TY - GEN
T1 - Towards a national cybersecurity capability development model
AU - Jacobs, Pierre
AU - Von Solms, Basie
AU - Grobler, Marthie
PY - 2017
Y1 - 2017
N2 - Nations need to develop cybersecurity capabilities at national level in order to facilitate the requirements expressed through national authoritative and normative documents. These national cybersecurity capabilities typically consist of people, processes and technology or tools. From the research conducted, no publicly available models or frameworks for national cybersecurity capability development could be found. In this paper, the authors identify and compare existing military capability development models and propose a national cybersecurity capability development model based on these models. Military capability development frameworks are a comprehensive way to define work deliverables and work standards, and provides a way to measure the work deliverables (eWorks Moodle, 2016). The use of such a national cybersecurity capability development model is advantageous during the planning phase of the national cybersecurity capability. For example, the using of a model allows for a capability to be broken down into its components, a model serves as a blueprint to ensure that those building the capability considers all components, allows for cost estimation and facilitates the evaluation of trade-offs. One national cybersecurity capability - the incident management cybersecurity capability - is selected to illustrate the application of the national cybersecurity capability development model. This model was developed as part of previous research, and is called the Embryonic Cyberdefence Monitoring and Incident Response Center (E-CMIRC) (P. Jacobs; S.H. von Solms & M.M. Grobler, 2016). The characteristics of national incident management cybersecurity incidents have to be determined, as these would affect each component of the military-based national cybersecurity capability development model. Once the national cybersecurity capability components are identified using the military-based cybersecurity capability development model, it also has to be operated. To achieve this requirement, available organisational operational models are identified and compared, and one operating model is selected to augment the national cybersecurity capability development model. The fusion of the military-based national cybersecurity capability development model with the operations models results in the national military-based cybersecurity capability development model. This paper has three outcomes in mind: firstly to determine the characteristics of national cybersecurity incidents, secondly, the development of the national cybersecurity capability development model, and thirdly, the development of a national cybersecurity capability operational model. This paper describes the methodology followed in describing the E-CMIRC structure using a capability development framework, and organisational operational models. The national cybersecurity capability development model - using a military capability development framework - and the national cybersecurity capability operational models derived from existing organisational frameworks, are presented as a single, integrated model.
AB - Nations need to develop cybersecurity capabilities at national level in order to facilitate the requirements expressed through national authoritative and normative documents. These national cybersecurity capabilities typically consist of people, processes and technology or tools. From the research conducted, no publicly available models or frameworks for national cybersecurity capability development could be found. In this paper, the authors identify and compare existing military capability development models and propose a national cybersecurity capability development model based on these models. Military capability development frameworks are a comprehensive way to define work deliverables and work standards, and provides a way to measure the work deliverables (eWorks Moodle, 2016). The use of such a national cybersecurity capability development model is advantageous during the planning phase of the national cybersecurity capability. For example, the using of a model allows for a capability to be broken down into its components, a model serves as a blueprint to ensure that those building the capability considers all components, allows for cost estimation and facilitates the evaluation of trade-offs. One national cybersecurity capability - the incident management cybersecurity capability - is selected to illustrate the application of the national cybersecurity capability development model. This model was developed as part of previous research, and is called the Embryonic Cyberdefence Monitoring and Incident Response Center (E-CMIRC) (P. Jacobs; S.H. von Solms & M.M. Grobler, 2016). The characteristics of national incident management cybersecurity incidents have to be determined, as these would affect each component of the military-based national cybersecurity capability development model. Once the national cybersecurity capability components are identified using the military-based cybersecurity capability development model, it also has to be operated. To achieve this requirement, available organisational operational models are identified and compared, and one operating model is selected to augment the national cybersecurity capability development model. The fusion of the military-based national cybersecurity capability development model with the operations models results in the national military-based cybersecurity capability development model. This paper has three outcomes in mind: firstly to determine the characteristics of national cybersecurity incidents, secondly, the development of the national cybersecurity capability development model, and thirdly, the development of a national cybersecurity capability operational model. This paper describes the methodology followed in describing the E-CMIRC structure using a capability development framework, and organisational operational models. The national cybersecurity capability development model - using a military capability development framework - and the national cybersecurity capability operational models derived from existing organisational frameworks, are presented as a single, integrated model.
KW - Cybersecurity capability development model
KW - Cybersecurity operational model
KW - National cybersecurity capabilities
KW - National cybersecurity incident characteristics
KW - POSTEDFIT-B
UR - http://www.scopus.com/inward/record.url?scp=85027971847&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85027971847
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 582
EP - 592
BT - Proceedings of the 16th European Conference on Cyber Warfare and Security, ECCWS 2017
A2 - Scanlon, Mark
A2 - Le-Khac, Nhien-An
PB - Curran Associates Inc.
T2 - 16th European Conference on Cyber Warfare and Security, ECCWS 2017
Y2 - 29 June 2017 through 30 June 2017
ER -