|Abbreviation:||FINCSC PLUS project|
|Implementation period:||1 November 2016 – 28 February 2018|
|Funding programme:||Appropriation for launching regional innovations and experiments (AIKO)|
|Implementing party:||JAMK University of Applied Sciences Ltd, Institute of Information Technology|
|Partners:||Confederation of Finnish Industries, Helsinki Region Chamber of Commerce, Finnish Communications Regulatory Authority, Inmics Oy, Opsec Oy, Telia Company Oyj|
According to the surveys carried out by Finland’s largest telecom operators (TeliaSonera Finland Oyj and Elisa Corporation), the awareness of cyber threats and their impact on business is very limited, especially among SMEs. At the same time, attaining and maintaining a high level of cybersecurity and the ability to also prove this to customers and partners is increasingly important to them. From the point of view of a large corporation, it is important that the part of its supplier network that consists of SMEs can be assessed according to generally accepted criteria. The results of the aforementioned surveys are corroborated by the experiences gained in the Cyber Scheme Finland pilot project. The project developed a basic-level assessment model named Finnish Cyber Security Certificate (FINCSC) that is based on the companies’ self-assessment of the state of their cybersecurity at the time of the assessment.
The project received positive feedback and gained positive experiences from the assessment model developed. Based on the feedback, it can clearly be concluded that the assessment model has obviously found its place and that there exists a real need for it. However, a model that is based on self-assessment is not by itself sufficient for all companies or public sector operators, but it needs to be supplemented by a model where, in addition to self-assessment, an external party audits the level of the company’s cybersecurity. The price of such a model should be affordable for SMEs. As far as quality and content are concerned, the model should be up to the standard of the models currently used abroad, so that the company’s situation can be reliably substantiated for a foreign customer/partner as well.
In addition to SMEs, the model should also be suitable for larger companies and public sector organisations.
The project will achieve the following result targets:
1) The FINCSC PLUS assessment model and the related business models have been developed, piloted and deployed.
2) The assessment models stand international comparison as far as their content and quality are concerned.
3) The awareness of assessment models has increased among companies and other organisations.
4) New user groups have been included on different levels of the assessment models.
The project creates an assessment model named FINCSC PLUS that expands the basic-level assessment model FINCSC set up for assessing the level of cybersecurity in SMEs in particular. The project determines and seeks to demonstrate the international comparability of both assessment models and expands the user groups of both models by increasing among SMEs and other organisations the awareness of the significance of cybersecurity and its assessment for ensuring the undisturbed continuity of (business) operations.
The strengthening of the FINCSC assessment model secures among SMEs the deployment of the model developed in the CYBER SCHEME FINLAND pilot project and supports its deployment in the public sector as well. The adding and developing of end customer relationships and the expansion of operations to also cover operators in the public sector will also generate customer relationships for the FINCSC PLUS functionality developed in this project.
The development of the Advisor Board functionality in the FINCSC assessment model plays a key role in attaining an international foothold both for the FINCSC and the FINCSC PLUS assessment model.
The deployment and use of the assessment models will promote the companies’ trading opportunities in both Finland and abroad, and they may also help in opening up new international markets for Finnish companies in the United Kingdom and other Commonwealth countries.
The deployment of the assessment models will generate new business for the companies conducting assessment/audits, so the project will also have an impact on employment.
The assessment/auditing will pinpoint the bottlenecks of cybersecurity, and the audited companies may retain the services of data security specialists to resolve them. This means that the assessment model will have an increasing effect on the primarily Finnish data security service business and employment.
The concept will help in increasing awareness of cybersecurity matters among SMEs and encourage them to continuously maintain and develop cybersecurity.
The raising of the level of cybersecurity in SMEs will have a considerable impact on the realisation of cybersecurity on the national level.
The implementation will enhance the reputation of Finland as a model country for cybersecurity and support the implementation of EU data security regulations on both the national and company level.
JYVSECTEC is an independent cyber security research, training and development center.