• Q22-1/1: Securing information and communication networks: best practices for developing a culture of cybersecurity
    • Table of Contents
    • 1 Introduction to the Final Report of Q22-1/1, on Cybersecurity
    • 2 Best Practices for Cybersecurity ? Guide for the Establishment of a National Cybersecurity Management System
      • 2.1 Introduction
      • 2.2 National Cybersecurity Management System
      • 2.3 National Cybersecurity Framework
      • 2.4 RACI Matrix
      • 2.5 NCSec Implementation Guide
      • 2.6 Implementation Guide
      • 2.7 Conclusion
    • 3 Public-Private Partnerships in Support of Cybersecurity Goals and Objectives
      • 3.1 Introduction
      • 3.2 The Principles of Partnership
      • 3.3 Value Proposition
      • 3.4 Partnerships and Security Risk Management
      • 3.5 Concluding Statement
      • 3.6 Case Study: U.S. Private Public Partnerships
      • 3.7 Case Study: Some U.S. Public-Private Cybersecurity Partnerships
    • 4 Best Practices for National Cybersecurity: Building a National Computer Security Incident Management Capability
      • 4.1 Introduction
      • 4.2 The Importance of a National Strategy for Cyber Security
      • 4.3 Key Stakeholders of National Cyber Security
      • 4.4 The Special Role of the National CIRT
      • 4.5 Analyzing Computer Security Incidents to Identify Intrusion Sets
      • 4.6 Building a Cyber Security Culture
      • 4.7 Strategic Goals and Enabling Goals for Incident Management Capability
      • 4.8 Conclusion
    • 5 Best Bractices for Cybersecurity - Managing a National CIRT with Critical Success Factors
      • 5.1 Introduction
      • 5.2 Critical Success Factors (CSFs)
      • 5.3 Advantages of a CSF Approach
      • 5.4 Sources of CSFs
      • 5.5 Identifying CSFs
      • 5.6 Defining Scope
      • 5.7 Collecting Data: Document Collection and Interviews
      • 5.8 Analyzing Data
      • 5.9 Deriving CSFs
      • 5.10 Using Critical Success Factors for National CIRTs
      • 5.11 Building a National Computer Security Incident Management Capability
      • 5.12 Selecting National CIRT Services
      • 5.13 Identifying Priorities for Measurement and Metrics
      • 5.14 Conclusion
    • 6 Best Practices for Cybersecurity ? Internet Service Provider (ISP) Network Protection
      • 6.1 Introduction
      • 6.2 Objective, Scope, and Methodology
      • 6.3 Analysis, Findings and Recommendations
      • 6.4 Recommendations
      • 6.5 Conclusions
    • 7 Future Work
    • APPENDIX A: Introduction to Best Practices
      • Prevention Best Practices
      • Detection Best Practices
      • Notification Best Practices
      • Mitigation Best Practices
      • Privacy Best Practices
    • 8 Best Practices for Cybersecurity - Training Course on Building and Managing a CIRT
    • ANNEXES
      • Annex A: Best practices for Cybersecurity - Planning and Establishing a National CIRT
      • Annex B: Best practices for Cybersecurity - Managing a National CIRT with Critical Success Factors
      • Annex C: Best practices for Cybersecurity - Guide for the Establishment of a National Cybersecurity Management Syst...
      • Annex D: Best practices for Cybersecurity - Internet Service Provider (ISP) Network Protection Best Practices
      • Annex E: Best practices for Cybersecurity - Training Course on Building and Managing National Computer Incident Res...
      • Annex F: Best practices for Cybersecurity - Survey on Measures Taken to Raise Awareness on Cybersecurity
      • Annex G: Best practices for Cybersecurity - Public-Private Partnerships in Support of Cybersecurity Goals and Objec...
      • Annex H: Compendium on Cybersecurity Country Case Studies