Content Introduction

The administration of The UOS (University of Sunderland) is thinking of providing the

chance to educate about cyber security knowledge not only for staff and students of the UOS
(University of Sunderland) but also for everyone outside of the University, Individually or
organizationally who is concerned with cyber security and have experienced by cyber-attacks.
For this purpose, they decided to set up a cyber security clinic.

Some types of crucial instructions and activities that a cyber clinic might engage in to provide
services to its stakeholders.

Technical support
Offering technical guidance and support to clients by implementing and configuring
cybersecurity tools, software and solutions to protect their data and systems.

Cyber Safety Education and Training

Providing Cybersecurity workshops and training programs for students and stakeholders
to upgrade their knowledge, skills and awareness of cyber threats and practices.

Threat Intelligence
Supporting students and stakeholders with updated knowledge and information about
developing cyber-attacks, threats and vulnerabilities to help them to able to defend against
potential risks.

Real-time Monitoring
Monitoring the client's systems, network and data continuously to detect and handle
security threats and errors in real-time.

Cybersecurity Consulting Service and Discussion

Offering advisory services and consulting expertise to clients concerned with various
cybersecurity matters, including technology evaluation, strategy development and security
architecture design.

These activities are some of the fundamental services that a cybersecurity clinic should
undertake to provide to its clients.
Benefits of establishing a cybersecurity clinic and its services
Nowadays digital age, organizations like business groups and charity foundation groups
face challenges in cybersecurity and they are significantly targeted by cyber-criminal groups of
cyber-attacks, commonly ransomware attacks. According to the report of the 2023 UK
Cybersecurity breaches survey, official statistics, there are a total of 8 % of charities and 11 % of
businesses that have experienced cybercrimes in the last 12 months, rising to 25% of high-
income charities, 37% of large businesses groups and 26% of medium businesses groups. There
is still lack the expertise and resources to protect themselves from cyber-attacks effectively.
Therefore, establishing a University and College-based Cybersecurity Clinic is a crucial part of
the solution to reduce the cyber threat to individuals or organizations. Most University-based
cybersecurity clinics help small businesses and organizations mitigate cybersecurity risks and
vulnerabilities through awareness and training programs at no cost like the University of
Alabama, the University of Nevada, Stillman College, and so on.
According to the 2018 Public Interest Registry survey report, over 5300 NGOs confirmed
that, while nonprofits are investing in the IT field for mission-critical activities, information
security investments remain still low. Therefore, the number of university-based international
network cyber clinics is needed to expand to advance cyber security education for the public
good together. In the August 2020 Lawfare post, Tatyana Bolton and Chris Inglis (National
Cyber Director appeal that cyber clinics are mutually beneficial to universities, students, and
their surrounding organizations and communities.
Some benefits that can be obtained from a university-based cybersecurity clinic are that it
can help stakeholders develop long-term cybersecurity defense, increase resilience, and expand
cybersecurity capacity. Students might also be provided with a lot of digital cybersecurity
services. One of the significant benefits of university-based cybersecurity clinics is that it is able
to provide the needs to bridge the gap between industry and academia. Students who are
members of these cyber clinics will gain real-world experience by working on actual
cybersecurity projects for community groups and organizations.
Benefits of Real-time Monitoring: it can specify, and advance tread detection and it can
respond immediately to security incidents. It reduces the damage by identifying breaches
promptly and facilitates proactive risk management. It improves and strengthens the overall
cybersecurity posture.

Cyber Safety Education and Training: educating and training the cybersecurity and safety for
the next generation of cybersecurity professionals through these cybersecurity clinics is helping
to make a secure digital future and the cases of cyberbullying and scams will also be reduced. As
cyber threats also consistently evolve, the preparation of the workforce and protection
communities by these clinics will become a crucial role.
Cybersecurity Consulting Service and Discussion: it provides specific guidance and expertise
to organizations, helping them develop cybersecurity solutions, assess strategies, and mitigate
risks by following the regulations. It offers insights into potential threats, and it can help to
upgrade overall resilience against cyberattacks.

The Challenges that might arise from establishing a cyber clinic

While it is common knowledge that establishing a cyber-clinic is not a simple endeavor,

severalworries stand in the way of its implementation. The most difficult challenge is going to
befinding someone who has all of the necessary technical expertise for the sessions. This
individualwill need to be willing to commit their precious time to learning these skills, therefore
findingthem will be the most difficult effort. The expression "additional vulnerabilities or
challenges"refers to the fact that users who attempt to protect the network with insufficient skills
mightmake the situation worse. Since individuals’ intentions aren't always apparent, it's possible
for someone to use the information they obtain during the session for their personal advantage at
the

While establishing a cyber clinic or cybersecurity service can provide numerous benefits, there
are also potential concerns and challenges that may arise. Some of these concerns include:

1. **Privacy Issues:** Handling sensitive information and data of clients may raise privacy
concerns. Ensuring proper measures are in place to protect the confidentiality and integrity of
client data is essential.

2. **Ethical Considerations:** Ethical dilemmas may arise, particularly in situations involving

incident response, forensic analysis, and handling of sensitive information. Maintaining ethical
standards and ensuring transparency in operations is crucial.

3. **Legal Compliance:** Adhering to relevant laws and regulations governing cybersecurity,

data protection, and privacy is essential. Failure to comply with legal requirements can result in
legal consequences and reputational damage.

4. **Conflict of Interest:** Balancing the interests of clients with the interests of the cyber clinic
itself can be challenging, especially in cases where recommendations may conflict with the
clinic's financial interests.

5. **Resource Constraints:** Managing resources such as skilled personnel, technology

infrastructure, and funding may pose challenges, particularly for smaller cyber clinics or startups.
6. **Security Risks:** Cyber clinics themselves are not immune to cyber threats. They may
become targets for cyberattacks due to the sensitive information they handle. Implementing
robust security measures to protect clinic infrastructure and data is essential.

7. **Trust and Reputation:** Building and maintaining trust with clients is crucial for the
success of a cyber clinic. Any breach of trust, whether in terms of security incidents or ethical
lapses, can significantly damage the clinic's reputation.

8. **Client Dependency:** Clients may become overly reliant on the services provided by the
cyber clinic, potentially leading to a lack of internal cybersecurity capabilities within client
organizations.

9. **Scope Creep:** The scope of services offered by the cyber clinic may expand over time,
leading to potential challenges in managing resources, expertise, and client expectations
effectively.

10. **Cultural and Organizational Challenges:** Implementing cybersecurity measures within

client organizations may face resistance due to cultural, organizational, or operational factors.
Overcoming these challenges requires effective communication, collaboration, and change
management strategies.

Addressing these concerns requires careful planning, implementation of appropriate policies and
procedures, ongoing monitoring and assessment, and a commitment to upholding ethical
standards and best practices in cybersecurity service delivery.

Activities
The clinic operated three main strands of activity
 Public Engagement and Counseling: The clinic has developed and provided
tailor-made counseling to create cybercrime awareness and resilience for
individuals and organizations through a variety of media (e.g. face-to-face,
email, social networking). / Laboratories).
 Research:-The clinic has conducted research with children and young
people, seniors, and small and medium-sized organizations about their
experiences and concerns about cybercrime and how they would like to
receive cybercrime awareness tips in the future.
 Finally, based on the experiences and results of the counseling and research
chapters, the third chapter of the activity is to develop a transferable model
 for the implementation of cybercrime awareness clinics that could be
implemented in other regions.
It also helps build and train the next generation of digital security leaders. It
teaches students through a hands-on approach, whereby they strengthen and
support organizations in implementing digital security practices using a holistic
and personalized approach.
It helps organizations proactively defend against digital threats, allowing them to
focus on fulfilling their missions and promoting social change. It consults directly
with civil society groups and provides them with the tools and knowledge to
defend themselves against politically motivated bad actors and digital threats

BENEFITS
The 2019 cybersecurity breach survey found that 31% of micro and small
businesses and 60% of midsize businesses have experienced a breach or attack in
the past 12 months. Average annual costs for companies that lost data or resources
following a breach were £ 3,650 for micro and small businesses and £ 9,270 for
midsize businesses. For charities, 19% of low-income charities and 32% of middle-
income charities have experienced a breach or attack in the past 12 months, with an
average cost (across all charities , including the largest charities) for those who
have lost data or assets of £ 9,470 (DDCMS, 2019). From previous activities that
Cybersecurity Clinics have provided, it offers a number of benefits for public
bodies in addition to cybersecurity advice. These include helping to clarify lines of
authority for the entire organization, provide an opportunity to re-evaluate
contingency action plans (not just for cyber attacks), replace outdated software
(also related to long-term cost reduction ) and, above all, take management risks
seriously. now, rather than after an event. Some other benefits as follows;
 Data protection from unauthorized access, loss or deletion
 Preventing financial fraud and embezzlement.
 Protection of intellectual property
 Prevention of cyber espionage.
 Prevention of fraud through financial transactions like wire transfers etc
 Improves customer confidence
Ahead of the 2020 primary elections, a U.S.-based volunteer-run voting rights
organization had growing concerns about the digital security of its team members
and the integrity of their data. In particular, the organization was concerned that
online disinformation campaigns could hinder its efforts to ensure fair and open
democracy

What cyber Clinic Did:

The Cyber Clinic team of students conducted an audit of the customer's
communication and information storage systems, as well as a comprehensive risk
assessment that led to the identification of the organization's key assets and
potential threat scenarios. As part of this process, the team met with several people
in the organization and rigorously documented the organization's information flow.

"Outcomes"
The team provided the client with a comprehensive report that included a risk
assessment, an explanation of the deliverables, and an inquiry into the original
project context. They created security policies and information workflows for
different roles within the organization, including board members, staff, and
volunteers, and drew a pattern of each member's access to the digital storage
system and how each member can manage permissions in an optimal way. In
collaboration with the fund's interim CEO, the team provided comprehensive
security training that introduced members to the threats they face, the new storage
system and security policies, and general best practices to follow on a daily basis to
maintain the safety of the organization.

Cyber Clinic Challenges

The biggest challenge with Cyber Clinics services is evaluating their effectiveness.
Initial efforts to test the model prevented a survey of participants during the Cyber
Clinic trial. One constraint is limited manpower: managing an investigation
requires trained and experienced staff. Finding experienced staff can be difficult at
the same time. Public participation is also difficult for a variety of reasons,
including absence of clinic staff, school / university breaks, and community groups
on break. Collecting actual data from cyber victims is sometimes difficult due to
lack of coordination. There are also privacy and security concerns with regards to
participant tracking. As a result, there is little data to determine whether
participants implemented the guidelines later and found it helpful.

Issues concerning liability and any legal and / or professional concerns in

establishing a cyber clinic
Startups should not access users' private details without their permission or request
permissions that are not required for their website or app. Start-ups should value
user privacy. It could be done by writing a privacy policy in a short, simple and
summary way and also in the regional language so that before accessing any
application, the user can easily read and understand the privacy policy, terms and
conditions. Startups must also enter into an agreement with their users so that they
will not share or use users' personal data, which in turn will help the startup itself
gain people's goodwill and trust. In the privacy policy agreement, the startup must
disclose what personal information the site collects, how the information will be
shared or sold to third parties. In case a new company takes care of any technical
thing or technical process to do something, then it should apply for a product
patent or process patent. The patent right is a negative right that will allow the
patent owner to make exclusive commercial use of his invention and prohibit
others from using it. The startup may obtain the copyright of the software
application, newspapers, articles, research papers or ideas presented on paper or
other literary or artistic work. Trade secrets are the most important intellectual
property right owned by an entrepreneur, a secret will no longer be a secret if it is
leaked and becomes known to many people. To protect trade secrets, new
companies must enter into a confidentiality / nondisclosure agreement with their
partners and employees. The new company must apply for registration of a
trademark or service mark, both for use and for that proposed. A trademark or
service mark is the identity of a business or service provider. Help customers
identify your products or services on the market.

Part 2
Steps to improve cybersecurity systems When it comes to cybersecurity in
organizations, you need to make sure that clear processes and procedures are in
place to detail the security domain, which includes breaches, threats and risks that
could potentially harm the organization. There should also be a procedure for
detecting when a security breach has occurred, which should include detecting
certain issues with the policy, perhaps the policy is out of date or needs to be
updated every time the system is also updated and the application of these policies.
Processes will also need to be put in place to define what can be done to defend the
organization or individual from any possible attacks or threats they may face.
Finally, procedures must be in place to deter potential hackers and attackers from
attempting to break into the organization's system.
Steps to avoid a potential attack
Individuals and organizations can take a number of steps to reduce the likelihood
of security breaches and mitigate the consequences of those that do occur. As a
result, threats must be taken seriously by both organizations and individuals.
Step 1: Keep the systems up to date;
This method of preventing a breach requires regularly installing security fixes to
software and hardware systems.

Stept2: training