The Cybersecurity Competence Center Luxembourg aims to help organizations reach a mature level in managing their cybersecurity competence. That's an ill-defined concept for organizations to grasp. From the C3 standpoint, it is the combination of technical skills, know-how and experience. One of the core difficulties si to handle it simultaneously at the individual and collective levels.
C3 mission will be achieved through four main activities.
First, the C3 provides organizations with ways to become aware and document their problems in terms of competence. The main tools are a consistent documentation that will be easily accessible on the C3 website, and a set of dedicated awareness trainings.
Through its second core activity, the C3 helps organizations to identify the specific issues they will need to cover to solve competence-related problems. This will be done by testing their systems and users. The discovery of systems' weaknesses is then interpreted as symptoms of competence gaps.
The testing site is a gateway to the tools and services that will help organisations, and more specifically small ones, to perform tests on their email and web-exposed infrastructures. The core tool is the Testing Platform, and more tools will be added through time to increase the coverage of available tests.
The third stage should support organizations prioritize their resources' allocation on the most critical issues. The C3 observatory provides reference information on security threats and risks to perform arbitrages in the most effective and efficient way. For this purpose, it leverages existing sources of threat information and performs analyses highlighting significant trends and emerging ones.
The C3 aims to provide a dedicated tool to companies to help them choose the best approach to overcome their cybersecurity competence shortcomings. One key characteristic of competence in a digitized environment is that it can be acquired not only through the usual practices, such as training employees or hiring specialists, but also through know-how's embedded into the software. Acquiring services based on such software can be an alternative to people’s training.
Finally, the C3 will give access to competence building solutions in order to allow organizations to implement the decisions they have taken in previous phases. This part of the mission is done by delivering training sessions that are not available through the current market offer and engaging in capacity building operations to increase the pool of available talents in the country. It will also redirect organisations to the most relevant cybersecurity provider of the Luxembourg ecosystem when possible.