Identification of main cyber threats
Identification of security measures / capacities
Selection of important and measurable aspects
Development of cyber security indicators
Grouping of cyber security indicators
The National Cyber Security Index is a global live index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents. The NCSI is also a database with publicly available evidence materials and a tool for national cyber security capacity building.
Our vision is to develop a comprehensive cyber security measurement tool that provides accurate and up-to-date public information about national cyber security. In the coming years, the NCSI team will develop different applications for national cyber security analysis and development.
NATIONAL CYBER SECURITY FRAMEWORK
The indicators of the NCSI have been developed according to the national cyber security framework . At the top of the figure, the fundamental cyber threats are presented:
1. Denial of e-services – services are not accessible
2. Data integrity breach – unauthorized modification
3. Data confidentiality breach – secrecy is exposed
These threats directly affect the normal functioning of national information and communication systems and, through the ICT systems, electronic services (including critical e-services).
In order to manage these cyber threats, a country must have appropriate capacities for baseline cyber security, incident management, and general cyber security development.
NCSI DEVELOPMENT PROCESS
The index has been developed in 5 steps:
1. Identification of national level cyber threats
2. Identification of cyber security measures and capacities
3. Selection of important and measurable aspects
4. Development of cyber security indicators
5. Grouping of cyber security indicators
FOCUS AND SCOPE
The NCSI focuses on measurable aspects of cyber security implemented by the central government:
1. Legislation in force – legal acts, regulations, orders, etc.
2. Established units – existing organisations, departments, etc.
3. Cooperation formats – committees, working groups, etc.
4. Outcomes – policies, exercises, technologies, websites, programmes, etc.
The NCSI has organised into categories, capacities and indicators. The NCSI has:
- 3 categories
- 12 capacities
- 46 indicators
Each indicator has a value, which shows the relative importance of the indicator in the index. The values are given by the expert group according to the following consideration:
1 point – a legal act that regulates a specific area
2–3 points – a specialised unit
2 points – an official cooperation format
1–3 points – an outcome / product
Country ratings are based on public evidence:
1. Legal acts
2. Official documents
3. Official websites
The NCSI Score shows the percentage the country received from the maximum value of the indicators. The maximum NCSI Score is always 100 (100%) regardless of whether indicators are added or removed.
DIGITAL DEVELOPMENT LEVEL (DDL)
In addition to the NCSI Score, the index table also shows the Digital Development Level (DDL). The DDL is calculated according to the ICT Development Index (IDI) and Networked Readiness Index (NRI). The DDL is the average percentage the country received from the maximum value of both indexes.
The Difference shows the relationship between the NCSI score and DDL. A positive result shows that the country’s cyber security development is in accordance with, or ahead of, its digital development. A negative result shows, that the country’s digital society is more advanced than the national cyber security area.
Several ways are used to collect data for the index. The method is indicated on the NCSI website.
1. The country’s government officials provide the data
2. An organisation or individual provides the data
3. The NCSI team conducts a public data collection
When data collection is complete, the provided information is reviewed by at least two NCSI experts. After inspection, the dataset is published on the NCSI website.
Data collection, review and publication is a continuous process. We do not publish annual iterations. When new evidence is provided, it will be assessed and if it is grounded, the necessary changes in the ranking list will be made immediately.