Step 1: Select a stakeholder group | Step 2: Select a topic of your interest | Step 3: Select a practice to find out more about it
Private sector

PRIVATE SECTOR

Policy and strategy
  • Practice: Assess national cybersecurity capacity using a maturity model

    Capacity building is most effective when it builds on existing capacities. How can we have a better picture of current capacities and capabilities? Assessing national cybersecurity capability and readiness using a maturity model provides a comprehensive review of existing capacities which can be further developed, and offers recommendations for setting priorities.

    Read the details here
Incident management and infrastructure protection
  • Practice: Establish a clearinghouse for gathering systemic risk conditions data in global networks

    We assess our personal health based on the trusted data we receive from doctors. Cybersecurity is like public health: if CERTs and operators have trusted data ‒ regularly updated ‒ about weaknesses in our networks, this helps them mitigate vulnerabilities, preserve cyber-health, and prevent incidents.

    Read the details here
  • Practice: Produce and present trusted metrics about systemic risk conditions

    All those figures on a medical test report do not mean much to us ‒ we need a doctor to analyse various data, contextualise it for our body and lifestyle, and present us with the findings in a comprehensive way. The same goes for network health ‒ trusted data needs to be turned into vetted and well-presented metrics, to increase awareness and incentivise action by responsible companies, organisations, and institutions.

    Read the details here
  • Practice: Assist with cyber-risk mitigation and keep score of successes

    Weight loss does not happen by learning theory, but by practical exercises -‒ and certainly by keeping records of successful steps. Similarly, network operators need help with monitoring the systemic risks, providing training materials and practical experience for mitigation, but also keeping track of successful actions.

    Read the details here
Cybercrime
  • Practice: Align national campaigns

    Your awareness campaign is probably not the only one – other campaigns are taking place nationally or internationally. It is advisable to align them to have greater impact and use resources more efficiently. Aligning campaigns supports the ultimate goal of raising awareness of cyber-threats through safe online behaviour.

    Read the details here
Culture and skills
  • Practice: Create a website for testing standards compliance

    Proper use of the latest versions of Internet standards is a crucial element of a robust Internet infrastructure. There is generally no lack of standards, but it is important to stimulate, encourage, and ensure stronger implementation. Is your Internet connection, website, or e-mail up to date with the use of recognised security standards? Let us test it through a simple tool.

    Read the details here
  • Practice: Produce and present trusted metrics about systemic risk conditions

    All those figures on a medical test report do not mean much to us ‒ we need a doctor to analyse various data, contextualise it for our body and lifestyle, and present us with the findings in a comprehensive way. The same goes for network health ‒ trusted data needs to be turned into vetted and well-presented metrics, to increase awareness and incentivise action by responsible companies, organisations, and institutions.

    Read the details here
  • Practice: Assist with cyber-risk mitigation and keep score of successes

    Weight loss does not happen by learning theory, but by practical exercises -‒ and certainly by keeping records of successful steps. Similarly, network operators need help with monitoring the systemic risks, providing training materials and practical experience for mitigation, but also keeping track of successful actions.

    Read the details here
  • Practice: Align national campaigns

    Your awareness campaign is probably not the only one – other campaigns are taking place nationally or internationally. It is advisable to align them to have greater impact and use resources more efficiently. Aligning campaigns supports the ultimate goal of raising awareness of cyber-threats through safe online behaviour.

    Read the details here
  • Practice: Focus awareness-building through a Cybersecurity Awareness Month

    Declaring a month dedicated to cybersecurity awareness can help focus the efforts of many stakeholders and enhance their collaboration, while delivering a strong message to the public, and increasing the effectiveness of capacity building efforts.

    Read the details here
  • Practice: Assess national cybersecurity capacity using a maturity model

    Capacity building is most effective when it builds on existing capacities. How can we have a better picture of current capacities and capabilities? Assessing national cybersecurity capability and readiness using a maturity model provides a comprehensive review of existing capacities which can be further developed, and offers recommendations for setting priorities.

    Read the details here
Standards
  • Practice: Establish a national multistakeholder platform to promote standards

    ‘Better safe than sorry.’ Prevention means increasing the security of the system, including through implementing the latest standards. How can we make sure the right players are gathered to discuss the right things and support the community in the right way? A multistakeholder networking platform serves as a vehicle for initiating and coordinating efforts among partners, promoting and giving exposure to activities, and serving as a contact point for various players.

    Read the details here
  • Practice: Create a website for testing standards compliance

    Proper use of the latest versions of Internet standards is a crucial element of a robust Internet infrastructure. There is generally no lack of standards, but it is important to stimulate, encourage, and ensure stronger implementation. Is your Internet connection, website, or e-mail up to date with the use of recognised security standards? Let us test it through a simple tool.

    Read the details here
  • Practice: Assess national cybersecurity capacity using a maturity model

    Capacity building is most effective when it builds on existing capacities. How can we have a better picture of current capacities and capabilities? Assessing national cybersecurity capability and readiness using a maturity model provides a comprehensive review of existing capacities which can be further developed, and offers recommendations for setting priorities.

    Read the details here
Cooperation and community building
  • Practice: Establish a national multistakeholder platform to promote standards

    ‘Better safe than sorry.’ Prevention means increasing the security of the system, including through implementing the latest standards. How can we make sure the right players are gathered to discuss the right things and support the community in the right way? A multistakeholder networking platform serves as a vehicle for initiating and coordinating efforts among partners, promoting and giving exposure to activities, and serving as a contact point for various players.

    Read the details here
  • Practice: Establish a clearinghouse for gathering systemic risk conditions data in global networks

    We assess our personal health based on the trusted data we receive from doctors. Cybersecurity is like public health: if CERTs and operators have trusted data ‒ regularly updated ‒ about weaknesses in our networks, this helps them mitigate vulnerabilities, preserve cyber-health, and prevent incidents.

    Read the details here
  • Practice: Produce and present trusted metrics about systemic risk conditions

    All those figures on a medical test report do not mean much to us ‒ we need a doctor to analyse various data, contextualise it for our body and lifestyle, and present us with the findings in a comprehensive way. The same goes for network health ‒ trusted data needs to be turned into vetted and well-presented metrics, to increase awareness and incentivise action by responsible companies, organisations, and institutions.

    Read the details here
  • Practice: Assist with cyber-risk mitigation and keep score of successes

    Weight loss does not happen by learning theory, but by practical exercises -‒ and certainly by keeping records of successful steps. Similarly, network operators need help with monitoring the systemic risks, providing training materials and practical experience for mitigation, but also keeping track of successful actions.

    Read the details here
  • Practice: Align national campaigns

    Your awareness campaign is probably not the only one – other campaigns are taking place nationally or internationally. It is advisable to align them to have greater impact and use resources more efficiently. Aligning campaigns supports the ultimate goal of raising awareness of cyber-threats through safe online behaviour.

    Read the details here
  • Practice: Focus awareness-building through a Cybersecurity Awareness Month

    Declaring a month dedicated to cybersecurity awareness can help focus the efforts of many stakeholders and enhance their collaboration, while delivering a strong message to the public, and increasing the effectiveness of capacity building efforts.

    Read the details here
  • Practice: Assess national cybersecurity capacity using a maturity model

    Capacity building is most effective when it builds on existing capacities. How can we have a better picture of current capacities and capabilities? Assessing national cybersecurity capability and readiness using a maturity model provides a comprehensive review of existing capacities which can be further developed, and offers recommendations for setting priorities.

    Read the details here
Research and development
  • Practice: Establish a clearinghouse for gathering systemic risk conditions data in global networks

    We assess our personal health based on the trusted data we receive from doctors. Cybersecurity is like public health: if CERTs and operators have trusted data ‒ regularly updated ‒ about weaknesses in our networks, this helps them mitigate vulnerabilities, preserve cyber-health, and prevent incidents.

    Read the details here
  • Practice: Produce and present trusted metrics about systemic risk conditions

    All those figures on a medical test report do not mean much to us ‒ we need a doctor to analyse various data, contextualise it for our body and lifestyle, and present us with the findings in a comprehensive way. The same goes for network health ‒ trusted data needs to be turned into vetted and well-presented metrics, to increase awareness and incentivise action by responsible companies, organisations, and institutions.

    Read the details here