The UN recently conducted a wide scoping survey to determine a global cybersecurity index (GCI). The main objective of the GCI was to help countries identify areas needing improvement in how they dealt with cyber security, as well as being a motivating incentive for nations to improve their ranking and so helping to raise the commitment level to cyber security worldwide.
The GCI used five pillars to determine the rankings of each country:
- Legal: Measured based on the existence of legal institutions and frameworks dealing with cyber security and cyber crime.
- Technical: Measured based on the existence of technical institutions and frameworks dealing with cyber security.
- Organisational: Measured based on the existence of policy coordination institutions and strategies for cyber security development at the national level.
- Capacity Building: Measured based on the existence of research and development, education and training programmes, certified professionals and public sector agencies fostering capacity building.
- Cooperation: Measured based on the existence of partnerships, cooperative frameworks and information sharing networks.
The survey found that Singapore was the highest ranking country in its approach to cyber security and outperformed many richer nations, with the US coming second overall. Estonia was the highest ranking European economic area (EEA) country (5th overall), with France ranked second (9th overall). Norway came third (11th overall), just ahead of the UK in 12th position overall. However, many of the top ranked countries were small or developing nations.
“There is still an evident gap between countries in terms of awareness, understanding, knowledge and finally capacity to deploy the proper strategies, capabilities and programmes,” the survey said.
50% of countries don’t have a national security strategy, which is said to be the first step towards closing cyber security gaps.
“Cybersecurity is an ecosystem where laws, organisations, skills, cooperation and technical implementation need to be in harmony to be most effective,” the survey said. “The degree of interconnectivity of networks implies that anything and everything can be exposed, and everything from national critical infrastructure to our basic human rights can be compromised.”
North Korea, in 57th place, was among countries that ranked higher than their economic development but were let down by their “cooperation” score; despite this, North Korea still ranked three places higher than Spain, a much richer country.
Small rich countries performed badly: Andorra, Liechtenstein, Monaco and San Marino all appeared in the bottom 50% of nations. The Vatican was 186th out of 195 countries surveyed. The worst ranked nation was Equatorial Guinea, which scored zero.
The survey reported that having no global standard for cyber security was problematic. One way to ensure your standard of cyber security is by obtaining ISO 27001 certification. ISO 27001 is an international standard that provides a proven framework for managing data security within a cyber security ecosystem, using an integrated set of policies, procedures and technology. This ecosystem is known as an information security management system (ISMS).
ISO 27001 helps organisations protect their information by providing guidance for conducting a cyber security risk assessment and implementing the appropriate controls to mitigate those risks. Controls can include anything from effective technology, auditing and testing practices, organisational processes and staff awareness programmes. Many of these controls require a supporting policy or procedure in order for the control to be executed. Our ISO 27001 ISMS Documentation Toolkit allows you to accelerate the implementation of an ISO 27001-compliant ISMS. It features a complete set of easy-to-use, customisable and fully ISO 27001-compliant documentation templates that will save you time and money, including:
- A complete set of mandatory and supporting documentation templates that are easy-to-use, customisable and fully ISO 27001-compliant.
- Helpful project tools to ensure complete coverage of the standard.
- Guidance documents.
- Direction and guidance from expert ISO 27001 practitioners.
It also includes easy-to-use dashboards and gap analysis tools to ensure complete coverage of the Standard, as well as direction and guidance from expert ISO 27001 practitioners.