Guide to Developing a National Cybersecurity Strategy : Strategic Engagement in Cybersecurity / International Telecommunication Union.

Format:

Book

Author/Creator:

International Telecommunication Union, author, issuing body.

Language:

English

Subjects (All):

Computer security.

Computer networks--Security measures.

Computer networks.

Physical Description:

1 online resource (72 pages)

Place of Publication:

Geneva, Switzerland : International Telecommunication Union, 2018.

Summary:

Facilitated by ITU, twelve partners from the public and private sectors, academia and civil society share their experience, knowledge and expertise, providing an aggregated, harmonised set of principles on the development, establishment and implementation of national cybersecurity strategies. The guide's objective is to instigate strategic thinking and help national leaders and policy-makers to develop, establish and implement national cybersecurity strategies world-wide. The National Cybersecurity Strategy Guide was developed through an iterative approach, which sought to reach agreement through consensus-building. It is based on existing resources and aims to facilitate its use by national stakeholders. Wherever possible, the relevant sources and tools used to develop each set of recommendations are listed in the Reference section to encourage their broader use. Cybersecurity is a foundational element underpinning the achievement of socio-economic objectives of modern economies. The hope is that the resulting National Cybersecurity Strategy Guide can serve as a useful tool to all stakeholders, including national policy-makers, legislators and regulators, with cybersecurity responsibilities. In addition, it might have broader applicability, as the concepts introduced can be applied at the regional, or municipal levels, as well as adapted for industry.

Contents:

Preface

Document Overview

1.1 Purpose

1.2 Scope

1.3 Overall structure and usage of the Guide

1.4 Target audience

Introduction

2.1 What is cybersecurity

2.2 Benefits of a National Cybersecurity Strategy and Strategy development process

3 Lifecycle of a National Cybersecurity Strategy

3.1 Phase I: Initiation

3.1.1. Identifying the lead project authority

3.1.2. Establishing a steering committee

3.1.3. Identifying stakeholders to be involved in the development of the Strategy

3.1.4. Planning the development of the Strategy

3.2 Phase II: Stocktaking and analysis

3.2.1 Assessing the national cybersecurity landscape

3.2.2 Assessing the cyber-risk landscape

3.3 Phase III: Production of the National Cybersecurity Strategy

3.3.1 Draft the National Cybersecurity Strategy

3.3.2 Consulting with a broad range of stakeholders

3.3.3 Seeking formal approval

3.3.4 Publishing the Strategy.

3.4 Phase IV: Implementation

3.4.1 Developing the action plan

3.4.2 Determining initiatives to be implemented

3.4.3 Allocating human and financial resources for the implementation

3.4.4 Setting timeframes and metrics

3.5 Phase V: Monitoring and evaluation

3.5.1 Establishing a formal process

3.5.2 Monitoring the progress of the implementation of the Strategy

3.5.3 Evaluating the outcomes of the Strategy

4 Overarching principles

4.1 Vision

4.2 Comprehensive approach and tailored priorities

4.3 Inclusiveness

4.4 Economic and social prosperity

4.5 Fundamental human rights

4.6 Risk management and resilience

4.7 Appropriate set of policy Instruments

4.8 Clear leadership, roles and resource allocation

4.9 Trust environment

5 National Cybersecurity Strategy Good Practice

5.1 Focus area 1 - Governance

5.1.1 Ensure the highest level of support

5.1.2 Establish a competent cybersecurity authority

5.1.3 Ensure intra-government cooperation

5.1.4 Ensure inter-sectoral cooperation

5.1.5 Allocate dedicated budget and resources

5.1.6 Develop an implementation plan

5.2 Focus area 2 - Risk management in national cybersecurity

5.2.1 Define a risk management approach.

5.2.2 Identify a common methodology for managing cybersecurity risk

5.2.3 Develop sectoral cybersecurity risk profiles

5.2.4 Establish cybersecurity policies

5.3 Focus area 3 - Preparedness and resilience

5.3.1 Establish cyber-incident response capabilities

5.3.2 Establish contingency plans for cybersecurity crisis management

5.3.3 Promote information-sharing

5.3.4 Conduct cybersecurity exercises

5.4 Focus area 4 - Critical infrastructure services and essential services

5.4.1 Establish a risk-management approach to protecting critical infrastructures and services

5.4.2 Adopt a governance model with clear responsibilities

5.4.3 Define minimum cybersecurity baselines

5.4.4 Utilise a wide range of market levers

5.4.5 Establish public private partnerships

5.5 Focus area 5 - Capability and capacity building and awareness raising

5.5.1 Develop cybersecurity curricula

5.5.2 Stimulate skills development and workforce training

5.5.3 Implement a coordinated cybersecurity awareness-raising programme

5.5.4 Foster cybersecurity innovation and R&D

5.6 Focus area 6 - Legislation and regulation

5.6.1 Establish cybercrime legislation

5.6.2 Recognise and safeguard individual rights and liberties

5.6.3 Create compliance mechanisms

5.6.4 Promote capacity-building for law enforcement

5.6.5 Establish inter-organisational processes

5.6.6 Support international cooperation to combat cybercrime.

5.7 Focus area 7 - International cooperation

5.7.1 Recognise the importance of cybersecurity as a priority of foreign policy

5.7.2 Engage in international discussions

5.7.3 Promote formal and informal cooperation in cyberspace

5.7.4 Align domestic and international cybersecurity efforts

Reference materials

Acronyms.

Notes:

Description based on publisher supplied metadata and other sources.