We invite SMEs to participate in the validation of the SMESEC framework. By participating you not only have influence on the evaluation of the SMESEC framework, but also improve your own company security and get up to €20.000 of funds!
Small and Medium size Enterprises (SMEs) are an important driver for innovation and growth in the EU. At the same time, SMEs also stand to gain the most from innovative technologies that promise convenient deployment and economical operation of ICT. Taking into account cyber-security, SMEs do not always understand all the risks and business consequences for the development of technologies without the adequate level of protection against cyber crime.
The European Union Agency for Network and Information Security (ENISA) declares in the "Information Security and Privacy Standards for SMEs" study of 2016 that, despite rising concerns about information security risks, the level of SMEs information security and privacy standards adoption is relatively small.
The objective of the project can be summarized to the following:
High-quality cybersecurity solutions attractive to SMEs with a restricted budget
Provide cybersecurity training and awareness for SMEs and all type of employees
Test and validate our solution with four initial use cases and have an open call when the solution is more mature
What we offer
Improving security and reducing the risk of cyber attacks.
Increasing security awareness for employees.
Providing up to €20.000 of funds per participant.
For the interested participants, the open call consists of 2 stages:
First stage: collection of applications and selecting of participating third-parties. After the new partner selection, a hands-on workshop will be performed with the selected partners, guidance for using the SMESEC security framework provided, and instructions shared for reporting about the experience using the SMESEC evaluation procedures.
Second stage: collection of the results of evaluating the SMESEC security framework by the selected open call partners. These collected results will be analysed to extract conclusions for evolving the SMESEC framework.
To achieve a broad validation of all the feature provide by the SMESEC Framework we have defined three different categories:
Category 1: 1 Red Team will assess the security level of the involved SMEs before and after the deployment of the SMESEC Framework. The applicants will be evaluated based on the proved experience in assessing systems for cyber-threat, their cybersecurity expertise and overall IT experience.
Category 2a: up to 5 SMEs that will incorporate SMESEC framework taking advantage of all the features provided by SMESEC, e.g. threat protection and response tools, security awareness and training, testing and recommendation tools. As we are seeking for a diverse set of SMEs for this category, all applicants will be placed into three categories (high, medium, low) based on the expertise on IT and the adoption level of ICT to their day-to-day operations. Then 2 applicants will be selected from the high category, 2 from the medium category, and 1 from the low category.
Category 2b: up to 3 SMEs from providing cybersecurity solutions that will test the external integration API, incorporating their solutions to the solutions of the SMESEC framework. We seek experienced SMEs with a strong background in cybersecurity.
Category 3: 1 SME association, community, or ecosystem to help increase awareness on SMEs cybersecurity issues by using and validating the SMESEC framework. As the project provides a comprehensive framework of tools for cybersecurity, we look for feedback from a community of SMEs in particular on the tools acceptance, on the overall approach chosen including usefulness and easiness to use the tools, etc. We look for applicants helping to organise collective actions and provide feedback about KPIs and SME practice improvements recommended by the SMESEC tools to improve our solutions. The applicants will be evaluated on the number of SMEs involved and on the potential impact of the SMESEC framework to increase SMEs’ cybersecurity protection.
All applying parties must be compatible with the EU definition of SMEs and must provide a signed ‘Model Declaration Form’ (application documents)
All proposal must be submitted in the English language, strictly before the due date and through the SMESEC web portal by using specific proposal template (mandatory).
Access to the proposal templates and application documents is available through the SMESEC website.
Proposers’ organisations can submit multiple proposals, but only one proposal per single organisation might be selected for funding in this Open Call.
All selected SMEs must:
Participate actively in all workshops: two physicals in a country of the EU and two virtual meetings via teleconferencing.
For category 2 applicants must have enough IT expertise and suitable infrastructure to support the full (cat. 2a) or partial (cat. 2b) deployment and validation of the SMESEC framework.
The consortium will provide full technical support for the deployment and detailed guidelines for the evaluation reporting for each category.
Deliver a final report, using the respective report template that will be provided by SMESEC, either for security findings (cat. 1), full validation (cat. 2a), integration process (cat. 2b), or provide feedback about KPIs and SME practice improvements (cat. 3) in due time and proper manner.
Present their evaluation results to the consortium during the final physical workshop.