Indicator
Cybersecurity
Implemented
Not Implemented
Not Applicable
| Level | ALB | BIH | KOS | MNE | MKD | SRB |
|---|---|---|---|---|---|---|
| The cybersecurity framework is being regularly monitored and evaluated and results of monitoring and evaluation analysis are being used for the improvement of future cybersecurity policies. *No evidence of external evaluations taking place. | ||||||
| The implemented cybersecurity framework is broadly aligned with international good practices such as the OECD Recommendations on Digital Security Risk Management, National Digital Security Strategies and Digital Security of Products and Services. *Pending. | ||||||
| Key performance indicators and data related to cybersecurity (ex. number of incidents) are continuously updated and are publicly available. | ||||||
| There is evidence of active participation in international bodies and exchange of good practices, with the goal of aligning with international standards and good practices in the area of cybersecurity. | ||||||
| Cybersecurity programmes are fully government-funded. *No evidence of significant donor funding, but no data to assess the size of government funding. Institutional cybersecurity resources are limited. | ||||||
| The national Computer Security Incident Response Team has adequate financial, human and technical resources to fulfil its responsibilities. *Not fully. | ||||||
| Good co-operation between the national Computer Security Incident Response Team and other public and private sector Computer Security Incident Response Teams is ongoing. *Limited development. | ||||||
| Computer Security Incident Response Teams have been established in the public and private sector and co-operate with international counterparts. *Partly. | ||||||
| The framework is comprehensive and promotes managing digital security risk of the government’s own activities, mitigating cybercrime and the establishment of Computer Security Incident Response Teams in the public sector, as well as private sector counterparts. | ||||||
| A cybersecurity policy and legal framework is in place. *Under development. | ||||||
| A national cybersecurity authority or National Information Systems (NIS) authority has been established as a primary point of contact for other international competent authorities. | ||||||
| The framework also promotes the establishment of cybersecurity certification in public procurement and recruitment and the strengthening of cybersecurity skills and awareness in the public administration and wider population. | ||||||
| The implemented cybersecurity framework is fully aligned with EU cybersecurity policy, |
Note that for Bosnia and Herzegovina, “State” stands for the state level, while “FBiH” stands for the Federation of Bosnia and Herzegovina and “RS” stands for Republika Srpska - the two entities of Bosnia and Herzegovina. Note that the presented scoring criteria system is not a full representation of the scoring methodology used to determine the score for an indicator. For more information, see the Methodology section.