Compare-the-European-Union-Agency-for-Network-and-Information-Security-ENISA-computer-science-homework-help
Write a five (5) to eight (8) page white paper in which you summarize your research and discuss the similarities and differences between the two guidance documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your white paper must include the following:
1. An introduction or overview of national cybersecurity strategies. Explain the purpose of a national cybersecurity strategy and how it is used. Answer the question: why should every nation have a cybersecurity strategy? (Make sure that you address the importance of such strategies to small, resource-poor nations as well as to wealthy, developed nations.)
2. A separate section in which you discuss the common principles and guidelines (similarities) found in both guidance documents (ENISA & CTO).
3. A separate section in which you discuss the unique aspects of the CTO principles and guidelines for national cybersecurity strategies.
4. A separate section in which you discuss the unique aspects of the ENISA principles and guidelines for national cybersecurity strategies.
5. A section in which you present your recommendations to the competition team as to the approach (next steps) they should take in further refining their answer to the competition question: what is the best approach for developing a national cybersecurity strategy?
Additional Information
1. Your white paper should use standard terms and definitions for cybersecurity concepts. The following sources are recommended:
a. NICCS Glossary http://niccs.us-cert.gov/glossary
b. Guidelines on Security and Privacy in Public Cloud Computing http://csrc.nist.gov/publications/nistpubs/800-144/SP800-144.pdf
c. Glossary sections in the two guidance documents (ENISA & CTO)
Table 1. Outline for Commonwealth Approach for Developing National Cybersecurity Strategies (Commonwealth Telecommunications Organisation, 2015).
3 CREATING AND USING A NATIONAL CYBERSECURITY STRATEGY 3.1 Development of the Strategy 3.1.1 An approach to design of the strategy: risk-based and outcome-focused 3.1.2 The use of a maturity model 3.1.3 Key performance indicators 3.1.4 Resources and market forces 3.1.5 Communicating its concepts and ideas 3.2 Delivering the Strategy 3.3 Reviewing the Strategy 4 KEY ELEMENTS OF A CYBERSECURITY STRATEGY 4.1 Introduction and background section 4.2 Guiding principles section 4.3 Vision and strategic goals section 4.4 Objectives and priorities section – using a risk-based approach 4.5 Stakeholder section 4.6 Governance and management structure 4.7 Strategy implementation section 4.7.1 Legal and regulatory framework 4.7.2 Capacity Building 4.7.3 Awareness 4.7.4 Local technical capability 4.7.5 Incident response 4.8 Monitoring and evaluation |
Table 2. Outline for National Cyber Security Strategies: Practical Guide on Development and Execution (European Network and Information Security Agency, 2012).
2 National cyber security strategy lifecycle 3 Develop and execute the national cyber-security strategy 3.1 Set the vision, scope, objectives and priorities 3.2 Follow a national risk assessment approach 3.3 Take stock of existing policies, regulations and capabilities 3.4 Develop a clear governance structure 3.5 Identify and engage stakeholders 3.6 Establish trusted information-sharing mechanisms 3.7 Develop national cyber contingency plans 3.8 Organise cyber security exercises 3.9 Establish baseline security requirements 3.10 Establish incident reporting mechanisms 3.11 User awareness 3.12 Foster R&D 3.13 Strengthen training and educational programmes 3.14 Establish an incident response capability 3.15 Address cyber crime 3.16 Engage in international cooperation 3.17 Establish a public–private partnership 3.18 Balance security with privacy 4 Evaluate and adjust the national cyber-security strategy 4.1 Evaluation approach 4.2 Key performance indicators |
References:
Commonwealth Telecommunications Organisation. (2015). Commonwealth approach for developing national cybersecurity strategies. London, UK: Author. Retrieved from http://www.cto.int/media/fo-th/cyb-sec/Commonwealth%20‌Approach%20‌for%20‌National%20‌Cybersecurity%20Strategies.pdf
European Network and Information Security Agency. (2012). National cyber security strategies: Practical guide on development and execution. Heraklion, Crete, Greece: Author. Retrieved from http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/an-evaluation-framework-for-cyber-security-strategies-1/an-evaluation-framework-for-cyber-security-strategies/at_download/fullReport