The COMPACT project has completed the component evolution plan for its platform thus reaching milestone 3 in the project. This plan represents a great development on what the COMPACT platform will be, as the project receives positive feedback in its first review. The partners in the project bring to the table several components falling into the four categories of tools and services constituting the COMPACT solution: Risk Assessment, Security Awareness Training, Cybersecurity Monitoring, and Knowledge Sharing Services. Because COMPACT aims to integrate different pre-existing solutions, it is necessary to define and implement changes to evolve them and enable them to work together, while satisfying specific requirements and needs of Local Public Administration. The components’ upgrade is already underway in preparation for the demonstration stage starting in November 2018. The COMPACT components are: Risk Assessment RATING – Risk Assessment Tool for INtegrated Governance, an online self-assessment tool providing to LPA personnel the level of risk in relation to a predefined set of basic cyber threats. TO4SEE – Social Engineering Exposure Evaluation Exposure, a tool for measuring knowledge improvements regarding techniques of e-mail phishing. Human Factor Profiling – a survey instrument to investigate individual human factors that influence security-relevant behaviour in terms of compliance and participation. Security Awareness Training OPENNESS.edu – a solution based on LMS Moodle for LPA employees’ training. SOLE – Silensec Online Learning Environment, a cloud-based platform used for delivery of security training courses on virtual machines. KIPS – an awareness-training programme based on learning by doing with real-time training sessions. ASAP – Active Security Awareness Platform, a security awareness platform focusing on active testing of end users, simulating real scenarios and attacks. Cybersecurity Monitoring SOC – Security Operations Centre, a platform with real-time monitoring capabilities through advanced Security Information and Event Management. OpenIntel – a cyber-threat intelligence sensor and platform providing organisations tools and information to proactively manage cybersecurity risks. BP-IDS – Business Process based Intrusion Detection System, a monitoring solution aiming to detect incidents on technology-enabled infrastructures. SENTINEL – a tool allowing identification of malware related with the organisations’ web servers. Knowledge Sharing Services CyberConnector – COMPACT Information Hub, an online space open to private organisations, public administrations, CERTs, law enforcement agencies and individuals to create and enhance collective knowledge to improve cybersecurity. OpenIntel-MISP – offering integration between the COMPACT platform and the Open Source Threat Intelligence Platform & Open Standards For Threat Information Sharing, for sharing of Indicators of Compromise, currently used by more than 6,000 organisations worldwide. COMPACT will provide a unified dashboard to provide a single point of access to all of COMPACT’s services with a user-friendly interface suited for non-IT workforces in Local Public Administration. The evolution plan encompasses two major releases according to the project timeline. The first release is planned for October 2018 and the second for April 2019, in line with the validation and demonstration activities to be carried out in Work Package 5 - Validation and Demonstration in Operational Environment.
cybersecurity, local public administration, awareness, training, threat monitoring and detection, risk assessment, information sharing
Austria, Belgium, Germany, Spain, Italy, Portugal, United Kingdom