Reference Materials

To prepare this Guide, the Working Groups reviewed existing international guides, frameworks, and good practices. This process identified a wide range of resources that can support countries in designing, implementing, and sustaining their national cybersecurity strategies.    
 
The materials listed below bring together these references in a comprehensive catalogue, including web links, so readers can explore the principles, concepts, and approaches discussed throughout the Guide in greater depth and apply them to their own national context. While not exhaustive, this collection offers a strong foundation for policymakers, practitioners, and researchers to build upon, and encourages continued exploration of newly available resources.  

Submit a Toolkit or Resource.

Submit

6. References

NCS Lifecycle

Initiation

CIGI. Why Digital Infrastructure Must Be Resilient. On-line Opinion at Centre for International Governance Innovation, 2020. https://www.cigionline.org/articles/why-digital-infrastructure-must-be-resilient

eGA. National Cyber Security Index. https://ncsi.ega.ee/

ENISA. A Governance Framework for National Cybersecurity Strategies, 2023. https://www.enisa.europa.eu/publications/a-governance-framework-for-national-cybersecurity-strategies

ENISA. National Cyber Security Strategies Interactive Map, 2025. https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive-map

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM) dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

GFCE. A Short Guide to Stakeholder Engagement on National Cybersecurity Strategy Development, 2022. https://cybilportal.org/wp-content/uploads/2022/08/GFCE-NCS-Development-Stakeholder-Engagement-Paper.pdf

GFCE. Integrating Cyber Capacity into the Digital Development Agenda. https://thegfce.org/wp-content/uploads/2021/11/Integrating-Cybersecurity-into-Digital-Development_compressed.pdf

Global Partners Digital. Involving Stakeholders in National Cybersecurity Strategies: A Guide for Policymakers, 2020. https://www.gp-digital.org/publication/involving-stakeholders-in-national-cybersecurity-strategies-a-guide-for-policymakers/

OAS & Global Partners Digital. National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas & Other Regions, 2022. https://www.oas.org/en/sms/cicte/docs/National-Cybersecurity-Strategies-Lessons-learned-and-reflections-ENG.pdf

OAS. Managing the National Cyber Risk. White Paper Series, Issue 2, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf

OECD. Policy Framework on Digital Security. Cybersecurity for Prosperity, OECD Publishing, Paris. 2022. https://doi.org/10.1787/a69df866-en

World Bank. Cybersecurity Economics for Emerging Markets, 2024. https://openknowledge.worldbank.org/entities/publication/4ec1bf22-3658-4d69-b9d3-43122254bc66

World Bank. Sectoral Cybersecurity Maturity Model, 2023. https://documents.worldbank.org/en/publication/documents-reports/documentdetail/099062623085028392

Stocktaking and Analysis

CCDCOE. Cybersecurity Strategy & Governance Repository. https://ccdcoe.org/library/strategy-and-governance/

ENISA. A Governance Framework for National Cybersecurity Strategies, 2023. https://www.enisa.europa.eu/publications/a-governance-framework-for-national-cybersecurity-strategies

ENISA. National Cyber Security Strategies Interactive Map, 2025. https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive-map

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM), 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

GFCE. Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle, sections: 1-7, 2021. https://cybilportal.org/publications/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/

ITU. Global Cybersecurity Index, 5th edition, 2024. https://www.itu.int/epublications/publication/global-cybersecurity-index-2024

OAS & Global Partners Digital. National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas & Other Regions, 2022. https://www.oas.org/en/sms/cicte/docs/National-Cybersecurity-Strategies-Lessons-learned-and-reflections-ENG.pdf

OECD. OECD Policy Framework on Digital Security. Cybersecurity for Prosperity, OECD Publishing, Paris, 2022. https://doi.org/10.1787/a69df866-en

OECD. Recommendation of the Council on National Digital Security Strategies, 2022. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0480

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UNIDIR. Cyber Policy Portal, 2021. cyberpolicyportal.org

WEF. Global Cybersecurity Outlook. https://reports.weforum.org/docs/WEF_Global_Cybersecurity_Outlook_2025.pdf 

Resource acquisition and planning

Boston Consulting. Fixing Digital Funding in Government, 2021 https://www.bcg.com/publications/2021/fixing-digital-funding-in-government

GovLoop. Managing Cybersecurity Spend – Value and Outcomes, 2018, https://go.govloop.com/rs/231-DWB-776/images/managing-cybersecurity-spend-value-outcomes.pdf

OAS & Global Partners Digital. “National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas and Other Regions”, 2022.

OECD. Effectively Managing Investments in Digital Government, 2025, https://www.oecd.org/content/dam/oecd/en/publications/reports/2025/06/effectively-managing-investments-in-digital-government_2fc9fbbf/5c324e91-en.pdf

Production

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM), 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

OAS & Global Partners Digital. National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas & Other Regions, 2022. https://www.oas.org/en/sms/cicte/docs/National-Cybersecurity-Strategies-Lessons-learned-and-reflections-ENG.pdf

OECD. Recommendation of the Council on National Digital Security Strategies, 2022. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0480

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Implementation

ENISA. A Governance Framework for National Cybersecurity Strategies, 2023. https://www.enisa.europa.eu/publications/a-governance-framework-for-national-cybersecurity-strategies

ENISA. National Cyber Security Strategies Interactive Map, 2025. https://www.enisa.europa.eu/topics/national-cyber-security-strategies/ncss-map/national-cyber-security-strategies-interactive-map

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM), Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

GFCE. Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle, 2021. https://cybilportal.org/publications/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/

OAS & Global Partners Digital. National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas & Other Regions, 2022. https://www.oas.org/en/sms/cicte/docs/National-Cybersecurity-Strategies-Lessons-learned-and-reflections-ENG.pdf

OECD. Recommendation of the Council on National Digital Security Strategies, 2022. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0480

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Monitoring and Evaluation 

CCDCOE. Cybersecurity Strategy & Governance Repository. https://ccdcoe.org/library/strategy-and-governance/

ENISA. National Capabilities Assessment Framework, 2020. https://digital-skills-jobs.europa.eu/en/inspiration/resources/national-cybersecurity-assessment-framework-ncaf-tool

ENISA. Threat Landscape 2025. https://enisa.europa.eu/publications/enisa-threat-landscape-2025

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM), 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

OAS & Global Partners Digital. National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas & Other Regions, 2022. https://www.oas.org/en/sms/cicte/docs/National-Cybersecurity-Strategies-Lessons-learned-and-reflections-ENG.pdf

OECD. Recommendation of the Council on National Digital Security Strategies, 2022. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0480

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Focus Areas

FA 1 Governance   

ENISA. ‘A Governance Framework for National Cybersecurity Strategies’ (2023). https://www.enisa.europa.eu/publications/a-governance-framework-for-national-cybersecurity-strategies

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM), Dimension 1: 1.1, 1.2, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

Global Partners Digital. Toolkit for Inclusive and Value-Based Cybersecurity Policymaking, 2020. https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based-cybersecurity-policymaking/

OAS & Global Partners Digital. “National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas and Other Regions,” 2022.

OAS. Managing the National Cyber Risk. White Paper Series, Issue 2, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf

OECD. Cybersecurity Policy Making at a Turning Point: Analysing a New Generation of National Cybersecurity Strategies for the Internet Economy, OECD Digital Economy Papers, No. 211, OECD Publishing, Paris. 2012. https://doi.org/10.1787/5k8zq92vdgtl-en

OECD. Enhancing the digital security of critical activities, 2021 https://goingdigital.oecd.org/data/notes/No17_ToolkitNote_DigitalSecurity.pdf

OECD. OECD Policy Framework on Digital Security. Cybersecurity for Prosperity, OECD Publishing, Paris, 2022. https://doi.org/10.1787/a69df866-en

OECD. Recommendation of the Council on Digital Security of Critical Activities, 2019. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0456

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

World Bank. Enabling Cyber Resilient Development, 2023. https://blogs.worldbank.org/en/digital-development/enabling-cyber-resilient-development

World Bank. Ghana: A Case Study in Strengthening Cyber Resilience, 2023. http://documents.worldbank.org/curated/en/099111623162584046

FA2 CRITICAL INFRASTRUCTURE, CRITICAL INFORMATION INFRASTRUCTURE, AND ESSENTIAL SERVICES  

ENISA. Methodologies for the Identification of Critical Information Infrastructure Assets and Services, 2015.

Meridian and GFCE. ‘Companion Document to the GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for Governmental Policy-Makers’, 2016. https://www.tno.nl/media/10425/companiondocument_gpg_ciip.pdf

Microsoft. Risk Management for Cybersecurity: Security Baselines, 2017.

OAS & Microsoft. Protection of Critical Infrastructure in Latin America and the Caribbean, 2018. https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=2

OAS & Trend Micro. Report on Cybersecurity and Critical Infrastructure in the Americas, 2015. https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=3

OECD. OECD Policy Framework on Digital Security. Cybersecurity for Prosperity, OECD Publishing, Paris, 2022. https://doi.org/10.1787/a69df866-en

OECD. Recommendation of the Council on Digital Security of Critical Activities, 2019 https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0456

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, section 2.4, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UNIDIR. International Cooperation to Mitigate Cyber Operations against Critical Infrastructure, 2021. https://unidir.org/criticalinfrastructure

UNOCT, CTED and INTERPOL. Compendium of Good Practices for the Protection of Critical Infrastructure against Terrorist Attack, 2018. https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/eng_compendium-cip-final-version-120618.pdf

WEF. Advancing Supply Chain Security in Oil and Gas: An Industry Analysis: https://www3.weforum.org/docs/WEF_Advancing_Supply_Chain_Security_in_Oil_and_Gas_2021.pdf

WEF. Building a Culture of Cyber Resilience in Manufacturing: https://www3.weforum.org/docs/WEF_Building_a_Culture_of_Cyber_Resilience_in_Manufacturing_2024.pdf

WEF. Cyber Resilience in the Oil and Gas Industry: Playbook for Boards and Corporate Officers: https://www3.weforum.org/docs/WEF_Board_Principles_Playbook_Oil_and_Gas_2021.pdf

WEF. Facilitating Global Interoperability of Cyber Regulations in the Electricity Sector: https://www3.weforum.org/docs/WEF_Facilitating_Global_Interoperability_Cyber_Regulations_2023.pdf

WEF. Pathways Towards a Cyber Resilient Aviation Industry: https://www3.weforum.org/docs/WEF_Pathways_Cyber_Resilient_Aviation_2021.pdf

WEF. Unlocking Cyber Resilience in Industrial Environments: Five Principles https://www.weforum.org/publications/unlocking-cyber-resilience-in-industrial-environments-five-principles/

WEF. Unpacking Cyber Resilience: https://www3.weforum.org/docs/WEF_Unpacking_Cyber_Resilience_2024.pdf

World Bank. Unpacking Cloud Cybersecurity: A Guide for Policy Makers in Developing Countries, 2024. https://documents.worldbank.org/en/publication/documents-reports/documentdetail/099103124193527496/p1778521dda0ba08e19fcb1f0d251cdb786

FA3 Risk Management in National Cybersecurity   

ENISA. Interoperable EU Risk Management Toolbox, 2023. https://www.enisa.europa.eu/publications/interoperable-eu-risk-management-toolbox

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM), Dimension 1: 1.1, 1.2, 1.3; Dimension 2: 2.1; Dimension 3: 3.1, 3.2, 3.4; Dimension 4: 4.1, 4.2, 4.3, 4.4; Dimension 5: 5.1, 5.2, 5.4, 5.5, 5.6, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

Microsoft. Risk Management for Cybersecurity: Security Baselines, 2017.

NIST. Cybersecurity Framework (CSF) 2.0 , 2024. https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.29.pdf

OAS & AWS. NIST Framework: A Comprehensive Approach to Cybersecurity, 2019. (English, Spanish, Portuguese and French) https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=2

OAS. Managing the National Cyber Risk. White Paper Series, Issue 2, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf

OECD. OECD Policy Framework on Digital Security. Cybersecurity for Prosperity, OECD Publishing, Paris. 2022. https://doi.org/10.1787/a69df866-en

OECD. Recommendation of the Council on Digital Security Risk Management, 2022. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0479

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, section 1, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UNIDIR. Supply Chain Security in the Cyber Age: Sector Trends, Current Threats and Multi-Stakeholder Responses, 2020. https://unidir.org/publication/supply-chain-security-in-the-cyber-age-sector-trends-current-threats-and-multi-stakeholder-responses/

UNOCT/ UNICRI. Beneath the Surface: Terrorist and Violent extremist use of the Dark Web and Cybercrime-as-a-Service for Cyber-Attacks, 2024. https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/dw_beneath_the_surface_update.pdf

WEF. Principles for Board Governance of Cyber Risk, 2021. https://www.weforum.org/reports/principles-for-board-governance-of-cyber-risk

FA4 Incident Response 

Carnegie Mellon Software Engineering Institute (CMU/SEI). “Handbook for Computer Security Incident Response Teams (CSIRTs)”, 2003. https://www.sei.cmu.edu/documents/1606/2003_002_001_14102.pdf

CISA. “Cybersecurity Incident and Vulnerability Response Playboks” (2021). https://www.cisa.gov/sites/default/files/2024-08/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf

DCAF. Introduction to Computer Security Incident Response Teams (CSIRTs): Structures and Functions of Cybersecurity’s First Responders (2023) https://www.dcaf.ch/introduction-computer-security-incident-response-teams-structures-and-functions-cybersecuritys

ENISA Information Sharing and Analysis Center (ISACs) – Cooperative models, 2018. https://www.enisa.europa.eu/publications/information-sharing-and-analysis-center-isacs-cooperative-models

ENISA, ISAC in a Box, 2020. https://tools.enisa.europa.eu/topics/national-cyber-security-strategies/information-sharing/isacs-toolkit/view

ENISA. How to set up CSIRT and SOC, 2020. https://enisa.europa.eu/publications/how-to-set-up-csirt-and-soc

FIRST. CSIRT Services Framework Version 2.1, 2019. https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v2-1

FIRST. PSIRT Services Framework Version 1.1, 2020. https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1-1

ITU. CIRT Framework, 2021.

ITU. CyberDrill Framework, 2021.

OAS. Best Practices for Establishing a National CSIRT, 2016. https://www.oas.org/ext/en/security/publications/program/105

OAS. CSIRT Americas Baseline: Maturity Reference for Member States CSIRTs, 2025. (English and Spanish) https://www.oas.org/ext/DesktopModules/MVC/OASDnnModules/Views/Item/Download.aspx?type=1&id=1191&lang=1

OAS. CSIRTs Practical Guide, Vol. 2: Sustainable business model, 2023. https://www.oas.org/ext/DesktopModules/MVC/OASDnnModules/Views/Item/Download.aspx?type=1&id=663&lang=1

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, section 2 and 4, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

TNO. Getting Started with a National CSIRT Guide, 2021. https://cybilportal.org/tools/getting-started-with-a-national-csirt-guide/

World Bank. Digital First Responders – The Role of Computer Security Incident Response Teams (CSIRTS) in Developing Countries, 2024. https://documents.worldbank.org/pt/publication/documents-reports/documentdetail/099060824112023473/p177852158c0330d51a71613967bd98edc4 

FA5 Capability and Capacity Building and Awareness Raising   

CoE. Capacity building programmes. https://www.coe.int/en/web/cybercrime/capacity-building-programmes

ENISA. #CyberALL. Raising Awareness Campaigns. https://www.enisa.europa.eu/topics/awareness-and-cyber-hygiene/raising-awareness-campaigns/cyberall

ENISA. AR-in-a-Box. Cybersecurity Awareness Raising: The ENISA-Do-It-Yourself Toolbox. https://www.enisa.europa.eu/topics/awareness-and-cyber-hygiene/ar-in-a-box

ENISA. Cyber Hygiene in the Health Sector. https://www.enisa.europa.eu/publications/cyber-hygiene-in-the-health-sector

ENISA. Cybersecurity Guide For SMEs – 12 Steps To Securing Your Business. https://www.enisa.europa.eu/publications/cybersecurity-guide-for-smes

ENISA. Cybersecurity Roles and Skills For NIS2 Essential and Important Entities. https://www.enisa.europa.eu/publications/cybersecurity-roles-and-skills-for-nis2-essential-and-important-entities

ENISA. ENISA CyberEducation Platform. https://tools.enisa.europa.eu/topics/education/cyberedu#/

ENISA. European Cybersecurity Skills Framework (ECSF). https://www.enisa.europa.eu/topics/skills-and-competences/skills-development/european-cybersecurity-skills-framework-ecsf

EU CyberNet. A Gender Mainstreaming Toolkit. Gender Equality and Cybersecurity, 2024. https://capacity4dev.europa.eu/library/gender-mainstreaming-cyber-security_en

EU CyberNet. Benchmark study on cybersecurity platforms for academic CSIRTs, 2025. https://www.eucybernet.eu/wp-content/uploads/2025/06/benchmarkstudyoncybersecurityplatformsforacademiccsirtsvanimpeleonardo_en.pdf

EU CyberNet. Operational Guidance. The EU’s International Cooperation on Cyber Capacity Building, 2023. https://www.eucybernet.eu/wp-content/uploads/2023/11/operational-guidance-for-the-eu-international-cooperation-on-ccb-1-1.pdf

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM). Dimension 3: 3.1, 3.2, 3.3, 3.4, University Oxford, 2021. https://gcscc.ox.ac.uk/the-cmm

ISC2. Cybersecurity Workforce Study, 2024. https://www.isc2.org/Insights/2024/10/ISC2-2024-Cybersecurity-Workforce-Study

ITU & OAS. A systems approach to understanding national cybersecurity education capacity, 2024. (English and Spanish) https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=1

NICCS. Cyber Career Pathways Tool, 2025. https://niccs.cisa.gov/tools/cyber-career-pathways-tool

NIST. NICE Framework Resource Center, 2025. https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center/playbook-workforce-frameworks

OAS & Global Partners Digital. National Cybersecurity Strategies: Lessons learned from the Americas & beyond, 2022 https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=1

OAS. Creating a career path in cybersecurity program. Report 2017–2024, 2025. https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=1

OAS. Cybersecurity Awareness Campaign Toolkit, 2015. (English and Spanish) https://www.oas.org/ext/DesktopModules/MVC/OASDnnModules/Views/Item/Download.aspx?type=1&id=749&lang=1

OAS. National Cybersecurity Workforce Training Framework (Costa Rica), 2025. (English and Spanish) https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=1

OAS. Report on cybersecurity workforce development in an era of talent and skills shortage, 2023. (English and Spanish) https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=1

OECD. How’s life for Children in the Digital Age, 2025. Section 5. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0479

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, section 5, 2015. https://potomacinstitute.us/images/CRIndex2.0.pdf

UNIDIR. Accelerating ICT Security Capacity Building – Takeaways from the Global Roundtable on ICT Security Capacity Building, UNIDIR, June 2024. https://unidir.org/publication/accelerating-ict-security-capacity-building-take-aways-from-the-global-roundtable-on-ict-security-capacity-building/

WEF. PPPs for Cyber Talent Development, 2025. https://www.weforum.org/publications/growing-cyber-talent-through-public-private-partnerships/

WEF. Strategic Cybersecurity Talent Framework, 2024. https://www3.weforum.org/docs/WEF_Strategic_Cybersecurity_Talent_Framework_2024.pdf

WEF. The Business Imperative of Cyber Information Sharing for Our Collective Defence, 2022. https://www3.weforum.org/docs/WEF_The_Business_Imperative_of_Cyber_Info_Sharing_2022.pdf

World Bank. ‘Hacking’ the Cybersecurity Skills Gap in Developing Countries, 2023. https://documents.worldbank.org/en/publication/documents-reports/documentdetail/099111023150023703/p17785208994aa06d08eca094513904323a

World Bank. Protecting Women and Girls from Cyber Harassment: A Global Assessment of Existing Laws, 2023. https://documents.worldbank.org/en/publication/documents-reports/documentdetail/099456506262310384

FA6 Legislation and Regulation   

CCDCOE. Handbook on Developing a National Position on International Law and Cyber Activities: A Practical Guide for States, 2025. https://ccdcoe.org/library/publications/handbook-on-developing-a-national-position-on-international-law-and-cyber-activities-a-practical-guide-for-states/

CoE. Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001), 2004.

CoE. Budapest Convention on Cybercrime (2001), Chapter III, Its First Additional Protocol on Xenophobia and Racism (2003), Chapter III, Article 8(2). , and Its Second Additional Protocol on Enhanced Cooperation and Disclosure of Electronic Evidence, 2022.

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM). Dimension 4: 4.1, 4.3, 4.4, University Oxford, 2021.

OAS & Global Partners Digital. National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas & Other Regions, 2022. https://www.oas.org/en/sms/cicte/docs/National-Cybersecurity-Strategies-Lessons-learned-and-reflections-ENG.pdf

OECD. Recommendation of the Council on Digital Security of Critical Activities, 2019 https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0456

OECD. Recommendation of the Council on the Digital Security of Products and Services, 2022. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0481

OECD. Recommendation of the Council on the Treatment of Digital Security Vulnerabilities, 2022. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0482

OHCHR. International Covenant on Civil and Political Rights, Article 19, 1976.

OSCE. Emerging Practices in Cybersecurity-Related Public-Private Partnerships and Collaboration in OSCE Participating States, 2023. https://www.osce.org/secretariat/539108

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, section 3, 2015.

UNCTAD. Global Cyberlaw Tracker, 2025. https://unctad.org/topic/ecommerce-and-digital-economy/ecommerce-law-reform/summary-adoption-e-commerce-legislation-worldwide

UNDP Guide. Drafting Data Protection Legislation: A Study of Regional Frameworks, 2023. Sections 3, 8, 9.

UNICRI. Access to justice in the digital age: Empowering victims of cybercrime in Africa, 2025 https://unicri.org/Publication-Access-Justice-Digital-Age-Empowering-Victims-Africa

UNODC. Practical Guide for Requesting Electronic Evidence Across Borders, 2021. https://www.unodc.org/cld/en/publications/practical-guide/practical-guide.html

UNODC. United Nations Convention against Cybercrime, 2024. https://www.unodc.org/unodc/en/cybercrime/convention/home.html

WEF. Cybercrime Prevention Principles for Internet Service Providers, 2020. https://www.weforum.org/reports/cybercrime-prevention-principles-for-internet-service-providers

WEF. Partnership against Cybercrime, 2020. https://www.weforum.org/reports/partnership-against-cybercrime

World Bank. Data protection and privacy laws.

World Bank. “Hacking” the cybersecurity skills gap in developing countries, 2023.

FA7 International Cooperation   

CoE. 24/7 Network established under the Convention on Cybercrime, N.A.

CoE. Budapest Convention on Cybercrime (2001), Chapter III, Its First Additional Protocol on Xenophobia and Racism (2003), Chapter III, Article 8(2). , and Its Second Additional Protocol on Enhanced Cooperation and Disclosure of Electronic Evidence, 2022.

GCSCC. Cybersecurity Capacity Maturity Model for Nations (CMM), Dimension 1: 1.1, 4: 4.4, University Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

Geneva Dialogue. Geneva Manual on Responsible Behaviour in Cyberspace, chapter 1: Implementation of Agreed Norms by Relevant Non-State Stakeholders to Secure Supply Chains and Responsibly Report Vulnerabilities, 2023. https://genevadialogue.ch/geneva-manual/chapter-1/

Geneva Dialogue. Geneva Manual on Responsible Behaviour in Cyberspace, chapter 2: Implementation of Agreed Norms and Confidence-Building Measures by Relevant Non-State Stakeholders to Protect Critical Infrastructure, 2025. https://genevadialogue.ch/geneva-manual/chapter-2/

OAS. CSIRT Americas Baseline, 2023. (English and Spanish) https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=1

OECD. Enhancing the digital security of critical activities, 2021. https://www.oecd.org/content/dam/oecd/en/publications/reports/2021/10/enhancing-the-digital-security-of-critical-activities_d07dd7da/a91b818b-en.pdf

OECD. Recommendation of the Council on Digital Security Risk Management, 2022. https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0479

OSCE. Emerging Practices in Cybersecurity-Related Public-Private Partnerships and Collaboration in OSCE Participating States, 2023. https://www.osce.org/secretariat/539108

Potomac Institute for Policy Studies. Cyber Readiness Index 2.0, section 4 and 6, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UN OEWG on security of and in the use of ICTs. Developments in the field of information and telecommunications in the context of international security, 2025. A/78/265, Annex C: Agreed principles of capacity-building.

UNIDIR & OAS. A new approach to the 11 UN norms on responsible state behaviour in cyberspace: gender responsive application guidelines, 2025. (English and Spanish) https://www.oas.org/ext/es/seguridad/publicaciones/program/105?page=1

UNIDIR. Accelerating ICT Security Capacity Building – Takeaways from the Global Roundtable on ICT Security Capacity Building, UNIDIR, June 2024. https://unidir.org/publication/accelerating-ict-security-capacity-building-take-aways-from-the-global-roundtable-on-ict-security-capacity-building/

UNIDIR. Cyber Policy Portal Database https://database.cyberpolicyportal.org/en/

UNIDIR. Regional Perspectives in the Application of International Humanitarian Law to Lethal Autonomous Weapon Systems, 2025. In extension to section 5.7.2. of the Guide.

UNIDIR. Unpacking Cyber Capacity Building Needs: Part 1. Mapping the Foundational Cyber Capabilities, Geneva, July 2023 https://unidir.org/publication/unpacking-cyber-capacity-building-needs-part-i-mapping-the-foundational-cyber-capabilities/

UNODA. UN Global Intergovernmental Directory on ICT Security https://poc-ict.unoda.org/

UNODC. Practical Guide for Requesting Electronic Evidence Across Borders, 2021

WEF. Collaboration framework to disrupt criminal networks, 2024. https://www.weforum.org/publications/disrupting-cybercrime-networks-a-collaboration-framework/

Previous SectionNext Section