"Understanding Cloud Solutions for All": 4th week of #CyberSecMonth

Back to News

We are running the 4th week of the ECSM dedicated to understanding secure use of cloud.

This week the following related material is provided for all:  

 

1. ENISA’s work on secure Cloud adoption

This year ENISA published a set of guidelines to help SMEs make an informed decision before choosing a cloud service, which is also provided as a tool! For more information please visit here.

For short recommendations and the essential questions to ask before 'going cloud' visit the following link. The information is available in all EU 23 languages. 

ENISA also plays an important role in giving stakeholders an overview of the information security risks when ‘going cloud’. ENISA’s Cloud Security Risk Assessment is widely referred to across EU Member States and outside the EU. ENISA follows up on this by focusing on procurement and criticality of cloud services.

2. Published today #CyberSecMonth

Just released: report on the “Status of privacy and NIS course curricula in Member States

The work in this report follows up on previous efforts and suggested recommendations from 2013- 2014 by ENISA. Objectives of this report are:

  • to identify gaps between available training courses, certifications and NIS education needs with particular emphasis on ePrivacy
  • to suggest further actions based on the analysed needs of NIS communities in Europe

 

From the desktop research, the focus for most of the courses that included privacy appeared to be in computer science, computer security, information security, cybercrime and the cyber security area. However there were a number of courses which included privacy law (Information Technology, Commercial, Corporate, Communications and Property), marketing and ethics. For several reasons, it may be, that privacy is an area that only relatively lately is gathering attention, compared for example to Network and Information Security. However this idea would require further future research to be proved.

Within this context, existing Massive Open Online Courses (MOOCs) were also looked into. In terms of MOOCs, the offer around the subject of privacy and data protection is limited in general, and there is a particular lack of MOOCs in the European context both in terms of delivery by European Universities/Institutes and covering privacy and data protection legislations and debates at a European level. Furthermore, MOOCs and serious games are a path which is being explored as a practical way to transfer knowledge, support learning, raise awareness, offer professional training and unveil controversial issues and practices surrounding privacy and data protection. 

ENISA’s recommendations on MOOCs courses

In the final section of the report, recommendations are provided for EU level organisations, e.g. University networks, users’ coalitions and multipliers, education institutions, and also at the Member State level organisations e.g. education institutions, NGOs, think tanks, governments.

Key recommendations include:

  • Consider exploring serious games not only for raising awareness but also as a training ground for first-responders and other professionals.
  • The report has highlighted that privacy does not seem to feature in titles of undergraduate degree courses and further research would be required to understand why.
  • Consider to invest in MOOCs with a NIS focus, in particular addressing the issue of privacy-by-design and European legislation. We highlighted that some of the existing MOOCs are available in national languages, this is clearly an advantage and a best practice. The report has highlighted that there is scope for some specific MOOCs relating with issues currently debated at a European level. There is a general lack on privacy and data protection MOOCs in the EU context, however this delivery opportunity could be better exploited also via existing supported platforms (i.e. OpenUpEd and EMMA).
  • Consider promoting the creation of multiple such quizzes using as basis or parts of the ENISA quiz in order to raise awareness by participating in the spread of general quizzes and awareness month.

 

User education is key in cyber security

At the same time, ENISA has further developed a quiz (to be officially launched on Monday 26.10) to test user’s knowledge in network and information security while at the same time to disseminate best practices and knowledge from all its reports. The version 1.0 will use a better gamified approach. A relevant addition to this year’s quiz are the Cyber Security Month badges, following the model from serious games, which are awarded upon completion of the quiz and which participants can share on social media. The use of badges is also one of the measures adopted for supporting the full completion of the quiz by a larger number of participants.  


For more on the subject areas and press enquiries please contact press@enisa.europa.eu Tel. 2814 409 576

European Cyber Security Month: during October, find out how to be safe online

 

Background: European Cyber Security Month (ECSM) is an EU advocacy campaign that promotes cyber security among citizens and advocates for change in the perception of cyber-threats by promoting data and information security, education, sharing of good practices and competitions. The European Union Agency for Network and Information Security (ENISA), the European Commission DG CONNECT and Partners are deploying the European Cyber Security Month every October. Metrics: 30 countries involved in the initiative in 2014, displaying an increase from 2013 with 24 countries participating.

 

 

October is Cyber Security Month! Follow #CyberSecMonth #ENISA

Visit: www.cybersecuritymonth.eu