ENISA enhances cybersecurity culture with updated ‘Awareness Raising in a Box’ toolkit

The European Union Agency for Cybersecurity (ENISA) released the latest version of ‘Awareness Raising in a Box’ on Wednesday, which aims to support organizations in enhancing their cybersecurity culture by developing customized awareness programs. ‘AR-in-a-Box’ offers a comprehensive solution for cybersecurity awareness initiatives tailored to the requirements of public entities, essential service operators, and businesses of all sizes.

To test the new edition of the all-in-one toolkit, ENISA piloted the Awareness Raising in a Box (AR-in-a-BOX) with the Cypriot Digital Security Authority and the Cypriot National Coordination Centre.

The updated version of AR-in-a-Box includes the existing catalog of instructions, games and activities, but has also been enriched with the addition of a new guide for the development of internal and external cyber crisis communication plans. With AR-in-a-Box, ENISA equips organizations with the necessary tools and resources to raise cybersecurity awareness within their operations.

“The Digital Security Authority (DSA) and the Cyprus National Coordination Centre for Cybersecurity (NCC-CY) is proud to be working along with the European Union Agency for Cybersecurity (ENISA) to test and promote the Awareness Raising in a Box’ (AR-in-a-BOX), which aims to boost knowledge on cybersecurity awareness techniques,” Diamantis Zafeiriades, head of the Cypriot Digital Security Authority, highlighted in a media statement. “Acknowledging that cyber resilience is a constant training journey for the unpredictable, we are committed to support such initiatives on an ongoing basis.”

AR-in-a-Box allows professionals from small and medium (SMEs) to big enterprises and public or private entities, to improve their knowledge of cybersecurity awareness techniques. This comprehensive toolkit offers a blend of theoretical frameworks and practical resources, enabling organizations to craft tailored cybersecurity awareness programs, including gamification of content. Notably, the updated version features an online Cyber Awareness Game accessible through the EU ACADEMY.

It provides theoretical and practical knowledge on how to design and implement effective cybersecurity awareness programs, including a guideline on building custom awareness programs for internal use within an organization, a guideline on creating targeted awareness campaigns for external stakeholders, instructions on selecting the appropriate tools and channels to effectively reach the target audience, and instructions on developing Key Performance Indicators (KPIs) to evaluate the effectiveness of a program or campaign. 

The AR-in-a-Box also offers a guide for the development of a communication strategy, crucial for achieving awareness objectives; a guide for the development of internal and external cyber crisis communication plans; an awareness raising quiz to test comprehension and retention of key information; and an awareness raising game provided in different versions and styles, along with a guide on how to play.

Earlier this month, the European Commission’s Joint Research Centre (JRC) and ENISA released a Cyber Resilience Act Requirements Standards Mapping report this week. The JRC-ENISA report aims to align existing cybersecurity and vulnerability standardization outputs with the qualifications required for products with digital elements under the Cyber Resilience Act.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.