Tools & publications

Capacity building is most effective when it builds on existing capacities. How can we have a better picture of current capacities and capabilities? Assessing national cybersecurity capability andreadiness using a maturity model provides a comprehensive review of existing capacities which can be further developed, and offers recommendations for setting priorities.

Even the best cyber security posture and practices cannot guarantee that key organisations and information infrastructures within a nation will not be vulnerable to malware, software failures, human errors, and other mishaps. The cyber threat landscape changes rapidly. Cyber incidents occur on a daily basis and may be of cross-border, multinational and often even global […]

We assess our personal health based on the trusted data we receive from doctors. Cybersecurity is like public health: if CERTs and operators have trusted data — regularly updated — about weaknesses in our networks, this helps them mitigate vulnerabilities, preserve cyber-health, and prevent incidents.

All those figures on a medical test report do not mean much to us — we need a doctor to analyse various data, contextualise it for our body and lifestyle, and present us with the findings in a comprehensive way. The same goes for network health — trusted data needs to be turned into vetted […]

Weight loss does not happen by learning theory, but by practical exercises — and certainly by keeping records of successful steps. Similarly, network operators need help with monitoring the systemic risks, providing training materials and practical experience for mitigation, but also keeping track of successful actions.

The unprecedented uptake of ICT worldwide leads to a growing dependency of economic sectors, public institutions and societies as a whole. Multiple recent outbreaks of hostage-taking software (ransomware) have shown the criticality of ICT for sectors such as transport and healthcare. Attention for the security and continuity of critical ICT is crucial to the well-being […]

The unprecedented uptake of information and operational/industrial control system technologies (IT and OT/ICS) worldwide leads to a growing dependency of economic sectors, public institutions and societies. Vulnerabilities in software and hardware are abundant. When vulnerabilities are found by a third party, the challenge arises on how to report the vulnerability in a prudent way to […]

How can international and regional forums, donors, and development agencies stimulate local ownership of the capacity building programmes they wish to support? How can countries ensure commitment in capacity building efforts?