Problem statement, objective and deliverable mapping

We will use tables to map our problem statement, objectives and deliverables against chapters, and indicate whether we have achieved each of them. We will now in Table 27 show how we solved our problem statement, achieved our objectives and delivered on our deliverables.

Table 27: Problem statement addressed

Problem Statement

A framework, dedicated to developing countries, to assist them with the national cybersecurity management tasks of the:

• Identification, • Selection, • Prioritisation and

• Implementation of national cybersecurity functions could not be identified from the existing literature. A developing country specific, initial or start-up national cybersecurity structure - with descriptive models, from where national cybersecurity functions can be offered, could not be identified from the existing literature. It is important to follow a reference framework or model during the execution of national cybersecurity management tasks. Not following a framework or model may lead to disjointed efforts, misalignment between organs of state and state departments, make budgeting difficult, and lead to inconsistent, and non-repeatable results. This ultimately leads to wasted expenditure, and a poor national cybersecurity effort.

A National Cybersecurity Management Framework for Developing Countries

146

Section

Artefact

Location

Achieved

Section 1.4 (p29) The national cybersecurity management framework (NCMF)

Chapter 2 to Chapter 6

Section 1.4 (p29) E-CMIRC Appendix E to Appendix G

Description

The NCMF as a framework was developed to assist both developing and developed nations during the management of national cybersecurity functions. The NCMF provides a mechanism to identify, select, prioritise and implement national cybersecurity functions.

The E-CMIRC was developed as an initial or start-up national cybersecurity structure. The implementation thereof is described in our best practice guide for the implementation of national cybersecurity structures.

Table 28 shows that we have achieved our primary objective in Part 1 – Chapters 2 to 6. We have done so through the development of the NCMF. We further show that we have achieved our secondary objective through the development of a best practice guide for the implementation of national cybersecurity structures. We have envisioned a new, initial national cybersecurity structure called the E-CMIRC, and our best practice guide describes the implementation of the E-CMIRC.

Table 28: Objective addressed

Objective

Primary objective:

To develop a scalable and flexible framework (the NCMF) that can be used by developed and developing countries to

• Identify. • Select. • Prioritise.

• Implement national cybersecurity functions. Secondary objective:

To develop a comprehensive best practice guide that may be used during the implementation of national cybersecurity structures. We will develop three models as part of this best practice guide to describe the implementation of national cybersecurity structures.

Section

Artefact

Location

Achieved

Section 1.5 (p30) Part 1: The National Cybersecurity Management Framework (NCMF)

Chapter 2 to Chapter 6

Section 1.5 (p30) Part 2: Best practice guide for the implementation of national cybersecurity structures

Appendix A to Appendix G

147

Closure

NCMF is a flexible and scalable framework that can assist nation-states, as well as organisations to identify, select, prioritise and implement national cybersecurity functions.

Secondary objective - Part 2: The E-CMIRC was developed as an initial or start-up national cybersecurity structure. The implementation thereof is described in our best practice guide for the implementation of national cybersecurity structures.

In Table 29, we show that we have achieved our two deliverables. The first deliverable is the NCMF framework in Part 1. Our second deliverable in Part 2 is the best practice guide for the implementation of national cybersecurity structures. The implementation of our best practice guide is illustrated through the development of 3 models that describe a newly envisioned national structure called the E-CMIRC.

Table 29: Deliverables addressed

Deliverables

Primary deliverable

The primary deliverable is a national cybersecurity management framework, the National Cybersecurity Management Framework (NCMF).

Secondary deliverable:

The secondary deliverable is a comprehensive best practice guide that describes the implementation of national cybersecurity structures. We will describe the implementation of a new structure called the Early Cybersecurity Monitoring and Incident Response Centre (E-CMIRC). It is described using three reference models.

Section

Artefact

Location

Achieved

Section 1.5 (p30) Part 1: The National Cybersecurity Management Framework (NCMF)

Chapters 2 to 6

Section 1.5 (p30) Part 2: Best Practice Guide for the Implementation of National Cybersecurity Structures

Appendix A to Appendix G

Description

Primary deliverable – The NCMF in Part 1: We have met the primary objective by the development of the NCMF. The NCMF is a flexible and scalable framework that can assist nation-states, as well as organisations to identify, select, prioritise and implement national cybersecurity functions.

Secondary deliverable – The best practice guide in Part 2: The best practice guide describes the

implementation of a national cybersecurity structure called the E-CMIRC. The focus of this structure is on cost saving, and is aimed at developing countries. The structure is described using three models.

A National Cybersecurity Management Framework for Developing Countries

148 Table 30: Aims and objectives mapping to parts and chapters

Chapter Objective Aim Deliverable

Chapter 1 Introduce the study, the problem statement and the deliverables.

Introduces the study. Problem statement Deliverables

Part 1

Chapter 2 Motivation for an NCMF.

• Define functions, services, capabilities and structures.

• Introduce authoritative and normative sources

• Introduce elements influencing the NCMF

• NCMF high-level overview.

Motivate the development of an NCMF.

• Establish a common understanding of terms and definitions.

• Introduce the NCMF.

NCMF influencing elements

Chapter 3 Development of NCMF level 1. Ensure all elements influencing the identification of national

cybersecurity functions are considered.

NCMF level 1

Chapter 4 Identify the most general national cybersecurity functions.

Illustrate the application of NCMF level 1 to identify national cybersecurity functions.

Thirteen general cybersecurity functions

Chapter 5 Development of NCMF level 2 to level 6. Complete and present the NCMF framework.

NCMF level 2 to level 6

Chapter 6 Illustrate the application of the NCMF in the context of a developing country.

Illustrate to the reader how to apply the NCMF in its entirety in the context of a developing country.

Complete NCMF

Chapter 7 Conclude this study Justify and close the study. Conclusion

Part 2

Appendix A Provide a high-level introduction to SOCs and CSIRTs.

SOCs and CSIRTs were identified as structures whose functions and services can be merged to realise a cost saving. The aim is to orient the reader in terms of the Chapters following.

SOC and CSIRT introduction

Appendix B Determine SOC functions. Determination of SOC functions. The function complementary services will be determined from these functions.

A list of SOC functions.

Appendix C Determine CSIRT functions. Determination of CSIRT functions. The function complementary services will be determined from these functions.

A list of CSIRT functions.

Appendix D Determine E-CMIRC functions and services. The E-CMIRC functions and services are introduced, The E-CMIRC functions and services is a combination of SOC and CSIRT functions and services.

E-CMIRC functions and services.

149

Closure

Appendix E Development of the E-CMIRC Capability Development Model (E-CMIRC CDM).

Identification of existing capability development models, and selection of a model for the E-CMIRC.