Cybersecurity Policies and Practices in the EU – for non-IT Experts (Full Course)

European-Cyber-Security-Month-logo

Project number: 2051801

- Online Course -

Request brochure

Date & pricing

28/10/2020 - 05/11/2020
Register before: 26/10/2020

€ 800,00 per attendee

€ 720,00 for EIPA members*

Cybersecurity Policies and Practices in the EU – for non-IT Experts (Full Course)

From:  720,00

This four mornings training focuses on the policy aspects of cybersecurity, covering cybersecurity standards in the EU, how to adopt them and put them into practice. The course is offered entirely online and you will be able to decide whether to complete two modules or one.

About this course

This four mornings training focuses on the policy aspects of cybersecurity, covering cybersecurity standards in the EU, how to adopt them and put them into practice. The course is offered entirely online and you will be able to decide whether to complete two modules or one. At the end of the course, you will receive a Certificate of Attendance (CoA).

Over the past decades, Internet and Information and Communication Technologies (ICTs) have had a profound impact on our daily lives, becoming an integral part of our institutional and social fabric. The supply of critical services across many sectors, including emergency and security services, health, water and food, energy and electricity, banking and finance, commerce, transportation, communications and education is now heavily reliant on ICTs. Our reliance on internet and digital technologies makes us more vulnerable to new threats, including cybersecurity attacks. These threats put the provision of critical services, as well as the EU’s economies, at risk and ultimately compromise the security and fundamental rights of EU citizens.

Breaches of information security are a major threat to the functioning of our society, jeopardizing public services, businesses and the economy. Under the EU regulatory framework (e.g. GDPR, NIS, Cybersecurity Act) our cyber security risks need to be evaluated and security controls need to be implemented in the Information Systems of our infrastructures, where all procedures, personal data, people and objects are stored and exchanged in a secure manner. To plan and implement efficient security policies and to comply with the EU regulations, public authorities, organizations and professionals need to raise their cybersecurity awareness and fully develop the necessary skills. Professionals need to be aware of the various cybersecurity standards (e.g. ISO27001, ISO 27005, ISO 28000, ISO15408) and procedures that can help them to become compliant with the EU regulations and protect their daily work, organization and sector.

This training focuses on the policy aspects of cybersecurity, covering cybersecurity standards in the EU, how to adopt them and how to put them into practice. This unique program brings together the experience of cybersecurity, security, EU policy and public administration experts to provide a practical understanding of the challenges related to designing and implementing cyber-proof policies within organizations and sectors. The training is designed specifically for non-IT professionals, with the objective of providing participants with the knowledge and skillset necessary to deal confidently with cybersecurity measures within their sectors and organizations.

What is our approach to online teaching and learning?

The delivery of our online training programmes is planned following the input of our online pedagogy specialists, to provide you with a high quality and effective educational experience. In this online training, we adopt a comprehensive approach, combining an in-depth overview of the legislative and policy-considerations to be taken into account when formulating cyber-resilient measures, and practical training. We will provide practical guidelines and use case studies, good practices and hands-on simulation exercises to allow you understand, design, adopt and implement good cybersecurity measures, in your work, organization and sector. After this training, you will be able to use all the materials and practical exercises for your work. Whether you are a policymaker, interested in incorporating cyber resilience in your policies, or a professional who wants to make his/her work and organization safer, this training is designed for you.

The programme of this online course is divided into two modules to offer you flexibility in adapting it to your needs. Module 1 focuses on the legal and policy dimension of cybersecurity in Europe and offers you an in-depth overview of the fundamental concepts in cybersecurity, in order to understand relevant EU directives, guidelines, regulations. Module 2 will offer you a practical training (no IT expertise required) on how to design and implement cybersecurity policies and practices to protect your daily work, organization and sector. If you prefer to attend just one of the modules, you can click on Module 1 or Module 2.

Who will benefit most?

Recent reports warn us about cybersecurity skills gaps, among non-IT experts across all sectors in the EU, including public officials, lawyers, administrative staff, healthcare professionals, database managers. The course is relevant for public officials, legal practitioners, database managers, professionals in the private sector.

Once you register, we will ask you for details about your own professional sector. We have over 20 case studies and will select the case studies on the basis of your individual needs.

What you will learn in this course

 

Participants attending the course will master the following concepts and skills:

  • Cybersecurity: fundamental concepts and knowledge;
  • Legal and policy aspects of cybersecurity in the EU: EU directives, guidelines, regulations, initiatives
  • Assessing cybersecurity risks: identifying threats, vulnerabilities and impact, in various critical sectors e.g. including emergency, health, water and food, energy and electricity, banking and finance, commerce, transportation, communications and education
  • Cybersecurity management and governance: bodies involved, processes and policies to manage cyber risks;
  • Crisis communication, business continuity and disaster recovery planning;
  • Prevention: the components of comprehensive cybersecurity policies
  • Formulating policies to strengthen cybersecurity resilience: how do I design policy measures to make my sector/organization cyber resilient?

 What else will you learn from joining this course?

All the sessions of this course are live streamed, through secure connection, to facilitate real-time interaction with our experts and other participants. In addition, by joining this course, you will have access to:

  • Four Master Classes on cybersecurity
  • Membership to an international network of professionals, for peer-learning and exchanging best practices. Please note that joining the network is optional
  • Certificate of Attendance

Note for participants: This training can be complemented with a follow-up activity, tailored to specific your specific sector and needs. If you are a policy officer, or civil servant working in a specific sectoral or geographical area, please get in touch to know your options. If you are interested in this training, but the dates do not match with your commitments, do please let us know and we will keep in touch with updates on future editions.

Clara Cotroneo

Clara Cotroneo

EU Internal and External Security / EU Public Sector Management

Nineta Polemi

Nineta Polemi

University of Piraeus, Dpt. of Informatics
Associate Professor of Cybersecurity , Founder of Security Research Lab

Haris Mouratidis

Haris Mouratidis

Centre for Secure, Intelligent and Usable Systems (CSIUS) at the University of Brighton
Professor of Software Systems Engineering and founding Director

Jakub Boratyński

Jakub Boratyński

Directorate CNECT H, Digital Society, Trust and Cybersecurity
Acting Director

Ken Ducatel

Ken Ducatel

Information society policy

Practical information

Online Course
For this online course we make use of Zoom

Programme Organiser
Ms Juliette Mollicone-Boussuge
Tel: +352 426 230 304
j.boussuge@eipa.eu

Discounts
EIPA offers a discount to all civil servants working for one of EIPA’s supporting countries, and civil servants working for an EU institution, body or agency.

Who are the supporting countries?
Civil servants coming from the following EIPA supporting countries are entitled to get the reduced fee: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Spain, Sweden, United Kingdom.

For all other participants, the regular fee applies.

Payment
Prior payment is a condition for participation.

Cancellation policy
For administrative reasons you will be charged € 50 for cancellations received within 7 days before the activity begins.

EIPA reserves the right to cancel the activity up to 1 week before the starting date. In that case, registration fees received will be fully reimbursed.

I have a question

Course > I have a Question

The programme

Module 1 – Part 1: The issue of cybersecurity: European challenges and standards
08.30 Welcome and introduction to the online seminar
Clara Cotroneo, Lecturer, EIPA Maastricht
09.00 Cybersecurity, privacy challenges and EU actions
Jakub Boratynski, Acting Director, Directorate-General for Communications Networks, Content and Technology, DG CONNECT, European Commission Brussels (BE)
9.45 Q & A session
10.00 The EU cybersecurity threat landscape

  • Overview of emerging cyber threats in Europe
  • Affected sectors
  • Shaping a more secure digital future in Europe
  • Effective cooperation against cyber threats

Clara Cotroneo

10.45 Break and virtual networking
11.00 Fundamental concepts and the EU Cybersecurity environment
Basic definitions and concepts; EU Cybersecurity stakeholders (e.g. ENISA, CSIRT-network, NIS Cooperation Group, EU cybersecurity agencies)
Dr Nineta Polemi, Associate Professor, University of Piraeus, Dpt. of Informatics, Piraeus (GR)
11.45 Group discussion
12.00 Threat Landscape according to standards

  • Understanding the cyber and physical threats, vulnerabilities.
  • Introduce ISO2700x family, ISO15408, sectoral cybersecurity standards

Nineta Polemi

12.45 Q & A session and end of the first day

 

Note: Before the next session (Friday morning) all participants will complete a multiple-choice quiz to check their understanding (optional)

Module 1 – Part 2: The issue of cybersecurity: European challenges and standards
08.30 Feedback on the assignment- Q&A
09.00 Introduction to Security Management

  • Estimating risk levels and mitigation measures based on ISO27005
  • Efficient cybersecurity governance model based on ISO27001

Nineta Polemi

10.00 Break and virtual networking
10.15 The EU regulatory cybersecurity framework in practice
Explain in practical terms the EU cybersecurity directives e.g. NIS, GDPR
Nineta Polemi
11.15 Cybersecurity Certification – Certification Act
The Cybersecurity act and policy responses in different sectors
Nineta Polemi
12.15 Break and informal questions session
12.30 How Cybersecurity is managed at the European Commission
Ken Ducatel, Director for IT Security, European Commission, DG Informatics
14.00 Q & A session and end of the second day

 

Extra lectures available online to participants

At the end of the first week, you will have access to two extra online Master Classes. These lectures are optional and accompanied by optional readings and quizzes. You will be able to access and watch these lectures any time during the course.

Master Class 1 Digital Transformation and Cybersecurity: the current challenges to keep in mind
Master Class 2 Handling confidential and sensitive data
Module 2 – Part 1: Cybersecurity in practice
09.00 People the weakest cybersecurity and privacy link
The relations between human activity, cybersecurity and privacy will be explored. Examples of breaches related to human actions will be presented: In particular intentional and not intentional cybersecurity threats and attacks and their impacts to the organizations
The session includes a practical exercise for all participants.
Dr Haris Mouratidis, Director, Centre for Secure, Intelligent and Usable Systems, University of Brighton, Brighton (UK)
10.30 Break and virtual networking
10.45 Personal Hygiene for Cybersecurity and Privacy
What type of measures a simple user can undertake? Examples from Bring your own device (BoD) will be provided together with a short introduction on some guidelines for personal informational security and privacy.
Haris Mouratidis
12.00 Guided in-class exercise on Personal cybersecurity and privacy hygiene
Focus on personal experiences and present at the end
Small groups of participants
12.45 Q & A session
13.00 How do I create cyber security policies and procedures for my sector/organization? The starter tool kit
Clara Cotroneo
13.45 End of the third day
Module 2 – Part 2: Cybersecurity in practice
09.00 Cyber Security Incident Handling
Incidents can disrupt an organization, businesses and supply chains; business continuity plans and disaster recovery plans will ensure that organizations can respond and continue their operations.
Examples from governmental disruptions.
Haris Mouratidis
10.30 Break
10.45 Guided Exercise on Business Continuity and disaster recovery plans
Haris Mouratidis
11.30 Mini in-class project
It will cover the overall understanding of the seminar (the trainees will have the next 60 minutes to return their responses)
12.45 Feedback and discussions
13.00 Final networking and set-up community of practice
End of the online seminar

 

Extra lectures available online to participants

At the end of the second week, you will have access to two extra Master Classes. These lectures are pre-recorded and accompanied by optional readings and quizzes. You will be able to access and watch these lectures any time during the course.

Master Class 3 I am a Data Protection officer: which are my responsibilities?
Master Class 4 Cybersecurity planning guide