SOTER competence catalogue

How Bob and Alice increase their cybersecurity competences

We are delighted to announce that the first version of our competence catalogue has been released. With this catalogue, the SOTER project contributes to increasing cybersecurity competences in the financial sector by combining qualitative research with storytelling.

The project aims at developing a technical solution that enhances the digital on-boarding in conjunction with a suite of training materials, designed to enhance information security, data privacy, and cybersecurity practice within the critical financial services sector.

SOTER develops its training materials in a way that combines qualitative academic research on the definition of cybersecurity competences with sociologically founded best practices on how to develop and train them. The output will be a systematic competence catalogue which contains the most relevant cybersecurity competences for employees in the financial sector.

Cybersecurity competences in SOTER are described as the ability to perform one’s job in a way that averts cyber threats from the employee’s financial institution. They demand awareness of threats and assets at stake as well as the ability to project the outcome in case the threat becomes a reality. Competences can be built, and the employees who possess the needed motivation to use them in specific situations, are the key to reducing cybersecurity threats that relate to the human factor.

The competence catalogue already uses stories to better describe security competences just like in the following example about Preventing personal data theft via access to non-secure networks.

Alice is on a business trip and wants to access her e-mails from her hotel room at the Business Hotel this evening. She opens her laptop and tries to connect to a nearby Wi-Fi. She sees that three networks are nearby: Two secure networks, called “Hotel_WiFi” and “BusinessHotelWifi” and one public network under the name “FREE_WIFI_FOR_ALL”. Alice remembers that public networks should not be used, especially when accessing her work emails. She wonders which of the secure networks is indeed the official hotel Wi-Fi- network and therefore can be trusted. She quickly calls the reception and asks the person at the desk who informs her that “BusinessHotelWifi” is their official network. Alice connects to “BusinessHotelWifi” and accesses her e-mails.

The current version of the competence catalogue already contains a number of competences described in this way. As the SOTER project progresses, different workstreams will have a closer look at the current cybersecurity threats in financial institutions that are connected to the human factor. This risk assessment will be incorporated in the final version of the competence catalogue to provide an output that is closely connected to the actual hands-on work of employees in the financial sector.

For more information about SOTER visit the project website and follow us on Twitter and LinkedIn.

Author: Nico Schmidt, University of Graz