Developing a proof-of-concept cybersecurity capacity-building toolbox

Global internet security illustration

Fotolia

The UK Foreign and Commonwealth Office asked RAND Europe to help countries develop comprehensive policy and investment strategies to tackle complex challenges in the cyber domain.

Using the Global Cyber Security Capacity Centre's Capacity Maturity Model, researchers developed a proof-of-concept toolbox that presents guidelines and policy approaches for government officials and cybersecurity practitioners interested in building their cybersecurity capacity.

Background

The United Kingdom Foreign and Commonwealth Office (FCO) launched the Cyber Security Capacity Building Programme in 2012. The programme fits into the broader UK National Cyber Security Strategy, supporting the UK vision ‘to derive huge economic and social value from a vibrant, resilient and secure cyberspace, where our actions, guided by our core values of liberty, fairness, transparency and the rule of law, enhance prosperity, national security and a strong society.’

Goals

As part of the Cyber Security Capacity Building Programme, the UK FCO commissioned RAND Europe to develop a proof-of-concept toolbox for cybersecurity capacity building. In line with the broader FCO objective of promoting an open, secure, peaceful and resilient cyberspace, the purpose of this proof-of-concept toolbox is to help countries develop comprehensive policy and investment strategies to tackle complex challenges in the cyber domain.

The project sought to enable a better translation of the results of national cyber maturity assessments carried out using the Global Cyber Security Capacity Centre's Capacity Maturity Model into tangible policy recommendations and investment strategies, allowing policymakers globally to develop their countries’ cyber security maturity.

Methodology

The project adopted a mixed methodology approach to collect data and synthesise these for the development of a proof-of-concept toolbox that implementers and policymakers can deploy in their work building cybersecurity capacity in the future. Methodologies comprised desk-based document and literature review, interviews, case-studies, expert elicitation, and validation workshops.

Findings

The proof-of-concept toolbox presents guidelines and approaches for cybersecurity capacity building. The guide can be used by government officials and cybersecurity practitioners as a stand-alone support document as they work on developing national cybersecurity capacity.