ITU-IMPACT infopack

ITU-IMPACT's Global Responce Center is designed to be the foremost resource centre for cyber threats in the world. Working with leading partners from academia, governments and industrysuch as Symantec Corporation, Kaspersky Lab, F-Secure, Trend Micro, Microsoft and ABI Research, the GRC provides the global community with a near real time aggregated early warning system for cyber threats.

Readiness Assessment for Establishing a national CIRT

ITU and a team of experts from IMPACT, carried out readiness assessment of Cybersecurity situation in five least developed countries in the South Asia to review the institutional and regulatory framework, existing critical information infrastructure, and identify areas of improvement and recommend suggestion for establishing a Computer Incidence Response Team (CIRT). The objectives of the CIRT assessment study were to assess the capability and readiness to build a sustainable national CIRT, based on an analysis of stakeholder attributes with relevance to security incident response needs of the concerned countries.

IMPACT (International Multilateral Partnership Against Cyber Threats)

This document reports on the activities of the last recent months developed by the ITU IMPACT in coordination with the Member States. In order to respond properly to the five areas identified by the Global Cybersecurity Agenda (GCA), as well as to follow up on ITU’s work to assist countries in developing Cybersecurity capabilities, ITU is working with IMPACT to make the following resources available to ITU Member States:
• Global Response Centre
• Training and Skills Development
• Centre for Security Assurance and Research
• Centre for Policy and International Cooperation
As ITU’s Cybersecurity executing arm, IMPACT provides ITU’s 193 Member States access to expertise, facilities and resources to effectively address cyber threats, as well as assisting United Nations bodies in protecting their Information and Communication Technologies (ICT) infrastructures.

[Continue reading about this document]

ITU National Cybersecurity Strategy Guide

This document is a reference model for national Cybersecurity strategy elaboration. It discusses what constitutes a national Cybersecurity strategy and it seeks to accomplish and the context that influences its execution. The Guide also discusses how States and other relevant stakeholders such as private sector organisations can build capacity to execute a cybersecurity strategy and the resources required to address risks. . As national capabilities, needs and threats vary, the document recommends that countries use national values as the basis for strategies for two main reasons. Firstly, culture and national interests influence the perception of risk and the relative success of defences against cyber threats. Secondly, a strategy rooted in national values is likely to gain support of stakeholders such as the judiciary and private sector. Lastly, since cybersecurity is a branch of information security, the documents seeks to adopt global security standards.
[Continue reading this document.]

ITU Publication on UNDERSTANDING CYBERCRIME: Phenomena, Challenges and Legal Response

As cyber-threats can originate anywhere around the globe, the challenges are inherently international in scope and it is desirable to harmonize legislative norms as much as possible to facilitate regional and international cooperation. To assist countries in understanding the links between cybersecurity, the building of confidence and security in the use of ICTs, and cybercrime, ITU has developed, and is in the process of developing, a number of tools. One such tool, which ITU has developed together with an expert, is the ITU publication titled “UNDERSTANDING CYBERCRIME: Phenomena, Challenges and Legal Responce”. The Guide can serve to help developing countries better understand the implications related to the growing cyber-threats and assist in the assessment of the current legal framework and in the establishment of a sound legal foundation, if this does not yet exist.
[Continue reading this document.]

Cybersecurity Guide for Developing Countries

This Cybersecurity guide for developing countries has been prepared for facilitating the exchange of Information on best practices, related to Cybersecurity issues and to meet the stated goal of the Global Cybersecurity Agenda (GCA) to "enhance security and build confidence in the use of information And communication technologies (ICT)". The guide is intended to give developing countries a tool allowing them to better understand the economic, political, managerial, technical and legal Cybersecurity related issues in the spirit of the Global Cybersecurity Agenda. The purpose of it is to help countries get prepared to face issues linked to ICT deployment, uses, vulnerabilities and misuses. The content of the guide has been selected to meet the needs of developing and, in particular, least developed countries, in terms of the use of information and communication technologies for the provision of basic services in different sectors, while remaining committed to developing local potential and increasing awareness among all of the stakeholders.
[Continue reading this document.]

ITU National Cybersecurity/CIIP Self-Assessment Tool

Information infrastructures have long been subject to national policies, procedures and norms. National government agencies and institutions exist to implement and oversee these activities, and the responsibility for the operation and management of information infrastructures has traditionally been shared among government, owners and operators, and users. Protection of the information infrastructure (formerly the PSTN network) has been a longstanding concern of member states and the work of the ITU is testimony to this concern. However, the use of information systems and networks and the entire information technology environment have changed dramatically in recent years. These continuing changes offer significant advantages but also require a much greater emphasis on security by government, businesses, other organizations and individual users who develop, own, provide, manage, service and use information systems and networks (“participants”). Increasing interconnectivity, the growing intelligence at the edges of the network, and the expanding role of information infrastructures in the economic and social life of a nation demand a new look at existing measures for the enhancement of cybersecurity...
[Continue reading this document.]

ITU Botnet Mitigation Toolkit

'Botnets', or as the media calls them, 'Zombie Armies' or 'Drone Armies', and their associated malware have grown over the years into a multimillion dollar criminal economy, a risk to government, critical infrastructure, industry, civil society and to the broader Internet community.

Botnets are coordinated groups of several thousand computing devices (such as PCs, laptops and even the new generation of mobile devices such as 'smartphones'), all infected with the same virus or other malware. Their collective computing power and Internet connectivity is harnessed into a collective whole and remote controlled for the performance of malicious and criminal activities.

Botnets are an illegal and unethical application of the concept of Distributed Systems, which has existed since at least 1970, in which multiple computing devices cooperate to achieve an integrated result...
[Continue reading about this toolkit.]