Organisational Structures & Considerations
bookPart
The purpose of this section is to review specific types of national cyber security (NCS) areas (also called ‘mandates’) and examine the organisational and collaborative models associated with them. Before discussing the wide variety of organisational structures at the national and international levels, a decomposition model will be presented that delineates both common and specific cyber security
functions, capabilities, and responsibilities along three different axes (Section 4.2). On the one hand we will distinguish between five NCS mandates. This section expands Klimburg’s351 segmentation and supplements it by three additional crossmandates. Other axes are the cyber security incident response cycle and the various levels of decision-making. This decomposition model shall assist the reader in
understanding the rationale behind the functions, responsibilities, and capabilities of organisations involved in cyber security as entities which, over the years, have been shaped by the specific division of tasks between the government, its agencies, public organisations, associations, and private companies. Section 4.3 provides an overview of the stakeholders involved in the provision of cyber security. Taking the decomposition model as the point of departure, Section 4.4 strives to determine the main focus of analysis along the five mandates mentioned in Section 1 and three cross-mandates. Building upon this framework, Sections 4.5, 4.6 and 4.7 introduce the common set of national and international organisations. It is important to note that these sections also pay due attention to the special tasks which may be recognised by, and assigned to, various organisational subunits or organisations all belonging to one and the same mandate, or to a single service organisation in one of the mandates with the aim of supporting the other mandates. Finally, Section 4.8 will discuss some organisational pitfalls and lessons identified when addressing cyber security at the national level.
functions, capabilities, and responsibilities along three different axes (Section 4.2). On the one hand we will distinguish between five NCS mandates. This section expands Klimburg’s351 segmentation and supplements it by three additional crossmandates. Other axes are the cyber security incident response cycle and the various levels of decision-making. This decomposition model shall assist the reader in
understanding the rationale behind the functions, responsibilities, and capabilities of organisations involved in cyber security as entities which, over the years, have been shaped by the specific division of tasks between the government, its agencies, public organisations, associations, and private companies. Section 4.3 provides an overview of the stakeholders involved in the provision of cyber security. Taking the decomposition model as the point of departure, Section 4.4 strives to determine the main focus of analysis along the five mandates mentioned in Section 1 and three cross-mandates. Building upon this framework, Sections 4.5, 4.6 and 4.7 introduce the common set of national and international organisations. It is important to note that these sections also pay due attention to the special tasks which may be recognised by, and assigned to, various organisational subunits or organisations all belonging to one and the same mandate, or to a single service organisation in one of the mandates with the aim of supporting the other mandates. Finally, Section 4.8 will discuss some organisational pitfalls and lessons identified when addressing cyber security at the national level.
TNO Identifier
466208
Publisher
NATO CCD COE Publication
Source title
National Cyber Security Framework Manual
Editor(s)
Klimburg, A.
Place of publication
Tallinn
Pages
108-145