NCSS Good Practice Guide

ENISA published its first National Cyber Security Strategy Good Practice Guide in 2012. Since then, EU Member States and EFTA countries have made great progress in developing and implementing their strategies. This guide is updating the different steps, objectives and good practices of the original guide and analyses the status of NCSS in the European Union and EFTA area. The aim is to support EU Member States in their efforts to develop and update their NCSS. Therefore, the target audience of this guide are public officials and policy makers. The guide also provides useful insights for the stakeholders involved in the lifecycle of the strategy, such as private, civil and industry stakeholders.


The guide presents six steps for the design and development of NCSS:

  • Set the vision, scope, objectives and priorities
  • Follow a risk assessment approach
  • Take stock of existing policies, regulations and capabilities
  • Set a clear governance structure
  • Identify and engage stakeholders
  • Establish trusted information-sharing mechanisms

In addition, fifteen objectives for the implementation of NCSS are described:

  • Develop national cyber contingency plans
  • Protect critical information infrastructure
  • Organise cyber security exercises
  • Establish baseline security measures
  • Establish incident reporting mechanisms
  • Raise user awareness            
  • Strengthen training and educational programmes
  • Establish an incident response capability
  • Address cyber crime
  • Engage in international cooperation
  • Establish a public-private partnership
  • Balance security with privacy
  • Institutionalise cooperation between public agencies
  • Foster R&D
  • Provide incentives for the private sector to invest in security measures

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information