CADMUS Course Code: CADMUS-BTCMP-01
ECSF Proficiency Level: Basic
EQF Level: EQF Level 4 (Upper secondary / vocational)
Training Type: Cross-skilling
Delivery Method: Online self-paced
Duration: 4 total hours
Trainee Group Size: Everyone (no min/max specified)
ECSF Skills Covered:
- Identify needs in cybersecurity awareness, training and education — Basic
- Develop evaluation programs for awareness, training and education activities — Intermediate
- Build a cybersecurity risk-aware environment — Basic
- Influence an organisation's cybersecurity culture — Basic
- Motivate and encourage people — Basic
- Identify threat actors TTPs and campaigns — Basic
Target Audience :
- Employees in SMEs, public institutions and educational organisations
- Non-technical staff
- Administrative personnel
Prerequisites Entry Requirements : None
Learning Objectives:
- Explain fundamental cybersecurity concepts (threat, vulnerability, risk, impact).
- Recognise common cyber attack vectors affecting organisations.
- Identify unsafe digital behaviours and associated organisational risks.
- Apply basic cybersecurity hygiene principles in everyday work activities.
Suggested Learning Objective Sets – LOS :
- 23 - Cyber Fundamentals & Digital Hygiene
Learning Outcomes:
- Distinguish between threat, vulnerability and risk using practical examples
- Identify phishing attempts and common social engineering indicators
- Select appropriate secure behaviours when handling passwords, devices and email
- Recognise situations requiring reporting to IT/security teams
Platform: LMS
Course Structure (Learning Nodes): 1. Introduction to Cybersecurity Fundamentals
· Definition of cybersecurity and organisational digital risk
· Explanation of key concepts: threat, vulnerability, risk and impact
· Why cybersecurity is a shared responsibility
· Overview of common organisational attack surfaces
2. Common Cyber Threats and Attack Techniques
· Phishing and spear-phishing attacks
· Social engineering techniques
· Malware and ransomware basics
· Credential theft and password misuse
· Real-world examples of common attack scenarios
3. Secure Digital Behaviour and Cyber Hygiene
· Strong password practices and multi-factor authentication
· Safe email usage and link verification
· Secure browsing habits
· Safe use of organisational devices and remote work considerations
· Data handling and basic privacy awareness
4. Recognising and Reporting Security Incidents
· Identifying suspicious emails, messages and system behaviour
· When and how to report security concerns
· Internal reporting channels and escalation logic
· Importance of timely reporting and organisational response
5. Individual Accountability and Organisational Security Culture
· Role of employees in protecting organisational assets
· Consequences of unsafe behaviour
· Building a security-aware mindset
· Continuous improvement of personal cyber hygiene
Certificates Offered :
- certificate of course attendance (participation in ≥ 90% of total workload);
- certificate of successful course completion (50% ≤ GPA ≤ 64.9%);
- certificate of successful course completion with very good performance (65% ≤ GPA ≤ 84.9%);
- certificate of successful course completion with excellent performance (85% ≤ GPA ≤ 100%)
1 Chief Information Security Officer (CISO): No
2. Cyber Incident Responder: No
3. Cyber Legal, Policy & Compliance Officer: No
4. Cyber Threat Intelligence Specialist: No
5. Cybersecurity Architect: No
6. Cybersecurity Auditor: No
Cybersecurity Educator: No
Cybersecurity Implementer: No
Cybersecurity Researcher: No
Cybersecurity Risk Manager: No
Digital Forensics Investigator: No
Penetration Tester: No
SMEs: No
Cybersecurity Professionals: No
LMS : No
Cyber Range : No
SG/TTX: No
Bootcamp : No
Hackathon : No
1 Analyse and comply with cybersecurity-related laws, regulations and legislations: No
2 Analyse and consolidate organisation’s quality and risk management practices: No
3 Analyse and implement cybersecurity policies, certifications, standards, methodologies and frameworks: No
4 Analyse business processes, assess and review software or hardware security, as well as technical and organisational controls: No
5 Anticipate cybersecurity threats, needs and upcoming challenges: No
6 Anticipate required changes to the organisation’s information security strategy and formulate new plans: No
7 Apply auditing tools and techniques: No
8 Assess and enhance an organisation’s cybersecurity posture: No
9 Assess the security and performance of solutions: No
10 Audit with integrity, being impartial and independent: No
11 Automate threat intelligence management procedures: No
12 Build a cybersecurity risk-aware environment: No
13 Build resilience against points of failure across the architecture: No
14 Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organisational processes, finance and business strategy: No
15 Collaborate with other team members and colleagues: No
16 Collect information while preserving its integrity: No
17 Collect, analyse and correlate cyber threat information originating from multiple sources: No
18 Collect, evaluate, maintain and protect auditing information: No
19 Communicate, coordinate and cooperate with internal and external stakeholders: No
20 Communicate, explain and adapt legal and regulatory requirements and business needs: No
21 Communicate, present and report to relevant stakeholders: No
22 Comprehensive understanding of the business strategy, models and products and ability to factor into legal, regulatory and standards’ requirements: No
23 Conduct ethical hacking: No
24 Conduct technical analysis and reporting: No
25 Conduct user and business security requirements analysis: No
26 Conduct, monitor and review privacy impact assessments using standards, frameworks, acknowledged methodologies and tools: No
27 Configure solutions according to the organisation’s security policy: No
28 Coordinate the integration of security solutions: No
29 Decompose and analyse systems to develop security and privacy requirements and identify effective solutions: No
30 Decompose and analyse systems to identify weaknesses and ineffective controls: No
31 Define and apply maturity models for cybersecurity management: No
32 Design systems and architectures based on security and privacy by design and by defaults cybersecurity principles: No
33 Design, apply, monitor and review Information Security Management System (ISMS) either directly or by leading its outsourcing: No
34 Design, develop and deliver learning programmes to cover cybersecurity needs: No
35 Develop and communicate, detailed and reasoned investigation reports: No
36 Develop code, scripts and programmes: No
37 Develop codes, scripts and programmes: No
38 Develop cybersecurity exercises including simulations using cyber range environments: No
39 Develop evaluation programs for the awareness, training and education activities: No
40 Develop, champion and lead the execution of a cybersecurity strategy: No
41 Draw cybersecurity architectural and functional specifications: No
42 Enable business assets owners, executives and other stakeholders to make risk-informed decisions to manage and mitigate risks: No
43 Establish a cybersecurity plan: No
44 Explain and communicate data protection and privacy topics to stakeholders and users: No
45 Explain and present digital evidence in a simple, straightforward and easy to understand way: No
46 Follow and practice auditing frameworks, standards and methodologies: No
47 Generate new ideas and transfer theory into practice: No
48 Guide and communicate with implementers and IT/OT personnel: No
49 Identify and exploit vulnerabilities: No
50 Identify and select appropriate pedagogical approaches for the intended audience: No
51 Identify and solve cybersecurity-related issues: No
52 Identify needs in cybersecurity awareness, training and education: No
53 Identify non-cyber events with implications on cyber-related activities: No
54 Identify threat actors TTPs and campaigns: No
55 Identify, analyse and correlate cybersecurity events: No
56 Implement cybersecurity recommendations and best practices: No
57 Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards: No
58 Influence an organisation’s cybersecurity culture: No
59 Integrate cybersecurity solutions to the organisation’s infrastructure: No
60 Lead the development of appropriate cybersecurity and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties: No
61 Manage and analyse log files: No
62 Manage cybersecurity resources: No
63 Model threats, actors and TTPs: No
64 Monitor new advancements in cybersecurity-related technologies: No
65 Motivate and encourage people: No
66 Organise and work in a systematic and deterministic way based on evidence: No
67 Perform social engineering: No
68 Practice all technical, functional and operational aspects of cybersecurity incident handling and response: No
69 Propose and manage risk-sharing options: No
70 Propose cybersecurity architectures based on stakeholder’s needs and budget: No
71 Provide training towards cybersecurity and data protection professional certifications: No
72 Review and enhance security documents, reports, SLAs and ensure the security objectives: No
73 Review codes assess their security: No
74 Select appropriate specifications, procedures and controls: No
75 Think creatively and outside the box: No
76 Understand legal framework modifications implications to the organisation’s cybersecurity and data protection strategy and policies: No
77 Understand, practice and adhere to ethical requirements and standards: No
78 Use and apply CTI platforms and tools: No
79 Use penetration testing tools effectively: No
80 Utilise existing cybersecurity-related training resources: No
81 Work ethically and independently; not influenced and biased by internal or external actors: No
82 Work on operating systems, servers, clouds and relevant infrastructures: No
83 Work under pressure: No
