Committed to connecting the world


Cybersecurity Publications

​Cybersecurity Publications

Guide to Develpoing a National Cybersecurity Strategy
​​The reference guide represents a comprehensive one-stop resource for countries to gain a clear understanding of the purpose and content of a national cybersecurity strategy, as well as actionable guidance for how to develop a strategy of their own. The reference guide further lays out existing practices, relevant models and resources, as well as offers an overview of available assistance from other organizations. An accompanying support tool assists evaluation of the strategy.​

Reference Guide and evaluation tool were drafted in a democratic process among partnering organizations.

Question 3/2: Securing information and communication networks: Best practices for developing a culture of cybersecurity

​​​​​​​This report is composed of a number of best practice reports on different aspects of cybersecurity. It shares the analysis of an ITU cybersecurity awareness survey and provides a view on spam, its causes, and means to address spam. The report also provides a sampling of outreach activities that governments have taken to improve their overall societal posture toward cybersecurity.​

Global Cybersecurity Index (GCI) 2017

​​​The Global Cybersecurity Index (GCI) 2017 measures each nation's level of commitment to the ITU's Global Cybersecurity Agenda, with the aim of highlighting potential areas for improvement and driving cybersecurity to the forefront of national plans. 


Downl​​oa​d Full report​​ ​version of ​19th of July 2017

TrendLabs 2Q 2015 Security Roundup

​The report offers an insight into newly hacked technologies causing disruptions to public utilities, the persistence of ransomware and PoS malware, newfound security vulnerabilities of public websites and mobile devices as well as the importance of law enforcement in cyber era.

Trend Micro 2014 Annual Security Roundup Report

​With a quote from the ITU Secretary-General, the Trend Micro 2014 Annual Security Roundup provides an overview of the threats that affected the technology landscape in the past year. ​

Trend Micro First Quarter roundup Report

​The Trend Micro 2015 First Quarter Security Roundup provides an overview of malware ranging from the latest Adobe Flash zero-day exploits to the decade old FREAK security flaw, both of which continue to have a big impact even today.

Trend Micro Infographic 4

​​​​Learn more about how you can protect your data from Ransomware with Trend Micro’s Ransomware infographic.​​

Internet Security Threat Report 2015 by Symantec

​​​​​Cyber incidents are becoming more sophisticated by the day which makes detection much more difficult. The rise of the Internet of Things has also brought about many new potential targets. With a foreword from the ITU Secretary-General, the Symantec Internet Security Threat Report 2015 provides an appreciation of incidents that have taken place in cyberspace during 2014, along with expert analysis on relevant emerging trends.

Global Cybersecurity Index & Cyberwellness Profiles Report 2015
​​​The Global Cybersecurity Index (GCI) measures each nation's level of commitment to the ITU's Global Cybersecurity Agenda, with the aim of highlighting potential areas for improvement and driving cybersecurity to the forefront of national plans. This report presents the 2014 results of the GCI and the Cyberwellness country profiles for Member states. It includes regional rankings, a selected set of good practices and the way forward for the next iteration.

The original publication is in English and translations in other languages may not accurately reflect the content of the English publication. In case of discrepancy, the English text shall prevail.

Trend Micro "Vulnerabilities Under Attack"- 3Q 2014 Roundup Report

This report expounds on Shellshock, a current serious open source vulnerability. The third quarter of 2014 brought to our attention loopholes in generally overlooked targets, such as routers and point-of-sale (PoS), these joined with human error illustrates a huge attack surface, where everything can be vulnerable. Trend Micro proffers control whilst explaining the introduction, distribution and growing threats of Shellshock.

Trend Micro "The invisible becomes visible"

​​Trend Micro Security Predictions for 2015 and Beyond​.

Full report...​

New edition 2014: ITU Publication on UNDERSTANDING CYBERCRIME: Phenomena, Challenges and Legal Response
​​​​​As cyber-threats can originate anywhere around the globe, the challenges are inherently international in scope and it is desirable to harmonize legislative norms as much as possible to facilitate regional and international cooperation. To assist countries in understanding the links between cybersecurity, the building of confidence and security in the use of ICTs, and cybercrime, ITU has developed, and is in the process of developing, a number of tools. One such tool, which ITU has developed together with an expert, is the ITU publication titled “UNDERSTANDING CYBERCRIME: Phenomena, Challenges and Legal Responce”. The Guide can serve to help developing countries better understand the implications related to the growing cyber-threats and assist in the assessment of the current legal framework and in the establishment of a sound legal foundation, if this does not yet exist​.

Trend Micro 2014 Second Quarter Roundup Report

​This Trend Micro report underlines the emerging malicious cyber activities during the second quarter of 2014 complemented by an appreciation of key trends.

Trend Micro "Targeted Attack Trends", 2H 2013 Report

​​​​​This half-year report presents the various targeted attack campaigns observed and investigated based on customer cases and research. 

Internet Security Threat Report 2014 by Symantec

​With a foreword by the ITU Secretary General, the Symantec Internet Security Threat Report 2014 provides a comprehensive compilation and analysis of the threat landscape evolution. ​

Trend Micro 2014 First Quarter Roundup Report

​This Trend Micro quarterly report underlines the existing and emerging malicious cyber activities observ​​ed during the first quarter of 2014. Full report...

Question 22-1/1

​​Securing Information and Communication Networks. Best practices for Developing a Culture of Cybersecurity.

Year of publication: 2014

The Quest for Cyber Confidence

The Quest for Cyber Confidence
​​This book addresses the increasingly daunting task of building confidence in the use of cyber platforms and technologies against a backdrop of recent high-profile security breach incidents and a plethora of emerging threats that have shaken trust in these essential tools of our time. It follows publication of The Quest for Cyber Peace in 2009, which focuses on the promotion of cyber peace in a sphere which has generated tremendous benefits and progress to mankind, but also spawned widespread criminal activities and created new avenues for intelligence gathering, industrial espionage, and conflict. Necessarily, this volume returns to these issues revolving around the overriding theme of the use of the cyber domain as a potent force for either good or evil, especially the impact of the 'dark' Internet on trust in the cyber dimension. Here, however, its central theme promotes the concept of cyber confidence. Table of contents

Trend Micro 2014 Cyber Threat prediction

​​​A report from Trend Micro on 2014 Cyber threat predictions, with a foreword from ITU Secretary-General, to give Member States foresight in future Cyber-attack trends. 

Trend Micro "How To Manage Online Privacy" E-Guide

​Who has never seen an online ad popping, just a few minutes after searching for the exact same item? Nowadays, criminals aren’t ​​the only one tryin​​g to use information about users of the Internet, a lot of companies are also “mining” the web. It is then really important to be aware of the fact that private online information can easily go public if certain precautions are not taken.  In this regard, the Trend Micro E-guide “How to manage your privacy online” brings attention to the different ways that are used to access to private information and gives some tips on how to prevent these leakages. Full report...

Trend Micro "Putting An End To Digital Clutter" E-Guide

​The Trend Micro E-guide “Putting an end to digital clutter” introduces the concept of digital decluttering: in digital life as in real life, keeping a clean and well organized environment is the key to be more efficient but also to remove potential security risks. 

The guide will recommend some steps to start acquiring good habits, both in terms of “technical aspects” like how to regularly clean up your computer and behavior for example on social networks.  Full report...

Trend Micro 2013 Annual Security Roundup Report

​The 2013 Annual Security Roundup provides useful information on the evolution of cybercrimes. Malware in 2013 targeted victims in many regions of the world with the key purpose of getting money hence cashing on digital information. Get to know the trends in mobile threats, targeted attacks, exploits and vulnerabilities and what happened to digital life security issues. Full report...

Trend Micro E-Guide on Mobile Privacy

​Tablets and mobile phones have tremendously become a huge part of our normal day-to-day activities. Access to user information both for legitimate and malicious purposes is no longer uncommon in the age of mobilization, since people do just about everything using a mobile device.  In this regard, the TrendMicro E-Guide “The Who, What, Why and How of Mobile Privacy” aims at giving suggestions and guidelines on how to protect privacy from mobile threats. Full document...

Trend Micro "How to protect Data in Mobile Devices" E-Guide

​​​The E-Guide “How To Protect Data In Mobile Devices” highlights the importance of protecting data in mobile devices. Many times, people do not realize how much data is in their mobile device. Ordinary practices such as sending email, accessing social media, and banking online can encourage criminals to steal someone’s identity in order to access information related to credit card numbers, addresses, and contact details, among others.  The Guide will recommend several actions that should be taken into consideration to ensure data protection in mobile devices. Full document...


​​​​​ITU Secretary General presents to you his foreword on the Symantec Intelligence Quarterly report with the aim to increase Member States' awareness on the latest trends of cyber threats and vulnerabilities.

​​​Aiming at raising awareness of the Member States on today's trends of cyber threats and vulnerabilities, ITU Secretary-General presents his foreword on the Symantec Internet Security Threat Report which was published on May 2013. ​
Read more... or download Full report...


​​​​​​​​IMPACT and ITU have been organizing the Applied Learning for Emergency Response Teams (ALERT) among the ITU’s Member States to enhance their national Computer Emergency Response Team (CERT)/Computer Incident Response Team’s (CIRT) communication and incident response capabilities. Emphasizing on collaboration and readiness for potential cyber threats, the cyber drills and accompanying workshops are one of the tools to deliver the success of the Global Cybersecurity Agenda (GCA).​

Electronic Crimes: Knowledge-based Report (Assessment)

​​​​​This report delves into the current cyber-crime landscapes, adequacy of legislative instruments and recommendations by international experts. 

Electronic Crimes: Knowledge-based Report (Skeleton)

​​​​​This report documents the achievements of the regional activities carried out under the ICB4PAC project, Capacity Building and ICT Policies, Regulations and Legislative Frameworks for Pacific Island countries, ​officially launched in Fiji in November 2009. These include the enactment of substantive criminal law, procedural law, electronic evidence law and also include the possible liability of internet ​service providers.

Cybercrimes/e-Crimes: Assessment Report

​​​This report is an assessment of the analysis of the enacted cybercrime legislation in the 6 Caribbean countries. This include the challenges faced and possible measures to enhance the related legislation so as to ensure a steady and regular flow of communication and availability of internet related services.

Cybercrimes/e-Crimes: Model Policy Guidelines & Legislative Texts

​​This report explores the ​​“Harmonization of ICT Policies, Legislation and Regulatory Procedures​” project which is carried out in the Carribean countries. Various model Policy Guidelines and Legislative Texts will also​ be discussed in this report.​

Computer Crime and Cybercrime: Southern African Development Community (SADC) Model Law

​​​The present document represents an achievement of a regional activity carried out under the HIPSSA project (“Support to the Harmonization of ICT Policies in Sub-Sahara Africa”) officially launched in Addis Ababa in December 2008. 

Readiness Assessment for Establishing a national CIRT

Readiness Assessment Report LDCs  change to: This is a readiness assessment report of Cybersecurity situation in five least developed countries in the South Asia. It encompasses the review of the institutional and regulatory frameworks, existing policies on critical information infrastructure protection, human development needs and identied areas of improvement and outnlines a recommendation for establishing a National Computer Incidence Response Team (CIRT). The objectives of the readiness CIRT assessment study were to assess the capability and readiness to design and build a sustainable national CIRT, based on an analysis of stakeholder attributes with relevance to security incident response needs of the concerned countries. ​

ITU/UNODC Cybercrime:The global challenge

​Combination of existing training material and courses, pr​oviding countries with wider access to a range of knowledge and tools; Access to region-specific experience, through combination of two broad networks of field offices in all regions; A comprehensiv​e approach combining crime prevention, criminal justice and cybersecurity, covering all applicable legal and technical standards. 

ITU National Cybersecurity Strategy Guide

​This document is a reference model for national Cybersecurity strategy elaboration. It discusses what constitutes a national Cybersecurity strategy and it seeks to accomplish and the context that influences its execution. The Guide also discusses how States and other relevant stakeholders such as private sector organisations can build capacity to execute a cybersecurity strategy and the resources required to address risks. . As national capabilities, needs and threats vary, the document recommends that countries use national values as the basis for strategies for two main reasons. Firstly, culture and national interests influence the perception of risk and the relative success of defences against cyber threats. Secondly, a strategy rooted in national values is likely to gain support of stakeholders such as the judiciary and private sector. Lastly, since cybersecurity is a branch of information security, the documents seeks to adopt global security standards.

Cybersecurity Guide for Developing Countries

​This Cybersecurity guide for developing countries has been prepared for facilitating the exchange of Information on best practices, related to Cybersecurity issues and to meet the stated goal of the Global Cybersecurity Agenda (GCA) to "enhance security and build confidence in the use of information And communication technologies (ICT)". The guide is intended to give developing countries a tool allowing them to better understand the economic, political, managerial, technical and legal Cybersecurity related issues in the spirit of the Global Cybersecurity Agenda. The purpose of it is to help countries get prepared to face issues linked to ICT deployment, uses, vulnerabilities and misuses. The content of the guide has been selected to meet the needs of developing and, in particular, least developed countries, in terms of the use of information and communication technologies for the provision of basic services in different sectors, while remaining committed to developing local potential and increasing awareness among all of the stakeholders. ​​

ITU National Cybersecurity/CIIP Self-Assessment Tool

​​​Information infrastructures have long been subject to national policies, procedures and norms. National government agencies and institutions exist to implement and oversee these activities, and the responsibility for the operation and management of information infrastructures has traditionally been shared among government, owners and operators, and users. Protection of the information infrastructure (formerly the PSTN network) has been a longstanding concern of member states and the work of the ITU is testimony to this concern. However, the use of information systems and networks and the entire information technology environment have changed dramatically in recent years. These continuing changes offer significant advantages but also require a much greater emphasis on security by government, businesses, other organizations and individual users who develop, own, provide, manage, service and use information systems and networks (“participants”). Increasing interconnectivity, the growing intelligence at the edges of the network, and the expanding role of information infrastructures in the economic and social life of a nation demand a new look at existing measures for the enhancement of cybersecurity...

ITU Botnet Mitigation Toolkit​
Botnets (also called zombie armies or drone armies) are networks of compromised computers infected with viruses or malware to turn them into “zombies” or “robots” – computers that can be controlled without the owners’ knowledge. Criminals use the collective computing power and connected bandwidth of these externally-controlled networks for malicious purposes and criminal activities, including, inter alia, generation of spam e-mails, launching of Distributed Denial of Service (DDoS) attacks, alteration or destruction of data, and identity theft.

The threat from botnets is growing fast. The latest (2007) generation of botnets such as Zhelatin (Storm Worm) uses particularly aggressive techniques such as fast-flux networks and striking back with DDoS attacks against security vendors trying to mitigate them. An underground economy has now sprung up around botnets, yielding significant revenues for authors of computer viruses, botnet controllers and criminals who commission this illegal activity by renting botnets.

In response to this, ITU is developing a Botnet Mitigation Toolkit to help deal with the growing problem of botnets. Inspired by the Australian Internet Security Initiative (AISI), the toolkit draws on existing resources, identifies relevant local and international stakeholders, and takes into consideration the specific constraints of developing economies. The toolkit seeks to raise awareness among Member States of the growing threats posed by botnets and the linkage with criminal activities and incorporates policy, technical and social aspects of mitigating the effects of botnets. The first draft of the background material for the project was made available in December 2007 with pilot tests planned in a number of ITU Member States in 2008 and 2009. As part of this activity countries in the region are welcome to contact ITU-D if they have an interest in initiating a botnet mitigation pilot project in their respective countries.​