GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Lesson
Next Topic

2.1. National Computer Security Incident Response Team

GFCE Cybersecurity Knowledge Modules 2. Types of Cyber Incident Response Teams 2.1. National Computer Security Incident Response Team

African countries can enhance cybersecurity capacities through various means including the establishment of national CSIRTs (Computer Security Incident Response Teams), which is a key element in the implementation of national cybersecurity strategies. With the operationalisation of a national CSIRT, a country can enhance its cybersecurity capacities including real-time monitoring, issuance of early warnings, incident response, quick recovery, and mitigation of consequences. 

The GFCE Global Good Practices identifies specific characteristics and capabilities for N-CSIRTs:

  • national scope and government recognition, 
  • being integral to the national crisis management structure,
  • cooperating and collaborating with multistakeholders  on countering cyber threats and incidents, nationally, bilaterally, and internationally, and
  • collaborating with other national and/or regional CSIRTs, governmental CSIRT(s), product security teams of manufacturers/vendors (PSIRTs), and leading international communities to advance CSIRT governance, legal frameworks, and capacities.

An N-CSIRT should at a minimum provide cyber-related incident management, outreach to and communication with its constituency and situational awareness services.

According to the International Telecommunications Union (ITU), as of March 2019, there were 118 National CSIRTs as shown in Figure 1 below. 

ITU map of national CSIRTs
Figure 1: National CSIRTs Worldwide Source: ITU
Previous Lesson
Back to Lesson
Next Topic

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content