Definition
The Implementation guidelines are meant to support the HCO in the adoption of cybersecurity solutions, either technical or non-technical. Their purpose is to ensure that the solutions:
- fits with the needs and the context of the HCO
- are implemented effectively and efficiently
- produce the expected results.
The guidelines consist in procedures, check-lists, methods, project organization models do be used during the implementation process.
Objectives of the topic session
In order to contextualize the implementation guidelines, we have structured the adoption process in four phases and four streams and we aim at understanding how to contextualize each one of and them: on which ones the Panacea project should focus, for which measures the guidelines are more needed, which contextual factors should be taken into consideration in the adoption process
The adoption process may be structured in four phases and four streams of activity.
The four phases include:
- Assessment and scoping: consist in preliminary assessment of the initial security level of the HCO considering different aspects such as governance, past risk incidents, current policies and procedures, company business profile, data management, etc.; it identifies the areas of intervention
- Customization design: consists in adapting to the HCO the cybersecurity solution (e.g. the Panacea Solution Toolkit). Options may emerge, and a choice is needed. The ROI tool is used in this phase
- Implementation: consists in the actual customization and installation of the selected solutions
- Launch and testing: consists in teaching the staff and in organizing a validation demo or a pilot.
The four streams include:
- Project and performance management: consists in activities, activities to set up and track the project and the key performance indicators, and activities to adjust the initial plan and design in order to reach the expected results; it includes the ROI evaluation
- Technical measures set up: consists in the actual design, implementation and testing of the technical measures; in the Panacea case, it includes the set-up of an environment emulator
- Non-Technical measures set up: consists in the actual design, implementation and testing of the non-technical measures
- People awareness and competence set-up: consists in organizational change management activities, such as communication and training on the implemented solution.