Cybersecurity Assessment of the Public Sector in Greece

Organizations have to manage new risks, sometimes proactively, sometimes by being constrained by regulations such as GDPR or the NIS directive. To cope with new threats, it is essential to develop or reinforce a real culture of cybersecurity at the organizational level. Before putting anything in place, we must start by assessing the new risks to which we are exposed. The new regulations that the EU is issuing, invite organizations and member states to follow these approaches. National Cyber Security Authority of Greece (NCSA) is responsible for coordinating the public sector and the National Critical Infrastructures (NCIs) of Greece, in order to take all necessary steps towards a secure Greek Cyberspace. Its main objective is to shield the Nation from external threats and to provide a secure digital environment for all citizens of Greece. One important action is the enhancement of digital skills and the development of a strong public and private security culture, exploiting the potential of the academic community and public and private sector actors. NCSA is following a PDCA-cycle approach with strong cooperation of all relevant stakeholders for securing NCIs. NCSA is planning a series of audits for the entire public sector and for NCIs. The assessment of the central governmental ICT structures was selected as an initial phase. For this purpose, NCSA sent structured questionnaires aiming in capturing the general picture of the security situation of central ICT infrastructures. Data collected during this phase are processed and will be used to design the next steps of deepening and expanding of such assessments but also to institute regular and / or emergency control procedures on a permanent basis. The information that has been gathered is analyzed in order to reveal major threats, capacity building priorities, current situation in terms of procedures, security measures and policies and established incident response plans.