The Municipality of Amadora - LPA representation in COMPACT
Amadora is a Portuguese city belonging to the District of Lisbon, a region of Lisbon and sub-region of Greater Lisbon, with 175 136 inhabitants, being the fourth most populous city in Portugal. It is home to one of the smallest municipalities of Portugal, with only 23.79 km² but 175 136 inhabitants (2011), being the most densely populated of the country, being subdivided into six parishes. The municipality is limited to the northeast by the municipality of Odivelas, to the southeast by Lisbon, to the south and west by Oeiras and to the west and north by Sintra.
The Municipality of Amadora (CMA) participation
Meeting the objectives outlined in the application for the project Work Packages, the municipality of Amadora intends to contribute to:
- Ensure the adequate implementation of the activities, the achievement of the project goals and the quality of the project deliverables, within budget and scheduled deadlines
- Participate in Studies aiming to understand how LPAs employees perceive cyber security and what do they know about this issue
- Validate and communicate the results of tests developed in a controlled environment, using the COMPACT technologies.
- Promote the COMPACT results (website, Intranet, Municipal Bulletin ….)
- Contribute to the definition of an effective exploitation strategy;
Prior to the beginning of the participation in COMPACT, CMA had already initiated an analysis of the degree of knowledge of its users, regarding information security and cybersecurity, in general scope and in work context.
Within this study, at the end of 2017, CMA launched a survey released to 750 users.
200 users responded, accounting for 26.67% of the universe of users.
From the questions presented, 13 are related to general knowledge and behaviour associated with personal aspects and 11 are focused on the work context.
Main conclusions of the study:
The respondents consider understanding the importance of safeguarding information (including personal information), the threats they face when accessing websites, the threats of identity theft, etc. However, the respondents demonstrated some difficulty in understanding the danger of opening e-mails attachments/links or in downloading documents from websites.
In 2019 CMA will launch the same survey and analyze the evolution of the situation.
CMA also participates, in close contact with the Portuguese partner INOV, in the definition of three use cases focusing on:
- Channelling the information
There is a limited success scenario for a cybersecurity awareness campaign mainly because of the difficulty of disseminating information internally and the lack of information regarding other similar initiatives in other municipalities.
- Supporting standards-based ISMS implementation
After several attempts of attack, LPA decides to implement security standards, due to several weaknesses identified, lack of training of workers and obsolescence of servers
- Monitoring GDPR compliance
With the date of entry into force of the General Data Protection Regulation (GDPR), CMA will begin to implement measures to ensure its correct implementation, safeguarding the principles of the Regulation, in order to protect data personal property of its clients
The expectations of the municipality of Amadora, regarding this project, fall back into the following topics:
- Innovation Project
- Real-Time Security Monitoring
- Security Awareness Training and Information sharing
- Cybersecurity Awareness Training, based on Gamification principles
- Risk assessment
- Threat intelligence
- Improvement of ISO 27001 Implementation