About this step
National cybersecurity strategies should be informed by a good understanding of the current state of national cybersecurity and cybercrime capacity. To assist governments assess their national capacities a number of methodologies, tools and international indexes have been produced.
In 2021 the Global Forum on Cyber Expertise coordinated the production of a guide, the Global Overview of Existing National Cyber Capacity Assessment Tools (GOAT), to provide an overview of the different tools, their approaches, benefits and outputs, and what to do and whom to contact if a country wishes to use them. The overview covers:
- Combating Cybercrime: Capacity-Building Tool, The World Bank
- Cyber Maturity in the Asia-Pacific Region, Australian Strategic Policy Institute (ASPI)
- Cyber Readiness Index 2.0 (CRI), Potomac Institute for Policy Studies (PIPS)
- Cybersecurity Capacity Maturity Model for Nations (CMM), Global Cyber Security Capacity Centre (GCSCC)
- Cyber Strategy Development and Implementation Framework (CSDI), MITRE Corporation
- Global Cybersecurity Index (GCI), International Telecommunication Union (ITU)
- National Capabilities Assessment Framework (NCAF), European Union Agency for Cybersecurity (ENISA)
- National Cyber Security Index (NCSI), e-Governance Academy (eGA)
As part a national capacity assessment a country may wish to conduct a deeper review of capacity in a particular thematic area. There are several resources countries can use when conducting such deep dive assessments. Examples include:
- The Global CSIRT Maturity Framework assists assessments of national incident response capacity.
- The Combating Cybercrime: Capacity-Building Tool contains an Assessment Tool cybercrime capacity.