Transcription of GUIDE TO DEVELOPING A NATIONAL CYBERSECURITY …
1 STRATEGIC ENGAGEMENT IN CYBERSECURITYGUIDE TO DEVELOPING A NATIONAL CYBERSECURITY STRATEGYPOTOMAC INSTITUTEFORPOLICY STUDIESBGIIG uide to DEVELOPING a NATIONAL CYBERSECURITY StrategyIIIG uide to DEVELOPING a NATIONAL CYBERSECURITY StrategyThis work is a co-publication of the International Telecommunication Union (ITU), the World Bank, Commonwealth Secretariat (ComSec), the Commonwealth Telecommunications Organisation (CTO), and NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), thereafter (IGOs). The findings, interpretations and conclusions expressed in this work do not necessarily reflect the views of the IGOs, or their governing bodies.
2 The IGOs do not guarantee the accuracy of the data included in this work. The boundaries, colours, denominations and other information shown on any map in this work do not imply any judgment on the part of the IGOs concerning the legal status of any territory or the endorsement or acceptance of such herein shall constitute or be considered to be a limitation upon or waiver of the privileges and immunities of the IGOs, all of which are specifically reserved. 2018 International Telecommunication Union (ITU) Place des Nations 1211, Geneva 20 Switzerland Internet: work is available under the Creative Commons Attribution IGO license (CC BY IGO) Under the Creative Commons Attribution license, you are free to copy, distribute, transmit and adapt this work, including for commercial purposes, under the following conditions:Attribution Please cite the work as follows.
3 The International Telecommunication Union (ITU), The World Bank, Commonwealth Secretariat (ComSec), the Commonwealth Telecommunications Organisation (CTO), NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE). 2018. GUIDE to DEVELOPING a NATIONAL CYBERSECURITY strategy Strategic engagement in CYBERSECURITY . Creative Commons Attribution IGO (CC BY IGO).Translations If you create a translation of this work, please add the following disclaimer along with the attribution: This translation was not created by the International Telecommunication Union (ITU), The World Bank, Commonwealth Secretariat (ComSec), the Commonwealth Telecommunications Organisation (CTO), and NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), and should not be considered an official translation.
4 The above-mentioned entities shall not be liable for any content or error in this Rights ReservedRights & PermissionIVGuide to DEVELOPING a NATIONAL CYBERSECURITY StrategyAdaptations If you create an adaptation of this work, please add the following disclaimer along with the attribution: This is an adaptation of an original work by the International Telecommunication Union (ITU), The World Bank, Commonwealth Secretariat (ComSec) the Commonwealth Telecommunications Organisation (CTO) and NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE). Views and opinions expressed in the adaptation are the sole responsibility of the author or authors of the adaptation and are not endorsed by above mentioned Party Content The International Telecommunication Union (ITU), the World Bank, Commonwealth Secretariat (ComSec), the Commonwealth Telecommunications Organisation (CTO) and NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) do not necessarily own each component of the content contained within the work.
5 They therefore do not warrant that the use of any third-party-owned individual component or part contained in the work will not infringe on the rights of those third parties. The risk of claims resulting from such infringement rests solely with you. If you wish to re-use a component of the work, it is your responsibility to determine whether permission is needed for that re-use and to obtain permission from the copyright owner. Examples of components can include but are not limited to, tables, figures, or requests for use exceeding the scope of the aforementioned license (CC BY IGO) should be addressed to the International Telecommunication Union (ITU), Place des Nations, 1211 Geneva 20, Switzerland.
6 Email: VGuide to DEVELOPING a NATIONAL CYBERSECURITY StrategyAcknowledgmentsThis GUIDE was developed by twelve partners from Intergovernmental and International Organisations, private sector, as well as academia and civil society and included the following organisations: Commonwealth Secretariat (ComSec), the Commonwealth Telecommunications Organisation (CTO), Deloitte, the Geneva Centre for Security Policy (GCSP), the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford, the International Telecommunication Union (ITU), Microsoft, the NATO Cooperative Cyber Defence Centre Of Excellence (NATO CCD COE), the Potomac Institute for Policy Studies, RAND Europe, The World Bank and the United Nations Conference on Trade and Development (UNCTAD).
7 The team included Katalaina Sapolu (ComSec), Shadrach Haruna (ComSec), Martin Koyabe (CTO), Fargani Tambeayuk (CTO), Andrea Rigoni (Deloitte), Carolin Weisser (GCSCC), Marco Obiso (ITU), Kaja Ciglic (Microsoft), Kadri Kaska (NATO CCD COE), Francesca Spidalieri and Melissa Hathaway (the Potomac Institute for Policy Studies), Erik Silfversten (RAND Europe), David Satola and Sandra Sergeant (The World Bank), and Cecile Barayre (UNCTAD).The European Union Agency for Network and Information Security (ENISA) provided a significant contribution to the contributions of the following people are also recognised: Grace Acayo, Rosheen Awotar-Mauree, Ben Baseley-Walker, Paul Cornish, Luc Dandurand, Michael Goldsmith, Kemal Huseinovic, Andraz Andy Kastelic, Maxim Kushtuev, Lena Lattion, Gustav Lindstrom, Damien Maddalena, Emily Munro, Lara Pace, Sarah Puello Alfonso, Valeria Risuglia, Taylor Roberts, Monica M.
8 Ruiz, Irene Rubio, Ann Valjataga, Julienne Wright. VIGuide to DEVELOPING a NATIONAL CYBERSECURITY StrategyIt is a pleasure to present on behalf of the partners involved the NATIONAL CYBERSECURITY strategy GUIDE , aimed at providing an aggregated and harmonised set of principles and good practices on the development, establishment and implementation of NATIONAL CYBERSECURITY by ITU, twelve partners from the public and private sectors, academia and civil society agreed to share their experience, knowledge and expertise, producing a GUIDE that gathers existing know-how from the participating organisations as well as providing references to complementary publications.
9 In order to ease access to available the last two decades, billions of people around the world have benefited from the exponential growth and rapid adoption of information and communications technologies, and the associated economic and social opportunities. We are witnessing a digital revolution that is profoundly transforming our societies. CYBERSECURITY is a fundamental factor in achieving socio-economic development. Yet, only seventy-six1 countries around the world have, publicly available, NATIONAL CYBERSECURITY strategies. It is therefore imperative to boost efforts to produce them. As the title suggests, the objective of the GUIDE is to instigate strategic thinking and help NATIONAL leaders and policy-makers to develop, establish and implement NATIONAL CYBERSECURITY strategies.
10 I am confident that the NATIONAL CYBERSECURITY strategy GUIDE will serve as a useful tool for all stakeholders with CYBERSECURITY responsibilities. I would personally like to express my gratitude to the partners, for their continuous, invaluable support and commitment in making this project a great success as a concrete example of a successful multistakeholder collaboration. Brahima Sanou Director, ITU Telecommunication Development BureauForeword1 From the ITU Global CYBERSECURITY Index (GCI) 20171 GUIDE to DEVELOPING a NATIONAL CYBERSECURITY StrategyPreface 51 Document Overview Purpose Scope Overall structure and usage of the GUIDE Target audience 102 Introduction What is CYBERSECURITY Benefits of a NATIONAL CYBERSECURITY strategy and strategy development process 133 Lifecycle of a NATIONAL CYBERSECURITY strategy Phase I.