The process of developing a “national cyber-security strategy” can be an effective means of deciding what a nation’s cyber-security vulnerabilities are, what the government’s responsibilities should be, and what policies and legal reforms need to be adopted. A national cyber-security strategy can address not only the security of government systems but also define the role of the government in responding to cybersecurity threats faced by the private sector.
A number of countries have gone through a series of steps in addressing the cyber-security issue, including: (1) study by a high-profile board, thereby conceptualizing and drawing attention to the problem; (2) Presidential designation of leadership within the executive branch to push the development of policy; (3) drafting of a national plan based on dialogue with all affected sectors; and (4) adoption of legislation strengthening duties and authorities within the federal government. Cyber-security programs often include the following basic elements:
- establish a baseline inventory of information-based operations, systems, networks, hardware, and software;
- identify threats, vulnerabilities, and risks, as well as damages that would be caused by various attacks or failures;
- form a strategy to weigh and manage the risks;
- implement the strategy;
- test the implementation continuously and monitor the environment to improve upon protections.
Steps that can be taken to safeguard the confidentiality, integrity, and availability of computer-based assets include, but are necessarily limited to –
- Install firewalls, anti-virus software and intrusion detection systems;
- Deploy strong cryptographic protection of sensitive data;
- Develop and implement adequate policies;
- Undertake constant training of personnel;
- Maintain network surveillance and security monitoring;
- Conduct testing;
- Establish an incident response and recovery capability including back-ups and alternate site operations if appropriate.
Back to Beginning of Chapter