In December 2020 the European Commission published a proposal to repeal the current NIS Directive (European Directive on Network and Information Systems) and to replace it with a new Directive: the so-called NIS-2 Directive. This post will give an update on the status of negotiations of NIS-2, and will outline the aspects we already know and don’t know about the upcoming Directive’s final form.
Learn how to create your own cyber security awareness plan
11 september 2021 – Cyber Security Coalition
Learn how to create your own cyber security awareness plan
Since a few years, the Cyber Security Coalition has successfully run a training programme called ‘Cyber Security Awareness & Culture Manager’. Last Thursday, the permanent chair of the Coalition’s Awareness Focus Group selected 31 participants for this year’s edition of the training. We congratulate all selected participants for this achievement and we look forward to fruitful interaction in the course, which will kick off on September 21st.
We spoke with Alexandre Pluvinage, Head of Human Security at ING BE & DBNL and creator of the programme.
Your job title is “Head of Human Security”. What does this entail?
When most people hear about IT security, they think about firewalls and antimalware protection. Of course, these are important tools, but you have to put the same effort into human security. More than 90 percent of cyber security attacks against companies are targeting people, for instance with phishing or social engineering. In my role as Head of Human Security, I report to the CISO (Chief Information Security Officer) about these aspects. And I’m glad that more and more companies are having the same approach.
What’s so important about cyber security awareness?
If you’re running a transport company and you’re hiring truck drivers, you’re not giving them the keys to the trucks without verifying whether they have a valid driver’s license and whether they drive safely. But not a lot of organisations verify whether their employees are able to use their IT systems safely. Many aren’t even teaching them safe use of their systems.
A few years ago the number of attacks against companies involving employees was not so significant. Now, especially with the hybrid way of working, these cyber attacks are rife. By doing company tasks on your private computer and the other way around, you’re mixing your private risks with professional risks. Employees should know about these risks, and they should know whom to report to when they notice something unusual.
So how do you start to develop a cyber security awareness roadmap in your organization?
The most important part is: just start with something simple. As soon as you have something, you can build on it and learn from it.
If you want to start raising awareness about cyber security among your employees, download the Cyber Security KIT that the Cyber Security Coalition published. This will help you with password security, phishing, social engineering, customers’ personal data and safely working from home.
You’ve created the ‘Cyber Security Awareness & Culture Manager’ training programme, a certification by the Cyber Security Coalition. Why did you create this?
There are other certifications for cyber security awareness, but I wanted to create a very pragmatic programme. During the various modules you learn how to manage stakeholders, how to change people’s behaviour and so on, but you also apply this knowledge to your own organisation and build a cyber security awareness plan.
So after getting this certification, people can apply the lessons learnt directly in their own organisation?
Exactly. I’m the trainer of the last module of the programme, and in this session everything is put together. And then there’s a final test, where participants present the cyber security awareness roadmap they prepared for their organisation during the programme. This roadmap is validated by a jury of security awareness experts.
You get the certification, which is supported by the Cyber Security Coalition and the Centre for Cyber Security Belgium (CCB), if you can prove that you understood the methodology and you are able to create a security awareness roadmap.
This roadmap should be realistic. For instance, if you’re working for a small company with a tight budget, it’s not realistic to come up with a big plan with all bells and whistles. The plan should fit your organisation.
So if you get this certification, you return to your organisation with a validated security awareness roadmap, but you have also learned how to create it step by step.
Do you want to know more about security awareness? Discover the full programme and download the application form for the ‘Cyber Security Awareness & Culture Manager’ training.
Ransomware – today’s universal cyberworry – is but one aspect of a crime: cyber extortion. Orange Cyberdefense provides some insights into this scourge, based on its ‘Security Navigator 2022’-report.
The Cyber Security Coalition and top cybersecurity trainer SANS Institute joined forces to provide specially needed insights and recommendations on successful cloud security, as well as how to handle cyber security in these times of war.
It is easy to drown in the sea of dire warnings about the danger of AI, in particular to our privacy. The main point is that AI in good trust is possible, but requires solid, long term and well-structured approaches. This session of the Privacy focus group offers some crucial insights and welcome examples.
On computer security day we pay tribute to Ada Lovelace, the forgotten mother of the computer. Often described as the first computer programmer — before computers were even invented — Ada was a real visionary. Imagine what she might have achieved had Babbage actually built his “computer” and she hadn’t died at the age of 36.