Ten things not to do when developing national cybersecurity policies


The Commonwealth Telecommunications Organisation held its 2015 Cybersecurity Forum on 22nd-24th April at the BT Centre in London.  During this, several of us thought it would be an interesting idea to draft a set of ten “not-to-do” things relating to various aspects of cybersecurity, and the first to be prepared (by Stuart Aston, Mike St. John-Green, Martin Koyabe and myself) is on ten things not to do when developing cybersecurity strategies.

We have deliberately focused on the “not-to-do” approach because we feel that such lists can serve as very useful simple reminders to people. As a check-list of negatives, they act as salient caviats for all those involved in developing cybersecurity strategies.

Our “don’ts” should be easy to remember:

  1. Don’t blindly copy another’s Cybersecurity strategy
  2. Don’t expect everything in your strategy to be under your control
  3. Don’t expect to remove all risks
  4. Don’t delegate your strategy to the IT experts
  5. Don’t focus your team only on the threats and the technology
  6. Don’t develop your strategy in a security bubble
  7. Don’t develop your strategy in a government bubble
  8. Don’t overlook the needs of your diverse stakeholders, particularly your citizens
  9. Don’t cover just the easier, tactical quick wins
  10. Don’t expect to finish after the first year

The full version of the recommendations, which includes the positive things that need to be done alongside the negatives, can be downloaded by clicking on the image below:

Ten things not to doDo print this off and share with colleagues you know!  I very much hope that it will act as a useful checklist for all those involved in cybersecurity policy making.

Leave a comment

Filed under Commonwealth, ICT4D, Politics

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s