Critical Information Infrastructure Protection (CIIP) is a complex but important topic for nations. Nations at large critically depend on Critical Infrastructure (CI) services such as energy supply,
telecommunications, financial systems, drinking water, and governmental services. Information and communication technologies(ICT)-based services are becoming increasingly important for the functioning of CI. Disruption of information infrastructure is capable of causing major impact to a nation. This leads to the concept of Critical Information Infrastructure (CII) which comprises both critical information and (tele)communication infrastructure and ICT and process control systems that are a critical part of the CI service provisioning.
The Meridian Process and the Global Forum on Cyber Expertise (GFCE) have taken the initiative to develop a good practices guide on CIIP development, and provide those valuable insights to nations that are in an early phase of CIIP development. This guide is primarily aimed at governmental CI and CII policy-makers, but can be of use to nationally and internationally operating CI operators as well.