CASPA project

Cyber Aware Students Public Administration (CASPA) project aims develop maintain innovative courses in field cybersecurity, specially designed university students who will work in public administrations end
users users having special role in cybersecurity.

Undoubtedly, the field of cybersecurity-related publications and frameworks is filled with a plethora of frameworks and documents guiding professionals to manage their businesses and institutions in a way that grants the highest standards of cybersecurity. These, however, tend to focus entirely on the technical aspects of cybersecurity, practical skills, and competences. There is a strong need to go beyond that and explore what the non-technical staff can and should do to become cyberaware and cybersecure. Mapping out existing frameworks, projects and initiatives, and then analysing them through the lens of practicality and comprehensiveness will allow us to create more robust, useful and applicable courses and training for public administrations as a result of the project. This resource review will serve as the theoretical background for CASPA. The main
objective is to discover the state-of-theart and international best practices relevant
for the project. CASPA will disseminate the findings mainly for its internal audience,
for those colleagues who are not involved in the project and stakeholders who will provide information in later phases.

 

The resources were grouped into five categories depending on the original source:
· ISO 27000 standards,
· international bodies,
· national strategies and policies,
· private sector companies,
· academia.

 

Among databases used for this research were Google Scholar, Academic Research Source eBooks, eJournals (EBSCO), Academic Search Ultimate (EBSCO), Cambridge Journals Online, Central and Eastern European Online Library, ERIC – Educational Resource Information Center (EBSCO), JSTOR, Oxford Journals. The search was based on the following keywords: public administration, cybersecurity, best practices, recommendations, government, guidelines, handbook, public
service, civil service. Each chapter includes an introduction, brief methodology, key
themes, best practices and recommendations, and finally conclusions.
For the purpose of this report, we introduce a few key terms and descriptions to allow for a more precise scope of the publication.

 

The report will focus on public administration instead of the public sector as a whole, as the latter can include both national authorities and regional governments, as well as other public entities, such as universities.
Due to lack of internationally agreed definition of cybersecurity, we propose the term to answer to the following: a set of policies, procedures, and actions done by institutions or enterprises aimed at ascertaining adequate levels of security and a continuity of functioning of such institution or entity in the face of a risk associated with digital threats. Such a definition – focusing on and encompassing resilience, preparedness, best practices, and standards – allows the authors to concentrate on the practical aspects of cybersecurity measures and processes.

 

Standards can be defined as rules and practices established by an authority, custom, or general consent as a model or example (also criterion). Rules of procedure are understood as guidelines for how business or a court case is to be conducted. A code of practice on the other hand is a set of written
rules explaining how people working in a particular profession should behave.

 

Recommendations, directives, and instructions are serving or intended to guide, govern, or influence the recipients, and are oftentimes non-binding. The abovementioned terms are not definite – the authors are entitled to introduce other keywords and terms and adjust definitions along the way while working on the report and through feedback from their partners. Our aim was to discover and review already existing literature and good practices based on their comprehensiveness, applicability, and transferability. While focusing on public
administration and resources targeting this sector, we do not omit resources for private sector entities and senior level management, as some of the good practices found there could be applicable to the public sector. This report will lay down the foundations for the next steps of the project.