Cybersecurity Funding Program in Cyprus

In a strategic collaboration between the Research and Innovation Foundation and the Digital Security Authority (DSA) acting as the National Cybersecurity Coordination Center of the Republic of Cyprus (NCC-CY), a recent announcement has been made regarding the “Enhancing Cybersecurity in Cypriot SMEs 2023” program.

Sectors

• Security Policy
• Awareness and Training
• Software Update
• Protection from Malicious Software
• Network Security
• Backups
• Access Control 8. Security Incidents
• Physical Security Measures
• Data Protection
• Operational Impact Analysis

Funding Information

• Invitation Budget 1,000,000 Euro
• Minimum Funding per Project 20,000 Euros
• Maximum Funding per Project 60,000 Euros

Requirements

• Security Policy
  • The organisation’s senior management has created, approved and communicated its cybersecurity policy internally and externally. The cybersecurity policy shall be reviewed at least once a year and updated as required.
• Awareness and Training
  • Staff employed by the organisation and users who have access to its information (regardless of their employment relationship) must be aware of information security and in particular how they contribute to it through their role. Appropriate cybersecurity awareness activities shall be carried out on a regular basis and at least once a year.
• Software Update
  • The organisation’s IT and communications systems must have the latest, stable security updates installed from trusted sources only (e.g. the manufacturer).
  • Automated vulnerability scanning and penetration tests are implemented once a year.
• Protection from Malicious Software
  • Automated vulnerability scanning and penetration tests are implemented once a year.
• Network Security
  • The organisation has installed and configured firewalls at appropriate points in its network, in order to effectively protect its systems and information from relevant threats.
• Backups
  • The organisation identifies its critical information and backs up its critical information on a regular basis in accordance with the relevant backup policy.
• Access Control
  • The organisation identifies the places where important information about it is located. For the information and based on its type, use and criticality, the organisation has created a structure in an appropriate storage area, which allows it to grant access rights to authorised and authenticated users following the need-to-know principle.
• Security Incidents
  • The organisation has established a structure and process for responding to security incidents. The staff involved in the respective procedures are appropriately trained.
• Physical Security Measures
  • The organisation has adopted physical security measures to protect systems and facilities from natural and environmental threats.
• Data Protection
  • The organisation shall design, implement, adopt and publish a Personal Date Protection Policy.
• Operational Impact Analysis
  • The organisation has designed and implemented an appropriate methodology for operational impact analysis. The results and key metrics resulting from the application of the methodology are recorded, maintained and feed into the design of relevant measures and implementations.

For more information, visit GCC.