Establish a Governance Framework
That is based upon the premise that a cyber security strategy needs to be established, and more importantly, be effectively implemented and maintained on a continuous basis. Hence the need to ensure the key coordination structures, processes, roles and practice with particular focus on cyber risk management within the public and private sector.
- Establish the necessary key coordination structures
- Foster the coordination to protect national critical information infrastructure
- Ensure clear delineation and communication of roles and responsibilities
- Ensure the conduct of a national cyber risk assessment exercise
- Ensure necessary measures in line with individual cyber risks assessments by key Public and Private sector organisations falling within the scope of related EU legal requirements
- Encourage cyber risk assessments by other organisations not falling within the scope of Measure 1 (v)
- Consolidate the Information Security Framework within the Public Sector
- Ensure classification of data within the Public Sector and encourage it within the private sector
Which aims to ensure and consolidate capabilities to tackle cybercrime.
- Establish Forum for Internet Safety and Protection of Minors
- Identify gaps and strengthen capability to investigate and combat cybercrime
- Assess and consolidate on-line reporting of cybercrime
Strengthen National Cyber Defence
Which aims to foster sharing of cyber security knowledge and intelligence, review current legislation and regulations in line with cyberspace developments and ensure digital resilience on a national and organisation wide scale of particular consideration are recent legal developments at EU level, notably legislation pertaining to data protection and that related to Network and Information Security.
- Establish a collective approach for sharing cyber security knowledge and intelligence
- Review existing legislation and provide measures through legislation and regulation to ensure relevance and effectiveness to the cyber world
- Ensure the country’s digital resilience to cyber attack as well as the capability to protect its interests
- Conduct national cyber simulation exercises
Which aims to foster self regulation and voluntary self commitment, bearing in mind that legislation is not a panacea to cyber security commitments. It also aims to stimulate use of standards and best practices that guarantee security whilst allowing for interoperability. Special focus is also given to promote security and trust of online public services and to consolidate support to the private sector.
- Establish regulation and voluntary self-commitment for guaranteeing cyber security
- Stimulate use of interoperable and secure standards on the basis of good practice
- Promote robust levels of cyber security in online public services
- Consolidate support to the private sector on cyber security
Cyber security Awareness and Education
Which aims to target academia, the public and private sector and citizens to sensitize awareness, knowledge as well as capabilities and expertise in cyber security. A national strategic approach towards an ongoing educational and awareness campaign is especially recommended.
- Encourage cyber security education and training
- Explore possibility of establishing a Cyber Centre of Excellence
- Ensure relevant education and training to public sector staff and other stakeholders
- Foster application of research and development on cyber security
- A Strategic, target-oriented national awareness and advice campaign
- Encourage ‘cyber hygiene’ and personal responsibility
National and International Cooperation
Which aims to ensure effective consultation, cooperation and collaboration on a national level, on a European and on a global basis, enabled by EU and international institutions and activities, based on the understanding that cyber security has no bounds.
- Effective cooperation and collaboration on cyber security on a national, European and global basis