National-level Risk Assessment

One of the key elements of a cyber security strategy is that Member States need to establish a mechanism to identify relevant assets and perform a national risk assessment, with a specific focus on critical information infrastructures. Risk assessment is a scientific and technologically based process consisting of three steps: risk identification, risk analysis and risk evaluation. The scope of the assessment is to coordinate the use of resources and to monitor, control, and minimize the probability and/or impact of unfortunate events that might put at risk the critical services and ultimately the objectives of the vision. Risk assessments can provide valuable information for developing, executing and evaluating a strategy. The assessment can be conducted on different levels. Risk assessment on a national level allows gaining a holistic understanding about risk to the nation as a whole. By carrying out a national risk assessment and aligning the objectives of the strategy with national security needs, it is possible to focus on the most important challenges with regard to cyber security.