Reaping the benefits of ICT in Digital Government always entails having to cope with growing exposure to information security risks, encompassing threats to the availability, trustworthiness, and privacy of information.
These concerns are shared by countries in all stages of an EGOV strategy, and have prompted multiple agencies to address them through cybersecurity initiatives, impacting both public organisations, managers, staff, and citizens alike. These often include InfoSec regulations and policies, technological measures, and setting up Computer Security Incident Response Teams (CSIRT).
However, real-world experience shows that most security issues are related to basic, everyday activities of its users. For instance, Verizon's 2019 Data Breach Investigations Report points out that 92% of the attacks to public sector entities originated as an email link, mainly through social phishing, and 30% of data breaches were caused by privilege misuse or errors by inside users. To make matters worse, these incidents are 2.5x more likely to remain unnoticed in public organisations.
Enhancing cybersecurity literacy across all levels of public agents is of utmost importance towards reliable public service delivery. As such, this workshop aims at fostering cybersecurity awareness of everyday activities rooted in international best practices, and in a friendly and practical environment.
The workshop main goal is to enhance awareness of personal cybersecurity posture in everyday activities as an instrument for more secure working environments and, ultimately, for more trustworthy public service delivery. It will target a non-technical audience, and as such, it will adopt accessible language, present real-world use-cases, and will offer opportunities for simple but relevant practical experimentation. To this end, different concepts, tools, and best practices will be presented and discussed.
At the end of the workshop, the attendants will be able to: 1) identify threats into daily activities; and 2) assume a more defensive posture, minimizing the risks of being involved in a security incident. Some of the skills covered include:
The planned duration for the workshop is three hours organised into two main components of 90 minutes each, as detailed below: