Re-Visiting Cyber Security Training in the COVID-19 Era

2021 ◽  
Vol 10 (2) ◽  
pp. 16-20
Author(s):  
Fabio DI FRANCO ◽  
Konstantinos PAPADATOS ◽  
Konstantinos RANTOS

Cyber security training, as many other aspects in our lives, has been adapted to address concerns related to travel restrictions and group gatherings resulting from the COVID-19 pandemic. In this context, ENISA, the European Union Agency for Cybersecurity, had to re-visit and significantly modify its already established course on Information Security Management and ICT security, which is provided under the auspices of the European Security and Defence College (ESDC). The program provides public employees the opportunity to gain the necessary knowledge and skills to assume an Information Security Management role. The restructured course was introduced to address the COVID-19 restrictions and has proven to be equally effective to the classroom-delivered course, if not more effective at some parts. This paper presents the main structure of the fully online training, its innovative elements, and the assessment results which prove that COVID-19 pandemic has triggered the introduction of innovative and successful on-line training scenarios.

Information ◽  
2021 ◽  
Vol 12 (10) ◽  
pp. 398
Author(s):  
Latifa Alzahrani ◽  
Kavita Panwar Seth

Information explosion and pressures are leading organizations to invest heavily in information security to ensure that information technology decisions align with business goals and manage risks. Limited studies have been done using small- and-medium-sized enterprises (SMEs) in the manufacturing sector. Furthermore, a small number of parameters have been used in the previous studies. This research aims to examine and analyze the effect of security organizational practices on information security management performance with many parameters. A model has been developed together with hypotheses to evaluate the impact of organizational practices on information security management performance. The data is collected from 171 UK employees at manufacturing SMEs that had already implemented security policies. The structure equation model is employed via the SPSS Amos 22 tool for the evaluation of results. Our results state that security training, knowledge sharing, security education, and security visibility significantly impact information security performance. In addition, this study highlights a significant impact of both security training and knowledge sharing on trust in the organization. Business leaders and decision-makers can reference the proposed model and the corresponding study results to develop favourable tactics to achieve their goals regarding information security management.


2021 ◽  
Vol 1 (2) ◽  
pp. 30-37
Author(s):  
Dominika Lisiak-Felicka ◽  
Pawel Nowak ◽  
Maciej Szmit

The article is devoted to the issues related to an information security management in medical entities. The healthcare entities have been amongst the prime targets for hackers for several years. According to the IBM report “The 2016 X-Force Cyber Security Intelligence Index” in 2015 most of the attacks were carried out against these entities. The years 2016 and 2017 also witnessed spectacular cyberattacks, for example: medical records breach of 3.3 million people because of an unauthorized access to a server in the US, some WannaCry ransomware attacks on the UK hospitals, some MongoDB Database Leaks in the US or NotPetya ransomware attacks in the US hospitals. Entities performing medical activity are processing personal data concerning health that is classified as a “sensitive data” and needs a special protection. The article presents the results of the survey – interviews with IT managers (or designated persons) in entities performing medical activity in Lodz Voivodeship in Poland. The aim of the research was analysis and evaluation of information security management in these entities. The interviews had been performed between December, 2017 and January, 2018. As the results of the research, the ways of information security management were identified (in particular such aspects as: characteristics of the information security teams, information security management system auditing, risk management, information security incidents, budgets for information security, training and the General Data Protection Regulation implementation). The paper also describes the types of information that should be protected in healthcare entities and characteristic of surveyed entities that subordinate to the local government of Lodz Voivodeship in Poland.


Sign in / Sign up

Export Citation Format

Share Document