
In the process of updating this Guide, a stocktaking of existing guides and best practices was conducted.
This allowed us to identify materials already available to support countries in developing their National Cybersecurity Strategy. The list below provides a comprehensive catalogue of the abovementioned materials, including web links.
NCS Lifecycle
Initiation
CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 1.3, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’ dimension 1: 1.1, University of Oxford, 2021. (https://gcscc.ox.ac.uk/cmm-2021-edition)
GPD. ‘Involving Stakeholders in National Cybersecurity Strategies: A Guide for Policymakers’, 2020. https://www.gp-digital.org/publication/involving-stakeholders-in-national-cybersecurity-strategies-a-guide-for-policymakers/.
Stocktaking and Analysis
CCDCOE. ‘Cybersecurity Strategy & Governance Repository’. https://ccdcoe.org/library/strategy-and-governance/.
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.4, 4, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections: 2.1, 2.2, 3.2.1, 3.3.1, (2013).
ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.
GCSCC ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition
GFCE. ‘Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle’, sections: 1-7, 2021. https://cybilportal.org/tools/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/.
ITU. ‘Global Cybersecurity Index 2020’, 2021. https://www.itu.int/epublications/publication/global-cybersecurity-index-2020/en/
OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
UNIDIR. ‘Cyber Policy Portal’, 2021. www.cyberpolicyportal.org
Production
ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. (https://gcscc.ox.ac.uk/cmm-2021-edition)
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
Implementation
ENISA. ‘National Cyber Security Strategies: An Implementation Guide’, 2012.
ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.
GCSCC. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition
GFCE. ‘Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle’, 2021. https://cybilportal.org/tools/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
Monitoring and Evaluation
CCDCOE. ‘Cybersecurity Strategy & Governance Repository’. https://ccdcoe.org/library/strategy-and-governance/.
CCDCOE. ‘National Cyber Security Framework Manual’, section 2.4, 2012. https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
ENISA. ‘National Capabilities Assessment Framework’, 2020.
ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. (https://gcscc.ox.ac.uk/cmm-2021-edition)
OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
Overarching Principles
Vision
ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. (https://gcscc.ox.ac.uk/cmm-2021-edition)
Microsoft. ‘Building an Effective National Cybersecurity Agency’, 2018.
Microsoft. ‘Developing a National Cybersecurity Strategy, Sections: A Principled Approach to Cybersecurity, Establishing Clear Priorities and Security Baseline’, 2013.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
Comprehensive approach and tailored priorities
CCDCOE. ‘Cybersecurity Strategy & Governance Repository’. https://ccdcoe.org/library/strategy-and-governance/.
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.4, 4, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections: 2.1, 2.2, 3.2.1, 3.3.1, (2013).
ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.
GCSCC ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition
GFCE. ‘Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle’, sections: 1-7, 2021. https://cybilportal.org/tools/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/.
OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
UNIDIR. ‘Cyber Policy Portal’, 2021. www.cyberpolicyportal.org
Economic and Social Prosperity
GPD. ‘Involving Stakeholders in National Cybersecurity Strategies: A Guide for Policymakers’, 2020. https://www.gp-digital.org/publication/involving-stakeholders-in-national-cybersecurity-strategies-a-guide-for-policymakers/
GPD. ‘Toolkit for Inclusive and Value-Based Cybersecurity Policymaking’. https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based-cybersecurity-policymaking/
OECD ‘Recommendation of the Council on Digital Security of Critical Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity, 2-A, Companion Document’, 2015.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity, 2-A, Companion Document’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
Fundamental human rights
Council of Europe. ‘Second Additional Protocol to the Convention on Cybercrime on Enhanced Cooperation and Disclosure of Electronic Evidence – Draft as Approved by the Cybercrime Convention Committee’, 2021.
Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and Electronic Evidence in GLACY Countries’, sections 1, 2, 6, (2016).
Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region’, sections 1,2,7, (2013).
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.18, 4.4.19, 4.4.20, (2015).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.15, 3.184.9, 4.12, (2016).
Europe, Council. ‘Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001)’, 2004.
ITU. ‘Guidelines for Policy-Makers on Child Online Protection’, sections 3.3, 3.4, (2020). https://www.itu-cop-guidelines.com/policymakers.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 3, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
- ‘Sustainable Development Goals, Article 16.3 UNCTAD, Global Cyberlaw Tracker’, 2015.
UNHR. ‘International Covenant on Civil and Political Rights, Article 19’, 1976.
WEF. ‘Cybercrime Prevention Principles for Internet Service Providers’, 2020. https://www.weforum.org/reports/cybercrime-prevention-principles-for-internet-service-providers.
WEF. ‘Partnership against Cybercrime’, 2020. https://www.weforum.org/reports/partnership-against-cybercrime.
WEF. ‘Recommendations for Public-Private Partnership against Cybercrime’, 2016. http://www3.weforum.org/docs/WEF_Cybercrime_Principles.pdf.
World Bank. ‘Combatting Cybercrime: Tools and Capacity Building for Emerging Economies’.
Risk management and resilience
Carnegie Mellon. ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’, 2003.
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.2, 4.2.2, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 3.5 (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.3, 4.4.20, 4.4.21, 4.4.22, 4.4.27, 4.4.31, (2015).
ENISA. ‘CERT Operational Gaps and Overlaps’, 2011.
ENISA. ‘Good Practice Guide for Incident Management’, 2011.
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.6, 3.7, 3.10, 3.14, 4.1, 4.5, 4.8, (2016).
ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation’, 2016.
FIRST ‘FIRST CSIRT Services Framework Version 2.1’, 2019. https://www.first.org/standards/frameworks/csirts/FIRST_CSIRT_Services_Framework_v2.1.0.pdf.
FIRST. ‘FIRST PSIRT Services Framework Version 1.1’, 2020. https://www.first.org/standards/frameworks/psirts/FIRST_PSIRT_Services_Framework_v1.1.pdf.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.2; Dimension 5: 5.6, University Oxford, 2021.
ITU. ‘CIRT Framework’, 2021.
ITU. ‘CyberDrill Framework’, 2021.
Microsoft. ‘Developing a National Strategy for Cybersecurity, Section: Building Incident Response Capabilities’, 2013.
Microsoft. ‘Information Sharing Framework for Cybersecurity’, 2015.
Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.
OAS. ‘Best Practice for Establishing a National CSIRT’, p. 35, 2016.
OAS. ‘Comprehensive Inter-American Cybersecurity Strategy: A Multidimensional and Multidisciplinary Approach to Creating a Culture of Cybersecurity’, pp.3-4, 2004.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, section 2-B, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2,4, (2015). https://www.potomacinstitute.org/images/CRIndex2.0.pdf
TNO. ‘Getting Started with a National CSIRT Guide’, 2021. https://cybilportal.org/tools/getting-started-with-a-national-csirt-guide/.
UNU. ‘Report: Cyber Resilience in Asia Pacific – A Review of National Cybersecurity Strategies’, 2020. https://collections.unu.edu/view/UNU:7760.
WEF and Carnegie. ‘International Strategy to Better Protect the Financial System Against Cyber Threats’, 2020. https://carnegieendowment.org/2020/11/18/international-strategy-to-better-protect-financial-system-against-cyber-threats-pub-83105.
WEF. ‘Cyber Resilience in the Electricity Ecosystem: Securing the Value Chain’, 2020. https://www.weforum.org/whitepapers/cyber-resilience-in-the-electricity-ecosystem-securing-the-value-chain.
WEF. ‘Cyber Resilience: Playbook for Public- Private Collaboration’, 2018. https://www.weforum.org/reports/cyber-resilience-playbook-for-public-private-collaboration.
WEF. ‘Pathways Towards a Cyber Resilient Aviation Industry’, 2021. https://www.weforum.org/reports/pathways-towards-a-cyber-resilient-aviation-industry.
Appropriate set of policy instruments
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, section 5, 2012. https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.2, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.18, 4.4.19, 4.4.20, (2015).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.15, 3.184.9, 4.12, (2016).
Europe, Council. ‘Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001)’, 2004.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’. Dimension 4: 4.1, 4.3, 4.4, University Oxford, 2021.
Clear leadership, roles, and resource allocation
CCDCOE. ‘National Cyber Security Framework Manual’, sections 1.4.2, 2.1.1 2.1.3, 2.2, 2.3, 2.4, 3.1, 3.5, 4, 5.3.1, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.1, 3.3, 3.8, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.1, 4.4.4, 4.4.5, 4.4.8, 4.4.9, 4.4.20, 4.4.21, 4.4.34, 4.5, (2015).
ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’, sections 2, 2.2.1, 3.1.1, 3.1.2, 3.1.3, (2016).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections: 3.1, 3.2, 3.4, 3.5, 3.17, (2016).
ENISA. ‘National Cyber Security Strategies: Setting the Course for National Efforts to Strengthen Security in Cyberspace’, sections 4, 6 (2016).
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, University of Oxford (2021). (https://gcscc.ox.ac.uk/cmm-2021-edition)
GPD. ‘Toolkit for Inclusive and Value-Based Cybersecurity Policymaking’. https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based-cybersecurity-policymaking/.
Microsoft. ‘Building an Effective National Cybersecurity Agency’, 2018.
Microsoft. ‘Developing a National Cybersecurity Strategy, Sections: A Principled Approach to Cybersecurity, Establishing Clear Priorities and Security Baseline’, 2013.
Trust environment
ENISA. ‘National Cyber Security Strategies: An Implementation Guide’, 2012.
ENISA. ‘National Cyber Security Strategies: Training Tool’, 2016.
GCSCC ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition
GFCE. ‘Catalog of Project Options for the National Cybersecurity Strategy (NCS) Cycle’, 2021. https://cybilportal.org/tools/catalog-of-project-options-for-the-national-cybersecurity-strategy-ncs-cycle/.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
Focus Areas
FA 1 Governance
CCDCOE. ‘National Cyber Security Framework Manual’, sections 1.4.2, 2.1.1 2.1.3, 2.2, 2.3, 2.4, 3.1, 3.5, 4, 5.3.1, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.1, 3.3, 3.8, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf
CCI. ‘Checklist’, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.1, 4.4.4, 4.4.5, 4.4.8, 4.4.9, 4.4.20, 4.4.21, 4.4.34, 4.5, (2015).
ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’, sections 2, 2.2.1, 3.1.1, 3.1.2, 3.1.3, (2016).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections: 3.1, 3.2, 3.4, 3.5, 3.17, (2016).
ENISA. ‘National Cyber Security Strategies: Setting the Course for National Efforts to Strengthen Security in Cyberspace’, sections 4, 6 (2016).
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, University of Oxford (2021). (https://gcscc.ox.ac.uk/cmm-2021-edition)
GPD. ‘Toolkit for Inclusive and Value-Based Cybersecurity Policymaking’. https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based-cybersecurity-policymaking/.
Microsoft. ‘Building an Effective National Cybersecurity Agency’, 2018.
Microsoft. ‘Developing a National Cybersecurity Strategy, Sections: A Principled Approach to Cybersecurity, Establishing Clear Priorities and Security Baseline’, 2013.
OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.
OECD ‘Recommendation of the Council on Digital Security of Critical Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.
OECD. ‘Cybersecurity Policy Making at a Turning Point, Annex IV’, 2012.
OECD. ‘Recommendation of the Council Concerning Guidelines for the Protection of Privacy and Transborder Flows of Personal Data (Privacy Guidelines’, 2013.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity, 2-A, Companion Document’, 2015.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity, 2-A, Companion Document’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
FA2 Risk management in national cybersecurity
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 2.1.2, 5.3.2, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.6, 4.4.15, 4.4.24, 4.4.25, 4.4.26, 4.4.27, (2015).
ENISA. ‘National Cyber Security Strategy Good Practice Guide – Designing and Implementing National Cyber Security Strategies, 2016.
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, 1.3; Dimension 2: 2.1; Dimension 3: 3.1, 3.2, 3.4; Dimension 4: 4.1, 4.2, 4.3, 4.4; Dimension 5: 5.1, 5.2, 5.4, 5.5, 5.6, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition
Microsoft. ‘Developing a National Cybersecurity Strategy. Building a Risk Approach’, 2013.
Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.
NIST. ‘Framework for Improving Critical Infrastructure Cybersecurity’, 2015.
OAS. ‘Managing National Cyber Risk’, 2018. https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.
OECD. ‘Recommendation of the Council on Digital Security of Critical Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 1, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
UNIDIR. ‘Supply Chain Security in the Cyber Age: Sector Trends, Current Threats and Multi-Stakeholder Responses’, 2020. https://unidir.org/publication/supply-chain-security-cyber-age-sector-trends-current-threats-and-multi-stakeholder.
WEF. ‘Principles for Board Governance of Cyber Risk’, 2021. https://www.weforum.org/reports/principles-for-board-governance-of-cyber-risk.
FA3 Preparedness and resilience
Carnegie Mellon. ‘Handbook for Computer Security Incident Response Teams (CSIRTs)’, 2003.
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.2, 4.2.2, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.5 (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.3, 4.4.20, 4.4.21, 4.4.22, 4.4.27, 4.4.31, (2015).
ENISA. ‘CERT Operational Gaps and Overlaps’, 2011.
ENISA. ‘Good Practice Guide for Incident Management’, 2011.
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.6, 3.7, 3.10, 3.14, 4.1, 4.5, 4.8, (2016).
ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation’, 2016.
FIRST ‘FIRST CSIRT Services Framework Version 2.1’, 2019. https://www.first.org/standards/frameworks/csirts/FIRST_CSIRT_Services_Framework_v2.1.0.pdf.
FIRST. ‘FIRST PSIRT Services Framework Version 1.1’, 2020. https://www.first.org/standards/frameworks/psirts/FIRST_PSIRT_Services_Framework_v1.1.pdf.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.2; Dimension 5: 5.6, University Oxford, 2021.
ITU. ‘CIRT Framework’, 2021.
ITU. ‘CyberDrill Framework’, 2021.
Microsoft. ‘Developing a National Strategy for Cybersecurity, Section: Building Incident Response Capabilities’, 2013.
Microsoft. ‘Information Sharing Framework for Cybersecurity’, 2015.
Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.
OAS. ‘Best Practice for Establishing a National CSIRT’, p. 35, 2016.
OAS. ‘Comprehensive Inter-American Cybersecurity Strategy: A Multidimensional and Multidisciplinary Approach to Creating a Culture of Cybersecurity’, pp.3-4, 2004.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, section 2-B, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2,4, (2015). https://www.potomacinstitute.org/images/CRIndex2.0.pdf
TNO. ‘Getting Started with a National CSIRT Guide’, 2021. https://cybilportal.org/tools/getting-started-with-a-national-csirt-guide/.
UNU. ‘Report: Cyber Resilience in Asia Pacific – A Review of National Cybersecurity Strategies’, 2020. https://collections.unu.edu/view/UNU:7760.
US “National Cyber Incident Scoring System (NCISS) which includes a Cyber Incident Severity Schema (CISS)”. https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System
WEF and Carnegie. ‘International Strategy to Better Protect the Financial System Against Cyber Threats’, 2020. https://carnegieendowment.org/2020/11/18/international-strategy-to-better-protect-financial-system-against-cyber-threats-pub-83105.
WEF. ‘Cyber Resilience in the Electricity Ecosystem: Securing the Value Chain’, 2020. https://www.weforum.org/whitepapers/cyber-resilience-in-the-electricity-ecosystem-securing-the-value-chain.
WEF. ‘Cyber Resilience: Playbook for Public- Private Collaboration’, 2018. https://www.weforum.org/reports/cyber-resilience-playbook-for-public-private-collaboration.
WEF. ‘Pathways Towards a Cyber Resilient Aviation Industry’, 2021. https://www.weforum.org/reports/pathways-towards-a-cyber-resilient-aviation-industry.
FA4 Critical Infrastructure services and essential services
CCDCOE. ‘National Cyber Security Framework Manual’, section 4.5.4, 2012. https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
CCDCOE.. ‘National Cyber Security Strategy Guidelines’, sections 3.4, 3.5, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.12, 4.4.13, 4.4.20, 4.4.25, 4.4.26, 4.4.28, 4.4.32, (2015).
ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’, section 4.2, 2016.
ENISA. ‘Methodologies for the Identification of Critical Information Infrastructure Assets and Services’, 2015.
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, section 3.6, 2016.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’. Dimension 1: 1.1, 1.3, University Oxford, 2021.
Meridian and GFCE. ‘Companion Document to the GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for Governmental Policy-Makers’, 2016. https://www.tno.nl/media/10425/companiondocument_gpg_ciip.pdf.
Microsoft. ‘Critical Connections: Protecting Infrastructures, All Sections’, 2014.
Microsoft. ‘Critical Infrastructure Protection: Concepts and Continuum, All Sections’, 2014.
Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.
OAS. ‘Report Cybersecurity and Critical Infrastructure in the Americas’, 2015.
OECD. ‘Recommendation of the Council on Digital Security of Critical Activities Https://Ccdcoe.Org/Uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.PdfPotomac Institute for Policy Studies (2015): Cyber Readiness Index 2.0’, 2019. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2.4, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
UNIDIR. ‘International Cooperation to Mitigate Cyber Operations against Critical Infrastructure’, 2021. https://unidir.org/criticalinfrastructure.
UNOCT, CTED and INTERPOL. ‘Compendium of Good Practices for the Protection of Critical Infrastructure against Terrorist Attack’, 2018. https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/eng_compendium-cip-final-version-120618.pdf.
FA5 Capability and capacity building and awareness raising
‘Council of Europe, Capacity Building Programmes’, n.d.
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, sections 4.5.5, 4.6.3, (2012).
CCDCOE. ‘National Cyber Security Strategy Guidelines’, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
CCI. ‘Commonwealth Network of Contact Persons Framework’, 2005.
CCI. ‘Harare Scheme on Mutual Legal Assistance in Criminal Matters’, 2011.
Council of Europe. ‘Capacity building programmes’. https://www.coe.int/en/web/cybercrime/capacity-building-programmes
Council of Europe. ‘Cybercrime Octopus Community (Country Resources, Training Materials, Guides and Research’. https://www.coe.int/en/web/octopus/home?desktop=true
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.11, 4.4.17, 4.4.20, 4.4.34, 4.4.12, 4.4.14, 4.4.16, 4.4.23, (2015).
ENISA. ‘CERT Operational Gaps and Overlaps’, p. 6, 16, 19, 21, 27, 29, 31, 32, 50, 57 (2011).
ENISA. ‘Cybersecurity Skills Development in the EU’, 2020.
ENISA. ‘Good Practice Guide for Incident Management’ p.19, 23, 26, 32, 46, 56, 58, 64, 69, (2010).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.12, 3.8, 3.11, 3.13, 4.3, 4.6, 4.7, 4.14, (2016).
ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation, Section’, section 2.1, (2016).
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’. Dimension 3: 3.1, 3.2, 3.3, 3.4, University Oxford, 2021.
ITU. ‘CIRT Framework’, 2021.
ITU. ‘CyberDrill Framework’, 2021.
Microsoft. Developing a National Strategy for Cybersecurity, Section: Driving Research and Technology Investment, Public Awareness. Workforce Training and Education, 2013.
NIST. ‘Workforce Framework for Cybersecurity NICE Framework’, 2020. https://doi.org/10.6028/NIST.SP.800-181r1.
OAS. ‘Cyber Security Awareness Campaign Toolkit, All Sections’, 2015.
OAS. ‘Cybersecurity Education: Planning for the Future Through Workforce Development’, 2020.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’, section 2-B, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2.5, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf
UNCTAD. ‘Programme on E-Commerce and Law Reform’, 2015.
US “National Cyber Incident Scoring System (NCISS) which includes a Cyber Incident Severity Schema (CISS)”. https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System
FA6 Legislation and Regulation
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, section 5, 2012. https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.2, 2013. https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
Council of Europe. ‘Second Additional Protocol to the Convention on Cybercrime on Enhanced Cooperation and Disclosure of Electronic Evidence – Draft as Approved by the Cybercrime Convention Committee’, 2021.
Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and Electronic Evidence in GLACY Countries’, sections 1, 2, 6, (2016).
Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region’, sections 1,2,7, (2013).
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.18, 4.4.19, 4.4.20, (2015).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections 3.15, 3.184.9, 4.12, (2016).
Europe, Council. ‘Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001)’, 2004.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’. Dimension 4: 4.1, 4.3, 4.4, University Oxford, 2021.
ITU. ‘Guidelines for Policy-Makers on Child Online Protection’, sections 3.3, 3.4, (2020). https://www.itu-cop-guidelines.com/policymakers.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 3, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
UN ‘Sustainable Development Goals, Article 16.3 UNCTAD, Global Cyberlaw Tracker’, 2015.
UNHR. ‘International Covenant on Civil and Political Rights, Article 19’, 1976.
WEF. ‘Cybercrime Prevention Principles for Internet Service Providers’, 2020. https://www.weforum.org/reports/cybercrime-prevention-principles-for-internet-service-providers.
WEF. ‘Partnership against Cybercrime’, 2020. https://www.weforum.org/reports/partnership-against-cybercrime.
WEF. ‘Recommendations for Public-Private Partnership against Cybercrime’, 2016. http://www3.weforum.org/docs/WEF_Cybercrime_Principles.pdf.
World Bank. ‘Combatting Cybercrime: Tools and Capacity Building for Emerging Economies’.
FA7 International Cooperation
‘Second Additional Protocol to the Convention on Cybercrime on Enhanced Cooperation and Disclosure of Electronic Evidence – Draft as Approved by the Cybercrime Convention Committee’, n.d.
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, sections 4.7, 5.4.2, 5.4.3, (2012). https://ccdcoe.org/library/publications/national-cyber-security-framework-manual/
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.3, 3.2.1, 3.3.2, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf
CCDCOE. ‘The Tallin Manual 2.0’, 2017. https://ccdcoe.org/research/tallinn-manual/.
Council of Europe. ‘Budapest Convention on Cybercrime and Its Additional Protocol on Xenophobia and Racism (2001)’, chapter III, 2004.
Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and Electronic Evidence in GLACY Countries’ Strategic Priority 7, 2016.
Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime in the Eastern Partnership Region’, Strategic Priority 8, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security Strategies’, sections 4.4.20, 4.4.21 (2015).
ENISA. ‘Guidebook on National Cyber Security Strategies, Section’, section 3.16, 2016.
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and Implementing National Cyber Security Strategies’, sections: 3.16. 4.10, (2016).
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity Model for Nations (CMM)’, Dimension 1: 1.1, 4: 4.4, University Oxford, 2021.
Microsoft. ‘Developing a National Strategy for Cybersecurity, Section on Structuring International Engagement’, 2013.
OECD. ‘Recommendation of the Council on Digital Security of Critical Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The-Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.
OECD. ‘Recommendation of the Council on Digital Security Risk Management for Economic and Social Prosperity’ p. 13, 48, 58, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 4.6, 2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
UNIDIR. ‘Cyber Policy Portal’, 2021.
UNIDIR. ‘International Cooperation to Mitigate Cyber Operations against Critical Infrastructure’, 2021. https://unidir.org/criticalinfrastructure.