Training for public administration employees
public administration


in the user categories "IT manager", "computer scientist",
"cybersecurity employee"

Location

online / UPJŠ KC KB

Form

online / in person

Duration

52 hours

Registration

Annotation

The training program for public administration employees in the user categories "IT manager", "informatics specialist", "cybersecurity employee" focuses on key areas of cyber and information security (hereinafter referred to as "CIS"), covering technical, legal and procedural aspects. It will provide participants in the training program with an overview of what cyber and information security is and how it is regulated by legislation. At the same time, it will provide information on managing CIS in accordance with Slovak legislation and technical standards, especially the standards of the ISO/OSI 27000 family. Within the technical part of the training, individual parts (modules) focus on the design and implementation of security measures in the areas of cryptography and computer networks, where participants will gain knowledge about encryption algorithms, digital signatures, security systems. The training also includes activities to prevent and resolve cyber security incidents, including forensic analysis of digital traces. A separate module is dedicated to the development of communication and presentation skills necessary for resolving cyber security incidents. Within the legal part, the training focuses not only on the legal regulation of cyber security, but also on various aspects of information and communication technology law, which are closely related to the field of cyber security. The modules focus on topics such as personal data protection, intellectual property, legal liability in the online space, electronic identification, electronic signature and cyber crime. The individual modules are supplemented with practical tasks, where the participants of the educational program try out individual activities necessary for the field of cyber security.

List of modules

1) Introduction to CIS and CIS management - 8 lessons (45 min)

The module will provide basic information on how the management of the CIS is carried out with regard to the legal regulations valid for the territory of the Slovak Republic as well as technical standards, especially the ISO/OSI 27000 family. The module will also provide information on current security threats and tactics and techniques of attackers. In the practical part, participants will try to identify activities, threats, vulnerabilities and risks. The module will also introduce the basics of a cybersecurity management system, the principles of business continuity management and security aspects of relationships with suppliers and third parties, including frameworks such as Cyber kill chain and MITRE ATT&CK. 

2) Selected chapters from cryptography - 8 lessons (45 min)
The content of this module will be the design and implementation of security measures for the field of cryptography. Participants will be introduced to basic symmetric and asymmetric ciphers, hash functions and digital signatures will be explained. Participants will be able to try out individual ciphers and better understand the essence of these cryptographic primitives. The possibilities of applying cryptographic mechanisms to ensure confidentiality, integrity and non-repudiation of data in practice will be presented, as well as their use within remote access and current security technologies.
3) Selected chapters from network security - 8 lessons (45 min)
The content of the module will be to provide basic information on how the KIB is managed with regard to the legal regulations valid for the territory of the Slovak Republic as well as technical standards, especially the ISO/OSI 27000 family. The module will also provide information on current security threats and tactics and techniques of attackers. In the practical part, participants will try to identify activities, threats, vulnerabilities and risks. The content of the module is the design and implementation of security measures for the area of ​​computer networks. The training participants will be provided with information on various mechanisms for securing a computer network, including security technologies such as firewalls, intrusion detection systems (IDS), intrusion prevention systems (IPS) or honeypots.  
4) Reactive and proactive activities - 8 lessons (45 min)
The module content includes activities necessary to prevent cyber security incidents (proactive activities) and activities necessary to react to cyber security incidents (reactive activities). The module will mainly cover the following topics: security vulnerabilities and their life cycle, evaluation and disclosure, identification and resolution of cyber security incidents including the life cycle, digital forensic analysis including identification and securing of digital traces. The participants of the module will try solving simple cyber security incidents from both a technical and a procedural point of view (tabletop exercise). They will be able to try out the method of identifying and securing digital traces, or performing a live forensic analysis.
5) Reactive activities - communication - 8 lessons (45 min)
The module focuses on developing communication and presentation skills necessary for successful management of a cyber security incident. Emphasis will be placed on assertive communication, effective feedback, solution-oriented communication, communication in solving problems in a team, and also on basic techniques for managing acute stress. Topics will also include identifying crisis situations, non-verbal communication, and principles of team cooperation. Participants will become familiar with the most common communication barriers, techniques for overcoming them, and the specifics of interaction under stress or in critical situations. 
6) Selected chapters from information and communication technology law I. - 8 lessons (45 min)

Information and communication technology (ICT) law is an interdisciplinary legal field that deals with the regulation of legal relationships arising from the use of digital technologies and networks. The introduction defines the term ICT and outlines their significance for the digital society. An important part is the issue of trusted services, which include electronic signatures, seals, certificates and the legal effects of electronic documents. Intellectual property is addressed from the perspective of copyright and industrial property rights, as well as their protection in the digital environment. The protection of privacy and personal data is also important, including the rights of data subjects, the roles of controllers and intermediaries, as well as cross-border data transfer and storage. E-commerce law analyzes the forms of electronic contracts and the specifics of online trading, including its advantages and risks. It also includes the legal protection of consumers when using financial services and digital platforms. Overall, this area responds to rapid technological development and the need to ensure legal certainty in the digital environment.

7) Selected chapters from information and communication technology law II. - 8 lessons (45 min)

The module addresses the legal framework of cybersecurity with a focus on addressing cybersecurity incidents and the related obligations of organizations. Participants will become familiar with the concept of a cyber incident and the roles of CSIRT/CERT teams that ensure prevention, detection and response to incidents. The module also discusses notification obligations of entities, practical aspects of incident resolution and sharing information about threats between organizations. Special attention is paid to international legal issues, such as determining jurisdiction and applicable law in cross-border attacks. The criminal law part of the module focuses on the facts of cyber crimes, as well as criminal procedural tools for investigating and seizing digital evidence. The module connects technical and legal perspectives in order to strengthen the ability of participants to navigate the legal aspects of cybersecurity.

General information

Contact: +421552341269
Number of participants (min-max): 10 – 20

Date: according to modules
Target group: public administration employees in the user categories "IT manager", "informatics specialist", "cybersecurity employee"

Time:

  • Module (6h): 08:30 – 11:30 a 12:30 – 14:00
  • Module (8h): 08:30 – 11:30 a 12:30 – 15:30

Meeting information

Online: MS Teams

In person: 

  • Computer classroom SA1C0, Faculty of Science, Park Angelinum 9, 040 01 Košice
  • Computer classroom, Faculty of Law, Kováčska 30, 040 01 Košice