« 米国サイバーコマンドとオーストラリア国防軍情報戦部門がサイバー訓練プラットフォームの共同開発契約を締結 | Main | G7 Cyber Expert Group サイバー演習計画に関するG7の基礎的要素 at 2020.11.24 »

2020.12.08

ENISA 自国のサイバーセキュリティ能力の成熟度を自己評価するための「国家能力評価フレームワーク(NCAF)」を発行

こんにちは、丸山満彦です。

ENISAが自国のサイバーセキュリティ能力の成熟度を自己評価するための「国家能力評価フレームワーク(NCAF)」を発行してますね。。。

● ENISA

・2020.12.07 (news) Focus on National Cybersecurity Capabilities: New Self-Assessment Framework to Empower EU Member States

The EU Agency for Cybersecurity issues a National Capabilities Assessment Framework (NCAF) to help EU Member States self-measure the level of maturity of their national cybersecurity capabilities.

・2020.12.07 National Capabilities Assessment Framework

・・[PDF] NATIONAL CAPABILITIES ASSESSMENT FRAMEWORK

 

* TABLE OF CONTENTS * 目次
* GLOSSARY OF TERMS * 用語解説
* EXECUTIVE SUMMARY * エグゼクティブ・サマリー
1 INTRODUCTION 1 序論
1.1 STUDY SCOPE AND OBJECTIVES 1.1 研究の範囲と目的
1.2 METHODOLOGICAL APPROACH 1.2 方法論的アプローチ
1.3 TARGET AUDIENCE 1.3 想定読者
2 BACKGROUND 2 背景
2.1 PREVIOUS WORK ON NCSS LIFECYCLE 2.1 NCSSのライフサイクルに関する前の業務
2.2 COMMON OBJECTIVES IDENTIFIED WITHIN THE EUROPEAN NCSS 2.2 ヨーロッパNCSSで特定された共通の目的
2.3 KEY TAKEAWAYS FROM THE BENCHMARK EXERCISE 2.3 ベンチマークエクササイズからの主な収穫
2.4 CHALLENGES OF NCSS EVALUATION 2.4 NCSS評価の課題
2.5 BENEFITS OF A NATIONAL CAPABILITIES ASSESSMENT 2.5 国家能力評価のメリット
3 METHODOLOGY OF THE NATIONAL CAPABILITIES ASSESSMENT FRAMEWORK 3 国家能力評価フレームワークの方法論
3.1 GENERAL PURPOSE 3.1 一般的な目的
3.2 MATURITY LEVELS 3.2 成熟レベル
3.3 CLUSTERS & OVERARCHING STRUCTURE OF THE SELF-ASSESSMENT FRAMEWORK 3.3 自己評価フレームワークのクラスターとオーバレイキング構造
3.4 SCORING MECHANISM 3.4 スコアリングメカニズム
3.5 REQUIREMENTS FOR THE SELF-ASSESSMENT FRAMEWORK 3.5 自己評価フレームワークの必要条件
4 NCAF INDICATORS 4 NCAF INDICATORS
4.1 FRAMEWORK INDICATORS 4.1 フレームワーク指標
4.2 GUIDELINES TO USE THE FRAMEWORK 4.2 フレームワークを使用するためのガイドライン
5 NEXT STEPS 5 次のステップ
5.1 FUTURE IMPROVEMENTS 5.1 今後の改善
ANNEX A DESK RESEARCH RESULTS OVERVIEW ANNEX A 机上調査結果の概要
ANNEX B DESK RESEARCH BIBLIOGRAPHY ANNEX B DESK RESEARCH BIBLIOGRAPHY
ANNEX C OTHER OBJECTIVES STUDIED ANNEX C 研究した他の目的

 

EXECUTIVE SUMMARY

As the current cyber threat landscape continues to expand and cyber attacks continue to increase in intensity and number, EU Member States need to respond effectively by further developing and adapting their national cybersecurity strategies (NCSS). Since the publication of the first NCSS-related studies by ENISA in 2012, EU Member States and EFTA countries have made great progress in developing and implementing their strategies.

This report presents the work performed by ENISA to build a National Capabilities Assessment Framework (NCAF).

The framework aims at providing Member States with a self-assessment of their level of maturity by assessing their NCSS objectives, that will help them enhance and build cybersecurity capabilities both at strategic and at operational level.

It outlines a simple representative view of the Member State’s cybersecurity maturity level. The NCAF is a tool that helps Member States to:

  • Provide useful information to develop a long-term strategy (e.g. good practices, guidelines);
  • Help identify missing elements within the NCSS;
  • Help in further building cybersecurity capabilities;
  • Support the accountability of political actions;
  • Give credibility towards general public and international partners;
  • Support outreach and enhance public image as a transparent organisation;
  • Help anticipate the issues lying ahead;
  • Help identify lessons learnt and best practices;
  • Provide a baseline on cybersecurity capacity across the EU to facilitate discussions; and
  • Help evaluate the national capabilities regarding cybersecurity.
  • This framework was designed with the support of ENISA subject matter experts and representatives from 19 Member States
  • and EFTA countries1. The target audience of this report is policymakers, experts and government officials responsible for or
  • involved in designing, implementing and evaluating an NCSS and, on a broader level, cybersecurity capabilities.

Representatives from the following Member States and EFTA countries were interviewed: Belgium, Croatia, Czech Republic, Denmark, Estonia, Germany, Greece, Hungary, Ireland, Italy, Lichtenstein, Malta, Netherlands, Norway, Portugal, Slovakia, Slovenia, Spain, Sweden.
The National Capabilities Assessment Framework covers 17 strategic objectives and is structured around four main clusters:

  • Cluster #1: Cybersecurity governance and standards
    • Develop a national cyber contingency plan
    • Establish baseline security measures
    • Secure digital identity and build trust in digital public services

  • Cluster #2: Capacity-building and awareness
    • Organise cyber security exercises
    • Establish an incident response capabilityRaise user awareness
    • Strengthen training and educational programmes
    • Foster R&D
    • Provide incentives for the private sector to invest in security measures
    • Improve the cybersecurity of the supply chain

  • Cluster #3: Legal and regulatory
    • Protect critical information infrastructure, OES, and DSP
    • Address cyber crime
    • Establish incident reporting mechanisms
    • Reinforce privacy and data protection

  • Cluster #4: Cooperation
    • Establish a public-private partnership
    • Institutionalise cooperation between public agencies
    • Engage in international cooperation

|

« 米国サイバーコマンドとオーストラリア国防軍情報戦部門がサイバー訓練プラットフォームの共同開発契約を締結 | Main | G7 Cyber Expert Group サイバー演習計画に関するG7の基礎的要素 at 2020.11.24 »

Comments

Post a comment



(Not displayed with comment.)


Comments are moderated, and will not appear on this weblog until the author has approved them.



« 米国サイバーコマンドとオーストラリア国防軍情報戦部門がサイバー訓練プラットフォームの共同開発契約を締結 | Main | G7 Cyber Expert Group サイバー演習計画に関するG7の基礎的要素 at 2020.11.24 »