COMPACT Tries the Trials
The COMPACT project is developing a set of training tools in order to cover different aspects of cybersecurity: from “Risk Assessment” and “Security Awareness Training” to “Cyber Security Monitoring” and “Knowledge Sharing”. The ultimate goal of these activities is to inform and raise attention about cybersecurity issues among the LPAs’ staff, enabling their improvement in this respect, both at work and (why not?) at home. However, what is peculiar about this is the gaming approach to training: Civil Servants shall have to deal with such online courses in a very untraditional way. In our mind, this will definitely raise their motivation and interest.
The COMPACT platform has been designed to fulfil all LPAs requirements and provide them with something usable and effective. Therefore, it will be of the utmost importance that every Administration involved in COMPACT tests these technological assets. In fact, every tool developed in COMPACT will be tried in at least one LPA, sometimes in multiple locations and in different languages. These COMPACT trials will occur in the operational environments of the five participating Municipalities: i.e. Afragola (IT), Amadora (PT), Bologna (IT), Bremerhaven (DE) and San Sebastian (ES).
The learning materials will be tested from December 2018 for six months on 2 rounds of three month-trials. They are based on the same scenarios already defined in COMPACT and will involve the same participants. These scenarios have been identified by every Administration and are meant to depict potentially dangerous situations, in terms of vulnerability to cyber-attacks, that LPA clerks (but not only them) might face while on duty. More precisely, they were conceived as storyboards for the training tools to be tested in this phase.
The topics covered by the scenarios and being transferred into the training tools are: Channelling the information, Improvement of network monitoring through the use of additional tools, Overcoming psychological barriers, Securing ubiquitous Smart Working: identification of residual risks, Supporting interaction between expert and non-expert employees, Protecting against bad habits in the work place, Supporting standards-based ISMS implementation, Monitoring GDPR compliance, Achieving compliance in risk management, Continuous and adaptive improvement of cybersecurity awareness.
This means that civil servants will be trained on cybersecurity issues, starting from some very realistic situations they might face at work. Moreover, through gamification, their motivation and interest should be higher. A subsequent fine-tuning phase between the two rounds of tests will allow tool providers to improve or adapt the products to the emerging needs of the LPAs during the first trial.
The validation of this set of trials will be carried out by means of interviews, questionnaires and focus groups involving the participants from each LPA. Besides, in order to provide additional objective means of assessing the achievements of the project, we have mapped them into specific S.M.A.R.T. (Specific, Measurable, Achievable, Realistic and Timely) Objectives (SO). Thus, the activity goals will be verified by the respective Key Performance Indicators (KPIs). This will allow a quantitative as well as a qualitative evaluation.
The outcomes of this testing phase will be used for dissemination, notwithstanding the possibility of communicating them to a wider audience by means of specialised channels.
Based on this experience, all the partners involved in the project will act as active players so that COMPACT outcomes might be of use not only for LPA staff, but also for private companies and institutions. Hopefully, this will help employees raise their awareness concerning their own (cyber)security.
MUNICIPALITY OF BOLOGNA (BOL)