The CyberReadiness.IT programme aims at providing methodologies and tools useful to measure the impact of the human factor in the assessment of an organisation’s cyber risks, starting from the answers provided to a specific questionnaire by each person of the organisation itself.

The questionnaire is “tailor-made” on the basis of the characteristics of the organisation and, during delivery, the questions are “dynamically” modified on the basis of the answers provided.

From a methodological point of view, the questionnaire is based on the National Framework for Cybersecurity and Data Protection and on an innovative scientific methodology called the Cyber Security Human Readiness Index (CSHRI). In particular, it permits the evaluation, for each individual who fills it out, of certain potentially critical aspects, among which:

  • The level of knowledge of a basic set of cybersecurity best practices;
  • The level of knowledge of the standards and measures relating to various aspects of cybersecurity defined within the organisation;
  • The level of individual cyber hygiene;
  • Overall, the strengths and weaknesses with respect to cyber risks.

Depending on the specific needs of the client organisation, the questionnaire can be supplemented with specific questions related to the need to collect aggregate data useful to highlight possible vulnerabilities and the most relevant technical-organisational factors exogenous and endogenous to the organisation.

In this sense, the CyberReadiness.IT programme allows to:

  • Assess the level of security and exposure of the client organisation to cyber risks, comparing them with the criticalities deriving from the human factor;
  • Assess the needs in general terms;
  • Increase the awareness and capabilities of the individual user and of the entire organisation.

The main advantages of using the CyberReadiness.IT programme are at both individual and organisational level. In particular, for the individual, the programme provides flexible and adaptable tools necessary for the cybersecurity assessment of each user, while, at the organisational level, the use of the programme allows the assessment of response capabilities, also in relation to changes in the threat and cyber risks correlated with the human factor.

In both cases, then, the CyberReadiness.IT programme is able to identify and propose an appropriate set of actions, aimed at mitigating the critical elements detected by the Cybersecurity Human Readiness Index, through specific and customised remediation tools based both on the results of the questionnaire and on the needs of the client organisation.

From an operational point of view:

  • The questionnaire is always administered anonymously and responses are processed in full compliance with technical, legal and accountability standards;
  • The questionnaire includes a set of questions, all of which are closed-ended;
  • The number of questions is typically between 50 and 60;
  • The time required for completion does not exceed 15 minutes;
  • The final output is a weighted score on the questions and answers received, based on the reference factors.

From an implementation point of view, the CyberReadiness.IT programme complies with the most stringent confidentiality and IT security standards.

In terms of deployment, the programme uses a platform available in the following versions:

  • On-Premise: the platform is installed on the organisation’s servers/data centres;
  • On-Cloud: the platform is installed on the organisation’s Cloud: in this case, a PaaS (Platform as a Service) architecture is required, based on Docker containers;
  • SaaS (Software as a Service): the platform is hosted at Lab. Naz. Cybersecurity and the organisation can access it thanks to accounts regulated by appropriate access policies.


Responsabile progetto
Luigi Martino, Università di Firenze
M: [email protected][/vc_column_text][/vc_column][/vc_row]