ENISA Vs Commonwealth Approaches to Developing National Cybersecurity Strategies
Paper #4: Compare / Contrast the ENISA and Commonwealth Approaches to Developing National Cybersecurity Strategies
Your company has assigned you to serve as an industry subject matter expert and advisor for a cyber policy competition team for a local university. This year, the team will be competing in an international Cyber Policy competition in Washington, DC. The policy question for this year’s competition is: what is the best approach for developing a national cybersecurity strategy? The competition will have one U.S. team and nine additional teams from Europe (4 teams) and the Commonwealth nations (5 teams).
The university students have asked you to help them understand the problem space and the likely approaches that competing teams will take. To accomplish this goal, you have decided to prepare a white paper in which you compare the European Union Agency for Network and Information Security (ENISA) guidance document for cybersecurity strategies to a similar document prepared by the Commonwealth Telecommunications Organization (CTO). ENISA provides cybersecurity guidance for member states of the European Union (http://europa.eu/index_en.htm ). CTO provides cybersecurity guidance for members of the Commonwealth of Nations (http://www.commonwealthofnations.org/).
Your starting point for your analysis will be outlines of the two documents (Table 1 and Table 2) which were provided to the teams by the competition’s organizers.
- Review the document outlines provided in Tables 1 and 2 (at the end of this document).
- Download and review the full documents
- CTO: http://www.cto.int/media/fo-th/cyb-sec/Commonwealth%20Approach%20for%20National%20Cybersecurity%20Strategies.pdf
- ENISA: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/an-evaluation-framework-for-cyber-security-strategies-1/an-evaluation-framework-for-cyber-security-strategies/at_download/fullReport
- Develop five or more points which are common across the two documents. (Similarities)
- Identify and review at least three unique items in each document. (Differences)
- Research three or more national cybersecurity strategies from EU or Commonwealth nations which were written in or available in English (see the list in Appendix 1 of the CTO document). How comprehensive are these documents when compared to either the ENISA or the CTO guidance? From these documents and the ENISA / CTO guidelines, develop an answer to the question: Why should every nation have a cybersecurity strategy?
Write a five (5) to eight (8) page white paper in which you summarize your research and discuss the similarities and differences between the two guidance documents. You should focus upon clarity and conciseness more than length when determining what content to include in your paper. At a minimum, your white paper must include the following:
- An introduction or overview of national cybersecurity strategies. Explain the purpose of a national cybersecurity strategy and how it is used. Answer the question: why should every nation have a cybersecurity strategy? (Make sure that you address the importance of such strategies to small, resource-poor nations as well as to wealthy, developed nations.)
- A separate section in which you discuss the common principles and guidelines (similarities) found in both guidance documents (ENISA & CTO).
- A separate section in which you discuss the unique aspects of the CTO principles and guidelines for national cybersecurity strategies.
- A separate section in which you discuss the unique aspects of the ENISA principles and guidelines for national cybersecurity strategies.
- A section in which you present your recommendations to the competition team as to the approach (next steps) they should take in further refining their answer to the competition question: what is the best approach for developing a national cybersecurity strategy?