***Welcome to the GEIGER community! This is a safe space to discuss Cybersecurity and the GEIGER Education program.*** ***We want everyone to be part of our community and have their voice heard.*** ***We encourage your feedback and aim to respond to your comments as soon as possible. While we do moderate this community, we welcome open discussion.*** ***To help everyone enjoy our community, we ask that when you post, you keep in mind the following:*** * ***We don’t allow defamatory, indecent, offensive, profane, discriminatory, misleading, unlawful or threatening comments.*** * ***Personal attacks, name-calling, trolling and abuse will not be tolerated.*** * ***Spamming, posting promotional material or posting links to third party websites is not permitted.*** * ***We reserve the right to delete comments at our discretion and block any repeat offenders. We will remove content that is fraudulent, deceptive or misleading.*** * ***Coordinated group attacks will not be tolerated.*** * ***Respect that other people in the community have had different life experiences and may have a different perspective to yours. We welcome different viewpoints.*** * ***Our community is a semi-public place, accessible to all registered members. Don’t post personal information that you would not be comfortable sharing with a stranger. We recommend that you don’t post any information that may identify you or anyone else, such as your address, email address or phone number.*** ***If you have a question about a product or service of ours, please get in touch via our website at [https://project.cyber-geiger.eu](https://project.cyber-geiger.eu).*** ***If you’d like to chat with a customer service representative, please get in touch with us.*** Foreword You are invited to join a research study of the project GEIGER. Before deciding on whether you would like to participate, please read this document carefully and use whatever time you need to discuss it with your family, friends, legal advisor or anyone else. The decision to join or not the study is only up to you. In this research study, we are investigating/evaluating Community Building as a means for Cybersecurity Education. Please ask all the questions you may have so you are completely sure you understand the process, goal, risks and benefits of the research study. The information and informed consent documents are in a language and terms understandable by all participants, presented in an accurate and precise way. If not sure about any word or phrase, please ask the contact researcher or any other member of the study team to understand the meaning of the information fully. We assure at all times the compliance with the current legislation. This document informs potential participants about: • Their voluntary participation • The nature of the research project • What risks, benefits, and alternatives are associated with the research study • What rights they have as research subjects • How their data will be collected and protected during the project and destroyed at the end Upon signing, the participant or legally authorised representative will receive a copy of this form. The original will be held in the participant's research record. Purpose of the GEIGER Project The GEIGER project is a 30-month EU co-funded project that aims to develop help for micro and small enterprises (MSEs) to protect their business services/products and professional/personal-related software/devices from cyber-security threats. More specifically, GEIGER will: • Design and develop an easy-to-use cybersecurity GEIGER framework attractive to companies and organisations with a restricted budget, • Increase awareness as well as motivate and guide cyber-security and data protection improvements with the help of the GEIGER indicator, • Create capacity by training and certifying security defenders that are able to help MSEs in improving their cybersecurity and data protection. • Validate and demonstrate the GEIGER solution in multiple SMEs environment with diverse products and services, • Consolidate international and European links and harmonising solutions with general standards and directives – promoting cybersecurity policies and models, and • Provide ready-to-market solutions and immediate market impact. The GEIGER solution will be built on five complementary concepts that form the cycle of cyber-security: • Awareness & Motivation: support the MSEs to help them know the cyber and data protection threats most relevant to their business and understand the necessity and urgency to improve their risk level. • Discover & Solve: guide MSEs on how to add data protection and cybersecurity protection adjusted to their businesses with easy-to-implement security-related policies and sensors, shields, and recommenders of the GEIGER framework, and • Protection & Response: continuous protection against the major types of data protection risks and cyberattacks, and • Training & help: appropriate training activities that will allow security defenders understand cybersecurity and how to apply it in helping MSEs to institutionalise suitable data protection and cybersecurity policies and tools based on the security enhancements provided by GEIGER, and • Extensive validation: the solution will be developed congruent with today's standards and validated different and transversal use cases. Furthermore, a large-scale dissemination initiative organised during the final year of the project will allow GEIGER to validate and demonstrate its solution across many MSEs and different application areas. You are invited to join the GEIGER project to take part of the definition of the requirements that the GEIGER platform must fulfil and their consequent evaluation in the context of the pilots (apprentice, accountants, and entrepreneurs training for micro and small enterprises that are digitally dependent, digitally based, digital enablers, or start-ups).\ Purpose of the Research\ The main purpose of the research is to validate and evaluate the benefits of the GEIGER solution. We have decomposed the research into two different phases that aim to different objectives. The first phase is about identification and compilation of the GEIGER requirements coming from the pilots, where participants will provide their feedback and comments about needs and day-to-day operation in their area of expertise/work-related, but not limited, to cybersecurity. The second phase of the research is the evaluation of the GEIGER solution. In this second part of the research, we will validate the correctness and fulfilment of the initially identified requirements and evaluate the impact of GEIGER and the degree of satisfaction of the provided functionalities. In each phase, data collection and analysis activities will be performed according to the necessities of the research. Data acquisition in the project will consist of monitoring of the use of the GEIGER solution and collection of feedback with techniques like surveys, questionnaires, interviews, and focus groups. For example, some of the tools used will be questionnaires (offline or online), videos, workshops, etc. Research Procedures\ The two research phases will follow different procedures and be performed using different tools. The first phase will start with an introduction to the project and goals to achieve, highlighting how the identification of requirements is a fundamental task for the definition of the GEIGER solution. After the presentation and discussion with participants about the goals a compilation of comments, identified needs and recommendations, and feedback on mock-ups and prototypes, etc. will be performed. This information will be obtained using tools such as questionnaires, lists, discussions, and voice and video recording. The second phase will start with an introduction of the GEIGER project, goals, and results. Following, and highlighting, the initial set of requirements identified at the beginning of the project in the first phase, an evaluation of the GEIGER solution will be performed. This process will evaluate if the GEIGER solution fulfils the objectives and is accepted and useful for the participants. This second part will use tools that fit the needs for the evaluation: questionnaires, logging of use of the GEIGER framework and security defenders education, video and voice recording in focus groups, workshops, and hands-on sessions, etc. The participant may decline to answer any or all questions, or participation in any other research activity, and you may terminate your involvement at any time if you choose. Risks The participant consents to participate in providing feedback about their security context and needs (identification of requirements), and in evaluating the GEIGER framework and education scenarios. Secret information such as the security profile of an MSE and personal data such as preferences, knowledge, and attitudes will be handled strictly confidentially and processed according to the GDPR. The disclosure of any such information will be subject to voluntary consent by the data subject. Benefits It is likely that participants will not receive any pecuniary benefit from participation in the research study. Participants may learn about digital data protection, best practices in security and privacy, and cybersecurity awareness in the phase of evaluation of the framework. Participation of users will provide a substantial contribution to understand how cybersecurity awareness of users can be evaluated and increased thanks to the tools and services of the GEIGER solution. Therefore, although we cannot guarantee participants will personally experience benefits from participating in the research study, others may benefit in the future from the information provided. Privacy and Confidentiality The responses and feedback of the participants in questionnaires, interviews, workshops and focus groups will be recorded and stored in a secure way. No recorded data that includes any personal identification will be shared outside the research study. We will make sure the information provided in the research study is kept confidential and protected against unauthorised disclosure, tampering, or damage. The information will be kept protected in data repositories owned by the organisations conducting the studies, and only authorised users will have access to the information and only for specific and clear reasons. The access and use of the data will be logged so the status will always be under control. Your responses to this research study will be anonymous. Please do not write any identifying information on your survey/activity/study. Every effort will be made by the researcher to preserve your confidentiality. The participant's decision to whether or not give authorisation for the use, storing and process of the information provided in the research study is voluntary. Therefore, if the participant does not provide the investigators with this authorisation or cancels the authorisation in the future, the participant will not be able to participate in the study. What will we do with your data The information obtained in the research studies will be processed during the requirements definition and evaluation of the GEIGER platform and will be shown in project reports. As aforementioned, the data will be recorded in a privacy-respectful way, making sure it will not be possible to identify the source of information. The results of these studies may be published in scientific journals or conferences and may be used in further studies. No data provided by participants will be handed out to third parties (outside of the consortium of the GEIGER project). The authorisation for the access, use and processing of the information is valid until the end of the research study unless the participant decides to cancel it before. If a participant decides to cancel the consent, please contact the leading investigator and inform her of the intention of leaving or finalising the research study. Participants have the right not to participate at all or to leave the study at any time. Deciding not to participate or choosing to leave the study will not result in any penalty or loss of benefits to which the participants are entitled. The data provided by the participants will be destroyed at the end of the project unless they reaffirm consent for use of the platform after the project lifetime or when they cancel their participation in the research study. Contact for Questions or Problems Please call Samuel Fricker at +41 56 202 81 93 or email Samuel Fricker at [samuel.fricker@fhnw.ch](mailto:samuel.fricker@fhnw.ch) if the participant has any question about the study, any problems, unexpected physical or psychological discomforts, any any injuries, or think that something unusual or unexpected is happening. The participant should contact Samuel Fricker, via e-mail ([samuel.fricker@fhnw.ch](mailto:samuel.fricker@fhnw.ch)), if she has any question or concern about her rights as a research participant. Agreement By agreeing to this Privacy Policy, I, the undersigned, confirm that: 1. I am 16 years or older, and I am competent to provide consent. 2. I have read and understood the information about the GEIGER project, as provided in the Information Sheet dated 2021-Oct-13. I understand it is not mandatory to participate in the research study and, if I choose to participate, I may at any state withdraw my participation. 3. I have been given the opportunity to ask questions about the research and my participation. 4. I voluntarily agree to participate in the research. 5. I understand I can withdraw at any time without giving reasons, and I will not be penalised for withdrawing, nor will I be questioned on why I have withdrawn. 6. The procedures regarding confidentiality have been clearly explained (e.g. use of names, pseudonyms, anonymisation of data, etc.) to me. 7. If applicable, separate terms of consent for interviews, audio, video or other forms of data collection have been explained and provided to me. 8. The use of the data in research, publications, sharing and archiving has been explained to me. 9. I understand that other researchers will have access to this data only if they agree to preserve the confidentiality of the data and if they agree to the terms I have specified in this form. 10. I understand that, subject to the constraints above; no recordings will be replayed in any public forum or made available to any audience other than the current research team. 11. I understand that my participation is fully anonymous and that no personal details about me will be recorded. 12. I have received a copy of this agreement. 13. I, along with the researcher, agree to sign and date this informed consent form. I understand that my information will be treated as strictly confidential and handled in accordance with the provisions of the relevant national, European and international data protection laws and regulations and personal data treatment obligations. Specifically, this consent document complies with Convention No. 108 of the Council of Europe for the Protection of Individuals and the General Data Protection Regulation (GDPR, Regulation (EU) 2016/679).