Cybersecurity Culture
|
Action Line 7 of the 2019 national cybersecurity strategy is aimed at contributing to goal IV, which revolves around a commitment to building a cybersecurity culture and and strengthening human and technological skills. The goals are wide-ranging and inter-related to other measures.
-
Ensuring Spain has technical and human resources to guarantee the necessary technological autonomy and appropriate skills and training for the secure use of cyberspace, making cybersecurity the key enabler for an entrepreneurial nation.
-
Improving collective cybersecurity, fostering a cybersecurity culture with the help of public and private organisations and the media, strengthening information mechanisms and offering help to citizens, promoting spaces for encounters between civil society, administrations and companies.
-
Defining actions contributing to the secure and responsible use of information and communication technologies by promoting appropriate cybersecurity training for professionals based on job market demands, driving personal professional development and boosting specialised training and qualification, including skills to generate knowledge, develop R&D activities in cybersecurity and encourage the use of certified products and services.
-
Paying special attention to protecting the technological patrimony, industrial and intellectual property. In this respect, it is important to promote technological sovereignty, making the most of digital transformation opportunities, encouraging the Spanish cybersecurity industry and boosting good practices in the development and implementation of information and communication systems.
Measures:
-
Extend and improve cyberthreat detection and analytical skills for detecting attack methods and origins, building up the necessary intelligence for more effective protection, attribution and defence.
-
Strengthen the creation, dissemination and application of best practices and standards for cybersecurity.
-
Ensure technical and operational coordination of organisations with cybersecurity responsibilities, companies and society.
-
Promote participation from companies on sector-based platforms for information exchange and analysis, measuring sector-based risks and proposing actions to mitigate this alongside the legal requirements that regulate risks.
|
Cybersecurity for Citizens and Companies
|
Action Line 4 of the 2019 strategy focuses on boosting cybersecurity for citizens and companies with the following goals:
-
Offering citizens and the private sector an integrated public cybersecurity service of good quality and that is easy to access and encourage demand for cybersecurity business services.
-
Boosting cybersecurity in SMEs, micro SMEs and among self-employed workers by articulating public policies on cybersecurity, especially for developing resilience.
Action Line 7 on Cybersecurity Culture defines the following measures:
-
Increase awareness-raising campaigns for citizens and companies, providing them with useful information that is suitable for each profile, including the self-employed and small businesses.
-
Strengthen actions towards joint responsibility for cybersecurity across society.
-
Boosting plans and initiatives for digital literacy in cybersecurity.
-
Promoting the spread of cybersecurity culture as a best practice and acknowledging business implications in improving collective cybersecurity as a corporate social responsibility.
-
Raise awareness among executives to ensure they free up the necessary resources and promote cybersecurity projects within their organisations.
-
Promote awareness-raising and training on cybersecurity in schools, adapted to all training levels and specialities.
-
Seek and recognise media collaboration and participation, including citizen campaigns, especially among young people.
National Initiatives
-
is4k - Internet Security for Kids is the Spanish initiative to encourage the safe use of the internet amongst children, including actions against cyber bulleying. The project received co-funding from the European Commission and sees the involvement of red.es, which executives deploys plans of the Spanish Digital Agenda as part of the drive towards digital convergence with Europe, and INCIBE, which is the reference entity for the development of cybersecurity and digital trust for citizens, academia and research, professionals, companies and strategic sectors. The project's main aims on the INCIBE website are:
-
Raise awareness and train minors, young people, families, educators and professionals through campaigns, initiatives and nationwide programmes.
-
Offer a helpline service to advise and assist minors, families, educators and professionals in dealing with internet risks such as harmful content, contacts and inappropriate behaviour.
-
Organise the Safe Internet Day in Spain.
-
Reduce the availability of criminal content on the internet.
-
Women4Cyber Spain (W4C Spain) is the national initiative seeking to build a safer and more inclusive digital world. Its aim is to become a benchmark in promoting and making the role of women in cybersecurity visible in Spain, increasing gender diversity in the sector.
|
Research, Development and Cyber Skills
|
Action Line 5 of the 2019 strategy aims to strengthen the Spanish cybersecurity industry and its capacity to nurture and retain talent and bolster digital autonomy. Goals include:
-
Boosting R&D support programmes in digital and cybersecurity in SMEs, businesses, universities and research centres, facilitating access to national and international incentive programmes and through innovative public purchasing programmes.
-
Incentivising innovation, investment, internationalisation, technology transfer, expecially for SMEs and micro SMEs.
-
Increasting national activities to develop cybersecurity products, services and systems, prioritising security-by-design approaches and national autonomy.
-
Updating and developing competence frameworks in cybersecurity that meet the needs of the job market.
-
Identifying needs for professional skills in cybersecurity, promoting collaboration between educational and training institutions by boosting continuous training, employment training and university education and promoting professional credentials and certification systems.
-
Including professional cybersecurity profiles in public-sector job descriptions.
-
Detecting, encouraging and retaining talent in cybersecurity with special attention to the research field.
-
Boosting specific R&D programmes in cybersecurity and cyber defence.
Another related goal is encouraging centres of excellence and research facilities to work together to tackle cyberthreats.
|
Higher Education Courses on Cybersecurity
|
-
Universidad Rey Juan Carlos – Bachelor Degree in Grado en Ingenierado de la Ciberseguridad. Year established: 2018. Student Intake: 60. European Credit Transfer System (ECTS): 240 in four years. Focus: System security, network security, component security, SW security.
-
CISDE – International Master in Cybersecurity and Defence. Year established: 2015. Student Intake: 25. European Credit Transfer System (ECTS): 60. Focus: Organisational, risk management, business, compliance disciplines; system security, network security, component security, SW security.
-
Universidad de Leòn – Master in Research in Cybersecurity. Year established: 2016. Student Intake: 30. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security.
-
Universidad Pontificia Comillas – Master in Cybersecurity. Year established: 2019. Student Intake: 30. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
La Salle Campus Barcelona, Ramon Llull Universidad – Master in Cybersecurity. Year established: 2015. Student Intake: 25. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
EICYC – High Specialisation Master in IT Forensics and Cybercrime. Year established: 2006. Student Intake: 250. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
Universidad Politécnica de Madrid – Master in Cybersecurity. Year established: 2017. Student Intake: 30. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security; Organisational, risk management, business, compliance disciplines.
-
Universidad de Vigo – Master in Cybersecurity. Year established: 2018. Student Intake: 400. European Credit Transfer System (ECTS): 90. Focus: System security, network security, component security, SW security.
-
Universidad de Leòn - Master of Research in Cybersecurity (Online). Year established: 2016. Student Intake: 30. European Credit Transfer System (ECTS): 120. Some modules taught by INCIBE.
-
EICYC – International Master on Cybercrime Analysis. Year established: 2018. Student Intake: 50. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
OBS Business School – Master in Cybersecurity. Year established: 2015. Student Intake: 30 (7 women graduates in 2019). European Credit Transfer System (ECTS): 60. Focus: Focus: Organisational, risk management, business, compliance disciplines; system security, network security, component security, SW security.
-
Universidad de Jaén – Master in IT Security. Year established: 2017. Student Intake: 30. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
University of Malaga – Master in Computer Science (cybersecurity). Year established: 2014. Student Intake: 35. European Credit Transfer System (ECTS): 90.
-
University of Alcala – Master in Cybersecurity. Year established: 2019. Student Intake: 25. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
University of Granada – Master in Cybersecurity. Year established: 2015. Student Intake: 20 (3 women in 2019). European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
IMF Business School – Master in Cybersecurity (in collaboration with Deloitte). Year established: 2015. Student Intake: 400 (40 women graduates in 2019). European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
ENITT Business School – Master in Offensive Security. Year established: 2020. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
ENITT Business School – Master in Cryptography. Year established: 2019. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
ENITT Business School – Master in Cyber Law. Year established: 2018. European Credit Transfer System (ECTS): 60.
-
ENITT Business School – Master in Cyber Intelligence. Year established: 2019. European Credit Transfer System (ECTS): 60. Focus: Organisational, risk management, business, compliance disciplines.
-
ENITT Business School – Master in IT Forensics and Judicial IT Expertise. Year established: 2018. European Credit Transfer System (ECTS): 60. Focus: Law, ethics, policy, privacy, cybercrime disciplines.
-
ENITT Business School – Master in Cybersecurity. Year established: 2016. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
Universitat Rovira I Virgili – Master in Computer Security and Artificial Intelligence. European Credit Transfer System (ECTS): 60.
-
Universidad de La Laguna – Master in Cybersecurity and Data Intelligence. European Credit Transfer System (ECTS): 60.
-
ENITT Business School – Master in Reversing, Malware Analysis and Bug Hunting. Year established: 2020. European Credit Transfer System (ECTS): 60. Focus: System security, network security, component security, SW security.
-
Postgraduate: DCNC Sciences – Master in Data, Complex Networks and Cybersecurity Sciences. Year established: 2018. Student Intake: 50. European Credit Transfer System (ECTS): 60. Focus: system security, network security, component security, SW security; organisational, risk management, business, compliance disciplines.
|
Public-private Partnership
|
Action Line 4 of the 2019 strategy (boosting cybersecurity for citizens and companies) has several goals aimed at improving public-private partnerships:
-
Stimulating cooperation between public and private players, including commitment from internet and digital service providers to improve cybersecurity.
-
Boosting national regulation in this respect and implementing measures for the active cyber defence of citizens and SMEs.
-
Promoting the establishment of a National Cybersecurity Forum that incorporates representatives from civil society, independent experts, the private sector, academia, associations, non-profit-making organisations, among others, to strengthen and set up public-private synergies that can help generate knowledge on security opportunities and threats in cyberspace.
Public-private collaboration received a major boost through the Spanish National Digital Skills Plan published in January 2021, when the Spanish government annouced plans for an €11bn investment to boost digitisation of SMEs and public authorities and to strengthen digital skills.
-
Defining plans within the framework of the Digital Spain Agenda 2025: the National Digital Skills Plan, the Digitalisation of SMEs Plan 2021-2025 and the Digitalisation of the Public Authorities Plan. The plans are part of the public-private collaboration with public investments acting as a lever to mobilise significant investments enabling the private sector to drive digitisation in coming years.
Digitalisation of SMEs Plan 2021-2025
-
The Digitalisation of SMEs Plan 2021-2025: Budget of €4.66 billion with a direct impact in the form of digitalisation subsidies of €4.46 billion. Five main lines of action have been defined: basic digitalisation for SMEs, support for managing change to promote business training for executives in digital skills, enhancing disruptive innovation and entrepreneurship, support for sector digitalisation, with special focus on industry, tourism and trade, and a line of action on coordination and efficiency. Targets: Reaching 1.5 million SMEs, half of all SMEs in Spain.
Digitalisation of Public Authorities Plan 2021-2025
-
The Digitalisation of the Public Authorities Plan: Ensuring that Spain can gain further drive the development of e-government to respond to citizens' needs in a faster and more effective fashion. Furthermore, digitalisation in this field is crucial because the public authorities act on a support basis and as a lever to the major transformations and needs of the country. This Plan provides for a raft of public reforms and investments with an allocation of €2.6 billion. Three main lines of action have been established with 17 measures. The first is the digital transformation of the public authorities, the second includes guiding policies on digitalisation affecting such areas as health and justice, and the third main line of action revolves around the digital transformation and modernisation of the Ministry of Territorial Policy, autonomous regions and local authorities.
|
IT/Cyber Clusters
|
|
EU Cyber Professional Register for national stakeholders
|
The CYBERWISER.eu European Cybersecurity Professional Register (CyPR) is all about boosting opportunities in the cybersecurity marketplace.
This CyPR is the place where professionals, juniors or seniors, can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector from SMEs to large companies and public institutions can find and contact professionals with the right skills and experiences they need to improve their IT security posture.
|
Latest Update & Disclaimer
|
January 2021.
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
|