a Cyber Security Toolkit for SMEs and MEs

The CyberKit4SME ToolKit

The main focus of the CyberKit4SME ToolKit will be to adapt tools and models to be accessible by SMEs & MEs without the need for scarce and expensive specialist cyber security expertise.

Five tools are presented :

*Images below are placeholders


Keenaï is a tool that allows monitoring, through a single entry point, the whole security of the Information System. The solution is part of the SIEM’s category (Security Information and Event Management).

The development of Keenaï started in 2009. It is under the responsibility of the Inetum (formally Gfi) Cybersecurity Business Unit (R&D located in Rennes, France).

Keenaï has received the French state support and security certification is in progress.

Developed by: Inetum
Technical Specifications >

Human and Organizational Risk Models

The Human and Organizational Risk Models (HORM) is used to model and visualise human behaviour and work processes in terms of user journeys, i.e., it is centred around the human activities and interactions throughout a process.

A HORM model shows the actor’ steps (in terms of actions and communications) throughout the process. The models are used to illustrate hypothetical or real situations, for example best practices, but can also represent previous cyber attacks or situations to avoid.

Developed by: SINTEF
Technical Specifications >

Secure Data Services

The Secure Data Services (SDS) enables to store data and consume data in a secure and safe manner protecting data across its lifecycle as it is stored, accessed and used.

This includes facilities to govern data access and validation across the whole data lifecycle.

Developed by: IBM
Technical Specifications >

Service Ledger

The Service Ledger (SL) is a middleware blockchain-enabled platform that offers programmable services that directly or indirectly interact with one or more decentralised applications.

SL enables MEs/SMEs to collaborate and share CTI over a fully decentralised network without any centralised owner of data. The Organisations (MEs and SMEs) and the Local Authorities share CTI and cybersecurity-related events via SL who indeed represents a gateway to the decentralised network.

Developed by: University of Southampton
Technical Specifications >


The Spyderisk is a risk assessment tool for socio-economic systems. It combines a drag-and-drop graphical interface for drawing system models with an innovative machine-reasoning engine and detailed domain knowledgebase of threats and countermeasures to create a comprehensive view of the risks to a system and how to mitigate them.

The Spyderisk automates much of the risk assessment procedure described in ISO 27005 and thereby supports ISO 27001 compliance. Through automation, a risk assessment is made methodical and reproducible and a security analyst may do a better job in less time.

Developed by: University of Southampton
Technical Specifications >