GFCE Cybersecurity Knowledge Modules

KM3 - Cyber diplomacy and international cooperation
Module objectives
1. Risks for international peace and cyber-stability
3 Topics
1.1 Cyber-attacks and geopolitics
1.2 Cyber as part of hybrid warfare
1.3 Cyber-armament
2. Towards an international agreement
4 Topics
2.1. Framework for responsible state behaviour in cyberspace
2.2. Applicability of international law
2.3. Norms, confidence building measures, and capacity building
2.4 Broader context
3. International cooperation
4 Topics
3.1. The United Nations
3.2. Other multilateral forums
3.3. Regional efforts
3.4. Multistakeholder efforts
4. Cyber diplomacy
5. Main takeaways
6. Assignment
1 Quiz
KM3 Quiz
KM4 - Cyber Incident Management
Module objectives
1. Introduction
2. Types of Cyber Incident Response Teams
5 Topics
2.1. National Computer Security Incident Response Team
2.2. Product Security Incident Response Team
2.3. Sector CSIRTs
2.4. Security Operation Centre
2.5. Commercial CSIRT
3. What needs to be considered when establishing a National CSIRT?
2 Topics
3.1. CIRT framework
3.2. How to set up CSIRT and SOC
4. How to assess cyber incident readiness
3 Topics
4.1. Security Incident Management Maturity Model (SIM3)
4.2. Security Operation Centre Capability and Maturity Model (SOC-CMM)
4.3. CSIRT Maturity – Self-assessment Tool
5. Which services do the CSIRTs offer?
2 Topics
5.1. FIRST CSIRT services framework
5.2. ITU-T Recommendation X.1060 service categories
6. Who does the CSIRT serve?
7. Which Tools does a CSIRT need?
8. Policies, frameworks, and guidelines
9. Resourcing and funding a CSIRT
1 Topic
9.1. What does a CSIRT Budget look like?
10. CSIRT capabilities
3 Topics
10.1. Training and certification
10.2. Auditing
10.3. Cyber drills
13. Main takeaways
14. Assignment
1 Quiz
KM4 Quiz
2 of 5
Previous Lesson
Next Topic

3.1. CIRT framework

GFCE Cybersecurity Knowledge Modules 3. What needs to be considered when establishing a National CSIRT? 3.1. CIRT framework

ITU has employed the CIRT Framework to African countries including Botswana, Burundi, Gambia, Ghana, Kenya, Malawi, Tanzania, Uganda, and Zambia in setting up national teams.  This framework consists of four (4) phases: assessment, design, establishment and enhancement.

Phase 1: Assessment This phase involves evaluation of the country’s cybersecurity posture through onsite assessment and stakeholder engagement in a series of workshops to clarify the value and justification of establishing a CSIRT and obtaining support for resourcing and financing mechanisms.  The outcome of this phase is an assessment report, prepared by ITU experts, that contains key issues, findings and analyses, recommendations, and a phased implementation plan for setting up the national CIRT. 

Phase 2: Design The outcome of this phase is detailed Design Document and involves a review of the mandate and positioning of the CSIRT, the definition of services model according to the FIRST CSIRT Services Framework, list of workflows, policies and procedures, a processes map, constituency engagement plan and communication strategy, networks design, list of hardware and software equipment and tools, selection of premises and personnel.

Phase 3: Establishment  This phase involves capabilities (process, policies, procedures, technology and human resource) development, capabilities deployment and testing, customization, fine-tuning and training, operations, handover and closure. The outcomes of this phase reports, documentation and operational acceptance of the CIRT by the beneficiary country.

Phase 4: Enhancement This phase establishes new services (situation awareness and digital forensics) based on the FIRST CSIRT Services Framework (see section 5.2), custom-built services and better automation of existing services.

Previous Lesson
Back to Lesson
Next Topic

New post

Your email address will not be published. Required fields are marked *

Post a comment
Skip to content