170 likes | 415 Views
National Cybersecurity Management System. Framework – Maturity Model RACI Chart – Impementation Guide Taieb DEBBAGH. Agenda. 1 - Introduction 2 - National Cybersecurity Management System 3 - NCSec Framework : 5 Domains 4 – NCSec Framework : 34 processes 5 - Maturity Model
E N D
National CybersecurityManagement System Framework – Maturity Model RACI Chart – Impementation Guide Taieb DEBBAGH Addressing security challenges on a global scale
Agenda • 1 - Introduction • 2 - National Cybersecurity Management System • 3 - NCSec Framework : 5 Domains • 4 – NCSec Framework : 34 processes • 5 - Maturity Model • 6 – NCSec Assessment • 7 - Roles & Responsibilities (RACI Chart) • 8 - Implementation Guide Addressing security challenges on a global scale
1 - Introduction (1/2) • Increasing computer security challenges in the world; • No appropriate organizational and institutional structures to deal with these issues; • Which entity(s) should be given the responsibility for computer security? • Despite there are best practices that organizations can refer to evaluate their security status; • But, there is lack of international standards (clear guidance) with which a State or region can measure its current security status.
1 - Introduction (2/2) The main objective of this presentation is to propose a Model of National Cybersecurity Management System (NCSecMS), which is a global framework that best responds to the needs expressed by the ITU Global Cybersecurity Agenda (GCA). This global framework consists of 4 main components: • NCSec Framework; • Maturity Model; • Roles and Responsibilities chart; • Implementation Guide.
2 – NCSec Management System Addressing security challenges on a global scale
Example : SP1 Maturity Model • the first process SP1 consists in “Promulgating and endorsing a National Cybersecurity Strategy”. • Process SP1 is in conformance with level 5 if the following conditions are respected: • Recognition of the need for National Cybersecurity Strategy • the NCSec strategy is “announced and planned” • the NCSec strategy is “operational” • the NCSec strategy is under a “regular review” • the NCSec strategy is under “continuous improvement”
ce 6 - NCSec Assessment Legend: SP1: National Cybersecurity Strategy SP4: CIIP IO2: National Cybersecurity Authority IO3: National-CERT IO5: Cyber Law AC5: Awareness Programme CC1: International Cooperation CC2: National Coordination EM4: Cybersecurity Governance
7 - RACI Chart / Stakeholders Min of Fin Trade Union Nat CERT Academia Min of Edu Nat Cyb Coun Private Sect Head of Gov Civil Soc ICT Authority Critical Infras Min of Def Legisi Auth Min of Int Government CSIRTs Nat Cyb Auth R = Responsible, A = Accountable, C = Consulted, I = Informed
8 - Implementation Guide Addressing security challenges on a global scale
ITU-D / SG1 / Question 22-1/1Securing information and communication networks, best practices for developing a culture of cybersecurity Report of the meeting of the Rapporteur Group on Question 22-1/1 (Geneva, Wednesday, 22 September 2010 • Document 1/23 was presented by Morocco. It provides a model for administrations to use in managing their cybersecurity programme based on ISO 27000 family and COBIT. It was suggested that it could be a framework to be used by developing countries in assessing their cybersecurity strategy. The Rapporteur asked the BDT to put the entire document on the web site of Study Group 1 and invited comments for the next meeting. Addressing security challenges on a global scale
Thank you for your attentionEmail : t.debbagh@technologies.gov.maor tdebbagh@gmail.com