CONTENTS
Document administration ............................................................................................................... 1
List of abbreviations ........................................................................................................................ 2
EXECUTIVE SUMMARY ...........................................................................................................4
Policy and Strategy ...................................................................................................................................... 6
Culture and Society ..................................................................................................................................... 7
Education, Training and Skills .................................................................................................................... 8
Legal and regulatory frameworks ............................................................................................................. 9
Standards, Organisations and Technologies .......................................................................................... 11
Additional Reflections ............................................................................................................................... 12
INTRODUCTION ................................................................................................................... 13
Dimensions of Cybersecurity Capacity .......................................................................................... 14
Stages of Cybersecurity Capacity Maturity ................................................................................... 15
CYBERSECURITY CONTEXT IN ICELAND ................................................................................. 16
REVIEW REPORT .................................................................................................................. 17
Overview ....................................................................................................................................... 17
DIMENSION 1 CYBERSECURITY STRATEGY AND POLICY ......................................................... 18
D1.1 National Cybersecurity Strategy ........................................................................................... 18
D1.2 Incident Response ................................................................................................................. 20
D1.3 Critical Infrastructure (CI) Protection ................................................................................... 22
D1.4 Crisis Management ............................................................................................................... 24
D1.5 Cyber Defence Consideration ............................................................................................... 25
D1.6 Communications Redundancy .............................................................................................. 26
Recommendations ........................................................................................................................ 27
DIMENSION 2 CYBERSECURITY CULTURE AND SOCIETY ......................................................... 31
D2.1 Cybersecurity Mind-set ......................................................................................................... 31
D2.2 Trust and Confidence on the Internet .................................................................................. 33
D2.3 User Understanding of Personal Information protection online.......................................... 34
D2.4 Reporting Mechanisms ......................................................................................................... 35
D2.5 Media and Social Media........................................................................................................ 36
Recommendations ........................................................................................................................ 37
DIMENSION 3 CYBERSECURITY EDUCATION, TRAINING AND SKILLS....................................... 40
D3.1 Awareness Raising ................................................................................................................ 40
D3.2 Framework for Education ..................................................................................................... 42
D3.3 Framework for Professional Training.................................................................................... 44
Recommendations ........................................................................................................................ 45
iii