Cybersecurity governance : deploying a national framework
Διακυβέρνηση κυβερνοασφάλειας : ανάπτυξη ενός εθνικού πλαισίου
Doctoral Thesis
Author
Drivas, Georgios
Δρίβας, Γεώργιος
Date
2023Keywords
Cybersecurity ; Governance ; National cybersecurity framework ; Security policies ; Critical infrastructures ; Risk assessment ; Risk management ; Cybersecurity maturity assessment frameworkAbstract
The establishment of a climate of trust in the digital world has become a necessity in the digital age, as digital transformation has become essential in the provision of services. The advancement of the cybersecurity sector is a key component in achieving this. To promote developments in this direction, the European Union (EU) has issued a plethora of legal and regulatory obligations. However, these obligations cannot produce the desired results on their own, unless they are integrated into a holistic governance framework that covers both strategic and operational issues. This dissertation investigates cybersecurity-related legal and policy initiatives that have been implemented or are currently being developed in the European Union (EU), with a primary focus on the Directive on the security of network and information systems (NIS Directive). The dissertation provides an indicative roadmap for the NIS Directive's implementation in Greece as a case study, highlighting the challenges and proposed solutions. As critical national infrastructures become increasingly vulnerable to cyberattacks, EU member states must prioritize their defense by imposing network and information system security measures. National Competent Authorities must assess compliance with these responsibilities. The dissertation includes an assessment of Greece’s major governmental ICT infrastructures, evaluating major threats, priorities and established controls. It also proposes the use of a Cybersecurity Maturity Assessment Framework (CMAF) as a self-assessment tool for critical national infrastructures or as an audit tool for National Competent Authorities. Furthermore, the dissertation outlines Greece's cyber security key milestones since the establishment of the Greek National Competent Authority for Cyber Security, which serves as a national coordinating and policymaking agency. The accomplishment of these milestones resulted in the development of a national cybersecurity framework, which significantly improved Greece's standing in international cybersecurity indices.