Section 6

Reference Materials

Download Guide

In the process of updating this Guide, a stocktaking of existing guides and best practices was conducted.

This allowed us to identify materials already available to support countries in developing their National Cybersecurity Strategy. The list below provides a comprehensive catalogue of the abovementioned materials, including web links.

NCS Lifecycle

Initiation

CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 1.3, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.

ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.

Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’ dimension 1: 1.1, University of Oxford, 2021. (https://gcscc.ox.ac.uk/cmm-2021-edition)

GPD. ‘Involving Stakeholders in National Cybersecurity Strategies: A Guide for Policymakers’, 2020. https://www.gp-digital.org/publication/involving-stakeholders-in-national-cybersecurity-strategies-a-guide-for-policymakers/.

Stocktaking and Analysis

CCDCOE. ‘Cybersecurity Strategy & Governance Repository’. https://ccdcoe.org/library/strategy-and-governance/.

CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.4, 4, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections: 2.1, 2.2, 3.2.1, 3.3.1, (2013).

ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.

GCSCC ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

GFCE. ‘Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle’, sections: 1-7, 2021. https://cybilportal.org/tools/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/.

ITU. ‘Global Cybersecurity Index 2020’, 2021. https://www.itu.int/epublications/publication/global-cybersecurity-index-2020/en/

OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UNIDIR. ‘Cyber Policy Portal’, 2021. www.cyberpolicyportal.org

Production

ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.

Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. (https://gcscc.ox.ac.uk/cmm-2021-edition)

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Implementation

ENISA. ‘National Cyber Security Strategies: An Implementation Guide’, 2012.

ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.

GCSCC. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

GFCE. ‘Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle’, 2021. https://cybilportal.org/tools/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Monitoring and Evaluation

CCDCOE. ‘Cybersecurity Strategy & Governance Repository’. https://ccdcoe.org/library/strategy-and-governance/.

CCDCOE. ‘National Cyber Security Framework Manual’, section 2.4, 2012. https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

ENISA. ‘National Capabilities Assessment Framework’, 2020.

ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.

Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. (https://gcscc.ox.ac.uk/cmm-2021-edition)

OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Overarching Principles

Vision

ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.

Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. (https://gcscc.ox.ac.uk/cmm-2021-edition)

Microsoft. ‘Building an Effective National Cybersecurity Agency’, 2018.

Microsoft. ‘Developing a National Cybersecurity Strategy, Sections: A Principled Approach to Cybersecurity, Establishing Clear Priorities and Security Baseline’, 2013.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Comprehensive approach and tailored priorities

CCDCOE. ‘Cybersecurity Strategy & Governance Repository’. https://ccdcoe.org/library/strategy-and-governance/.

CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.4, 4, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections: 2.1, 2.2, 3.2.1, 3.3.1, (2013).

ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.

GCSCC ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

GFCE. ‘Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle’, sections: 1-7, 2021. https://cybilportal.org/tools/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/.

OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UNIDIR. ‘Cyber Policy Portal’, 2021. www.cyberpolicyportal.org

Inclusiveness

Economic and Social Prosperity

GPD. ‘Involving Stakeholders in National Cybersecurity Strategies: A Guide for Policymakers’, 2020. https://www.gp-digital.org/publication/involving-stakeholders-in-national-cybersecurity-strategies-a-guide-for-policymakers/

GPD. ‘Toolkit for Inclusive and Value-Based Cybersecurity Policymaking’. https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based-cybersecurity-policymaking/

OECD ‘Recommendation of the Council on Digital Security of Critical Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity, 2-A, Companion Document’, 2015.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity, 2-A, Companion Document’, 2015.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Fundamental human rights

Council of Europe. ‘Second Additional Protocol to the Convention on Cybercrime on Enhanced Cooperation and Disclosure of Electronic Evidence – Draft as Approved by the Cybercrime Convention Committee’, 2021.

Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and Electronic Evidence in GLACY Countries’, sections 1, 2, 6, (2016).

Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region’, sections 1,2,7, (2013).

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.18, 4.4.19, 4.4.20, (2015).

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.15, 3.184.9, 4.12, (2016).

Europe, Council. ‘Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001)’, 2004.

ITU. ‘Guidelines for Policy-Makers on Child Online Protection’, sections 3.3, 3.4, (2020). https://www.itu-cop-guidelines.com/policymakers.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 3, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.

  1. ‘Sustainable Development Goals, Article 16.3 UNCTAD, Global Cyberlaw Tracker’, 2015.

UNHR. ‘International Covenant on Civil and Political Rights, Article 19’, 1976.

WEF. ‘Cybercrime Prevention Principles for Internet Service Providers’, 2020. https://www.weforum.org/reports/cybercrime-prevention-principles-for-internet-service-providers.

WEF. ‘Partnership against Cybercrime’, 2020. https://www.weforum.org/reports/partnership-against-cybercrime.

WEF. ‘Recommendations for Public-Private Partnership against Cybercrime’, 2016. http://www3.weforum.org/docs/WEF_Cybercrime_Principles.pdf.

World Bank. ‘Combatting Cybercrime: Tools and Capacity Building for Emerging Economies’.

Risk management and resilience

Carnegie Mellon. ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’, 2003.

CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.2, 4.2.2, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 3.5 (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.

CCI. ‘Checklist’, 2013.

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.3, 4.4.20, 4.4.21, 4.4.22, 4.4.27, 4.4.31, (2015).

ENISA. ‘CERT Operational Gaps and Overlaps’, 2011.

ENISA. ‘Good Practice Guide for Incident Management’, 2011.

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.6, 3.7, 3.10, 3.14, 4.1, 4.5, 4.8, (2016).

ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation’, 2016.

FIRST ‘FIRST CSIRT Services Framework Version 2.1’, 2019. https://www.first.org/standards/frameworks/csirts/FIRST_CSIRT_Services_Framework_v2.1.0.pdf.

FIRST. ‘FIRST PSIRT Services Framework Version 1.1’, 2020. https://www.first.org/standards/frameworks/psirts/FIRST_PSIRT_Services_Framework_v1.1.pdf.

Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.2; Dimension 5: 5.6, University Oxford, 2021.

ITU. ‘CIRT Framework’, 2021.

ITU. ‘CyberDrill Framework’, 2021.

Microsoft. ‘Developing a National Strategy for Cybersecurity, Section: Building Incident Response Capabilities’, 2013.

Microsoft. ‘Information Sharing Framework for Cybersecurity’, 2015.

Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.

OAS. ‘Best Practice for Establishing a National CSIRT’, p. 35, 2016.

OAS. ‘Comprehensive Inter-American Cybersecurity Strategy: A Multidimensional and Multidisciplinary Approach to Creating a Culture of Cybersecurity’, pp.3-4, 2004.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, section 2-B, 2015.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2,4, (2015). https://www.potomacinstitute.org/images/CRIndex2.0.pdf

TNO. ‘Getting Started with a National CSIRT Guide’, 2021. https://cybilportal.org/tools/getting-started-with-a-national-csirt-guide/.

UNU. ‘Report: Cyber Resilience in Asia Pacific – A Review of National Cybersecurity Strategies’, 2020. https://collections.unu.edu/view/UNU:7760.

WEF and Carnegie. ‘International Strategy to Better Protect the Financial System Against Cyber Threats’, 2020. https://carnegieendowment.org/2020/11/18/international-strategy-to-better-protect-financial-system-against-cyber-threats-pub-83105.

WEF. ‘Cyber Resilience in the Electricity Ecosystem: Securing the Value Chain’, 2020. https://www.weforum.org/whitepapers/cyber-resilience-in-the-electricity-ecosystem-securing-the-value-chain.

WEF. ‘Cyber Resilience: Playbook for Public- Private Collaboration’, 2018. https://www.weforum.org/reports/cyber-resilience-playbook-for-public-private-collaboration.

WEF. ‘Pathways Towards a Cyber Resilient Aviation Industry’, 2021. https://www.weforum.org/reports/pathways-towards-a-cyber-resilient-aviation-industry.

Appropriate set of policy instruments

CCDCOE. ‘National Cyber Security Strategy Framework Manual’, section 5, 2012. https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.2, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.

CCI. ‘Checklist’, 2013.

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.18, 4.4.19, 4.4.20, (2015).

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.15, 3.184.9, 4.12, (2016).

Europe, Council. ‘Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001)’, 2004.

Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’. Dimension 4: 4.1, 4.3, 4.4, University Oxford, 2021.

Clear leadership, roles, and resource allocation

CCDCOE. ‘National Cyber Security Framework Manual’, sections  1.4.2, 2.1.1 2.1.3, 2.2, 2.3, 2.4, 3.1, 3.5, 4, 5.3.1, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/

CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.1, 3.3, 3.8, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.1, 4.4.4, 4.4.5, 4.4.8, 4.4.9, 4.4.20, 4.4.21, 4.4.34, 4.5, (2015).

ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’, sections 2, 2.2.1, 3.1.1, 3.1.2, 3.1.3, (2016).

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections: 3.1, 3.2, 3.4, 3.5, 3.17, (2016).

ENISA. ‘National Cyber Security Strategies: Setting the Course for National Efforts to Strengthen Security in Cyberspace’, sections 4, 6 (2016).

Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, University of Oxford (2021). (https://gcscc.ox.ac.uk/cmm-2021-edition)

GPD. ‘Toolkit for Inclusive and Value-Based Cybersecurity Policymaking’. https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based-cybersecurity-policymaking/.

Microsoft. ‘Building an Effective National Cybersecurity Agency’, 2018.

Microsoft. ‘Developing a National Cybersecurity Strategy, Sections: A Principled Approach to Cybersecurity, Establishing Clear Priorities and Security Baseline’, 2013.

Trust environment

ENISA. ‘National Cyber Security Strategies: An Implementation Guide’, 2012.

ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.

GCSCC ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

GFCE. ‘Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle’, 2021. https://cybilportal.org/tools/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

Focus Areas

FA 1 Governance

CCDCOE. ‘National Cyber Security Framework Manual’, sections 1.4.2, 2.1.1 2.1.3, 2.2, 2.3, 2.4, 3.1, 3.5, 4, 5.3.1, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/

CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.1, 3.3, 3.8, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf

CCI. ‘Checklist’, 2013.

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.1, 4.4.4, 4.4.5, 4.4.8, 4.4.9, 4.4.20, 4.4.21, 4.4.34, 4.5, (2015).

ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’, sections 2, 2.2.1, 3.1.1, 3.1.2, 3.1.3, (2016).

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections: 3.1, 3.2, 3.4, 3.5, 3.17, (2016).

ENISA. ‘National Cyber Security Strategies: Setting the Course for National Efforts to Strengthen Security in Cyberspace’, sections 4, 6 (2016).

Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, University of Oxford (2021). (https://gcscc.ox.ac.uk/cmm-2021-edition)

GPD. ‘Toolkit for Inclusive and Value-Based Cybersecurity Policymaking’. https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based-cybersecurity-policymaking/.

Microsoft. ‘Building an Effective National Cybersecurity Agency’, 2018.

Microsoft. ‘Developing a National Cybersecurity Strategy, Sections: A Principled Approach to Cybersecurity, Establishing Clear Priorities and Security Baseline’, 2013.

OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.

OECD ‘Recommendation of the Council on Digital Security of Critical Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.

OECD. ‘Cybersecurity Policy Making at a Turning Point, Annex IV’, 2012.

OECD. ‘Recommendation of the Council Concerning Guidelines for the Protection of Privacy and Transborder Flows of Personal Data (Privacy Guidelines’, 2013.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity, 2-A, Companion Document’, 2015.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity, 2-A, Companion Document’, 2015.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

FA2 Risk management in national cybersecurity

CCDCOE. ‘National Cyber Security Framework Manual’, sections: 2.1.2, 5.3.2, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

CCDCOE. ‘National Cyber Security Strategy Guidelines’, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.6, 4.4.15, 4.4.24, 4.4.25, 4.4.26, 4.4.27, (2015).

ENISA. ‘National Cyber Security Strategy Good Practice Guide – Designing and Implementing National Cyber Security Strategies, 2016.

Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, 1.3; Dimension 2: 2.1; Dimension 3: 3.1, 3.2, 3.4; Dimension 4: 4.1, 4.2, 4.3, 4.4; Dimension 5: 5.1, 5.2, 5.4, 5.5, 5.6, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition

Microsoft. ‘Developing a National Cybersecurity Strategy. Building a Risk Approach’, 2013.

Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.

NIST. ‘Framework for Improving Critical Infrastructure Cybersecurity’, 2015.

OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.

OECD. ‘Recommendation of the Council on Digital Security of Critical Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, 2015.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 1, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UNIDIR. ‘Supply Chain Security in the Cyber Age: Sector Trends, Current Threats and Multi-Stakeholder Responses’, 2020. https://unidir.org/publication/supply-chain-security-cyber-age-sector-trends-current-threats-and-multi-stakeholder.

WEF. ‘Principles for Board Governance of Cyber Risk’, 2021. https://www.weforum.org/reports/principles-for-board-governance-of-cyber-risk.

FA3 Preparedness and resilience

Carnegie Mellon. ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’, 2003.

CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.2, 4.2.2, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.5 (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.

CCI. ‘Checklist’, 2013.

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.3, 4.4.20, 4.4.21, 4.4.22, 4.4.27, 4.4.31, (2015).

ENISA. ‘CERT Operational Gaps and Overlaps’, 2011.

ENISA. ‘Good Practice Guide for Incident Management’, 2011.

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.6, 3.7, 3.10, 3.14, 4.1, 4.5, 4.8, (2016).

ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation’, 2016.

FIRST ‘FIRST CSIRT Services Framework Version 2.1’, 2019. https://www.first.org/standards/frameworks/csirts/FIRST_CSIRT_Services_Framework_v2.1.0.pdf.

FIRST. ‘FIRST PSIRT Services Framework Version 1.1’, 2020. https://www.first.org/standards/frameworks/psirts/FIRST_PSIRT_Services_Framework_v1.1.pdf.

Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.2; Dimension 5: 5.6, University Oxford, 2021.

ITU. ‘CIRT Framework’, 2021.

ITU. ‘CyberDrill Framework’, 2021.

Microsoft. ‘Developing a National Strategy for Cybersecurity, Section: Building Incident Response Capabilities’, 2013.

Microsoft. ‘Information Sharing Framework for Cybersecurity’, 2015.

Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.

OAS. ‘Best Practice for Establishing a National CSIRT’, p. 35, 2016.

OAS. ‘Comprehensive Inter-American Cybersecurity Strategy: A Multidimensional and Multidisciplinary Approach to Creating a Culture of Cybersecurity’, pp.3-4, 2004.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, section 2-B, 2015.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2,4, (2015). https://www.potomacinstitute.org/images/CRIndex2.0.pdf

TNO. ‘Getting Started with a National CSIRT Guide’, 2021. https://cybilportal.org/tools/getting-started-with-a-national-csirt-guide/.

UNU. ‘Report: Cyber Resilience in Asia Pacific – A Review of National Cybersecurity Strategies’, 2020. https://collections.unu.edu/view/UNU:7760.

US “National Cyber Incident Scoring System (NCISS) which includes a Cyber Incident Severity Schema (CISS)”. https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System

WEF and Carnegie. ‘International Strategy to Better Protect the Financial System Against Cyber Threats’, 2020. https://carnegieendowment.org/2020/11/18/international-strategy-to-better-protect-financial-system-against-cyber-threats-pub-83105.

WEF. ‘Cyber Resilience in the Electricity Ecosystem: Securing the Value Chain’, 2020. https://www.weforum.org/whitepapers/cyber-resilience-in-the-electricity-ecosystem-securing-the-value-chain.

WEF. ‘Cyber Resilience: Playbook for Public- Private Collaboration’, 2018. https://www.weforum.org/reports/cyber-resilience-playbook-for-public-private-collaboration.

WEF. ‘Pathways Towards a Cyber Resilient Aviation Industry’, 2021. https://www.weforum.org/reports/pathways-towards-a-cyber-resilient-aviation-industry.

FA4 Critical Infrastructure services and essential services

CCDCOE. ‘National Cyber Security Framework Manual’, section 4.5.4, 2012. https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

CCDCOE.. ‘National Cyber Security Strategy Guidelines’, sections 3.4, 3.5, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.12, 4.4.13, 4.4.20, 4.4.25, 4.4.26, 4.4.28, 4.4.32, (2015).

ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’, section 4.2, 2016.

ENISA. ‘Methodologies for the Identification of Critical Information Infrastructure Assets and Services’, 2015.

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, section 3.6, 2016.

Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’. Dimension 1: 1.1, 1.3, University Oxford, 2021.

Meridian and GFCE. ‘Companion Document to the GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for Governmental Policy-Makers’, 2016. https://www.tno.nl/media/10425/companiondocument_gpg_ciip.pdf.

Microsoft. ‘Critical Connections: Protecting Infrastructures, All Sections’, 2014.

Microsoft. ‘Critical Infrastructure Protection: Concepts and Continuum, All Sections’, 2014.

Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.

OAS. ‘Report Cybersecurity and Critical Infrastructure in the Americas’, 2015.

OECD. ‘Recommendation of the Council on Digital Security of Critical Activities Https://Ccdcoe.Org/Uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.PdfPotomac Institute for Policy Studies (2015): Cyber Readiness Index 2.0’, 2019. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, 2015.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2.4, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UNIDIR. ‘International Cooperation to Mitigate Cyber Operations against Critical Infrastructure’, 2021. https://unidir.org/criticalinfrastructure.

UNOCT, CTED and INTERPOL. ‘Compendium of Good Practices for the Protection of Critical Infrastructure against Terrorist Attack’, 2018. https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/eng_compendium-cip-final-version-120618.pdf.

FA5 Capability and capacity building and awareness raising

‘Council of Europe, Capacity Building Programmes’, n.d.

CCDCOE. ‘National Cyber Security Strategy Framework Manual’, sections 4.5.5, 4.6.3, (2012).

CCDCOE. ‘National Cyber Security Strategy Guidelines’, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.

CCI. ‘Checklist’, 2013.

CCI. ‘Commonwealth Network of Contact Persons Framework’, 2005.

CCI. ‘Harare Scheme on Mutual Legal Assistance in Criminal Matters’, 2011.

Council of Europe. ‘Capacity building programmes’. https://www.coe.int/en/web/cybercrime/capacity-building-programmes

Council of Europe. ‘Cybercrime Octopus Community (Country Resources, Training Materials, Guides and Research’. https://www.coe.int/en/web/octopus/home?desktop=true

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.11, 4.4.17, 4.4.20, 4.4.34, 4.4.12, 4.4.14, 4.4.16, 4.4.23, (2015).

ENISA. ‘CERT Operational Gaps and Overlaps’, p. 6, 16, 19, 21, 27, 29, 31, 32, 50, 57 (2011).

ENISA. ‘Cybersecurity Skills Development in the EU’, 2020.

ENISA. ‘Good Practice Guide for Incident Management’ p.19, 23, 26, 32, 46, 56, 58, 64, 69, (2010).

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.12, 3.8, 3.11, 3.13, 4.3, 4.6, 4.7, 4.14, (2016).

ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation, Section’, section 2.1, (2016).

Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’. Dimension 3: 3.1, 3.2, 3.3, 3.4, University Oxford, 2021.

ITU. ‘CIRT Framework’, 2021.

ITU. ‘CyberDrill Framework’, 2021.

Microsoft. Developing a National Strategy for Cybersecurity, Section: Driving Research and Technology Investment, Public Awareness. Workforce Training and Education, 2013.

NIST. ‘Workforce Framework for Cybersecurity NICE Framework’, 2020. https://doi.org/10.6028/NIST.SP.800-181r1.

OAS. ‘Cyber Security Awareness Campaign Toolkit, All Sections’, 2015.

OAS. ‘Cybersecurity Education: Planning for the Future Through Workforce Development’, 2020.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, section 2-B, 2015.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2.5, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf

UNCTAD. ‘Programme on E-Commerce and Law Reform’, 2015.

US “National Cyber Incident Scoring System (NCISS) which includes a Cyber Incident Severity Schema (CISS)”. https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System

FA6 Legislation and Regulation

CCDCOE. ‘National Cyber Security Strategy Framework Manual’, section 5, 2012. https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.

CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.2, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.

CCI. ‘Checklist’, 2013.

Council of Europe. ‘Second Additional Protocol to the Convention on Cybercrime on Enhanced Cooperation and Disclosure of Electronic Evidence – Draft as Approved by the Cybercrime Convention Committee’, 2021.

Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and Electronic Evidence in GLACY Countries’, sections 1, 2, 6, (2016).

Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region’, sections 1,2,7, (2013).

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.18, 4.4.19, 4.4.20, (2015).

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.15, 3.184.9, 4.12, (2016).

Europe, Council. ‘Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001)’, 2004.

Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’. Dimension 4: 4.1, 4.3, 4.4, University Oxford, 2021.

ITU. ‘Guidelines for Policy-Makers on Child Online Protection’, sections 3.3, 3.4, (2020). https://www.itu-cop-guidelines.com/policymakers.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 3, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.

UN ‘Sustainable Development Goals, Article 16.3 UNCTAD, Global Cyberlaw Tracker’, 2015.

UNHR. ‘International Covenant on Civil and Political Rights, Article 19’, 1976.

WEF. ‘Cybercrime Prevention Principles for Internet Service Providers’, 2020. https://www.weforum.org/reports/cybercrime-prevention-principles-for-internet-service-providers.

WEF. ‘Partnership against Cybercrime’, 2020. https://www.weforum.org/reports/partnership-against-cybercrime.

WEF. ‘Recommendations for Public-Private Partnership against Cybercrime’, 2016. http://www3.weforum.org/docs/WEF_Cybercrime_Principles.pdf.

World Bank. ‘Combatting Cybercrime: Tools and Capacity Building for Emerging Economies’.

FA7 International Cooperation

‘Second Additional Protocol to the Convention on Cybercrime on Enhanced Cooperation and Disclosure of Electronic Evidence – Draft as Approved by the Cybercrime Convention Committee’, n.d.

CCDCOE. ‘National Cyber Security Strategy Framework Manual’, sections 4.7, 5.4.2, 5.4.3, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/

CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.3, 3.2.1, 3.3.2, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf

CCDCOE. ‘The Tallin Manual 2.0’, 2017. https://ccdcoe.org/research/tallinn-manual/.

Council of Europe. ‘Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001)’, chapter III, 2004.

Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and Electronic Evidence in GLACY Countries’ Strategic Priority 7, 2016.

Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region’, Strategic Priority 8, 2013.

CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.20, 4.4.21 (2015).

ENISA. ‘Guidebook on National Cyber Security Strategies, Section’, section 3.16, 2016.

ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections: 3.16. 4.10, (2016).

Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, 4: 4.4, University Oxford, 2021.

Microsoft. ‘Developing a National Strategy for Cybersecurity, Section on Structuring International Engagement’, 2013.

OECD. ‘Recommendation of the Council on Digital Security of Critical Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.

OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’ p. 13, 48, 58, 2015.

Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 4.6, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.

UNIDIR. ‘Cyber Policy Portal’, 2021.

UNIDIR. ‘International Cooperation to Mitigate Cyber Operations against Critical Infrastructure’, 2021. https://unidir.org/criticalinfrastructure.

← Previous SectionNext Section →