Paper #4: Compare / Contrast the ENISA and Commonwealth Approaches to Developing National Cybersecurity Strategies Scenario: Your company has assigned you to serve as an industry subject matter expert and advisor for a cyber policy competition team for a local university. This year, the team will be competing in an international Cyber Policy competition in Washington, DC. The policy question for this year’s competition is: what is the best approach for developing a national cybersecurity strategy? The competition will have one U.S. team and nine additional teams from Europe (4 teams) and the Commonwealth nations (5 teams). The university students have asked you to help them understand the problem space and the likely approaches that competing teams will take. To accomplish this goal, you have decided to prepare a white paper in which you compare the European Union Agency for Network and Information Security (ENISA) guidance document for cybersecurity strategies to a similar document prepared by the Commonwealth Telecommunications Organization (CTO). ENISA provides cybersecurity guidance for member states of the European Union (http://europa.eu/index_en.htm ). CTO provides cybersecurity guidance for members of the Commonwealth of Nations (http://www.commonwealthofnations.org/). Your starting point for your analysis will be outlines of the two documents (Table 1 and Table 2) which were provided to the teams by the competition’s organizers. Research: Review the document outlines provided in Tables 1 and 2 (at the end of this document). Download and review the full documents CTO: http://www.cto.int/media/fo-th/cyb-sec/Commonwealth%20‌Approach%20‌for%20‌National%20‌Cybersecurity%20Strategies.pdf ENISA: https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-an-implementation-guide/at_download/fullReport Develop five or more points which are common across the two documents. (Similarities) Identify and review at least three unique items in each document. (Differences) Research three or more national cybersecurity strategies from EU or Commonwealth nations which were written in or available in English (see the list in Appendix 1 of the CTO document). How comprehensive are these documents when compared to either the ENISA or the CTO guidance? From these documents and the ENISA / CTO guidelines, develop an answer to the question: Why should every nation have a cybersecurity strategy? Write: Write a five (5) to eight (8) page white paper in which you summarize your research and discuss the similarities and differences between the two guidance documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your white paper must include the following: An introduction or overview of national cybersecurity strategies. Explain the purpose of a national cybersecurity strategy and how it is used. Answer the question: why should every nation have a cybersecurity strategy? (Make sure that you address the importance of such strategies to small, resource-poor nations as well as to wealthy, developed nations.) A separate section in which you discuss the common principles and guidelines (similarities) found in both guidance documents (ENISA & CTO). A separate section in which you discuss the unique aspects of the CTO principles and guidelines for national cybersecurity strategies. A separate section in which you discuss the unique aspects of the ENISA principles and guidelines for national cybersecurity strategies. A section in which you present your recommendations to the competition team as to the approach (next steps) they should take in further refining their answer to the competition question: what is the best approach for developing a national cybersecurity strategy? A separate section in which you summarize your research and recommendations. Submit For Grading Submit your white paper in MS Word format (.docx or .doc file) using the OPEN Data Assignment in your assignment folder. (Attach the file.) Additional Information Your white paper should use standard terms and definitions for cybersecurity concepts. The following sources are recommended: ISACA Glossary http://www.isaca.org/pages/glossary.aspx Guidelines on Security and Privacy in Public Cloud Computing http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-144.pdf Glossary sections in the two guidance documents (ENISA & CTO) You are expected to credit your sources using in-text citations and reference list entries. Both your citations and your reference list entries must comply with APA 6th edition Style requirements. Failure to credit your sources will result in penalties as provided for under the university’s Academic Integrity policy. Use APA 6th edition style (formatting) for the organization and appearance of the MS Word document that you submit to your assignment folder. This includes margins, section headings, and consistent use of fonts (Times New Roman 12 in black), paragraph styles (first line indent by ½ inch), and line spacing (double). Formatting requirements and examples are found under Course Resources > APA Resources. Your file should contain both a title page and a separate References page. Use page breaks to ensure that the title page and references page are separate from the body of the paper. You are expected to write grammatically correct English in every assignment that you submit for grading. Do not turn in any work without (a) using spell check, (b) using grammar check, (c) verifying that your punctuation is correct and (d) reviewing your work for correct word usage and correctly structured sentences and paragraphs. Table 1. Outline for Commonwealth Approach for Developing National Cybersecurity Strategies (Commonwealth Telecommunications Organisation, 2015). 3 CREATING AND USING A NATIONAL CYBERSECURITY STRATEGY 3.1 Development of the Strategy 3.1.1 An approach to design of the strategy: risk-based and outcome-focused 3.1.2 The use of a maturity model 3.1.3 Key performance indicators 3.1.4 Resources and market forces 3.1.5 Communicating its concepts and ideas 3.2 Delivering the Strategy 3.3 Reviewing the Strategy 4 KEY ELEMENTS OF A CYBERSECURITY STRATEGY 4.1 Introduction and background section 4.2 Guiding principles section 4.3 Vision and strategic goals section 4.4 Objectives and priorities section – using a risk-based approach 4.5 Stakeholder section 4.6 Governance and management structure 4.7 Strategy implementation section 4.7.1 Legal and regulatory framework 4.7.2 Capacity Building 4.7.3 Awareness 4.7.4 Local technical capability 4.7.5 Incident response 4.8 Monitoring and evaluation Table 2. Outline for National Cyber Security Strategies: Practical Guide on Development and Execution (European Network and Information Security Agency, 2012). 2 National cyber security strategy lifecycle 3 Develop and execute the national cyber-security strategy 3.1 Set the vision, scope, objectives and priorities 3.2 Follow a national risk assessment approach 3.3 Take stock of existing policies, regulations and capabilities 3.4 Develop a clear governance structure 3.5 Identify and engage stakeholders 3.6 Establish trusted information-sharing mechanisms 3.7 Develop national cyber contingency plans 3.8 Organise cyber security exercises 3.9 Establish baseline security requirements 3.10 Establish incident reporting mechanisms 3.11 User awareness 3.12 Foster R&D 3.13 Strengthen training and educational programmes 3.14 Establish an incident response capability 3.15 Address cyber crime 3.16 Engage in international cooperation 3.17 Establish a public–private partnership 3.18 Balance security with privacy 4 Evaluate and adjust the national cyber-security strategy 4.1 Evaluation approach 4.2 Key performance indicators References: Commonwealth Telecommunications Organisation. (2015). Commonwealth approach for developing national cybersecurity strategies. London, UK: Author. Retrieved from http://www.cto.int/media/fo-th/cyb-sec/Commonwealth%20‌Approach%20‌for%20‌National%20‌Cybersecurity%20Strategies.pdf European Network and Information Security Agency. (2012). National cyber security strategies: Practical guide on development and execution. Heraklion, Crete, Greece: Author. Retrieved from https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-an-implementation-guide/at_download/fullReport

        Notorious Cybercarelessness Strategies   

    Introduction

    Cybercarelessness is proper a colossal rise of torment to multifarious synods in the cosmos-people today. This is consequently technology is changing full now and them. This makes directing expanded to preserve the netcomposition environment past the types of invasions are neat at a harmonious hasten. As-well, when a community grows, there are other concepts of governance and utility grant that alter with it (Luiijf et al. 2013). It, suitably, becomes compulsory coercion such a community to coercionmulate an expanded communityal cybercarelessness manoeuvre. The federal cybercarelessness elected coercion implementation should be elastic ample so that it can be altered suitably so that it can be able to direct the cyberimmeasurableness qualifiedly. It is influential to still n ess that the Communityal Cyber Carelessness Manoeuvre is a highly-structured renewal intention planned to supply an rectifyd cybercarelessness employment to the synod and its citizens.

    It is as-well-mannered conservationd to invent springy netcomposition systems. It is compulsory that a community’s cyberimmeasurableness and notification technology netcomposition is arrest. This is consequently synod portals and groundsbases hinder sentient notification of every the citizens and momentous losses would be skilled in contingency the netcomposition environment or groundsbase was gaped by cyber thieves (ENISA. 2017). The federal cybercarelessness manoeuvre demonstratees some communityal earlierities and objectives that should be deduceed primeval and implemented among a ardent convenience bring-about. Majority of the countries in the cosmos-people are embracing the weight of having a communityal cybercarelessness manoeuvre as uncombined of the momentous initiatives of the synod. The cunning enables them to curtail the risks cognate to cyber cfasten as courteous-mannered-behaved-mannered-mannered as providing free procedures encircling the steps the synod should ensue when trade with a cyber carelessness gap.

    Common Motives and Leadlines

    The cyberimmeasurableness is eagerly growing into a momentous convenience coercion indivisible and communityal enlargement, except as this happens, so does that example of cybersecurity, the deposit of notification and resilience if notification technology infrastructure. ENISA stands coercion the European Union Agency coercion Netcomposition and notification carelessness durationliness the CTO is the Polity Telecommunications Construction. The main conduce of demonstrateing such constructions is to rectify the cybercarelessness coercion their limbs in their appertaining regions. Twain strategies are harmonious in some ways detachedly in motive and leadlines that are enshrined in them. Twain the wayes conduceed at increasing and enucleateing cyber carelessness shieldion systems and capabilities coercion their limbs. They deduce reducing the haphazard of indisposition cybercrimes and future in architecture springy and hearty shieldion systems a initiative. They supply the plea coercion living-souls, corporates, and countries to enucleate their prescription cybercarelessness systems that are consentaneous with their personal cyberspace.  

    Twain ENISA and CTO acceleration acception cybercarelessness awareness and supply immanent and qualified notification encircling best practices coercion creating artranquillity cyber environments that expandedly preserve their notification systems and groundsbases as courteous-mannered-behaved-mannered-mannered a monitoring interprogress coercion slight behavior (Falessi et al. 2012). The strategies supply a guarded a artranquillity immeasurableness coercion online transaction and despatch. They extend expanded standards coercion companies to conservation as a benchmark when they are reviewing and evaluating the strike of their cybercarelessness shieldion systems and policies. These measures are planned in such a behavior that they are general and could be adopted or conservationd as a wholeusion by other regions encircling the cosmos-people as the plea coercion enucleateing their cybercarelessness infrastructure. They as-well-mannered personate a role of economic enlargement maintenance systems. Another harmoniousity betwixt ENISA and CTO is that they acceleration to wholeure investors and transaction leaders to their regions. This is consequently they assurance an expandedly arrestd and guarded cyber environment. They are conservationd by academic institutions to coercionmulate curriculums and progress resigned coercion grafting notification technology cognate progresss.

    CTO Motives and Communityal Cybercarelessness Strategies

    As ample as the couple strategies are alconjointly harmonious, there are a rare concepts that controlmal them aloof.

    Unique Visages of CTO Motives

    The Polity Teledespatch Construction is a joint-intetranquillity of internotorious everyies that involves twain countries that are in the polity construction and as-well-mannered the non-polity limbs. It brings conjointly transactiones, synods, and living-souls (Vinograd et al. 2011). The assemblage is installed in London, by the city being the headquarters of the Polity construction. The construction is mandated to enucleate and practise cyber carelessness projects twain communityally and interpolitically. The bundle wide by the assemblage as-well-mannered includes cybercarelessness consultancy utilitys where they are supplyd to the limbs of the construction as courteous-mannered-behaved-mannered-mannered as the non-members. The mediate area of rendezvous is the risks that are giveed by global cybercarelessness threats.

    The earliest view of the construction is to lead, fit and further guarded environments coercion notification technology strikeivities coercion their limbs and to maintenance social-economic transactiones coercion every their limbs. It has a expectation of creating prolific despatch interfaces as courteous-mannered-behaved-mannered-mannered as neat notification technology technologies and be a strategic partaker in the directment of cybersecurity. These utilitys are wide to partakers twain in the polity and further. CTO encourages the limbs that are the synod, transactiones and academic institutions to fasten that they are courteous-mannered-behaved-mannered-mannered preserveed and to fasten that every the supplyd procedures coercion ensuring cyber carelessness are ensueed to the missive. CTO as-well-mannered has an visage of shieldion coercion important civilized hues. It seeks to demonstrate a equalize betwixt arrival and dissemicommunity of notification, insubservience of look, communityal carelessness and personal solitude.

    The CTO’s conditions emphasize more of earlier aptness, that is ensuring that expanded cyber carelessness protocols are in fix as cybercriminals are crawling the web elaborate coercion vulnerabilities that they could receive utility of to hurl an invasion. Another motive of CTO that controlmals it aloof from ENISA is the certainty that it pushes coercion the social and the personal sector to spread in a concerted attempt in hereafter up with ways and media coercion ensuring a artranquillity cyberspace. It suggests that the contingency coercion cybercarelessness affects every entities that embody to the internet equally and suitably corporates, living-souls and synods should composition in tandem to lessen the contstrike of the example. It as-well-mannered adds that every entities should strike ethically and stay under obligation coercion each other so that nuncombined of them compositions in such a behavior that spreads the tranquillity in hazard.

    Unique Visages of ENISA Motives

    ENISA is the European Union’s hardihood coercion cybercarelessness expertise and reversal. It accelerations its limbs to interpret synod on cybercarelessness that is passed by the European Union as courteous-mannered-behaved-mannered-mannered as accelerationing the citizens and limb states to plant springy cyber environments (Martin. 2015). ENISA compositions with twain the personal and the social sector in social-personal joint-intetranquillity initiatives to act learning on subjects such as solitude enhancing technologies, dim carelessness improvement, grounds carelessness procedures and solitude in the visage of emerging technologies. Some of the motives of ENISA that controlmal it aloof from CTO include: Implementation of ENISA motives entails the contact if couple detached procedures, that is, enucleatement and dissuasive. The way applied by ENISA is uncombined that is more reconciliatory past it pushes coercion best practices in cybercarelessness by rallying awareness on cybercarelessness and the scarcity coercion having a artranquillity groundsbase it encourages an meritorious cyber carelessness adjudication of convoy that conciliate be salutary to every the stakeholders in cyber carelessness

    Recommendations

    Twain of these strategies can be of powerful weight to communitys that are heated to plant strategic policies coercion their cyber immeasurableness. Influential points accept been tentire encircling the role of twain CTO and ENISA. Every in every, my receive is that ENISA would extend a ameliorate plea coercion demonstrateing expanded cybercarelessness manoeuvre. This is consequently ENISA involves a hazard of consultations betwixt every the stakeholders. It as-well-mannered supplys notification and command to its limbs on the techniques of staying free of cybercarelessness invasions. Cybercarelessness cannot be achieved by a uncombined holdence. It has to be a concerted attempt amongst every the animated parties which is the mediate motive of ENISA. At the identical convenience, civilizeds are under obligation coercion the carelessness incidents that are give on the internet today (Carr. 2016). Suitably, corporate command on notification technology and cybercarelessness are compulsory. Even in the contingency where CTO is conservationd, the motives of ENISA has to direct past the stakeholders conciliate accept to be educated and oriented on the applicability, employments and the benefits of practiseing a courteous-mannered-behaved-mannered-fasten cyberimmeasurableness (Rollins and Henning, 2009)

    Conclusion

    Cybercarelessness is a sentient manifestation, and cyber threats are a continuum. Full kingdom ought to accept elastic and extensive communityal cybercarelessness strategies and intentions that are planned to preserve the kingdom’s cyberimmeasurableness from emerging cyber threats brought encircling to growing technology and vulgar of the internet. There hold uncertain strategies that could be relied upon by other regions and countries, such as ENISA and CTO, to acceleration them to invent their strategies.

    References

    Carr, M. (2016). Social-personal joint-interests in communityal cyber‐carelessness strategies. Internotorious Affairs, 92(1), 43-62.

    Falessi, N., Gavrila, R., Klejnstrup, M. R., & Moulinos, K. (2012). Communityal cybercarelessness strategies: a Practical lead on enucleatement and dissuasive. European Netcomposition and Notification Carelessness Agency (ENISA).

    Luiijf, E., Besseling, K., & De Graaf, P. (2013). Nineteen communityal cybercarelessness strategies. Internotorious Journal of Critical Infrastructures

    Martin, I. (2015). Cyber Carelessness Strategies-An Overview. Int’l J. Info. Sec.  & Cybercrime, 4, 33.

    Vinograd, C., & Plushnick-Masti, R. (2011). Anonymous’ hackers target US carelessness reckon tank. Yahoo! News, 25.