An Evaluation Framework for National Cyber Security Strategies


Publication date: 2014

Author: Dimitra Liveri, Anna Sarri, Neil Robinson, Veronika Horvath, Nicole van der Meulen, Emma Harte, Minke van der Sar.


An increasing number of countries in Europe have a National Cyber Security Strategy(NCSS) as a key policy feature, helping them to tackle risks which have the potential to undermine the achievement of economic and social benefits from cyberspace. Eighteen European Union Member States have published a NCSS and some of these are now into the second iteration of their NCSS.

ENISA’s work in supporting these strategies has focused on the analysis of existing NCSS; on the development and implementation of NCSS; and on outlining and raising awareness of good practice to provide guidance and practical tools to the Member States for evaluating their NCSS. Specifically, ENISA’s 2012 Practical Guide on NCSS noted four important steps: the development, implementation, evaluation and adjustment of a NCSS. The current study focuses on the evaluation aspect of the NCSS lifecycle, and has four goals, namely:

  1. To perform a stocktaking exercise on the approaches currently used to perform evaluation of NCSS;
  2. To present recommendations and identify good practices on the implementation and evaluation of NCSS;
  3. To design and develop an evaluation framework;
  4. To support the framework with a set of useful key performance indicators (KPIs) to adapt to the varying needs of countries at different levels of maturity in their strategic planning.

Source – ENISA website