1 / 16

National Cybersecurity Management System

National Cybersecurity Management System. Framework – Maturity Model RACI Chart – Impementation Guide Taieb DEBBAGH. Agenda. 1 - Introduction 2 - National Cybersecurity Management System 3 - NCSec Framework : 5 Domains 4 – NCSec Framework : 34 processes 5 - Maturity Model

onawa
Download Presentation

National Cybersecurity Management System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. National CybersecurityManagement System Framework – Maturity Model RACI Chart – Impementation Guide Taieb DEBBAGH Addressing security challenges on a global scale

  2. Agenda • 1 - Introduction • 2 - National Cybersecurity Management System • 3 - NCSec Framework : 5 Domains • 4 – NCSec Framework : 34 processes • 5 - Maturity Model • 6 – NCSec Assessment • 7 - Roles & Responsibilities (RACI Chart) • 8 - Implementation Guide Addressing security challenges on a global scale

  3. 1 - Introduction (1/2) • Increasing computer security challenges in the world; • No appropriate organizational and institutional structures to deal with these issues; • Which entity(s) should be given the responsibility for computer security? • Despite there are best practices that organizations can refer to evaluate their security status; • But, there is lack of international standards (clear guidance) with which a State or region can measure its current security status.

  4. 1 - Introduction (2/2) The main objective of this presentation is to propose a Model of National Cybersecurity Management System (NCSecMS), which is a global framework that best responds to the needs expressed by the ITU Global Cybersecurity Agenda (GCA). This global framework consists of 4 main components: • NCSec Framework; • Maturity Model; • Roles and Responsibilities chart; • Implementation Guide.

  5. 2 – NCSec Management System Addressing security challenges on a global scale

  6. 3 - NCSec Framework : 5 Domains

  7. 4 - NCSec Framework (5 Domains and 34 Processes)

  8. ACM Publication – December 2008

  9. 5 - NCSec Maturity Model

  10. Example : SP1 Maturity Model • the first process SP1 consists in “Promulgating and endorsing a National Cybersecurity Strategy”. • Process SP1 is in conformance with level 5 if the following conditions are respected: • Recognition of the need for National Cybersecurity Strategy • the NCSec strategy is “announced and planned” • the NCSec strategy is “operational” • the NCSec strategy is under a “regular review” • the NCSec strategy is under “continuous improvement”

  11. ce 6 - NCSec Assessment Legend: SP1: National Cybersecurity Strategy SP4: CIIP IO2: National Cybersecurity Authority IO3: National-CERT IO5: Cyber Law AC5: Awareness Programme CC1: International Cooperation CC2: National Coordination EM4: Cybersecurity Governance

  12. 7 - RACI Chart / Stakeholders Min of Fin Trade Union Nat CERT Academia Min of Edu Nat Cyb Coun Private Sect Head of Gov Civil Soc ICT Authority Critical Infras Min of Def Legisi Auth Min of Int Government CSIRTs Nat Cyb Auth R = Responsible, A = Accountable, C = Consulted, I = Informed

  13. 8 - Implementation Guide Addressing security challenges on a global scale

  14. ITU-D / SG1 / Question 22-1/1Securing information and communication networks, best practices for developing a culture of cybersecurity Report of the meeting of the Rapporteur Group on Question 22-1/1 (Geneva, Wednesday, 22 September 2010 • Document 1/23 was presented by Morocco. It provides a model for administrations to use in managing their cybersecurity programme based on ISO 27000 family and COBIT. It was suggested that it could be a framework to be used by developing countries in assessing their cybersecurity strategy. The Rapporteur asked the BDT to put the entire document on the web site of Study Group 1 and invited comments for the next meeting. Addressing security challenges on a global scale

  15. Thank you for your attentionEmail : t.debbagh@technologies.gov.maor tdebbagh@gmail.com

More Related