Management & Decision Support Systems Laboratory of the National Technical University of Athens (NTUA) is responsible for the design, development and implementation of a security culture framework and tool commonly known as the Security Behaviour Analysis Tool (SBA). SBA is founded on a domain agnostic security model consisted of 10 different security dimensions analysed into 52 domains assessed by more than 500 controls examined under two different pillars: organisational and individual. Its aim is to assess the Security Culture of an organization using both manager designed and triggered evaluation campaigns and individual self-assessment iterations. The security culture assessment is conducted using various questionnaires, tests, games and simulations. Specific model and assessment methodology allow the mapping of the end-users’ socio-cultural behaviour to specific cyber-threats listed in the MITRE ATT&CK database. Once the assessment is completed, targeted training recommendations are provided to the organisation based on the results.
The different facets of security culture
SBA aims to enhance information security in the entire Electrical Power and Energy System (EPES) supply chain, starting from power generation and reaching up to the distribution layer, by focusing on the human factor. Its main goal is to accommodate working force by retrieving security gaps, pinpointing policy complexity and, finally, facilitating participation in cyber-security defense of all participating organizations, including production units, TSOs, DSOs, etc.