01 May 2017
31 October 2019
COMPACT aims to empower Local Public Administrations (LPAs) to become the main actors of their cyber-resilience improvement process.
The key objectives of COMPACT are to
COMPACT is starting from the best existing systems, frameworks, and prototypes developed in other projects or selected among existing open source software. Solutions are tailored and extended in order to fulfil user requirements and implement the COMPACT services, which in turn will be integrated into the COMPACT system.
Who is the project designed for?
COMPACT is targeted maily at Local Public Administrations (LPAs) as direct users. Clearly this includes that citizens and all stakeholders (such as service providers, procurement actors, etc.) involved with such LPAs will also benefit from the project.
COMPACT sets out to improve cybersecurity for these stakeholders and individuals by addressing the specifics of LPAs and specially focusing on the risk of human error, not always effectively dealt with by most technological solutions affordable to LPAs. Often, due to their size and budget constraints, these organisations are not able to implement highly granular organisational structures, to retain dedicated information personnel, and to invest in cybersecurity products and services. COMPACT responds to this need by offering risk assessment and monitoring tools as well as innovative training and information sharing services based, for example, on gamification approaches.
COMPACT also addresses this market by proposing a value proposition intended to offer intuitive interfaces which are easy to use and learn for users who are not necessarily technical experts and at the same time optimised in order to improve the level of protection of LPAs against most relevant threats while also being cost effective.
How is your project benefitting the end-user?
COMPACT is specially focusing on the human factor in cybersecurity. The current key issues which COMPACT will be able to address are:
Users from local public authorities will benefit from the training and information sharing services that will allow them to learn how to identify cyber threats in their daily work and to reduce risky behaviour. This will be achieved through an innovative gamification approach based on psychological studies in 5 European municipalities: Betrieb für Informationstechnologie Bremerhaven (Germany), Afragola and Bologna (Italy), Donostia San-Sebastián (Spain), and Amadora (Portugal).
Combined with risk assessment and monitoring tools, these services will be part of an integrated approach featuring applicability, usability, automation, and flexibility. Focusing on functionality and easy-to-use interface the COMPACT platform will be cloud-enabled and cloud-ready, enhancing the usability and user experience.
Please briefly describe the results your project achieved so far
COMPACT is approaching its first year, during which the main innovation foundations for the project have been set out. Given the importance of the human factor in COMPACT, a specific work on psychological factors involved in cyber-security has been carried out as well as a work on community models which aimed to study the best community involvement approaches to be used.
At the same time partners conducted an extensive technology review about key technologies involved in the COMPACT ecosystem such as security services, threat intelligence tools, training and information sharing, gamification, and so on. In this period an extensive User Requirements analysis has also been carried out in order to fully capture the needs of COMPACT users and enable them to flow into the platform.
Therefore a set of specifications have been developed together with the first version of the actual platform architecture. Alongside the more technical activities a series of dissemination and communication actions have been carried out including launching the online and social presence for compact and communicating the project to relevant audiences.
What are the next steps for your project?
The next steps for the COMPACT project in the next period will be:
Quick and efficient management of ongoing incidents are paramount factors to consider when designing a SOC. To this end, the SOCCRATES platform provides with a flexible approach based on customizable workflows and the integration of specific security tools. This webinar will demostrate how the SOCCRATES platform manages incidents notified from the security monitoring systems deployed in an infrastructure, from incident analysis to containment and supported by the orchestrator of several different tools.
In order to ensure that the SOCCRATES platform is fit for purpose, the project will carry out three pilots to validate the platform in realistic environments. This webinar will show results and experiences from the second pilot, in which the complete SOCCRATES platform was validated in realistic (on-site) environments at Vattenfall, mnemonic and Shadowserver.