ENISA issued the Evaluation Framework on National Cyber Security Strategies (NCSS), an important work that addressed to policy experts and government officials that are in charge for the implementation and evaluation of an NCSS policy. The work was presented on the 27th November 2014 at the first workshop on National Cyber Security Strategies in Brussels.
The work resumes a framework on NCSS elaborated by the ENISA in 2012, when the Agency defined a collection of best practices for the implementation of an NCSS through “a well-defined lifecycle.” The previous work also included an analysis on how to align policy and how to involve the private entities. Previous work also includes operational and regulatory objectives.
The framework results from the contribution of the leading experts on NCSS that have shared best practices on the above activities. The work considers the eighteen EU National Cyber Security Strategies and eight non-EU strategies and was issued to assist Member States in developing capabilities in the area of NCSS in compliance with Cyber Security Strategy (EU CSS).
The proposed Evaluation Framework on National Cyber Security Strategies (NCSS) consists of the following elements and includes recommendations for proper implementation of the framework itself.
Within the primary goals of the framework there are the achievement of the cyber resilience and the development of cyber capabilities through the improvement of cooperation within public and private sector. The list of elements in the Logic modelling includes:
The Key performance indicators (KPIs) are an essential component for the evaluation of an NCSS and allow actors to measure performance or progress of the implementation of an NCSS. Key performance indicators are crucial in both phases of NCSS implementation and evaluation, from their analysis, it is possible to review objectives during the lifecycle of the program.
The KPIs are categorized per objective:
“A National Cyber Security Strategy is an important step that allows Member States to address cyber security risks and challenges. This is a continuous process that requires proper evaluation, in order to adjust to the emerging needs of society, technology and the economy. With this work ENISA provides a systematic and practical evaluation framework that allows EU Member States to improve their capabilities when designing NCSS”. Commented Udo Helmbrecht, the Executive Director of ENISA.
As highlighted in the work, the NCSS has to be adjusted to the needs of different Member States depending on the level of maturity reached in the lifecycle of an NCSS.
Let me suggest you the reading of this excellent work.
(Security Affairs – ENISA, NCSS)