Recommending a SMART approach to cyber security

The cyber security threat to both national safety and economic prosperity is very real. Following the publication of a set of national cyber security strategies (NCSSs), a new paper assesses the different approaches to addressing this threat.

Nineteen National Cyber Security Strategies is written by cyber specialists Eric Luiijf, Kim Besseling and myself and sets out some recommendations for developing effective strategies. What is clear is that despite the threat being common, the approaches to tackling it and even defining it vary considerably. The paper looks at these differences and considers the guiding principles and tactical action lines of each NCSS.

It suggests that given the global nature of cyber security, nations can and should learn from each other. However, our analysis points to the fact that nations may well be hampered in collaboratively addressing the global threats to cyber space. This due to there being little harmonisation in terms of cyber terminology, let alone any detailed description in each NCSS of international collaboration activities.

And what about the need for a society-wide approach? With this I mean not just for governmental bodies and private organizations, but citizens as well. While this is viewed as important, only Australia had an outreach programme supporting its citizens with national cyber security tools. This is clearly an oversight and shows how most nations underrate the risk of loss of public confidence in ICT and its consequences on economic prosperity and e-government plans.

A key recommendation is for nations to adopt a SMART (specific, measurable, achievable, realistic and timely (SMART) definition for all NCSS action lines and planned activities. Currently only three of the national strategies analysed had done so. Yet without SMART criteria being applied, it is impossible to measure whether a strategy is successful, or whether the action plan is on the right track.

Any nation planning to develop or adapt a NCSS should consider the recommendations and findings in this paper. At this moment Capgemini is conducting an informal evaluation of the Dutch 2012 NCSS, taken into account the lessons of this article.

Related Posts


Capgemini presents Next Generation Security Operation Center

Christer Jansson
June 14, 2018
Next generation security operation centers (SOCs) resolve the need for cybersecurity skills and help organizations counter threats

Oracle Code London

Phil Wilkins
June 11, 2018
At the event, I spoke about strategies for starting the journey into microservices while still working in environments that are based on the use of WebLogic

The business case for the Oracle AI Cloud

Léon Smiers
May 29, 2018
Oracle AI Platform is Open Source and is supported by various data science and machine learning libraries that are a part of the Python ecosystem.

By continuing to navigate on this website, you accept the use of cookies.

For more information and to change the setting of cookies on your computer, please read our Privacy Policy.


Close cookie information