Cyber Incident Management and Critical Infrastructure Protection

This publication seeks to provide guidance in designing, developing and evaluating how and when to conduct a tabletop exercise as a tool to improve an organization’s cyber security policymaking and

The Cyber Incident Management (CIM) Cybil Portal Resources Guide is an initiative of the GFCE Working Group B CIM Task Force. The objective of this guide is to provide an

This white paper builds upon existing CNI/CII work within the GFCE and proposes some practical considerations and measures for how countries can develop approaches for identifying CNI/CII as part of

This report discusses the findings and recommendations of the “Cyber Incident Management in Low-Income Countries” project, funded by Global Affairs Canada. The project aims to create a tailorable guide for

The Global CSIRT Maturity Framework is intended to contribute to the enhancement of global cyber incident management capacity, with a focus on national CSIRTs. Cyber incidents and developments are inherently

Capacity builders focus on their work in a number of different types of initiatives, from short-term maturity and capability assessments and technical training, to providing long-term engagement and advice. These

An infographic relating to the CIIP Capacity Framework.

Even the best cyber security posture and practices cannot guarantee that key organisations and information infrastructures within a nation will not be vulnerable to malware, software failures, human errors, and

The unprecedented uptake of ICT worldwide leads to a growing dependency of economic sectors, public institutions and societies as a whole. Multiple recent outbreaks of hostage-taking software (ransomware) have shown

The 2016 GFCE-MERIDIAN Good Practice Guide on Critical Information Infrastructure Protection for governmental policy-makers (hereafter: 2016 GPG) outlined that Critical Information Infrastructure Protection (CIIP) is a complex but important topic

Critical Information Infrastructure Protection (CIIP) is a complex but important topic for nations. Nations at large critically depend on Critical Infrastructure (CI) services such as energy supply, telecommunications, financial systems,

Internet networks are replete with systemic vulnerabilities. CERTs and other trusted operators require reliable information about their network’s health over time. Various organisations have set up systems to scan networks

A statistics platform, featuring metrics and data visualisation, allows for the measurement of key indicators of malicious activity and risk conditions, and enables analytical insight about patterns, priorities, and trends

The purpose of this CSIRT Maturity Kit is to help emerging and existing Computer Security Response Teams (CSIRTs) to increase their maturity level. This is achieved by offering a set