An Assessment Model to Improve National Cyber Security Governance

Tatar U., Karabacak B., Gheorghe A.

11th International Conference on Cyber Warfare and Security (ICCWS), Massachusetts, United States Of America, 17 - 18 March 2016, pp.312-319 identifier

  • Publication Type: Conference Paper / Full Text
  • City: Massachusetts
  • Country: United States Of America
  • Page Numbers: pp.312-319
  • Keywords: national security, national governance, national cyber security roles and responsibilities, cyber thresholds, risk analysis, risk management
  • Middle East Technical University Affiliated: Yes


Today, cyber space has been embraced by individuals, organizations and nations as an indispensable instrument of daily life. Accordingly, impact of cyber threats has continuously been increasing. Critical infrastructure protection and fighting against cyber threats are crucial elements of national security agendas of governments. In this regard, governments need to assess the roles and responsibilities of public and private organizations to address the problems of current cyber protection postures and to respond with reorganization and reauthorization of these postures. A risk management approach is critical in placing these efforts in an ongoing lifecycle process. In this paper, a model is proposed to be used in national cyber security risk management processes. We argue that this model simplifies and streamlines national risk management processes. For this purpose, a matrix is created to partition the problem space. Cyber threat detection and response activities constitute one dimension of the matrix. The second dimension divides the timeline of cyber incidents into three: before, during and after incidents. The resulting matrix is then populated with responsible bodies which need to address each case. As a result, a national cyber security responsibility model is proposed for policy/decision makers and academics. We believe that the proposed model would be useful for governments in analyzing their national responsibility distribution to address gaps and conflicts in their current cyber security postures and for academics in analyzing natural cyber security systems and comparative studies.