EU Member States and EFTA countries have made great progress in developing and implementing their strategies.
ENISA published on November 14th, 2016 a new National Cyber Security Strategy Good Practice Guide.
This guide is updating the different steps, objectives and good practices of the original guide and analyses the status of NCSS in the European Union and EFTA area.
The aim is to support EU Member States in their efforts to develop and update their NCSS.
Therefore, the target audience of this guide are public officials and policy makers. The guide also provides useful insights for the stakeholders involved in the lifecycle of the strategy, such as private, civil and industry stakeholders.
The guide presents six steps for the design and development of NCSS:
Set the vision, scope, objectives and priorities
Follow a risk assessment approach
Take stock of existing policies, regulations and capabilities
Set a clear governance structure
Identify and engage stakeholders
Establish trusted information-sharing mechanisms
In addition, fifteen objectives for the implementation of NCSS are described:
Develop national cyber contingency plans
Protect critical information infrastructure
Organise cyber security exercises
Establish baseline security measures
Establish incident reporting mechanisms
Raise user awareness
Strengthen training and educational programmes
Establish an incident response capability
Address cyber crime
Engage in international cooperation
Establish a public-private partnership
Balance security with privacy
Institutionalise cooperation between public agencies
Provide incentives for the private sector to invest in security measures
Downlaod the guide: https://www.enisa.europa.eu/publications/ncss-good-practice-guide/at_download/fullReport