№2, 2018

Yadigar N. Imamverdiyev

At present, cybersecurity has become one of the most important components of national security, and for its effective provision, it is necessary to assess the level of national cybersecurity. To solve this problem, some organizations proposed a number of national cybersecurity indices. However, research and practical work on the development of national cybersecurity indices are at an early stage, their methodological justification is unsatisfactory and incomplete. In this study, existing indices of national cybersecurity are comparatively analyzed, their advantages and disadvantages are indicated, and proposals are put forward for their improvement. For weights of indicators included in composite national cybersecurity indices, a method based on entropy is proposed. Static and dynamic cybersecurity indices are also proposed and an experimental verification of the proposed approaches is made on the basis of real data (pp.16-27).

Keywords:cybersecurity, indicator, entropy, composite index, dynamic index, static cybersecurity index, dynamic cybersecurity index, national cybersecurity index.
  • Štitilis D., Pakutinskas P., Malinauskaitė I. EU and NATO cybersecurity strategies and national cyber security strategies: a comparative analysis // Security Journal, vol. 30, no. 4, pp. 1151-1168.
  • İmamverdiyev Y., Elektron dövlətin informasiya təhlükəsizliyi üçün diffuziya indeksi modeli / “Elektron dövlət quruculuğu problemləri” I Respublika elmi-praktiki konfransı, 2014, s.75-78.
  • Pironti J. P. Developing metrics for effective information security governance // Information Systems Control Journal, 2007, vol.2, pp. 33-38.
  • Global Cybersecurity Index 2017, ITU. Geneva, 2017. 78 p, https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf.
  • Global Cybersecurity Index & Cyberwellness Profiles, Geneva, 2015. 528 p, https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-SECU-2015-PDF-E.pdf
  • Hwang S.-W. Development of the National Cyber Safety Index. ITU Regional Cybersecurity Forum (Brisbane, AU), 2008.
  • http://www.itu.int/ITU-D/cyb/events/2008/brisbane/docs/weon-national-information-security-index-brisbane-july-08.pdf
  • National Cyber Security Index (NCSI) Methodology. e-Governance Academy, 2015. http://ncsi.ega.ee/methodology-description/
  • Index of Cyber Security http://www.cybersecurityindex.org
  • El Kettani M. D., Debbagh T. NCSecMM: A National Cyber Security Maturity Model for an Interoperable National Cyber Security Framework / Proc. of the 9th European Conference on e-Government, 2009, pp. 236-247.
  • Yunis M. M., Koong K. S. A conceptual model for the development of a national cybersecurity index: An integrated framework / Proc. of the 21st Americas Conference on Information Systems (AMCIS), 2015, pp. 1-13.
  • Measuring the Information Society Report 2017, Geneva, Switzerland: International Telecommunication Union (ITU), 2017, 31 p. http://www.itu.int/en/ITU-D/Statistics/ Documents/publications/misr2017/MISR2017_Volume1.pdf
  • Global Information Technology Report 2016, Geneva, Switzerland: World Economic Forum, 2016, 307 p, http://www.reports.weforum.org/global-information-technology-report-2016/
  • Gehem M., Usanov A., Frinking E., Rademaker M. Assessing Cyber Security: a Meta-Analysis of Threats, Trends, and Responses to Cyber Attacks. The Hague Centre for Strategic Studies (HCSS), 2015, 102 p.
  • Sen A. Development as freedom. Oxford: Oxford University Press, 1999, 366 p.
  • Jansen W. NISTIR 7564: Directions in security metrics research, 2009, 26 p.
  • Chew E., Swanson M., Stine K. M., Bartol N., Brown A. Robinson W., SP 800-55 Rev. Performance measurement guide for information security. National Institute of Standards & Technology, 2008, 80 p.
  • ISO/IEC 27004:2016 Information technology – Security techniques – Information security management – Measurement, 2009, 58 p.
  • Doran G. T., There's a S.M.A.R.T. way to write management's goals and objectives // Management Review (AMA FORUM), 1981 vol. 70, no. 11, pp. 35–36.
  • Brotby W. K., Hinson G. PRAGMATIC security metrics: Applying metametrics to information security, Auerbach Publications 1st Edition, 2013, 512 p.
  • OECD: Handbook on constructing composite indicators. Methodology and user guide. Paris: OECD Publications, 2008, 162 p.
  • Calvo T., Kolesárová A., Komorníková M., Mesiar R. Aggregation operators: properties, classes and construction methods // Aggregation operators, 2002, pp. 3-104.
  • De Muro P., Mazziotta M., Pareto A. Composite indices of development and poverty: An application to MDGs // Social indicators research, 2011, vol. 104, no. 1, pp. 1-18.
  • Munda G., Nardo M. Noncompensatory/nonlinear composite indicators for ranking countries: a defensible setting // Applied Economics, 2009, vol. 41, no. 12, pp. 1513-1523.
  • Zhou P., Ang B.W., Zhou D.Q. Weighting and aggregation in composite indicator construction: a multiplicative optimization approach // Social Indicators Research, 2010, vol. 96, no. 1, pp. 169-181.
  • Chang Y.H., Yeh C.H. Evaluating airline competitiveness using multi-attribute decision-making // Omega, 2000, vol. 29, pp. 405–415.
  • Zou Z., Yun Y., Sun J. Entropy method for determination of weight of evaluating indicators in fuzzy synthetic evaluation for water quality assessment // Journal of Environmental Sciences, 2006, vol. 18, no. 5, pp. 1020–1023.
  • Sopadang A., Cho B.R., Leonard M. Development of the hybrid weight assessment system for multiple quality attributes // Quality Engineering, 2002, vol. 15, no. 1, pp. 75–89.
  • GCI 2017 Regional Report: CIS Region Report, 2017, 36 p. http://www.itu.int/en/ITU-D/Cybersecurity/Documents/CIS_GCIv2_report.pdf
  • Mazziotta M., Pareto A. A well-being index based on the weighted product method // Topics in Theoretical and Applied Statistics, 2016, pp. 253-259.
  • Muhajarine N., Labonte R., Winquist B. D. The Canadian Index of wellbeing: Key findings from the healthy populations domain // Canadian Journal of Public Health, vol. 103, no. 5, pp. 342-347.