Slovenia (SI)

Slovenia implemented its Cyber Security Strategy -  Establishing a system to ensure a high level of cyber security in 2016.

The strategy covers the following strategic goals in the ENISA self-assessment classification: Cybercrime, security with privacy balance, citizen awareness, critical Information infrastructure protection, international cooperation, incident response capability, institutionalised form of cooperation between public agencies, incident reporting mechanisms, cybersecurity exercises, training and educational programmes

Under the 2016 strategy, Slovenia plans to set up central coordination of the national cyber security assurance system and provide conditions for its stable operation. This body is tasked with coordinating national cybersecurity assurance capabilities, acting as a single point of contact for international cooperation. At the operational level of cyber security assurance, SI-CERT brings its national capabilities while SIGOV-CERT supports public administration. Other stakeholders involved are operators of critical infrastructure in the private and public sectors, particularly in the energy supply sector (electricity producers and distributors), and in information and communication support (telecom operators, information society service providers, among others). 

 

TRAINING AND EDUCATION IN NATIONAL CYBERSECURITY STRATEGY

 

Awareness Raising and Capacity Building

In awareness raising, education and research, the academic and research community will contribute to the cyber security assurance system through their higher-education programmes and courses on cyber security at all levels of education, and through the results of research organisations. The system will also be open to civil society's initiatives. This applies primarily to initiatives for improvements and assistance in raising awareness among various target groups by professional associations (Slovenian associations and the Slovenian sections of international associations in the field of information and communication technologies and cyber security).

Awareness-raising draws on the experiences from prevention and response phases so that users are acquainted with actual risks and effective methods of avoiding them. The methods and contents of awareness raising (programmes) are adjusted to various target groups to the greatest possible extent.

Safety of citizens in cyberspace: 
  • Carrying out regular implementation of awareness-raising programmes on cybersecurity.
  • Introducing cybersecurity content in education and training programmes. 
  • Including cybersecurity topics  in the curriculum at different levels of education for children and adolescents. 
  • Adjusting awareness-raising programmes for the remaining population and business entities are developed.
  • Promoting the development and introduction of new technologies in the field of cybersecurity.
  • Regularly carrying out awareness raising programmes on cybersecurity for businesses. 

Capacity-building: 

  • The use of encryption solutions, as one of the cornerstones of cyber security assurance, is encouraged.
  • Building human resource and technological strengthening of bodies at the operative level of cyber security assurance system along with the implementation of SIGOV-CERT. 
  • Gradually upgrading state body HKOM networks with equipment that is appropriately approved by the Slovenian authorities as being safe and suitable for use.
  • Implementing competent checks of safety and functionality of IT equipment within the existing and newly established bodies.
  • Making regular assessment of risks to the operation of the critical infrastructure of the ICT support sector and planning appropriate protection measures and updating risk assessment in this field.
Educational and Awareness Initiatives

Slovania has two awareness-raising projects.

Since 2011, SI-CERT has been raising national awareness and running an educational programme "Safe on the Internet". This programme is targeted at the general public with specific content for small businesses, craftsmen and sole proprietors with the aim of raising awareness on the safe use of the Internet. The project is financed by the Ministry of Education, Science and Sport, is also participating in the campaigns of the European month of cyber security.

  • The Centre for Safer Internet (SAFE.si) is run by a consortium consisting of the Faculty of Social Sciences, ARNES, Slovenian Association of Friends of Youth and the Youth Information and Counselling Centre of Slovenia - MISSS, funded by the Directorate-General Connect of the European Commission and the Ministry of Education, Science and Sport for running SAFE.Si, TOM Telephone and the Web Eye projects. The SAFE.SI programme operates as a national point for raising awareness among children and adolescents about the safe use of the Internet and mobile devices. The TOM Telephone program also informs children and adolescents about the safe use of the Internet and mobile devices. Web Eye is an online reporting point.

  • Education Sector: IT or cyber security is included in the higher school study programmes at several institutions of higher education.  
Higher Education Courses on Cybersecurity
  • Faculty of Computer and Information Science, University of Ljubljana - Computer and Information Science, Master's study programme. Course title: Cryptography and Computer Security. European Credit Transfer System (ECTS): 6. Information/computer security describes means to control access to information systems and their contents in to prevent unauthorised use. Cryptography provides maximum security while at the same time preserving the flexibility of digital media. It forms the foundation of an information society, enabling privacy, data integrity, digital authentication/signatures, digital cash, and other goals. It incorporates mathematics, computer science, electrical engineering, finance, policy, defence, etc. The courses covers the following topics, among others: Symmetrc cryptography, block ciphers, stream ciphers, cryptoanalysis and statistical methods, public-key cryptosystems, key agreement protocols, identification schemes, quantum cryptography, security of programmes, databases, OS, network communications, patents and standards (ISO, IEEE, IETF). Learning outcomes: mastering the basic problems of computer security and the detailed structure of the most famous cryptosystems and ability to connect these areas, propose specific solutions and implement or maintain cryptosystems; applying and proposing/evaluating effective solution; understanding connection between theory and practice of computer security. The course is a foundation for several courses that study computer systems and networks, telecommunications, digital forensics, electronic and mobile commerce, etc. Students will gain a theoretical    foundation for a variety of practical problems that are encountered in the field of computer security and cryptography.
  • Faculty of Computer and Information Science, University of Ljubljana - Computer and Information Science, Master's study programme. Course title: Digital forensics. European Credit Transfer System (ECTS): 6. The course covers the following topics, among others: digital evidence and computer crime; EU and  USA technology and legal framewotk; investigating procedures and recontruction; encryption; forensic science and computers; forensic analysis; forensic science and networks; digital evidence (physical layer, link layer, network kayer; Internet); intrusion and reconstruction. Learning outcomes: understanding basic terms in forensic science and details of a computer system, combining knowledge of both. 
  • Faculty of Computer and Information Science, University of Ljubljana - Computer and Information Science, Master's study programme. Course title: Information Security and Privacy. European Credit Transfer System (ECTS): 6. The course covers the following topics, among others: Key standards and organisations (ISO, ITU-T, IETF, W3C, OASIS, OMA); security mechanisms, security services (principles and practical implementations of authentication, confidentiality, integrity, non-repudiation, access control, logging and alarming), public key infrastructure (time base, name space management, operational protocols), quantum computing basics (quantum key exchange); authentication, authorisation and accounting; infrastructure; security of physical and data layers; security of network, transport and application layers, including internet of things and clouds; privacy management and privacy by design (sensor networks, RFID systems) with trust management and reputation management basics in services oriented architectures; secure programming; risk management in information security, organisational views and human factor views (security policies, human factor modelling and simulations). Accreditation and auditing of IS related to security (ISO 2700X, CISSP), and standards for technical implementations of hardware and software components (Common Criteria). Learning outcomes: Principles for providing security and privacy in information systems; standard solutions in this area; administering security and privacy of information systems; qualified for internal security and privacy auditing; defining security policy.

 

IT/Cyber Clusters

EU Cyber Professional Register for national stakeholders

The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace. 

This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.

Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

Latest Update & Disclaimer

January 2021. 

The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses. 

 

Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification 

National computer security response teams 

Capacity building in Slovenia is part of establishing a comprehensive cyber security system and clear governance structure.

SI-CERT (English version) is the main contact point for reporting network security incidents involving systems and networks located in Slovenia. By agreement with Slovenian government, SI-CERT also provides the role of the Government CERT. SI-CERT is a service of ARNES (Academic and Research Network of Slovenia). (Slovenian: www.cert.si/; English: www.cert.si/en with basic information).

Report a cyber incident to national CERT/CSIRT

SI-CERT - www.cert.si/

Languages Slovenian; English
Latest Update and Disclaimer

January 2021.

The information contained here is the result of desk research carried out by CYBERWISER.eu. 

Contact us for more info

 

© Copyright 2021 - CYBERWISER.eu has received funding from the European Union’s Horizon 2020 research and innovation programme under the Grant Agreement no. 786668. The content of this website does not represent the opinion of the European Union, and the European Union is not responsible for any use that might be made of such content.

Slovenia (SI) | CYBERWISER.eu

CYBERWISER.eu Cyber Range & Capacity Building in Cybersecurity

Error

The website encountered an unexpected error. Please try again later.