Training and Capacity Building Modules

This section presents the theoretical training courses developed within the SAND5G project, aimed at strengthening cybersecurity knowledge and skills across modern digital environments. These modules cover key topics such as threat awareness, intrusion detection, digital health security, and threat intelligence, providing participants with a solid conceptual foundation in cybersecurity.

Designed for a wide range of stakeholders, including operators, regulators, researchers, industry professionals, as well as the broader public, the courses focus on enhancing understanding of emerging threats, security tools, and best practices. Each module contributes to building capacity and supporting informed decision-making in securing next-generation networks and digital services.

All courses include a short quiz at the end, allowing participants to assess their understanding and reinforce the key concepts covered throughout the training.

Social Engineering Awareness Module

Social Engineering Awareness Module

Understand how cybercriminals exploit human behavior, not technical flaws. This course covers common social engineering attacks – phishing, smishing, vishing, spear phishing, baiting, and physical intrusions – and the psychological tactics behind them, such as urgency, trust, fear, and guilt.

Learn practical defenses to protect yourself and your organization, including verifying requests, safeguarding personal information, recognizing warning signs, and following workplace security best practices. A short quiz at the end reinforces key concepts, helping participants become informed and alert – the strongest defense against social engineering threats.

Honeypot training

HoneyPot Training – Understanding Cybersecurity Traps

This course introduces honeypots – decoy systems used to attract, detect, and analyze cyberattacks – helping participants better understand and respond to cybersecurity threats. It covers their purpose, types (from low- to high-interaction), and use in detecting attacks, gathering intelligence, and diverting threats from production systems. Through practical examples such as fake SSH login pages and malware-collecting honeypots, participants learn how honeypots are deployed, how data is collected, and how attacks are analyzed.

The course also highlights key advantages, including precise data collection, reduced false positives, and resource efficiency, while addressing limitations such as coverage gaps and legal or ethical considerations under the General Data Protection Regulation (GDPR). It presents deployment strategies for real-world scenarios, including defense against Distributed Denial of Service (DDoS) attacks, integration with Intrusion Detection and Prevention Systems (IDS/IPS), and advanced cyber deception techniques, and concludes with a short quiz to assess understanding.

 

IDS quiz

Snort IDS Training – Intrusion Detection in Action

This course introduces Snort, an open-source Network Intrusion Detection System (NIDS) used to detect, analyze, and respond to cybersecurity threats in real time. It explains key intrusion detection principles, including monitoring network activity for unauthorized access and attacks on confidentiality, integrity, or availability. Participants learn how Snort functions as a packet sniffer, logger, and full IDS, analyzing traffic through rules, signatures, and plugins. Practical examples—such as detecting port scans, blocking malicious IPs, and identifying SQL injection attempts—demonstrate how Snort is configured and used in real-world scenarios.

The course highlights Snort’s advantages, including cost-effectiveness, flexibility, and integration with other tools, while addressing limitations such as configuration complexity, false positives, and the need for technical expertise. It also explores its ongoing evolution and concludes with a short quiz to assess understanding of its operation, rule creation, and defensive use.

 

NIS-2 Directive Regulatory Compliance
and Incident Reporting for 5G Operators

This course provides a clear and practical introduction to the NIS-2 Directive and its impact on 5G operators and digital service providers. Participants will gain an understanding of the expanded scope of NIS-2, including the distinction between essential and important entities, as well as the key cybersecurity obligations related to risk management, incident reporting, and compliance. The course explains how organisations can implement appropriate technical and organisational measures to protect their systems and ensure resilience against cyber threats.

It also explores incident notification requirements, supervisory mechanisms, and enforcement measures, highlighting the responsibilities of senior management and the potential consequences of non-compliance. A short quiz at the end of the course allows participants to assess their understanding of key concepts and practical requirements.

 

 

NIS-2 Directive Regulatory Compliance and Incident Reporting for 5G Operators

Analysis of cybersecurity measures under
NIS-2 Directive

This course provides a practical overview of cybersecurity measures under the NIS-2 Directive, focusing on how organisations can protect their network and information systems. It covers key areas such as risk management, secure configuration, vulnerability management, access control, and network security, offering guidance on implementing effective technical and organisational measures to strengthen resilience and ensure compliance with EU requirements.

The course also addresses incident response, business continuity, supply chain security, monitoring, and the use of cryptography, highlighting their role in a comprehensive cybersecurity strategy. Participants will gain the knowledge needed to assess and improve their organisation’s cybersecurity posture, with a short quiz at the end to test their understanding of key concepts.

 

Cybersecurity in Digital Health Solutions

Cybersecurity in Digital Health Solutions

The training course “Cybersecurity in Digital Health Solutions” provides an overview of the key cybersecurity challenges and protection mechanisms shaping modern digital healthcare environments. Developed within the SAND5G project, the course explores how technologies such as connected medical devices, telemedicine platforms, cloud systems, and 5G networks are transforming healthcare delivery while increasing exposure to cyber threats.

Participants are introduced to major healthcare cyber risks, including ransomware, phishing, data breaches, and IoT vulnerabilities, while also gaining insight into essential cybersecurity practices such as encryption, access control, network security, incident detection, and operational resilience. The course combines practical examples to strengthen understanding of cybersecurity best practices in digital health environments.

 

Implementing the EU 5G Cybersecurity Toolbox: From Policy to Operational Excellence

Implementing the EU 5G Cybersecurity Toolbox: From Policy to Operational Excellence

The course “Implementing the EU 5G Cybersecurity Toolbox: From Policy to Operational Excellence” provides participants with a practical understanding of the EU’s approach to securing 5G infrastructures and critical communications networks. Developed within the SAND5G project, the course examines the transition from 4G to 5G, the evolving cybersecurity threat landscape, and the strategic and technical measures introduced through the EU 5G Cybersecurity Toolbox to strengthen resilience, supply chain security, and operational integrity.

Participants are introduced to key 5G risk scenarios, including network misconfiguration, supply chain vulnerabilities, state interference, and IoT exploitation, while also exploring practical mitigation measures such as Zero Trust architectures, strict access controls, network virtualization security, resilience planning, and EU certification schemes. The course combines policy, regulatory, and operational perspectives, providing a step-by-step implementation roadmap supported by practical examples and interactive assessment questions.

 

Risk Assessment Methodologies for National 5G Security Oversight

The course “Risk Assessment Methodologies for National 5G Security Oversight” provides participants with a comprehensive understanding of how national authorities can assess, monitor, and manage cybersecurity risks in modern 5G infrastructures. The course explores the shift from traditional 4G security models to software-defined, cloud-native 5G environments, highlighting the growing importance of virtualization, APIs, network slicing, supply-chain security, and regulatory oversight.

Participants are introduced to key risk assessment methodologies based on ENISA and ISO/IEC 27005 frameworks, covering asset mapping, threat identification, high-risk vendor evaluation, supply-chain integrity, and national impact analysis. The course also demonstrates how the SAND5G platform supports continuous monitoring, evidence-based reporting, and dynamic risk analysis to strengthen national 5G security oversight and support informed regulatory decision-making.

 

Discover MISP: The Open Source Threat Intelligence and Sharing Platform

The course “Discover MISP: The Open Source Threat Intelligence and Sharing Platform” introduces participants to the fundamentals of cyber threat intelligence sharing through MISP, one of the most widely used open-source platforms for collaborative cybersecurity operations. The course explains how MISP supports the collection, correlation, enrichment, and secure sharing of threat intelligence, helping organizations improve detection capabilities, strengthen collaboration, and reduce response times to cyber threats.

Participants gain practical insight into key MISP concepts, including events, attributes, objects, taxonomies, galaxies, information sharing, automation, and system integration. It also explores how MISP supports operational cybersecurity workflows through trusted intelligence sharing, contextualized threat analysis, dashboards, APIs, and integration with SIEM, SOAR, and other security systems. An interactive quiz further reinforces participants’ understanding of the platform’s core functionalities and real-world applications.