Berita

Facilitated by ITU, twelve partners from the public and private sectors, academia and civil society share their experience, knowledge and expertise, providing an aggregated, harmonised set of principles on the development, establishment and implementation of national cybersecurity strategies.

The guide objective is to instigate strategic thinking and help national leaders and policy-makers to develop, establish and implement national cybersecurity strategies world-wide.

Purpose

The purpose of this document is to guide national leaders and policy-makers in the development of a National Cybersecurity Strategy, and in thinking strategically about cybersecurity, cyber-preparedness and resilience.

This Guide aims to provide a useful, flexible and user-friendly framework to set the context of a country socio-economic vision and current security posture and to assist policy-makers in the development of a Strategy that takes into consideration a country specific situation, cultural and societal values, and that encourages the pursuit of secure, resilient, ICT-enhanced and connected societies.

The Guide is a unique resource, as it provides a framework that has been agreed on by organisations with demonstrated and diverse experience in this topic area and builds on their prior work in this space. As such, it offers the most comprehensive overview to date of what constitutes successful national cybersecurity strategies.

Scope

Cybersecurity is a complex challenge that encompasses multiple different governance, policy, operational, technical and legal aspects. This Guide attempts to address, organise and prioritise many of these areas based on existing and well-recognised models, frameworks and other references.

The Guide focuses on protecting civilian aspects of cyberspace and as such, it highlights the overarching principles and good practice that need to be considered in the process of drafting, developing and managing a National Cybersecurity Strategy. To this end, the Guide makes a clear distinction between the "process" that will be adopted by countries during the lifecycle of a National Cybersecurity Strategy (initiation, stocktaking and analysis, production, implementation, reviews) and the "content", the actual text that would appear in a National Cybersecurity Strategy document. The Guide does not cover aspects such as the development of defensive or offensive cyber-capabilities by a country military, defence forces, or intelligence agencies, even though a number of countries have been developing such capabilities.

In order to provide direction and good practice on "what" should be included in a National Cybersecurity Strategy, as well as on "how" to build, implement and review it, this Guide addresses both elements. The Guide also provides an overview of the core components of what it takes for a country to become cyber-prepared, highlighting the critical aspects that governments should consider when developing their national strategies and implementation plans.

Finally, this Guide offers policy-makers a holistic, high-level overview of existing approaches and applications, and a reference to additional and complementary resources that can inform specific national cybersecurity efforts.

Target Audience

This Guide is first and foremost targeted at policy-makers responsible for developing a National Cybersecurity Strategy. The secondary audience are all the other public and private stakeholders involved in the development and implementation of a Strategy, such as responsible government staff, regulatory authorities, law enforcement, ICT providers, critical infrastructure operators, civil society, academia and research institutions.

The Guide could also prove useful to the different stakeholders in the international development community, who provide assistance in cybersecurity

Download

• Arabic
• Chinese
• English
• French
• Spanish

https://www.itu.int/en/ITU-D/Pages/publications.aspx#/publication/5b98813213659441249d37ce