Recommending a SMART approach to cyber security

Publish date:

The cyber security threat to both national safety and economic prosperity is very real. Following the publication of a set of national cyber security strategies (NCSSs), a new paper assesses the different approaches to addressing this threat. Nineteen National Cyber Security Strategies is written by cyber specialists Eric Luiijf, Kim Besseling and myself and sets […]

The cyber security threat to both national safety and economic prosperity is very real. Following the publication of a set of national cyber security strategies (NCSSs), a new paper assesses the different approaches to addressing this threat.

Nineteen National Cyber Security Strategies is written by cyber specialists Eric Luiijf, Kim Besseling and myself and sets out some recommendations for developing effective strategies. What is clear is that despite the threat being common, the approaches to tackling it and even defining it vary considerably. The paper looks at these differences and considers the guiding principles and tactical action lines of each NCSS.

It suggests that given the global nature of cyber security, nations can and should learn from each other. However, our analysis points to the fact that nations may well be hampered in collaboratively addressing the global threats to cyber space. This due to there being little harmonisation in terms of cyber terminology, let alone any detailed description in each NCSS of international collaboration activities.

And what about the need for a society-wide approach? With this I mean not just for governmental bodies and private organizations, but citizens as well. While this is viewed as important, only Australia had an outreach programme supporting its citizens with national cyber security tools. This is clearly an oversight and shows how most nations underrate the risk of loss of public confidence in ICT and its consequences on economic prosperity and e-government plans.

A key recommendation is for nations to adopt a SMART (specific, measurable, achievable, realistic and timely (SMART) definition for all NCSS action lines and planned activities. Currently only three of the national strategies analysed had done so. Yet without SMART criteria being applied, it is impossible to measure whether a strategy is successful, or whether the action plan is on the right track.

Any nation planning to develop or adapt a NCSS should consider the recommendations and findings in this paper. At this moment Capgemini is conducting an informal evaluation of the Dutch 2012 NCSS, taken into account the lessons of this article.

Related Posts

cloud

Looking to improve business agility? Start with a move to cloud security

Geert van der Linden
Date icon April 19, 2021

Cloud Security Services offer organizations a pragmatic and cost-effective solution

Cyber Attacks

False positives in web application security – take up the challenge!

Date icon April 16, 2021

Streamline manual effort and enhance automated tactics to analyze code from within.

Capgemini Invent

You want CSR transformation? Start with CSR governance

Elodie Asselin
Date icon April 9, 2021

The new governance needed to steer an organization’s CSR will have to adapt to the...