• Identification of main cyber threats
  • Identification of security measures / capacities
  • Selection of important and measurable aspects
  • Development of cyber security indicators
  • Grouping of cyber security indicators

PURPOSE

The National Cyber Security Index is a global live index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents. The NCSI is also a database with publicly available evidence materials and a tool for national cyber security capacity building.


VISION

Our vision is to develop a comprehensive cyber security measurement tool that provides accurate and up-to-date public information about national cyber security. In the coming years, the NCSI team will develop different applications for national cyber security analysis and development.
 

NATIONAL CYBER SECURITY FRAMEWORK

The indicators of the NCSI have been developed according to the national cyber security framework . At the top of the figure, the fundamental cyber threats are presented:

1. Denial of e-services – services are not accessible
2. Data integrity breach – unauthorized modification
3. Data confidentiality breach – secrecy is exposed

These threats directly affect the normal functioning of national information and communication systems and, through the ICT systems, electronic services (including critical e-services).

In order to manage these cyber threats, a country must have appropriate capacities for strategic, preventive and responsive cyber security.


NCSI DEVELOPMENT PROCESS

The index has been developed in 5 steps:

1. Identification of national level cyber threats
2. Identification of cyber security measures and capacities
3. Selection of important and measurable aspects
4. Development of cyber security indicators
5. Grouping of cyber security indicators
 

FOCUS AND SCOPE

The NCSI focuses on measurable aspects of cyber security implemented by the central government:

1. Legislation in force – legal acts, regulations, orders, etc.
2. Established units – existing organisations, departments, etc.
3. Cooperation formats – committees, working groups, etc.
4. Outcomes – policies, exercises, technologies, websites, programmes, etc.
 

STRUCTURE

The NCSI has organised into categories, capacities and indicators. The NCSI has:

  •   3 categories
  • 12 capacities
  • 49 indicators
     

VALUES

Each indicator has a value, which shows the relative importance of the indicator in the index. The values are given by the expert group according to the following consideration:

2      points     – a legal act that regulates a specific area
2–3  points   – a specialised unit
2–3      points   – an official cooperation format
1–3  points   – an outcome / product


EVIDENCE

Country ratings are based on public evidence:

1. Legal acts
2. Official documents
3. Official websites
 

NCSI SCORE

The NCSI Score shows the percentage the country received from the maximum value of the indicators. The maximum NCSI Score is always 100 (100%) regardless of whether indicators are added or removed.
 


DIGITAL DEVELOPMENT LEVEL (DDL)

In addition to the NCSI Score, the index table also shows the Digital Development Level (DDL). The DDL is calculated according to the E-Government Development Index (EGDI) and Networked Readiness Index (NRI). The DDL is the average percentage the country received from the maximum value of both indexes.


DIFFERENCE

The Difference shows the relationship between the NCSI score and DDL. A positive result shows that the country’s cyber security development is in accordance with, or ahead of, its digital development. A negative result shows, that the country’s digital society is more advanced than the national cyber security area.


DATA MANAGEMENT

Several ways are used to collect data for the index. The method is indicated on the NCSI website.

1. The country’s government officials provide the data
2. An organisation or individual provides the data
3. The NCSI team conducts a public data collection

When data collection is complete, the provided information is reviewed by at least two NCSI experts. After inspection, the dataset is published on the NCSI website.

Data collection, review and publication is a continuous process. We do not publish annual iterations.  When new evidence is provided, it will be assessed and if it is grounded, the necessary changes in the ranking list will be made immediately.

METHODOLOGY

For more information on the NCSI 3.0 methodology, please consult the following booklet.