National Cyber Security Strategy (NCS) Toolkit

Similar documents
Cybersecurity in Asia-Pacific State of play, key issues for trade and e-commerce

Role of ITU in Building Security & Trust in Cyberspace

Reducing Risk and Building Capacity

ENISA s Position on the NIS Directive

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Cybersecurity for ALL

The NIS Directive and Cybersecurity in

Directive on security of network and information systems (NIS): State of Play

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

From the Trenches: Lessons learned from using the NIST Cybersecurity Framework

Implementation Strategy for Cybersecurity Workshop ITU 2016

Cyber Partnership Blueprint: An Outline

FERC Reliability Technical Conference Panel III: ERO Performance and Initiatives ESCC and the ES-ISAC

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Implementing Executive Order and Presidential Policy Directive 21

First Session of the Asia Pacific Information Superhighway Steering Committee, 1 2 November 2017, Dhaka, Bangladesh.

REGIONAL WORKSHOP ON E-COMMERCE LEGISLATION HARMONIZATION IN THE CARIBBEAN COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES

Improving Cybersecurity through the use of the Cybersecurity Framework

Globally Networked Customs Context, Concept, Rationale and Benefits - Indian Customs Perspective

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Post Disaster Needs Assessment Guide and

Updates to the NIST Cybersecurity Framework

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

National Preparedness System. Update for EMForum June 11, 2014

Being Strategic about Cybersecurity

ENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010

Directive on Security of Network and Information Systems

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

Evaluating and Improving Cybersecurity Capabilities of the Electricity Critical Infrastructure

Donor Countries Security. Date

BRIEFING COMBATING CYBERCRIME: TOOLS AND CAPACITY BUILDING FOR EMERGING ECONOMIES. Geneva 18 April David Satola

United States Energy Association Energy Technology and Governance Program REQUEST FOR PROPOSALS

Stakeholder feedback form

NW NATURAL CYBER SECURITY 2016.JUNE.16

ITU Academia. Smart Partnership for ICT4SDG. Jaroslaw K. PONDER Coordinator for Europe Region

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

ISACA National Cyber Security Conference 8 December 2017, National Bank of Romania

The Experience of Generali Group in Implementing COBIT 5. Marco Salvato, CISA, CISM, CGEIT, CRISC Andrea Pontoni, CISA

CYBERSECURITY TRAINING EXERCISE KMU TRAINING CENTER NOVEMBER 7, 2017

Security and resilience in the Information Society: the role of CERTs/CSIRTs in the context of the EU CIIP policy

Cyber Security & Homeland Security:

IMF Statistics Department

E-waste: Priority Waste Stream under the Basel Convention

Network and Information Security Directive

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

Regional and subregional approaches to the Digital Economy: Lessons from Asia-Pacific and Latin America

Electricity Security Assessment Framework

Cybersecurity-Related Information Sharing Guidelines Draft Document Request For Comment

Why you should adopt the NIST Cybersecurity Framework

GREEN DEFENCE FRAMEWORK

Securing Europe's Information Society

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

ENISA S WORK ON ICS AND SMART GRID SECURITY

CEF e-invoicing. Presentation to the European Multi- Stakeholder Forum on e-invoicing. DIGIT Directorate-General for Informatics.

1.What are critical infrastructures in Switzerland? CIP concept in Switzerland

ITU Academy & Centres of Excellence

Overview of REDD + SES Initiative. Phil Franks CARE International and REDD+ SES International Secretariat

The Network and Information Security Directive - ENISA's contribution

Enhancing synergies towards climate action and sustainable development on the ground

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

OAS Cybersecurity Capacity Building Efforts

Progress and challenges with the establishment of MRV system in African Countries

CYBER RESILIENCE & INCIDENT RESPONSE

Discussion on MS contribution to the WP2018

Way to new challenges

Valérie Andrianavaly European Commission DG INFSO-A3

Forum. Ningbo, China 25 February

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย

John Snare Chair Standards Australia Committee IT/12/4

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

European Cyber Security Certification: ECSO Meta-Scheme Approach

BHConsulting. Your trusted cybersecurity partner

METHODOLOGY AND CRITERIA FOR THE CYBERSECURITY REPORTS

The Office of Infrastructure Protection

Transportation System Cybersecurity Framework

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

ESFRI Strategic Roadmap & RI Long-term sustainability an EC overview

Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form

Critical Infrastructure Mission Implementation by State, Local, Tribal, and Territorial Agencies and Public-Private Partnerships.

Manchester Metropolitan University Information Security Strategy

The Global Context of Sustainable Development Data

RESEARCH QUESTIONS. Question What Data Will We Need? Where Will We Obtain this Data? Identify common characteristics and uses

End-to-end Safety, Security and Reliability Keys for a successful I4.0 Migration

Medical Devices and Cyber Issues JANUARY 23, American Hospital Association and BDO USA, LLP. All rights reserved.

WELCOME TO THE. WSIS Forum 2012: Final Briefing 16th April 2012 Geneva, Switzerland.

Sustainable Consumption and Production

Bradford J. Willke. 19 September 2007

GLOBAL CYBERSECURITY INDEX 2016

Overview of the Cybersecurity Framework

Cyber Security in Europe

Framework for Improving Critical Infrastructure Cybersecurity

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Information Technology Branch Organization of Cyber Security Technical Standard

Role of NATO and Energy Security Centre of Excellence in Supporting Protection of Critical Energy Infrastructure and Enhancing its Resiliency

COUNCIL OF THE EUROPEAN UNION. Brussels, 28 January 2003 (OR. en) 15723/02 TELECOM 78 JAI 307 PESC 593

IT Modernization In Brief

Transcription:

National Cyber Security Strategy (NCS) Toolkit

Let s create a toolkit to help states to develop or improve their national cyber security strategies Examples of Topics To Be Addressed The role, objectives and scope of a National Cyber Security Strategy in a line with the UN SDGs The definition/publication/review process: the Governance Model National and International Standards and government compliance program Critical Infrastructure Protection and integration with other national security/emergency programs National Risk Management program National Incident Response/CERT - integration/alignment with Military/Intelligence Implementation strategies for the Government Implementation strategies for Private Sector The definition/publication/review process: the Awareness Programme Aspects not typically covered by public strategies that should be considered and addressed Reference Guide Evaluation Tool Components of Toolkit A single resource for any country to gain a clear understanding of National Cyber Security Strategy in terms of: the purpose and content how to go about developing a strategy, including strategic areas and capabilities the relevant models and resources available the assistance available from various organisations and their contact details FORMAT: 15-20 page Word / PDF A simple tool that allows national governments and stakeholders to: Evaluate their current status in each of the strategic areas identified in the reference guide Evaluate their current status in cyber security lifecycle management Easily identify key areas for improvement Provide a means for measuring improvements over time FORMAT: Excel or web-based worksheet

Co-authored and Co-owned by Partners 11 Partners who have been active in devising models and implementing cybersecurity strategies and is facilitated by experts at All project partners contribute their knowledge and expertise in the National Cyber Security domain, thereby providing a high added value to the toolkit definition

Five key elements to consider when designing a toolkit DEFINITION 1 GEOGRAPHIC 2 TARGET STRATEGY 3 AREAS OF 4 LINKAGE/REFERENCE 5 FOCUS APPLICABILITY IMPROVEMENT TO OTHER MODELS Which countries / regional areas the model / tool focuses on Designed to define a strategy or to evaluate an existing strategy Helps to identify areas of improvement and how to address them Establishes links to existing guidelines /references DESIGNED FOR ASSESSING IMPROVEMENTS Includes functionality for measuring improvements over time PARAMETER Global: Designed for use in all countries Regional: Tailored for use in a specific region / political alliance New: Provides guidance in developing a new strategy Existing: Helps to evaluate existing strategies Identify: Identifies improvement areas Address: Provides solutions for improvement areas Global: Refers to globally focused models Regional: Refers to regionally focused models Indicators: Best practice indicators for each component of the strategy that can be measured repeatedly over time Source: ITU / Intellium preliminary analysis

By leveraging the strengths of existing guidelines and evaluation tools across these elements Models / Tools Geographic Focus Target Strategy Applicability Areas of improvement Strengths of Guidelines Included in Stocktaking Exercise Global Regional New Existing Identify Address G l o b a l Linkage/reference to other models Regional Designed for assessing improvements ITU National Cyber Security Toolkit (This project) Indicators ITU National Cybersecurity Strategy Guide (2011) Oxford Martin School Cyber Capability Maturity Model (2014) CTO Commonwealth Approach For Developing National Cyber Security Strategies (2014) Microsoft Developing a National Strategy for Cybersecurity (2013) CCDCOE - National Cyber Security Framework Manual (2012) OECD - Cybersecurity Policy Making at a Turning Point (2012) OAS Cyber Security Program (2004)

we can achieve our goal of adding value to members by creating a framework that leverages global best practices Strengths of NCS Toolkit A nation-neutral toolkit that can be applied globally: Europe, Africa, Americas, Asia Pacific, Measuring improvements: provide best practice indicators to assess improvements over time Pragmatic reference guide can be used by all countries, including microcountries: developed strategies, new strategies under development, Reference to other guidelines/references: link to existing models and evaluation tools Accompanying evaluation tool: easily identify key areas for improvement and how they can be addressed

We have also defined the basic Reference Guide structure consisting of five main sections WORK IN PROGRESS National Cyber Security Toolkit REFERENCE GUIDE Est. 15-20 pages 1 2 3 4 5 Structure of Reference Guide Toolkit Description Strategic Areas to Address Implementation Guidelines Development Blueprint Supporting Material References Position relative to other guides Target Audience How to Use Macro areas that a national strategy should address Public vs. confidential areas PDCA approach in national terms Elements relevant to implementation that should be outlined in the strategy Basic project approach for writing or improving a national strategy Lessons learned on what to avoid Direct links to supporting material to support writing the strategy Cross-references to other tools

Positioning and functionality of the toolkit National Cyber Security Strategy Process Identify Purpose and Content Outline National Strategy Develop Cyber Security National Plan, including capability development/implementation Primary Focus The NCS Toolkit will provide national policy developers with a means to evaluate their current status and identify areas for improvement regarding: - Identifying the purpose and content of their own national cyber security strategy - Outlining the strategic areas that their national cyber security strategy should address - Defining a management lifecycle process to govern the implementation of the strategy - Establishing a structured process for strategy development - Finding additional resources to support strategy development Secondary Focus The NCS Toolkit will provide national policy developers with links to other best practice guidelines for insights on how to: - Develop National Plan - Evaluate the current maturity levels of their national cyber security capabilities - Compare their strategies / capabilities against peers through ranking systems and criteria - more

Key Actions Background work on draft Reference Guide and partners identification Partnership Confirmation Partners Workshop of 18-19 February 2016 to work more on the Draft Reference Guide & evaluation tool Completed toolkit reviewed by experts Pilot test the toolkit Launch for use by all partners

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback