Development of a cost-effective suite of cyber-security tools to support SMEs in managing network information, security risks and threats while identifying opportunities for implementing secure, innovative technologies for the digital market.
SMESEC aims to provide a complete security framework carefully adjusted on the peculiarities of small and medium size companies and organizations. To address the challenges that SMEs and entities with limited budget are facing today, the overall concept of SMESEC is organized around the following distinct 5 concepts:
- Definition & Recommendations: SMESEC will begin its work with the definition of the problem: the four different pilots will provide input on their systems and services. The general and specific requirements will be derived to will help distinguish which parts of SMESEC framework can be generally applied and where specified solutions are needed. This phase will eventually provide input for creating the recommendations and security plans.
- Discovery & Solutions: The next phase in the cycle is Discovery & Solutions and includes the procedures of risk assessment, vulnerabilities detection, and security recommendations. For these phases SMESEC will offer high quality solutions provided by prominent security enterprises.
- Protection & Response: After completing the proper designing of the solution, the next phases are to deploy the protection and monitor the overall system. The solutions from SMESEC will offer endpoint security, cyber-protection against malware, viruses, ransomware etc. intrusion detection, detection of non-adherence of users to expected good behavior, and Cross-Level Cyber-Security Event and Information Management.
- Extensive validation: For this phase, our framework will be applied and tested across 4 diverse SMEs with different platforms and services. During this phase we will evaluate multiple aspects of the solution like performance, flexibility, usability, common solutions vs specific use cases, user behavior etc.
- Training & Awareness: Finally, as already explained above, the validation phase will provide the necessary input on user behavior and actions over the new security policies and systems. This input will be used to create the necessary recommendations and personalized training courses for users and employees as well as identify major issues that can “close the circle” and trigger a new Definition & Recommendation phase.
These concepts represent the phases of a complete lifecycle for cyber-security protection and each one of them is realized through a set of processes offered by SMESEC partners. Moreover, in order to increase the quality of the proposed experimentations, such lifecycle is tested considering four target groups (relationship between SMEs and external actors) through the proposed use cases: 1) Business Partners; 2) Technicians; 3) Public Services and 4) Citizens. Consecutively, SMESEC technology will provide ready-to-market security solutions to our pilots’ SMEs and target groups, linking our proposed framework with the real world.