What is the object of the project?

The object hereof consists in ensuring the proper and timely implementation of the overall project ‘Enhancing the security of public sector information and systems’, which comprises the following sub-projects:

• Enhancing the security of the information and systems of the Secretariat-General for Information Systems and Digital Governance.
• Enhancing the security of the information and systems of the Electronic Governance of Social Security (IDIKA).
• Enhancing the security of the information and systems of the Hellenic Cadastre.
• Enhancing the security of the information and systems of the National Infrastructures for Research and Technology (EDYTE).

These will be hereinafter referred to as the main sub-projects. The sub-project ‘Technical Assistance Services – Technical Support Consultant (TSC)’ and the main sub-projects will be hereinafter referred to as the ‘Overall Project’.

What is the purpose of the project?

In order to enhance the security of public sector information and systems, measures have been launched to strengthen the cyber resilience of critical entities and infrastructures of the Ministry of Digital Governance and its supervised entities, as part of a holistic approach that covers all key cybersecurity components (HR, processes, and software & hardware systems).

Cyber risk management is a dynamically changing process; it is constantly evolving and changing depending on the relevant threats. A look back at the evolution of the cybersecurity environment over the past ten years has clearly taught us that there is a need for a holistic, prevention-focused approach in order to optimize cyber resilience for organizations.

All cybersecurity measures must focus on three (3) key and critical factors:

• Users. Users must understand and follow basic security principles, such as proper management of passwords, exercising caution towards attachments and being able to decide which sites may be dangerous, making frequent backups and generally being properly informed in order to be able to recognize threats. Whatever tools are used, if end users do not have the knowledge to oversee the processes and tools or cannot identify cyber threats, they are the weak link in the cybersecurity chain.
• Procedures set up by an organization. Organizations must have examined and implemented a framework for how users should deal with successful or failed cyberattack attempts. Procedures, of course, exist even at an individual level, for example proper management of passwords, secure destruction of sensitive data, actions one should take to secure their personal data and several other issues that should be considered. Even the training of users themselves or of the members of an organization is part of cybersecurity procedures.
• Technological infrastructure. Technology is necessary for providing organizations and individuals with the tools they need to protect themselves against cyberattacks. The main entities that must be protected by means of technological tools are: endpoints (terminals), smart devices and routers, the network as a whole and the Cloud.