Legal, consulting, project leadership and know-how hub. Based in Sandvika, Norway.
Cybersecurity Maturity Assessment
Governments around the world are designing their national cybersecurity strategies, building partnerships, employing legislative, regulatory, organizational and technical measures and engaging private sector and academia to counter rapidly evolving cyber threats and risks. In order to achieve those aims, they have to simultaneously implement cybersecurity measures, including:
- Set a cybersecurity vision, objectives and priorities;
- Effectively address cybercrime;
- Establish necessary legal and regulatory measures;
- Set a clear cybersecurity governance structure;
- Empower CSIRTS with sufficient capabilities;
- Build successful public-private and international partnerships;
- Establish trusted information sharing mechanisms;
- Raise user awareness;
- Strengthen cybersecurity related training and education programmes;
- Institutionalize co-operation between public agencies.
The consultancy services provided by NRD Companies enable the governments to assess the adequacy of their national cybersecurity preparedness to prevent threats and cyber readiness to respond, mitigate and recover from cybersecurity incidents and fight against cybercrimes.
We focus on clearly measurable aspects of cybersecurity, use our technical knowledge and experience to provide insights into the operational efficiency of those measures as well as recommendations for cybersecurity capacity building in the country.
NRD Companies experience in helping the Governments to strengthen their cybersecurity suggests that no single methodology for cybersecurity maturity assessment is perfect, each of them has its own advantages and disadvantages. Therefore, NRD Companies do not rely on one particular methodology in providing baseline analysis services and use our experience in synthesizing a number cyber-maturity assessment metrics used by the ITU, OECD, EGA, Oxford and ENISA.
Methodology for identification, evaluation and monitoring of National Critical (Information) infrastructure
In order to effectively protect nation’s critical infrastructure, a government must have a prepared methodology for critical infrastructure identification that is relevant to the situation of a particular country. No information infrastructure is critical per se unless it automates the provision of a critical service, and criticality is not equal to importance.
NRD companies have experience in assisting governments in dealing with this complex task by:
- Preparing an analysis of National critical information infrastructure identification methodologies and protection practices in at least two foreign countries;
- Identification and assessment, including gap analysis, of standing laws and regulations that are pertinent to the Critical Information Infrastructure identification;
- Preparing criteria for Critical Information Infrastructure identification;
- Identifying roles and responsibilities in Critical Information Infrastructure identification;
- Preparing methodology for Critical Information Infrastructure identification and classification;
- Assisting the Client to putting the drafted methodology into law;
- Preparing action plan for Critical Information Infrastructure identification and classification.