No products in the cart.
FA 1 Governance
CCDCOE. ‘National Cyber Security Framework Manual’, sections 1.4.2,
2.1.1 2.1.3, 2.2, 2.3, 2.4, 3.1, 3.5, 4, 5.3.1, (2012). https://ccdcoe.org/library/
publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.1, 3.3, 3.8,
(2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security
Strategies’, sections 4.4.1, 4.4.4, 4.4.5, 4.4.8, 4.4.9, 4.4.20, 4.4.21, 4.4.34,
4.5, (2015).
ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’,
sections 2, 2.2.1, 3.1.1, 3.1.2, 3.1.3, (2016).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing
and Implementing National Cyber Security Strategies’, sections: 3.1, 3.2, 3.4,
3.5, 3.17, (2016).
ENISA. ‘National Cyber Security Strategies: Setting the Course for National
Efforts to Strengthen Security in Cyberspace’, sections 4, 6 (2016).
Focus Areas64
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, University of Oxford (2021).
(https://gcscc.ox.ac.uk/cmm-2021-edition)
GPD. ‘Toolkit for Inclusive and Value-Based Cybersecurity Policymaking’.
https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based
cybersecurity-policymaking/.
Microsoft. ‘Building an Effective National Cybersecurity Agency’, 2018.
Microsoft. ‘Developing a National Cybersecurity Strategy, Sections: A
Principled Approach to Cybersecurity, Establishing Clear Priorities and Security
Baseline’, 2013.
OAS. ‘Managing National Cyber Risk’, 2018.
https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.
OECD. ‘Recommendation of the Council on Digital Security of Critical
Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The
Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.
OECD. ‘Cybersecurity Policy Making at a Turning Point, Annex IV’, 2012.
OECD. ‘Recommendation of the Council Concerning Guidelines for the
Protection of Privacy and Transborder Flows of Personal Data (Privacy
Guidelines’, 2013.
OECD. ‘Recommendation of the Council on Digital Security Risk Management
for Economic and Social Prosperity, 2-A, Companion Document’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015.
https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
FA2 Risk management in national cybersecurity
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 2.1.2, 5.3.2,
(2012). https://ccdcoe.org/library/publications/national-cyber-security
framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, 2013.
https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
Strategies’, sections 4.4.6, 4.4.15, 4.4.24, 4.4.25, 4.4.26, 4.4.27, (2015).
ENISA. ‘National Cyber Security Strategy Good Practice Guide – Designing and
Implementing National Cyber Security Strategies, 2016.65
Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, 1.3; Dimension 2: 2.1; Dimension
3: 3.1, 3.2, 3.4; Dimension 4: 4.1, 4.2, 4.3, 4.4; Dimension 5: 5.1, 5.2, 5.4, 5.5,
5.6, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition.
Microsoft. ‘Developing a National Cybersecurity Strategy. Building a Risk
Approach’, 2013.
Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.
NIST. ‘Framework for Improving Critical Infrastructure Cybersecurity’, 2015.
for Economic and Social Prosperity’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 1,
2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
UNIDIR. ‘Supply Chain Security in the Cyber Age: Sector Trends, Current
Threats and Multi-Stakeholder Responses’, 2020.
https://unidir.org/publication/supply-chain-security-cyber-age-sector-trends
current-threats-and-multi-stakeholder.
WEF. ‘Principles for Board Governance of Cyber Risk’, 2021.
https://www.weforum.org/reports/principles-for-board-governance-of
cyber-risk.
FA3 Preparedness and resilience
Carnegie Mellon. ‘Handbook for Computer Security Incident Response Teams
(CSIRTs)’, 2003.
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.2, 4.2.2,
CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.5 (2013).
Strategies’, sections 4.4.3, 4.4.20, 4.4.21, 4.4.22, 4.4.27, 4.4.31, (2015).
ENISA. ‘CERT Operational Gaps and Overlaps’, 2011.66
ENISA. ‘Good Practice Guide for Incident Management’, 2011.
and Implementing National Cyber Security Strategies’, sections 3.6, 3.7, 3.10,
3.14, 4.1, 4.5, 4.8, (2016).
ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation’, 2016.
FIRST. ‘FIRST CSIRT Services Framework Version 2.1’, 2019.
https://www.first.org/standards/frameworks/csirts/FIRST_CSIRT_Services_
Framework_v2.1.0.pdf.
FIRST. ‘FIRST PSIRT Services Framework Version 1.1’, 2020.
https://www.first.org/standards/frameworks/psirts/FIRST_PSIRT_Services_
Framework_v1.1.pdf.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’, Dimension 1: 1.2; Dimension 5: 5.6, University
Oxford, 2021.
ITU. ‘CIRT Framework’, 2021.
ITU. ‘CyberDrill Framework’, 2021.
Microsoft. ‘Developing a National Strategy for Cybersecurity, Section: Building
Incident Response Capabilities’, 2013.
Microsoft. ‘Information Sharing Framework for Cybersecurity’, 2015.
OAS. ‘Best Practice for Establishing a National CSIRT’, p. 35, 2016.
OAS. ‘Comprehensive Inter-American Cybersecurity Strategy: A
Multidimensional and Multidisciplinary Approach to Creating a Culture of
Cybersecurity’, pp.3-4, 2004.
for Economic and Social Prosperity’, section 2-B, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2,4,
(2015). https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
TNO. ‘Getting Started with a National CSIRT Guide’, 2021.
https://cybilportal.org/tools/getting-started-with-a-national-csirt-guide/.
UNU. ‘Report: Cyber Resilience in Asia Pacific – A Review of National
Cybersecurity Strategies’, 2020. https://collections.unu.edu/view/UNU:7760.
US “National Cyber Incident Scoring System (NCISS) which includes a Cyber
Incident Severity Schema (CISS)”.
https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System.67
WEF and Carnegie. ‘International Strategy to Better Protect the Financial
System Against Cyber Threats’, 2020. https://carnegieendowment.
org/2020/11/18/international-strategy-to-better-protect-financial-system
against-cyber-threats-pub-83105.
WEF. ‘Cyber Resilience in the Electricity Ecosystem: Securing the Value
Chain’, 2020. https://www.weforum.org/whitepapers/cyber-resilience-in-the
electricity-ecosystem-securing-the-value-chain.
WEF. ‘Cyber Resilience: Playbook for Public- Private Collaboration’, 2018.
https://www.weforum.org/reports/cyber-resilience-playbook-for-public
private-collaboration.
WEF. ‘Pathways Towards a Cyber Resilient Aviation Industry’, 2021.
https://www.weforum.org/reports/pathways-towards-a-cyber-resilient
aviation-industry.
FA4 Critical Infrastructure services and essential services
CCDCOE. ‘National Cyber Security Framework Manual’, section 4.5.4, 2012.
https://ccdcoe.org/library/publications/national-cyber-security-framework
manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 3.4, 3.5,
Strategies’, sections 4.4.12, 4.4.13, 4.4.20, 4.4.25, 4.4.26, 4.4.28, 4.4.32,
(2015).
section 4.2, 2016.
ENISA. ‘Methodologies for the Identification of Critical Information
Infrastructure Assets and Services’, 2015.
and Implementing National Cyber Security Strategies’, section 3.6, 2016.
Model for Nations (CMM)’. Dimension 1: 1.1, 1.3, University Oxford, 2021.
Meridian and GFCE. ‘Companion Document to the GFCE-MERIDIAN
Good Practice Guide on Critical Information Infrastructure Protection for
Governmental Policy-Makers’, 2016.
https://www.tno.nl/media/10425/companiondocument_gpg_ciip.pdf.
Microsoft. ‘Critical Connections: Protecting Infrastructures, All Sections’, 2014.
Microsoft. ‘Critical Infrastructure Protection: Concepts and Continuum, All
Sections’, 2014.68
OAS. ‘Report Cybersecurity and Critical Infrastructure in the Americas’, 2015.
OECD. ‘Recommendation of the Council on Digital Security of Critical Activities
https://Ccdcoe.Org/Uploads/2020/01/OECD-191211-The-Recommendation-of
the-Council-on-Digital-Security-of-Critical-Activities.Pdf.
Potomac Institute for Policy Studies (2015): Cyber Readiness Index 2.0’, 2019.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2.4,
UNIDIR. ‘International Cooperation to Mitigate Cyber Operations against
Critical Infrastructure’, 2021. https://unidir.org/criticalinfrastructure.
UNOCT, CTED and INTERPOL. ‘Compendium of Good Practices for the
Protection of Critical Infrastructure against Terrorist Attack’, 2018.
https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/
eng_compendium-cip-final-version-120618.pdf.
FA5 Capability and capacity building and awareness raising
‘Council of Europe, Capacity Building Programmes’, n.d.
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, sections
4.5.5, 4.6.3, (2012).
CCI. ‘Commonwealth Network of Contact Persons Framework’, 2005.
CCI. ‘Harare Scheme on Mutual Legal Assistance in Criminal Matters’, 2011.
Council of Europe. ‘Capacity building programmes’.
https://www.coe.int/en/web/cybercrime/capacity-building-programmes.
Council of Europe. ‘Cybercrime Octopus Community (Country Resources,
Training Materials, Guides and Research’.
https://www.coe.int/en/web/octopus/home?desktop=true.
Strategies’, sections 4.4.11, 4.4.17, 4.4.20, 4.4.34, 4.4.12, 4.4.14, 4.4.16,
4.4.23, (2015).69
ENISA. ‘CERT Operational Gaps and Overlaps’, p. 6, 16, 19, 21, 27, 29, 31, 32, 50,
57 (2011).
ENISA. ‘Cybersecurity Skills Development in the EU’, 2020.
ENISA. ‘Good Practice Guide for Incident Management’ p.19, 23, 26, 32, 46, 56,
58, 64, 69, (2010).
and Implementing National Cyber Security Strategies’, sections 3.12, 3.8, 3.11,
3.13, 4.3, 4.6, 4.7, 4.14, (2016).
ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation,
Section’, section 2.1, (2016).
Model for Nations (CMM)’. Dimension 3: 3.1, 3.2, 3.3, 3.4, University Oxford,
2021.
Microsoft. Developing a National Strategy for Cybersecurity, Section: Driving
Research and Technology Investment, Public Awareness. Workforce Training
and Education, 2013.
NIST. ‘Workforce Framework for Cybersecurity NICE Framework’, 2020.
https://doi.org/10.6028/NIST.SP.800-181r1.
OAS. ‘Cyber Security Awareness Campaign Toolkit, All Sections’, 2015.
OAS. ‘Cybersecurity Education: Planning for the Future Through Workforce
Development’, 2020.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2.5,
UNCTAD. ‘Programme on E-Commerce and Law Reform’, 2015.
https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System.
FA6 Legislation and Regulation
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, section
5, 2012. https://ccdcoe.org/library/publications/national-cyber-security
framework-manual/.70
CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.2, 2013.
Council of Europe. ‘Second Additional Protocol to the Convention on
Cybercrime on Enhanced Cooperation and Disclosure of Electronic Evidence -
Draft as Approved by the Cybercrime Convention Committee’, 2021.
Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and
Electronic Evidence in GLACY Countries’, sections 1, 2, 6, (2016).
Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime
in the Eastern Partnership Region’, sections 1,2,7, (2013).
Strategies’, sections 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.18, 4.4.19, 4.4.20, (2015).
and Implementing National Cyber Security Strategies’, sections 3.15, 3.184.9,
4.12, (2016).
Europe, Council. ‘Budapest Convention on Cybercrime and Its Additional
Protocol on Xenophobia and Racism (2001)’, 2004.
Model for Nations (CMM)’. Dimension 4: 4.1, 4.3, 4.4, University Oxford, 2021.
ITU. ‘Guidelines for Policy-Makers on Child Online Protection’, sections 3.3, 3.4,
(2020). https://www.itu-cop-guidelines.com/policymakers.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 3,
UN. ‘Sustainable Development Goals, Article 16.3 UNCTAD, Global Cyberlaw
Tracker’, 2015.
UNHR. ‘International Covenant on Civil and Political Rights, Article 19’, 1976.
WEF. ‘Cybercrime Prevention Principles for Internet Service Providers’, 2020.
https://www.weforum.org/reports/cybercrime-prevention-principles-for
internet-service-providers.
WEF. ‘Partnership against Cybercrime’, 2020.
https://www.weforum.org/reports/partnership-against-cybercrime.
WEF. ‘Recommendations for Public-Private Partnership against Cybercrime’,
2016. http://www3.weforum.org/docs/WEF_Cybercrime_Principles.pdf.
World Bank. ‘Combatting Cybercrime: Tools and Capacity Building for
Emerging Economies’.71
FA7 International Cooperation
‘Second Additional Protocol to the Convention on Cybercrime on Enhanced
Cooperation and Disclosure of Electronic Evidence - Draft as Approved by the
Cybercrime Convention Committee’, n.d.
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, sections 4.7,
5.4.2, 5.4.3, (2012). https://ccdcoe.org/library/publications/national-cyber
security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.3, 3.2.1,
3.3.2, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCDCOE. ‘The Tallin Manual 2.0’, 2017.
https://ccdcoe.org/research/tallinn-manual/.
Council of Europe. ‘Budapest Convention on Cybercrime and Its Additional
Protocol on Xenophobia and Racism (2001)’, chapter III, 2004.
Electronic Evidence in GLACY Countries’ Strategic Priority 7, 2016.
in the Eastern Partnership Region’, Strategic Priority 8, 2013.
Strategies’, sections 4.4.20, 4.4.21 (2015).
ENISA. ‘Guidebook on National Cyber Security Strategies, Section’, section
3.16, 2016.
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and
Implementing National Cyber Security Strategies’, sections: 3.16. 4.10, (2016).
Model for Nations (CMM)’, Dimension 1: 1.1, 4: 4.4, University Oxford, 2021.
Microsoft. ‘Developing a National Strategy for Cybersecurity, Section on
Structuring International Engagement’, 2013.
for Economic and Social Prosperity’ p. 13, 48, 58, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 4.6,
UNIDIR. ‘Cyber Policy Portal’, 2021.72
FA 1 Governance
CCDCOE. ‘National Cyber Security Framework Manual’, sections 1.4.2,
2.1.1 2.1.3, 2.2, 2.3, 2.4, 3.1, 3.5, 4, 5.3.1, (2012). https://ccdcoe.org/library/
publications/national-cyber-security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.1, 3.3, 3.8,
(2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security
Strategies’, sections 4.4.1, 4.4.4, 4.4.5, 4.4.8, 4.4.9, 4.4.20, 4.4.21, 4.4.34,
4.5, (2015).
ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’,
sections 2, 2.2.1, 3.1.1, 3.1.2, 3.1.3, (2016).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing
and Implementing National Cyber Security Strategies’, sections: 3.1, 3.2, 3.4,
3.5, 3.17, (2016).
ENISA. ‘National Cyber Security Strategies: Setting the Course for National
Efforts to Strengthen Security in Cyberspace’, sections 4, 6 (2016).
Focus Areas64
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, University of Oxford (2021).
(https://gcscc.ox.ac.uk/cmm-2021-edition)
GPD. ‘Toolkit for Inclusive and Value-Based Cybersecurity Policymaking’.
https://www.gp-digital.org/publication/toolkit-for-inclusive-and-value-based
cybersecurity-policymaking/.
Microsoft. ‘Building an Effective National Cybersecurity Agency’, 2018.
Microsoft. ‘Developing a National Cybersecurity Strategy, Sections: A
Principled Approach to Cybersecurity, Establishing Clear Priorities and Security
Baseline’, 2013.
OAS. ‘Managing National Cyber Risk’, 2018.
https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.
OECD. ‘Recommendation of the Council on Digital Security of Critical
Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The
Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.
OECD. ‘Cybersecurity Policy Making at a Turning Point, Annex IV’, 2012.
OECD. ‘Recommendation of the Council Concerning Guidelines for the
Protection of Privacy and Transborder Flows of Personal Data (Privacy
Guidelines’, 2013.
OECD. ‘Recommendation of the Council on Digital Security Risk Management
for Economic and Social Prosperity, 2-A, Companion Document’, 2015.
OECD. ‘Recommendation of the Council on Digital Security Risk Management
for Economic and Social Prosperity, 2-A, Companion Document’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, 2015.
https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
FA2 Risk management in national cybersecurity
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 2.1.2, 5.3.2,
(2012). https://ccdcoe.org/library/publications/national-cyber-security
framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, 2013.
https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CTO. ‘Commonwealth Approach for Developing National Cyber Security
Strategies’, sections 4.4.6, 4.4.15, 4.4.24, 4.4.25, 4.4.26, 4.4.27, (2015).
ENISA. ‘National Cyber Security Strategy Good Practice Guide – Designing and
Implementing National Cyber Security Strategies, 2016.65
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
Global Cyber Security Capacity Centre. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’, Dimension 1: 1.1, 1.2, 1.3; Dimension 2: 2.1; Dimension
3: 3.1, 3.2, 3.4; Dimension 4: 4.1, 4.2, 4.3, 4.4; Dimension 5: 5.1, 5.2, 5.4, 5.5,
5.6, University of Oxford, 2021. https://gcscc.ox.ac.uk/cmm-2021-edition.
Microsoft. ‘Developing a National Cybersecurity Strategy. Building a Risk
Approach’, 2013.
Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.
NIST. ‘Framework for Improving Critical Infrastructure Cybersecurity’, 2015.
OAS. ‘Managing National Cyber Risk’, 2018.
https://www.oas.org/es/sms/cicte/ENGcyberrisk.pdf.
OECD. ‘Recommendation of the Council on Digital Security of Critical
Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The
Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.
OECD. ‘Recommendation of the Council on Digital Security Risk Management
for Economic and Social Prosperity’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 1,
2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
UNIDIR. ‘Supply Chain Security in the Cyber Age: Sector Trends, Current
Threats and Multi-Stakeholder Responses’, 2020.
https://unidir.org/publication/supply-chain-security-cyber-age-sector-trends
current-threats-and-multi-stakeholder.
WEF. ‘Principles for Board Governance of Cyber Risk’, 2021.
https://www.weforum.org/reports/principles-for-board-governance-of
cyber-risk.
FA3 Preparedness and resilience
Carnegie Mellon. ‘Handbook for Computer Security Incident Response Teams
(CSIRTs)’, 2003.
CCDCOE. ‘National Cyber Security Framework Manual’, sections: 3.2, 4.2.2,
(2012). https://ccdcoe.org/library/publications/national-cyber-security
framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.5 (2013).
https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security
Strategies’, sections 4.4.3, 4.4.20, 4.4.21, 4.4.22, 4.4.27, 4.4.31, (2015).
ENISA. ‘CERT Operational Gaps and Overlaps’, 2011.66
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
ENISA. ‘Good Practice Guide for Incident Management’, 2011.
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing
and Implementing National Cyber Security Strategies’, sections 3.6, 3.7, 3.10,
3.14, 4.1, 4.5, 4.8, (2016).
ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation’, 2016.
FIRST. ‘FIRST CSIRT Services Framework Version 2.1’, 2019.
https://www.first.org/standards/frameworks/csirts/FIRST_CSIRT_Services_
Framework_v2.1.0.pdf.
FIRST. ‘FIRST PSIRT Services Framework Version 1.1’, 2020.
https://www.first.org/standards/frameworks/psirts/FIRST_PSIRT_Services_
Framework_v1.1.pdf.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’, Dimension 1: 1.2; Dimension 5: 5.6, University
Oxford, 2021.
ITU. ‘CIRT Framework’, 2021.
ITU. ‘CyberDrill Framework’, 2021.
Microsoft. ‘Developing a National Strategy for Cybersecurity, Section: Building
Incident Response Capabilities’, 2013.
Microsoft. ‘Information Sharing Framework for Cybersecurity’, 2015.
Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.
OAS. ‘Best Practice for Establishing a National CSIRT’, p. 35, 2016.
OAS. ‘Comprehensive Inter-American Cybersecurity Strategy: A
Multidimensional and Multidisciplinary Approach to Creating a Culture of
Cybersecurity’, pp.3-4, 2004.
OECD. ‘Recommendation of the Council on Digital Security Risk Management
for Economic and Social Prosperity’, section 2-B, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2,4,
(2015). https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
TNO. ‘Getting Started with a National CSIRT Guide’, 2021.
https://cybilportal.org/tools/getting-started-with-a-national-csirt-guide/.
UNU. ‘Report: Cyber Resilience in Asia Pacific – A Review of National
Cybersecurity Strategies’, 2020. https://collections.unu.edu/view/UNU:7760.
US “National Cyber Incident Scoring System (NCISS) which includes a Cyber
Incident Severity Schema (CISS)”.
https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System.67
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
WEF and Carnegie. ‘International Strategy to Better Protect the Financial
System Against Cyber Threats’, 2020. https://carnegieendowment.
org/2020/11/18/international-strategy-to-better-protect-financial-system
against-cyber-threats-pub-83105.
WEF. ‘Cyber Resilience in the Electricity Ecosystem: Securing the Value
Chain’, 2020. https://www.weforum.org/whitepapers/cyber-resilience-in-the
electricity-ecosystem-securing-the-value-chain.
WEF. ‘Cyber Resilience: Playbook for Public- Private Collaboration’, 2018.
https://www.weforum.org/reports/cyber-resilience-playbook-for-public
private-collaboration.
WEF. ‘Pathways Towards a Cyber Resilient Aviation Industry’, 2021.
https://www.weforum.org/reports/pathways-towards-a-cyber-resilient
aviation-industry.
FA4 Critical Infrastructure services and essential services
CCDCOE. ‘National Cyber Security Framework Manual’, section 4.5.4, 2012.
https://ccdcoe.org/library/publications/national-cyber-security-framework
manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 3.4, 3.5,
(2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CTO. ‘Commonwealth Approach for Developing National Cyber Security
Strategies’, sections 4.4.12, 4.4.13, 4.4.20, 4.4.25, 4.4.26, 4.4.28, 4.4.32,
(2015).
ENISA. ‘An Evaluation Framework for National Cyber Security Strategies’,
section 4.2, 2016.
ENISA. ‘Methodologies for the Identification of Critical Information
Infrastructure Assets and Services’, 2015.
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing
and Implementing National Cyber Security Strategies’, section 3.6, 2016.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’. Dimension 1: 1.1, 1.3, University Oxford, 2021.
Meridian and GFCE. ‘Companion Document to the GFCE-MERIDIAN
Good Practice Guide on Critical Information Infrastructure Protection for
Governmental Policy-Makers’, 2016.
https://www.tno.nl/media/10425/companiondocument_gpg_ciip.pdf.
Microsoft. ‘Critical Connections: Protecting Infrastructures, All Sections’, 2014.
Microsoft. ‘Critical Infrastructure Protection: Concepts and Continuum, All
Sections’, 2014.68
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
Microsoft. ‘Risk Management for Cybersecurity: Security Baselines’, 2017.
OAS. ‘Report Cybersecurity and Critical Infrastructure in the Americas’, 2015.
OECD. ‘Recommendation of the Council on Digital Security of Critical Activities
https://Ccdcoe.Org/Uploads/2020/01/OECD-191211-The-Recommendation-of
the-Council-on-Digital-Security-of-Critical-Activities.Pdf.
Potomac Institute for Policy Studies (2015): Cyber Readiness Index 2.0’, 2019.
https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
OECD. ‘Recommendation of the Council on Digital Security Risk Management
for Economic and Social Prosperity’, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2.4,
2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
UNIDIR. ‘International Cooperation to Mitigate Cyber Operations against
Critical Infrastructure’, 2021. https://unidir.org/criticalinfrastructure.
UNOCT, CTED and INTERPOL. ‘Compendium of Good Practices for the
Protection of Critical Infrastructure against Terrorist Attack’, 2018.
https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/
eng_compendium-cip-final-version-120618.pdf.
FA5 Capability and capacity building and awareness raising
‘Council of Europe, Capacity Building Programmes’, n.d.
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, sections
4.5.5, 4.6.3, (2012).
CCDCOE. ‘National Cyber Security Strategy Guidelines’, 2013.
https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
CCI. ‘Commonwealth Network of Contact Persons Framework’, 2005.
CCI. ‘Harare Scheme on Mutual Legal Assistance in Criminal Matters’, 2011.
Council of Europe. ‘Capacity building programmes’.
https://www.coe.int/en/web/cybercrime/capacity-building-programmes.
Council of Europe. ‘Cybercrime Octopus Community (Country Resources,
Training Materials, Guides and Research’.
https://www.coe.int/en/web/octopus/home?desktop=true.
CTO. ‘Commonwealth Approach for Developing National Cyber Security
Strategies’, sections 4.4.11, 4.4.17, 4.4.20, 4.4.34, 4.4.12, 4.4.14, 4.4.16,
4.4.23, (2015).69
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
ENISA. ‘CERT Operational Gaps and Overlaps’, p. 6, 16, 19, 21, 27, 29, 31, 32, 50,
57 (2011).
ENISA. ‘Cybersecurity Skills Development in the EU’, 2020.
ENISA. ‘Good Practice Guide for Incident Management’ p.19, 23, 26, 32, 46, 56,
58, 64, 69, (2010).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing
and Implementing National Cyber Security Strategies’, sections 3.12, 3.8, 3.11,
3.13, 4.3, 4.6, 4.7, 4.14, (2016).
ENISA. ‘Strategies for Incident Response and Cyber Crisis Cooperation,
Section’, section 2.1, (2016).
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’. Dimension 3: 3.1, 3.2, 3.3, 3.4, University Oxford,
2021.
ITU. ‘CIRT Framework’, 2021.
ITU. ‘CyberDrill Framework’, 2021.
Microsoft. Developing a National Strategy for Cybersecurity, Section: Driving
Research and Technology Investment, Public Awareness. Workforce Training
and Education, 2013.
NIST. ‘Workforce Framework for Cybersecurity NICE Framework’, 2020.
https://doi.org/10.6028/NIST.SP.800-181r1.
OAS. ‘Cyber Security Awareness Campaign Toolkit, All Sections’, 2015.
OAS. ‘Cybersecurity Education: Planning for the Future Through Workforce
Development’, 2020.
OECD. ‘Recommendation of the Council on Digital Security Risk Management
for Economic and Social Prosperity’, section 2-B, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 2.5,
2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
UNCTAD. ‘Programme on E-Commerce and Law Reform’, 2015.
US “National Cyber Incident Scoring System (NCISS) which includes a Cyber
Incident Severity Schema (CISS)”.
https://us-cert.cisa.gov/CISA-National-Cyber-Incident-Scoring-System.
FA6 Legislation and Regulation
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, section
5, 2012. https://ccdcoe.org/library/publications/national-cyber-security
framework-manual/.70
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
CCDCOE. ‘National Cyber Security Strategy Guidelines’, section 3.2, 2013.
https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCI. ‘Checklist’, 2013.
Council of Europe. ‘Second Additional Protocol to the Convention on
Cybercrime on Enhanced Cooperation and Disclosure of Electronic Evidence -
Draft as Approved by the Cybercrime Convention Committee’, 2021.
Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and
Electronic Evidence in GLACY Countries’, sections 1, 2, 6, (2016).
Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime
in the Eastern Partnership Region’, sections 1,2,7, (2013).
CTO. ‘Commonwealth Approach for Developing National Cyber Security
Strategies’, sections 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.18, 4.4.19, 4.4.20, (2015).
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing
and Implementing National Cyber Security Strategies’, sections 3.15, 3.184.9,
4.12, (2016).
Europe, Council. ‘Budapest Convention on Cybercrime and Its Additional
Protocol on Xenophobia and Racism (2001)’, 2004.
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’. Dimension 4: 4.1, 4.3, 4.4, University Oxford, 2021.
ITU. ‘Guidelines for Policy-Makers on Child Online Protection’, sections 3.3, 3.4,
(2020). https://www.itu-cop-guidelines.com/policymakers.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 3,
2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
UN. ‘Sustainable Development Goals, Article 16.3 UNCTAD, Global Cyberlaw
Tracker’, 2015.
UNHR. ‘International Covenant on Civil and Political Rights, Article 19’, 1976.
WEF. ‘Cybercrime Prevention Principles for Internet Service Providers’, 2020.
https://www.weforum.org/reports/cybercrime-prevention-principles-for
internet-service-providers.
WEF. ‘Partnership against Cybercrime’, 2020.
https://www.weforum.org/reports/partnership-against-cybercrime.
WEF. ‘Recommendations for Public-Private Partnership against Cybercrime’,
2016. http://www3.weforum.org/docs/WEF_Cybercrime_Principles.pdf.
World Bank. ‘Combatting Cybercrime: Tools and Capacity Building for
Emerging Economies’.71
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
FA7 International Cooperation
‘Second Additional Protocol to the Convention on Cybercrime on Enhanced
Cooperation and Disclosure of Electronic Evidence - Draft as Approved by the
Cybercrime Convention Committee’, n.d.
CCDCOE. ‘National Cyber Security Strategy Framework Manual’, sections 4.7,
5.4.2, 5.4.3, (2012). https://ccdcoe.org/library/publications/national-cyber
security-framework-manual/.
CCDCOE. ‘National Cyber Security Strategy Guidelines’, sections 1.3, 3.2.1,
3.3.2, (2013). https://ccdcoe.org/uploads/2018/10/NCSS-Guidelines_2013.pdf.
CCDCOE. ‘The Tallin Manual 2.0’, 2017.
https://ccdcoe.org/research/tallinn-manual/.
Council of Europe. ‘Budapest Convention on Cybercrime and Its Additional
Protocol on Xenophobia and Racism (2001)’, chapter III, 2004.
Council of Europe. ‘Strategic Priorities for Cooperation on Cybercrime and
Electronic Evidence in GLACY Countries’ Strategic Priority 7, 2016.
Council of Europe. ‘Strategic Priorities for the Cooperation against Cybercrime
in the Eastern Partnership Region’, Strategic Priority 8, 2013.
CTO. ‘Commonwealth Approach for Developing National Cyber Security
Strategies’, sections 4.4.20, 4.4.21 (2015).
ENISA. ‘Guidebook on National Cyber Security Strategies, Section’, section
3.16, 2016.
ENISA. ‘National Cyber Security Strategies Good Practice Guide – Designing and
Implementing National Cyber Security Strategies’, sections: 3.16. 4.10, (2016).
Global Cyber Security Capacity Center. ‘Cybersecurity Capacity Maturity
Model for Nations (CMM)’, Dimension 1: 1.1, 4: 4.4, University Oxford, 2021.
Microsoft. ‘Developing a National Strategy for Cybersecurity, Section on
Structuring International Engagement’, 2013.
OECD. ‘Recommendation of the Council on Digital Security of Critical
Activities’, 2019. https://ccdcoe.org/uploads/2020/01/OECD-191211-The
Recommendation-of-the-Council-on-Digital-Security-of-Critical-Activities.pdf.
OECD. ‘Recommendation of the Council on Digital Security Risk Management
for Economic and Social Prosperity’ p. 13, 48, 58, 2015.
Potomac Institute for Policy Studies. ‘Cyber Readiness Index 2.0’, section 4.6,
2015. https://www.potomacinstitute.org/images/CRIndex2.0.pdf.
UNIDIR. ‘Cyber Policy Portal’, 2021.72
Guide to Developing a National Cybersecurity Strategy 2nd Edition
6 – REFERENCE MATERIALS
UNIDIR. ‘International Cooperation to Mitigate Cyber Operations against
Critical Infrastructure’, 2021. https://unidir.org/criticalinfrastructure.