2022-0096 Cybersecurity cultural assessment and Outreach model dev - THU 29 Sep
Belgium - Remote
Deadline Date: Thursday 29 September 2022
Requirement: Contractor Support for Cybersecurity cultural assessment and Outreach model development
Location: Off-Site
NATO Grade: A3/30,000
Total Scope of the request: Up to 50 days
Required Start Date: 18 October 2022 (or earlier, if possible)
End Contract Date: 20 December 2022
Duties & Role:
Annex A – Statement of Work
STATEMENT OF WORK (SoW)
Contractor Support for development of a Cybersecurity cultural assessment and Outreach model
Table of Contents
1. INTRODUCTION
2. SCOPE OF WORK
3. ROLES AND RESPONSIBILITIES
4. SCHEDULE AND PRACTICAL ARRANGEMENTS
5. REQUIRED PERSONNEL QUALIFICATIONS
References
A. BiSC Directive 75-7, “Education and Individual Training (E&IT)”. September 2015 (NU)
1. INTRODUCTION
1.1 The NATO Communications and Information Academy (NCI Academy) consolidates all Education and Training services provided by the NCI Agency. The NCI Academy provides NATO with a world-class training capability to maintain its technological advantage. The NCI Academy provides training on both static and deployed NATO communication and information systems (CIS), Air Command and Control (AirC2), cyber security and cyber defense. In addition, it plays a pivotal role in designing and developing new learning solutions for our customers, by conducting a thorough analysis of training needs and leveraging the latest learning technology.
1.2 For a new project, the NCI Academy will develop an outreach model and orchestrate a series of engagements with multiple NATO entities to raise Cybersecurity awareness across NATO and build a NATO Enterprise Cybersecurity culture.
1.3 Background: Cybersecurity is not just about technology, it is ultimately about people. How we think about cybersecurity, what we prioritize and how we act, from the top political level to every individual in the organization. The 2021 Verizon Data Breach Investigations Report, one of the most reputable sources of analysis regarding security incidents, identified the human factor playing a significant role in over 85% of all breaches investigated during that year, whether that entailed falling for a phishing attack, making bad decisions that lead to malware infections, or using easily decipherable passwords. The human element is a risk every organization needs to be actively managing, and a strong security culture creates a safe environment for that to happen. Cybersecurity culture drives the behaviours, perceptions and beliefs of all staff towards cybersecurity, and the stronger the cybersecurity culture in our organization is, the more likely our workforce will exhibit secure behaviours, resulting in a far more secure NATO Enterprise.
1.4 Therefore, the central objective of this project is to enhance cybersecurity culture, improving awareness, enhancing the communication between the cybersecurity community and NATO leaders, and creating a space for sharing views with other national and international organizations, Academia and Industry. Activities will pertain to creating a steady stream of communication around CS, bringing it from a specialist only forum to a wider audience, including executive leadership, in order to enhance the cybersecurity culture throughout the NATO Enterprise.
Chapter 2 will further elaborate on the content and expected outcomes of the work.
2. SCOPE OF WORK
The expert contractor team shall carry out the specific tasks, as described in paragraph 2.1 below:
2022 ACTIVITIES AND DELIVERABLES (IN SCOPE OF THIS CONTRACT)
TASK 1 - Conduct analysis of Cybersecurity culture in the NATO Enterprise
The expected output is a report that describes:
- a recognized model for defining and measuring cybersecurity culture in large organizations (including success criteria) applicable to the NATO Enterprise
- a description of the NATO target audiences that should be in scope of cybersecurity culture building activities
- Definition of a CS culture measurement methodology for the NATO Enterprise;
- collection and calculation of the current situation measurement for the NATO Enterprise cybersecurity culture
- a gap analysis towards the programme’s goals / cybersecurity culture success criteria
Envisioned 2023 activities and deliverables (Out of scope of this contract. This work will be covered by a new competition and contract in 2023)
Task 2 - Develop and execute a NATO wide CS outreach model
Based on the outcome of the NATO Cybersecurity culture measurement: define and execute the outreach activities, to include:
- Develop 12-month rolling plan (to be reviewed quarterly) with event calendar promoting cybersecurity, to include live online panels, recorded webinars, face-to-face conferences etc.;
- Promotion / marketing plan for the various events;
- Deliver a sustained Enterprise CS awareness campaign continuously delivered to NATO audiences;
- Identify lessons and ideas generated in these events and disseminate them across the relevant NATO stakeholders.
Task 3 - Periodically measure the cybersecurity culture levels and analyse the results, to
conclude on the success of each set of activities
Due date final deliverable of the 2022 activities: 20 Dec 2022
Cost not to exceed: EUR 30k
3. ROLES AND RESPONSIBILITIES
The work shall be conducted in close collaboration between the Contractor and the NCI Academy, as described in table 2-2, and will be based on the NATO standards (Ref A):
NCIA – NCI Academy:
- Managing Authority
- NCIA Project Management
- Learning Design and Development (LDD) Lead
- Cyber Training Branch Head
- Provider of direction and guidance for training needs analysis
Contractor:
- Conduct CS culture assessment
4. SCHEDULE AND PRACTICAL ARRANGEMENTS
4.1 This is a deliverable based contract.
4.2 Services shall be delivered 100% offsite, but where needed with occasional travel to NATO
offices in Oeiras (Portugal) Brussels and/or Mons (up to 2 trips). Travel requires the prior
coordination with and approval of the NCIA Project Manager.
4.3 All travel and per diem costs shall be included in the Firm Fixed Price of this Contract,
together with cost of lodging and subsistence costs for all individuals. There shall be no
separate re-imbursement for travel and accommodation.
4.4 Services shall be conducted from 18 October 2022 at the latest to 20 December 2022.
4.5 The final deliverables will need to be agreed with the Branch Head Cyber Training and the
Branch Head Learning Design and Development in the NCI Academy.
4.6 Schedule of payments.
A single invoice shall be submitted and payment will be made after Purchaser’s written
acceptance (Delivery Acceptance Sheet (DAS) (Annex B)) for the following deliverables:
Deliverable: Conduct analysis of Cybersecurity culture in the NATO Enterprise as defined in table 2-1
Delivery Date: 20 Dec 2022
Payment Amount: 100% of the total contract value
Invoice to include the dully signed DAS and the EBA Receipt number shall be submitted to
Purchaser for payment in accordance with the Contractual Terms and Conditions.
Requirements
5. REQUIRED PERSONNEL QUALIFICATIONS
5.1 Contractor – MANDATORY Requirements
- Experience with Cybersecurity
- Experience with cultural assessments and organising Outreach activities
- Experience with working in an international environment comprising both military and civilian elements.
- Strong project management skills
- Experience with NCI Agency and NATO
- Knowledge of / practical user experience in the field of Cybersecurity
5.2 Contractor – DESIRED Requirements
- Experience with development of engaging online and blended learning methodologies
Language Proficiency:
- Level 3 English language skills according to NATO STANAG 6001: Listening (3); Speaking (2); Reading (3); and Writing (2) or according to Common European Framework of Reference for Language level B2-C1/Upper Intermediate-Advanced level).
Tags: Cyber defense Malware NATO
Perks/benefits: Conferences Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs