NDMA Advances Cybersecurity Readiness with Hands-On Policy Training for Public Servants

August 2025 – In a bid to foster digital transformation and reinforce national cybersecurity resilience, the National Data Management Authority (NDMA), through its Cybersecurity Division, recently led a comprehensive Tabletop Exercise (TTX) focused on the Acceptable Use of Information Technology (IT) Resources Policy, the Password Construction Guideline, and the Password Protection Policy. Conducted under the Technical Working Group (TWG), this priority exercise brought together public servants from multiple government agencies to examine how these foundational policies underpin secure government operations and to test participants’ ability to apply them during simulated incidents.

The session forms part of a wider capacity-building programme derived from the 43 cybersecurity policies, standards and guidelines released by the NDMA in 2024 to guide government agency cybersecurity responses.  Through realistic, scenario-based training, public servants are learning to apply these policies directly in situations that mirror the threats and challenges facing the public sector.

The exercise challenged participants with scenarios where unsafe browsing habits, weak password practices, and poor credential storage had led to unauthorized access of government systems. Guided by NDMA’s policy framework, they worked through identifying the risks of data breaches, securing affected accounts, enforcing password complexity requirements, and correcting inappropriate use of IT resources. Discussions emphasized the importance of responsible system use, the creation of strong and unique passwords, the secure handling of login credentials, and the need for continuous staff awareness to reduce human-related vulnerabilities. By engaging with real-world case simulations, participants not only reinforced their understanding of policy requirements but also developed practical strategies for implementing them across their agencies.

This session followed four earlier TWG Tabletop Exercises hosted in February, March, June and July 2025. The February exercise centered on the Malware Incident Prevention Policy, simulating a malware attack caused by a phishing email and guiding participants through detection, containment, communication, and recovery phases. In March, the focus shifted to the Log Retention Policy, and Data Backup Guidelines, where attendees investigated a suspected data exfiltration case using structured log analysis.  June’s exercise covered the Router and Switch Policy, while July’s session focused on the Personnel Security Policy, Clean Desk Policy and Secure Use of Social Media Guidelines.

Collectively, these Tabletop Exercises have strengthened inter-agency collaboration, increased awareness of NDMA’s cybersecurity policies, and improved the readiness of government personnel to respond to incidents. They form part of NDMA’s ongoing commitment to building a digitally secure public sector capable of supporting Guyana’s transformation agenda.