Elaborates on which specific individuals/agencies are responsible for which goals, as set out by the Strategy. Sets out two actions on risk assessment with the aim of developing a methodology at the state level. The two actions are:
- Choose a risk and a threat assessment methodology for the cyber security field at the state level; and
- Assess, on a continuous basis, cyber security risks and threats at the state level.