21125/edulearn.2019.0639
PY - 2019
Y1 - 1-3 July, 2019
CI - Palma, Spain
JO - 11th International Conference on Education and New Learning Technologies
JA - EDULEARN19 Proceedings
SP - 2367
EP - 2373
ER -
A.M. Udroiu (2019) A NEW APPROACH FOR IMPLEMENTATION THE EU NIS DIRECTIVE IN ROMANIAN INSTITUTIONS – INFORMATION SECURITY MANAGER TRAINING PROGRAM, EDULEARN19 Proceedings, pp. 2367-2373.
User:
Pass: