How to evaluate national cyber security strategies
ENISA issued an Evaluation Framework on National Cyber Security Strategies (NCSS) addressed to policy experts and government officials who design, implement and evaluate an NCSS policy.
This work is strongly aligned with the EU Cyber Security Strategy (EU CSS) and aims to assist Member States in developing capabilities in the area of NCSS.
The framework developed is a flexible and pragmatic approach based on good practices shared by leading experts on NCSS, taken from eighteen EU National Cyber Security Strategies and eight non-EU strategies. It can easily be adjusted to the needs of different Member States depending on the level of maturity reached in the lifecycle of a NCSS.
The framework proposes a step wise approach and introduces a set of practical key performance indicators (KPIs). It also issues recommendations that would allow proper implementation of the framework.
This report builds on ENISA’s previous work on NCSS. In 2012, ENISA introduced a good practice guide on how to implement a NCSS following a well-defined lifecycle. The guide included an analysis on how to involve the private sector in the process, how to align policy; operational and regulatory objectives, and how to develop capabilities on cyber security issues.
Udo Helmbrecht commented on the project: “A National Cyber Security Strategy is an important step that allows Member States to address cyber security risks and challenges. This is a continuous process that requires proper evaluation, in order to adjust to the emerging needs of society, technology and the economy. With this work ENISA provides a systematic and practical evaluation framework that allows EU Member States to improve their capabilities when designing NCSS”.