An Assessment Methodology and Instrument for Cybersecurity: The Ireland Use Case

Governments around the world are required to strengthen their national cybersecurity capabilities to respond effectively to the growing, changing, and sophisticated cyber threats and attacks, thus protecting society and the way of life as a whole. Responsible government institutions need to revise, evaluate, and bolster their national cybersecurity capabilities to fulfill the new requirements, for example regarding new trends affecting cybersecurity, key supporting laws and regulations, and implementations risk and challenges. This report presents a comprehensive assessment instrument for cybersecurity at the national level in order to help countries to ensure optimum response capability and more effective use of critical resources of each state. More precisely, the report - builds a common understanding of the critical cybersecurity capabilities and competence to be assessed at the national level, - adds value to national strategic planning and implementation which impact the development and adaptation of national cybersecurity strategies, - provides an overview of the assessment approaches at the national level, including capabilities, frameworks, and controls, - introduces a comprehensive cybersecurity instrument for countries to determine areas of improvement and develop enduring national capabilities, - describes how to apply the proposed national cybersecurity assessment framework in a real-world case, and - presents the results and lessons learned of the application of the assessment framework at the national level to assist governments in further building cybersecurity capabilities.