Q22-1/1: Securing information and communication networks: best practices for developing a culture of cybersecurity
Table of Contents
1 Introduction to the Final Report of Q22-1/1, on Cybersecurity
2 Best Practices for Cybersecurity ? Guide for the Establishment of a National Cybersecurity Management System
2.1 Introduction
2.2 National Cybersecurity Management System
2.3 National Cybersecurity Framework
2.4 RACI Matrix
2.5 NCSec Implementation Guide
2.6 Implementation Guide
2.7 Conclusion
3 Public-Private Partnerships in Support of Cybersecurity Goals and Objectives
3.1 Introduction
3.2 The Principles of Partnership
3.3 Value Proposition
3.4 Partnerships and Security Risk Management
3.5 Concluding Statement
3.6 Case Study: U.S. Private Public Partnerships
3.7 Case Study: Some U.S. Public-Private Cybersecurity Partnerships
4 Best Practices for National Cybersecurity: Building a National Computer Security Incident Management Capability
4.1 Introduction
4.2 The Importance of a National Strategy for Cyber Security
4.3 Key Stakeholders of National Cyber Security
4.4 The Special Role of the National CIRT
4.5 Analyzing Computer Security Incidents to Identify Intrusion Sets
4.6 Building a Cyber Security Culture
4.7 Strategic Goals and Enabling Goals for Incident Management Capability
4.8 Conclusion
5 Best Bractices for Cybersecurity - Managing a National CIRT with Critical Success Factors
5.1 Introduction
5.2 Critical Success Factors (CSFs)
5.3 Advantages of a CSF Approach
5.4 Sources of CSFs
5.5 Identifying CSFs
5.6 Defining Scope
5.7 Collecting Data: Document Collection and Interviews
5.8 Analyzing Data
5.9 Deriving CSFs
5.10 Using Critical Success Factors for National CIRTs
5.11 Building a National Computer Security Incident Management Capability
5.12 Selecting National CIRT Services
5.13 Identifying Priorities for Measurement and Metrics
5.14 Conclusion
6 Best Practices for Cybersecurity ? Internet Service Provider (ISP) Network Protection
6.1 Introduction
6.2 Objective, Scope, and Methodology
6.3 Analysis, Findings and Recommendations
6.4 Recommendations
6.5 Conclusions
7 Future Work
APPENDIX A: Introduction to Best Practices
Prevention Best Practices
Detection Best Practices
Notification Best Practices
Mitigation Best Practices
Privacy Best Practices
8 Best Practices for Cybersecurity - Training Course on Building and Managing a CIRT
ANNEXES
Annex A: Best practices for Cybersecurity - Planning and Establishing a National CIRT
Annex B: Best practices for Cybersecurity - Managing a National CIRT with Critical Success Factors
Annex C: Best practices for Cybersecurity - Guide for the Establishment of a National Cybersecurity Management Syst...
Annex D: Best practices for Cybersecurity - Internet Service Provider (ISP) Network Protection Best Practices
Annex E: Best practices for Cybersecurity - Training Course on Building and Managing National Computer Incident Res...
Annex F: Best practices for Cybersecurity - Survey on Measures Taken to Raise Awareness on Cybersecurity
Annex G: Best practices for Cybersecurity - Public-Private Partnerships in Support of Cybersecurity Goals and Objec...
Annex H: Compendium on Cybersecurity Country Case Studies