The programme aims to enhance the level of security and ensure the optimal protection of the infrastructure, systems and information of Cypriot SMEs, and thus strengthen their resilience. In addition, the Programme aims at the certification of SMEs in terms of their compliance with European and international measures and criteria, as defined through the Cyber-Hygiene Framework for SMEs of the National Cyber Security Coordination Centre (NCC-CY).
How Channel IT Ltd. can assist you
Expert Guidance: Our team at Channel IT has extensive experience in cybersecurity solutions and understands the specific requirements outlined in the NCC-CY Programme. We are well-equipped to provide expert guidance tailored to your organization’s needs.
Proposal Assistance: Crafting a compelling proposal is crucial for a successful application. Channel IT can assist you in preparing a comprehensive proposal that aligns with the objectives of the NCC-CY Programme.
Technical Support: If you require technical expertise in implementing cybersecurity measures within your organization, Channel IT offers a range of solutions and professional services to bolster your cybersecurity infrastructure.
Eligible Expenses
Eligible costs may include the purchase and implementation of the following:
- Design and implementation services related to Group Policies and other security features of domain controllers and other related equipment.
- Services obtained from consultants for training and educating staff on cybersecurity.
- Installation of two-factor authentication.
- Cybersecurity incident management systems, consulting and incident response services and products.
- Privileged Access Management.
- Sandbox technology solutions.
- Email filtering solutions.
- Security information and incident management services (SOC).
- Firewall with or without integrated threat management.
- Tools / services for electronic fraud (phishing).
- Web Application Firewall Solutions (WAF).
- Development of a Business Continuity Plan.
- Implementation of physical security and access control measures.
- Software solutions and backup equipment (Storage, Tapes, Licensed Software).
- Intrusion detection/prevention systems (IDS and IPS).
- Antivirus software.
- Systems to detect and respond to network attacks.
- Penetration Testing.
- Planning and implementation services of policies and procedures.
- Consulting Services related to the Business Impact Analysis.
- Design and implementation services of a data privacy policy.
- Network equipment that enables/improves/supports cybersecurity (eg firewall, switch, concentrators, load balancers, access points).
- Protection Services DoS/DDoS.
- Servers used for security related purposes (proxy servers, web application servers etc).
- Equipment to achieve increased durability (hard drives, etc.)
- Hardware/software SIEM.
- Consulting services for purposes of analysis and conclusions on the current situation of businesses in cybersecurity matters.
- Cost of NCC-CY Cybersecurity Certification audit (the cost of a single audit may be covered).
- Any other service, software/hardware or tools deemed necessary by the Host Organisation in order to meet the requirements of the Certification Scheme, provided that these are deemed reasonable during the evaluation process.
Gap Analysis - Control Measures
The gap analysis will determine an SMEs’ current cybersecurity situation in real time, at a technical, operational and strategic level.
See the set of rules, control measures and procedures set out for establishing a basic level of cybersecurity as defined in the NCC-CY Cyber-Hygiene for SMEs framework:
Security Policy
The organisation's senior management has created, approved and communicated its cybersecurity policy internally and externally.
Awareness and Training
2.1: Staff employed by the organisation and users who have access to its information (regardless of their employment relationship) must be aware of information security and in particular how they contribute to it through their role. Appropriate cybersecurity awareness activities shall be carried out on a regular basis and at least once a year.
2.2: Staff employed by the organisation and users who have access to its information (regardless of their employment relationship) receive education, training and information on the policies, procedures, security measures implemented by the organisation as well as relevant technological or organisational issues. The training provided shall be tailored to the security requirements of the different roles within the organisation.
Software Update
3.1: The organisation's IT and communications systems must have the latest, stable security updates installed from trusted sources only (e.g. the manufacturer).
3.2: Automated vulnerability scanning and penetration tests are implemented once a year. Control Measure 3.3: Information and communication systems that are no longer supported by their manufacturers with (at least) end-of-life security updates shall not be used by the organisation.
Protection from Malicious Software
Malicious software protection programmes and functions are installed on all of the organisation's IT and communication systems and are updated on a regular basis.
Network Security
5.1: The organisation has installed and configured firewalls at appropriate points in its network, in order to effectively protect its systems and information from relevant threats. Control Measure
5.2: If the organisation provides the capability for wireless access to the organisation's network, this should be done with appropriate routing and protection through the installed firewall(s).
Backups
The organisation identifies its critical information and backs it up on a regular basis in alignment with the relevant backup policy.
Access Control
7.1: The organisation identifies where important information is located. For each information type and based on its use and criticality, the organisation has created a structure in an appropriate storage area, which allows it to grant access rights to authorised and authenticated users following the need-to-know principle.
7.2: The organisation has created an appropriate password policy, which is implemented in all its systems.
7.3: Administrative rights or privileged rights (admin/privileged rights) are granted to a minimum necessary number of authorised staff.
Security Incidents
The organisation has established structures and process for responding to security incidents. The staff involved in the respective procedures are appropriately trained.
Physical Security Measures
The organisation has adopted physical security measures to protect systems and facilities from natural and environmental threats.
Data Protection
The organisation designs, implements, approves and publishes a Personal Data Protection Policy based on the general GDPR regulation.
Operational Impact Analysis
The organization has designed and implemented an appropriate methodology for operational impact analysis. The results and key figures resulting from the application of the methodology are recorded, maintained and utilized accordingly to design relevant measures and implementations.
Next Steps
This is a unique chance to enhance your organization’s cybersecurity resilience and contribute to the broader efforts of securing the digital landscape in the Republic of Cyprus.