Deliverables

Find all Deliverables produced by CyberSecPro here

Deliverables

Deliverable 2.1

Cybersecurity Practical Skills Gaps in Europe: Market Demand and Analyses

Notice The current version of the deliverable available on our website is the preliminary, submitted version. As of now, it hasn't been officially accepted or reviewed by the commission. Please stay updated with our website for further notices regarding the final, accepted version of the deliverable. We appreciate your understanding and patience.

The CybeSecPro Deliverable D2.1 report investigates the cybersecurity practical skills gaps in Europe and analyses the market demand for these skills. The report acknowledges that a complete list of cybersecurity practical skills can be complex and interpreted differently by EU nations and organisations. For that reason, the report combines them into a list of cybersecurity practical knowledge areas and highly essential practical skills. The deliverable also aims at the market driven and practitioner’s approach, therefore, adopted development methodology combines the practical and applied research, including an integrated research model. This deliverable captures the cybersecurity skill sets needed by the markets, the practical skills offered in the EU academic programmes and the gaps between demand and supply of practical skills. Special attention will be given to the three industrial sectors: health, energy and maritime. The deliverable reflects the outcomes of tasks T2.1 and T2.2.

Deliverable 2.2

Blended CyberSecPro technological training interactive technologies and academic practice

CyberSecPro (D2.1) undertook a market-driven investigation to identify EU cybersecurity industry knowledge and skills. This analysis (D2.2) of CSP partner courses and tools provided significant insights. Out of 81 courses assessed, 52% were undergraduate, 20% graduate, 9% summer school, and 19% professional training. Based on CSP partner offerings and market demand, these courses were divided into in-demand and high-demand knowledge domains. In addition, 64 CSP partner cybersecurity products were evaluated for applicability to different knowledge areas. To determine ENISA role alignment, CSP partner courses were compared to the European Cybersecurity Framework (ECSF). CSP classes covered certain responsibilities effectively, but others poorly. However, several ECSF courses covered numerous knowledge areas, satisfying market demand and frameworks. Recommendations include expanding course variety, promote networking and collaboration between students and cybersecurity professionals. It is also necessary to standardize certifications for courses and tools, and align CyberSecPro program with ECSF to prepare students for ENISA-specified professional careers. Also, the integration of technical and human aspects of cybersecurity with interdisciplinary approaches, ensuring material accessibility, and providing students with easy access to textbooks, research articles, and information-sharing platforms will be needed. Another recommendation for the CyberSecPro program will be a need to update course material and resources often to reflect industry developments and developing technologies, and create a feedback loop with program participants, CSP partners, and industry experts to analyse and implement user software improvement proposals. Meeting these recommendations will make CyberSecPro a diverse and adaptable resource for cybersecurity education for the EU, and meet the everchanging industry standards.

Deliverable 2.3

CyberSecPro Programme Specifications

This deliverable outlines the structure, requirements, and specifications of the CyberSecPro
education and training programme. The main findings of this deliverable are as follows:

By following four selection criteria (namely market demand, relevance to the European
Cybersecurity Skills Framework (ECSF), availability of education and training
resources, as well as importance to the effective protection of European cyber
infrastructure and systems) ten knowledge areas have been identified that will set the
scope of the CyberSecPro education and training programme. By the careful analysis
and selection of these knowledge areas, the general structure of the programme is
established and direction to the CyberSecPro partners in the continuation of the project
provided.
The existing education and training offerings by CyberSecPro partners have been
mapped to the identified knowledge areas, and relevant training modules have been
selected. This ensures that the programme is built upon established resources and
expertise.
The constraints and requirements for the adoption of the CyberSecPro programme have
been analysed, encompassing business, technical, legal, social, and financial barriers.
Solutions to overcome these barriers have been presented, emphasising the need for
strategic planning, effective communication, and persistent efforts. These findings help
anticipate and address potential blockages in the programme’s implementation,
achievement, and validation.
A total of 68 user stories and 461 requirements for the implementation of the dynamic
curriculum management (DCM) system have been developed. These requirements
have been categorised into functional, non-functional, constraint, and supplemental
requirements, with different levels of priority. They will serve as the foundation for the
subsequent stages of development and implementation of the DCM system.
Assessment criteria for the selection of a DCM system have been established, and
available systems on the market have been evaluated accordingly. Moodle has been
identified as the chosen system. An analysis was conducted mapping the previously
identified requirements to Moodle to uncover areas where the system already meets the
requirements and areas where modifications or adaptations need to be made. This
ensures that the chosen system is able to meet the specific needs of the CyberSecPro
education and training programme.

By addressing these key findings, the CyberSecPro education and training programme can be
designed and implemented effectively, providing a comprehensive and relevant training
experience for participants while overcoming any potential challenges

Deliverable 3.1

CyberSecPro Programme Main Components and Procedures

This deliverable outlines the main components and procedures of the CyberSecPro (CSP) programme. This document presents the CSP programme’s general-purpose or model syllabi with its training modules and the Dynamic Curriculum Management (DCM) system. This deliverable reflects the outcomes of tasks T3.1 and T3.2. It focuses on the CSP training modules, model syllabi, templates, and key elements of the individual training modules specifically tailored to the health, energy, and maritime sectors. The online DCM portfolio encompasses various training modules, including general academic courses, online courses, training, workshops, cyber exercise sessions, sector-specific seminars, hackathons, and interactive cybersecurity labs. The outcomes are a model syllabus for CSP’s main 12 generic training modules.

Deliverable 3.2

CyberSecPro Cybersecurity Certification Schema Proposal

The CyberSecPro cybersecurity certification schema proposal acknowledges the
certification scheme unavailability of professional cybersecurity trainings, as well as the absence of a
European Authority for approving both the trainings and the organisations which perform them. On
these grounds, the manuscript sheds light on the certification landscape regarding relevant organisations
and bodies in international and European level. Then, the standards, the criteria, and the processes
regarding professional certifications are thoroughly discussed and assessed. The manuscript concludes
with a proposal of three schemes which namely are:

Scheme A: Sector-agnostic scheme for a professional cybersecurity programme,
Scheme B: Descriptions of the 12 training modules,
Scheme C: Syllabi of the 12 training modules.

The deliverable reflects the Task 3.3 outcomes.

Deliverable 3.3

CyberSecPro Portfolio of Cybersecurity Curricula Targeted to Health

The CyberSecPro (CSP) portfolio of cybersecurity curricula and detailed syllabi targeted the critical sector of healthcare. The report is a collection of CSP training courses designed to enhance the skills of healthcare professionals in the realm of cybersecurity. The content of the syllabi combines CSP generic and sector specific aspects to provide holistic CSP module training for the critical health sector. The deliverable reflects the outcomes of Task 3.4.

Deliverable 3.4

CyberSecPro Bundle of Cybersecurity Curricula for Energy Sector

The CyberSecPro (CSP) Deliverable D3.4 corresponds to the outcomes of T3.5 regarding the “Energy Specific Curricula” with deadline for Month 18. The proposal of this deliverable is to provide a comprehensive cybersecurity programme portfolio targeted to the energy sector and focused on intensifying knowledge and practical skills in line with the current security challenges facing the sector.
Likewise, this deliverable also exposes the methodological process carried out in T3.5. It deals with aligning the syllabi of the 12 CPS generic training modules defined in D3.1 to the particularities of the energy scenarios, adapting and parametrising relevant inputs contemplated in the D3.1 templates to specific use cases and applications. The resulting parametrisation is widely outlined throughout this document, where the Cyber Security Body of Knowledge (CyBoK) framework has continued to be a
reference for the process of integration and adaptation of topics, facilitating the completeness of content.
Additionally, this process is also attributed to the intensive collaboration of the CSP partners who have demonstrated expertise and competencies in the fields of cybersecurity, energy and education. All of this experience, combined with a methodology for aligning with previous works, have certainly helped
to establish the 12 CPS sector-specific training modules in the form of courses, seminars, practical exercises, workshops, summer schools, etc. with the final proposal to showcase its value proposition for the operational phase.

Deliverable 3.5

CyberSecPro Portfolio of Cybersecurity Curricula Targeted to Maritime

Maritime stakeholders are relying on specific systems, namely VMS (vessel monitoring systems), AIS (Automatic Identification Systems) and GNSS (Global Navigations by Satellite Systems) to ensure their movements at sea. They use specific professional tools as port control (PCS) and cargo controls (CCS) systems to monitor their activity and are largely integrated in the overall supply chains with highly interconnected systems that are as many potential sources as possible for threats. The education of maritime stakeholders is broad in addition to the specialists that are operating directly the incident event management and incident response, mostly in close coordination with national administrations (customs, border security forces and port authorities). From the crew of a ship to the CIS information security officer of a company or a harbour, a broad area of training is needed adapted to their needs and skills. Crews of ships must be trained on their specific systems to maintain an ad-hoc security level of their navigation. Shipping companies must ensure that their systems are operating, avoiding major shutdowns as the ones observed on MAERSK in 2017 and CMA CGMin 2021 (the attacks on these companies impacted them with losses estimated at more than 100M€ for each). At least, the security of ships and their navigations systems are crucial to the security of crews that are navigating on them. The following modules described hereafter are proposing seminars, courses and workshop aiming at developing a cybersecurity culture to maritime stakeholders, developing skills to avoid incidents and attacks and reducing risks for the sector. The deliverable reflects the Task 3.6 outcomes.

Deliverable 4.1

CyberSecPro Training Operational Plan

The CyberSecPro Deliverable D4.1 deliverable reflects the outcomes of tasks T4.1 and T4.2 till Month 11. Therefore it outlines the operational scalable offering for the CyberSecPro training modules, which cover the ten prioritized CyberSecPro knowledge areas. Consequently, this deliverable lists all the training modules that each partner intends to develop and offer. These are then grouped into a list of 12 CyberSecPro modules, with various synergies proposed to assist in crafting their syllabi and facilitating their operation. Evaluation forms for trainers and trainees are provided, as well as a methodology for planning and implementing Massive Open Online Courses (MOOCs). Moreover, the deliverable aims at providing mobilization mechanisms in order to attract and engage internal and external trainees and trainers.

Deliverable 4.2

Reports and Training Material on the Cybersecurity Principles and Management Training Modules

This deliverable presents the outcomes of Task T4.3 up to Month 15 (February 2024). Hence, it comprehensively records all CSP modules corresponding to the Cybersecurity Principle and Management Capability implemented by the end of February 2024. Moreover, it describes the context of the documentation task and the documentation methodology including the definition of a record comprising the relevant information per module.

Deliverable 6.1

Dissemination, Communication Plan and Exploitation

This document reports the dissemination, communication and exploitation plan for the CyberSecPro project. The approach is incremental and dynamic and considers the growth of material and experience that the project partners will elaborate. This document also presents the dissemination and communication objectives and approach and lists planned publications and events. It describes the target audience and communication channels we plan to adopt as project. Similarly, the exploitation and innovation approach presented in this document cover business scenarios and models, exploitation approach, knowledge and intellectual property management and protection, and sustainability. Individual dissemination, communication, and exploitation activities from each partner focus on specificities of each partner and how they can contribute to increase the impact of the overall results.