Download eBook for Free

FormatFile SizeNotes
PDF file 7.3 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

The role played by information communication technologies (ICTs) and by the networks they generate and underpin has continuously increased throughout recent decades. From an economic perspective, the potential positive impact of the Internet and ICTs on growth and development has now been widely recognised. However, the cloak of immunity and anonymity that these technologies can provide, have led to a growth in illicit activities across cyberspace.

This document is a proof-of-concept operational toolbox designed to facilitate the development of national-level cybersecurity capacity building programmes and of holistic policy and investment strategies to tackle challenges in the cyber domain. The document seeks to enable a better translation of the results of national cyber maturity reviews and assessments into tangible policy recommendations and investment strategies, allowing policymakers to develop their countries' cybersecurity capacity.

The proof-of-concept toolbox constitutes the output of a project commissioned by the United Kingdom Foreign and Commonwealth Office. This project comprised two main research and development phases. The first phase of the project entailed a requirements analysis and architecture-design effort. The second phase of the project entailed the development of a proof-of-concept toolbox. The toolbox builds on the framework of the Cybersecurity Capacity Maturity Model for Nations (CMM) created by the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford. The toolbox was designed to provide policymakers and decision makers with instruments facilitating the operationalisation of recommendations generated through a capacity review report completed using the GCSCC CMM.

Key Finding

This proof-of-concept toolbox presents guidelines and recommended approaches as identified through a review of existing literature for cybersecurity capacity building. The document would be best used to act upon the results and the capacity-building recommendations generated following a review of national cybersecurity capacity conducted by external experts employing the Cybersecurity Capacity Maturity Model for Nations created by the Global Cyber Security Capacity Centre.

Research conducted by

The research described in this report was commissioned by the United Kingdom (UK) Foreign and Commonwealth Office (FCO) and conducted by RAND Europe.

This report is part of the RAND Corporation research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

Permission is given to duplicate this electronic document for personal use only, as long as it is unaltered and complete. Copies may not be duplicated for commercial purposes. Unauthorized posting of RAND PDFs to a non-RAND Web site is prohibited. RAND PDFs are protected under copyright law. For information on reprint and linking permissions, please visit the RAND Permissions page.

The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.