National Cyber Security Strategy Good Practice Guide


National Cyber Security Strategy Good Practice Guide

Portal Team 's picture

Posted By: 

Portal Team

ENISA published its first National Cyber Security Strategy Good Practice Guide in 2012. This guide from 2016 is updating the different steps, objectives and good practices of the original guide and analyses the status of NCSS in the European Union and EFTA area.

The aim is to support EU Member States in their efforts to develop and update their NCSS. Therefore, the target audience of this guide are public officials and policy makers. The guide also provides insights for the stakeholders involved in the lifecycle of the strategy, such as private, civil and industry stakeholders.

The guide presents six steps for the design and development of NCSS:

  • Set the vision, scope, objectives and priorities
  • Follow a risk assessment approach
  • Take stock of existing policies, regulations and capabilities
  • Set a clear governance structure
  • Identify and engage stakeholders
  • Establish trusted information-sharing mechanisms

In addition, fifteen objectives for the implementation of NCSS are described:

  1. Develop national cyber contingency plans
  2. Protect critical information infrastructure
  3. Organise cyber security exercises
  4. Establish baseline security measures
  5. Establish incident reporting mechanisms
  6. Raise user awareness            
  7. Strengthen training and educational programmes
  8. Establish an incident response capability
  9. Address cyber crime
  10. Engage in international cooperation
  11. Establish a public-private partnership
  12. Balance security with privacy
  13. Institutionalise cooperation between public agencies
  14. Foster R&D
  15. Provide incentives for the private sector to invest in security measures