8 Building Blocks of National Cyber Strategies

Slides:



Advertisements
Similar presentations
Disaster Risk Reduction and Governance. Ron Cadribo.
Advertisements

Philippine Cybercrime Efforts
International Telecommunication Union An Insight into BDT Programme 3 Marco Obiso ICT Applications and Cybersecurity Division Telecommunication Development.
AFCEA DC Cyber Security Symposium Military Joint Cyber Command Panel Harry Raduege Lieutenant General, USAF (Ret) Chairman, Center for Network Innovation.
International Telecommunication Union Developing a Cybersecurity Strategy that Supports National Policy Goals “Regional Arab Forum on Cybersecurity,” Giza.
Tanzania Communications Regulatory Authority - TCRA Response to Cyber incidences in Tanzania: Where are we? Presented at Cyber Security Mini Conference.
The U.S. Coast Guard’s Role in Cybersecurity
DHS, National Cyber Security Division Overview
National Protection and Programs Directorate Department of Homeland Security The Office of Infrastructure Protection Cybersecurity Brief [Date of presentation]
Framework for Improving Critical Infrastructure Cybersecurity NIST Feb 2014.
SECR 5140-FL Critical Infrastructure Protection Dr. Barry S. Hess Spring 2 Semester Week 3: 1 April 2006.
Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.
PPA 573 – Emergency Management and Homeland Security Lecture 9b - Department of Homeland Security Strategic Plan.
NIS Directive and NIS Platform
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur.
National Cybersecurity Management System
ALTERNATIVE LIVELIHOODS IN AFGANISTAN What role can rural credit play?
Insert Title Here Aboriginal Engagement & Employment Project: An Overview.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Marie-Odile Emond UN Resident Coordinator a.i
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
IAEA International Atomic Energy Agency IAEA Nuclear Security Programme Enhancing cybersecurity in nuclear infrastructure TWG-NPPIC – IAEA May 09 – A.
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Cybersecurity Governance in Ethiopia
Australia Cybercrime Capacity Building Conference April 2010 Brunei Darussalam Ms Marcella Hawkes Director, Cyber Security Policy Australian Government.
A National approach to Cyber security/CIIP: Raising awareness.
10/19/2015 / 1 Electronic Commerce Branch UNCTAD - United Nations Conference on Trade and Development Dr. Susanne Teltscher United.
Social and Professional Issues in IT Roshan Chitrakar.
Jerry Cochran Principal Security Strategist Trustworthy Computing Group Microsoft Corporation.
2011 East African Internet Governance Forum (EA – IGF) Rwanda Cyber briefing: Positive steps and challenges Didier Nkurikiyimfura IT Security Division.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Joseph Richardson Senior Fellow, ICC ICC Survey of CERT Capacity in Africa July 2010.
Risk and Crisis Management Building OECD Principles on Country Crisis Management.
International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.
WHY DRR Minimizing impacts of disasters in health sector Maximizing readiness to respond 1$ vs 7 $
ISACA Ireland Cyber Security Policy 9 February 2016.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.
ITC-ILO/ACTRAV Course A Trade Union Training on Occupational Safety, Health & HIV/AIDS (26/11 – 07/12/2012, Turin) Introduction to National Occupational.
Community Resilience Jill J Artzberger, MPH 2011 Texas Emergency Management Conference Thursday, April 28, 2011.
Building Governance for Risk Management
NATIONAL e-STRATEGY Presentation to the Portfolio Committee on Telecommunications & Postal Services DG: ROBERT NKUNA AUGUST 2017 Building a better life.
Johannesburg, South Africa
Sendai Framework for Disaster Risk Reduction
Cybersecurity in the ECOWAS region
WHAT IS BEHIND GEORGIA’S RAPID CYBERSECURITY DEVELOPMENT
Cybersecurity Education & Awareness Overview
California Cybersecurity Integration Center (Cal-CSIC)
About the NIS directive
Unit 2: Recovery Pre-Disaster Planning Guidance for Local Governments
The National Initiative for Cybersecurity Education (NICE)  AFCEA International Cyber Education, Research, and Training Symposium January 17, 2018 Bill.
National Cyber Security Programme Local : Building Resilience Together
National Cyber Strategy Preparedness: 8 Preparatory Questions
National Incident Response Discussion Exercise
Managing Change and Other Keys to Successful Implementation
AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele
2017 Health care Preparedness and Response Draft Capabilities
Business in Partnership Against Corruption
Day One Activities Day Two Activities Strengths and Challenges –
Promoting Global Cybersecurity
1. Introduction to the Convention 2
Cyber Security Ecosystem of Georgia. Experience and Challenges
Cybersecurity ATD technical
Refreshing New Zealand’s Cyber Security Strategy 2018
The European Union response to cyber threats
Community of Users.
Securing Critical Chemical Assets: The Responsible Care® Security Code
NATIONAL AND INTERNATIONAL MEASURES OF CYBERSECURITY
Institution and Capacity- Building
Presentation transcript:

Cyber Strategy Workshop for African Union Member States July 23-27, 2018 Addis Ababa, Ethiopia

8 Building Blocks of National Cyber Strategies

What is Big and Strong ENOUGH? Foundations must be big enough & strong enough to support the whole structure Size: ALL key stakeholders – Government, Private Sector, Civil Sector, Academia, Partner Governments, Others…? Strength: Depth of stakeholders’ commitment It may have many levels, but it must start with a solid foundation. A National Strategy for Cyber Capacity is like a Building… What is Big and Strong ENOUGH? The size and function of the building determines number and layout of floors Every foundation must reflect what it is designed to support It must be comprised of the right materials

8 Building Blocks - Summary Key Partnerships: Internal, Public-Private, International Cybersecurity Awareness & Culture: Leadership, Workforce Pipeline, Public Awareness Cyber Workforce Development: Education, Training, Pipeline & Progression Incident Response: Detection, Response, and Remediation Processes Resilience: Critical Systems Protection and Incident Response Capabilities Countering Cybercrime & Law: Legal Framework, Cyber- and Cyber-Enabled Crime Prevention, Response, and Prosecution Capabilities Policy, Governance, & Resourcing: Governance and Regulatory Mechanisms and Processes, Resource Sources, Adjudication, and Accountability Strategic Foundations: Risk Management Approach, National Goals, Stakeholder Involvement, Leadership Commitment Enabling Operational Governance Foundational

Strategic Foundations This area addresses a country’s fundamental preparedness for cyber capacity building to develop a national cyber strategy. It focuses on establishing: A Risk Management approach appropriate to the country’s threat landscape for identifying and prioritizing threats and opportunities National goals that reflect the country’s needs and aspirations with regard to cyberspace Leadership commitment toward attaining development goals Key stakeholder (governmental and public/industry/civic) involvement in shaping strategic approaches Is the Foundation Ready to Build on?

Policy, Governance & Resourcing This area is focused on the mechanisms through which a cyber strategy is articulated, implemented, and enforced. It addresses: Governance structures, such as decision-making bodies and processes Policy roles, responsibilities, and oversight The adoption of cybersecurity best practices and standards in key areas like critical industries Resource governance, including processes for prioritizing, allocating, distributing, and tracking resources associated with cyber development

Counter-Cyber Crime & Law Cybercrime (including data theft, identity theft, destruction, or fraud) and cyber-enabled crime (such as extortion or trafficking) can present a serious national problem, undermining trust in government, foreign investment, citizen safety and prosperity, economic security, and national security. This area addresses: The country’s legal framework, which allows it to define, identify and prosecute cyber- and cyber-enabled crimes Awareness, training and capacity of law enforcement in preventing and responding to cyber threats Capabilities required for cyber-crime prosecution, such as electronic evidence handling, cyber-forensics, and judicial training In addressing these capabilities, we draw on but are not limited to the provisions of the Budapest convention.

Cyber Incident Response Incident Response includes detecting, identifying and characterizing, and responding to a cyber incident affecting key systems or services. It includes: Situational awareness Information sharing—both internal and with partners Internal communications processes for coordination, escalation and prioritization Incident Response & Recovery Capabilities CERT & CSIRT capabilities and processes This Photo by Unknown Author is licensed under CC BY

Operational Resilience Resilience addresses how well a country is postured to protect against, withstand, and recover from a cyber incident affecting key systems or services. This area includes: Operational Best Practices, such as access management and routine patching Secure engineering and architectures for key systems, critical infrastructure, and essential digital services Provisions for critical systems protection— such as vulnerability assessments, physical diversity, or back-up The capacity of key stakeholders to assist in recovery, including through partnerships

Key Partnerships This category is focused on both internal and external partnerships that can support a nation’s cyber strategy. It addresses: Internal partnerships (for instance, between ministries or key offices and agencies) Public-private partnerships (such as between government and key industry or civic leadership) International partnerships to facilitate threat sharing, criminal prosecution, and training

Cybersecurity Workforce A nation’s cybersecurity workforce is essential to capacity building in nearly every area: CERTs, protecting critical systems and services, modernizing industry and finance, establishing a digital economy, developing standards and policy, supporting cyber law enforcement. This category considers: Cyber workforce development pipelines Cybersecurity training, evaluation and certification programs University curricula and incentives for students to pursue technical education Relationship with industry in skills development Salaries, retention, and career path progression

Cybersecurity Awareness & Culture Cybersecurity culture, or a “culture of security” is an essential component of a nation’s development in digital capabilities. Cybersecurity culture addresses the degree to which government and citizens understand the risks inherent in cyberspace, and how to manage those risks through good security practices. This category considers the nation’s capacity in: Basic science and technical education Public Cyber Safety awareness Cybersecurity training for non-technical workforce Effectiveness of government security awareness programs Public awareness of the government’s commitment to cybersecurity programs This Photo by Unknown Author is licensed under CC BY-SA

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.