Cybersecurity guide for developing countries
Social issues, the economy, public policy, human issues: whichever way one looks at it, and whatever one calls it (IT security, telecom security), cybersecurity touches on the security of the digital and cultural wealth of people, organizations and countries. The challenges involved are complex, and meeting them requires that there be the political will to devise and implement a strategy for the development of digital infrastructures and services which includes a coherent, effective, verifiable and manageable cybersecurity strategy.
Obtaining a level of information security that is sufficient to meet technology and information risks is essential for the proper functioning of governments and organizations. The widespread use of digital technologies goes hand-in-hand with increased dependency on those technologies and interdependency of critical infrastructures. This creates a non-negligible vulnerability in the functioning of institutions, potentially endangering them and even undermining the sovereignty of the
State.
The goal of cybersecurity is to help protect organizations’ assets and resources in organizational, human, financial, technical and information terms, allowing them to pursue their mission. The ultimate objective is to ensure that no lasting harm is done to them. This consists of reducing the likelihood that a threat materializes; limiting the resulting damage or malfunction; and ensuring that, following a security incident, normal operations can be restored within an acceptable time-frame and at an acceptable cost.
The cybersecurity process involves the whole of society, in that every individual is concerned by its implementation. It can be made more relevant by developing a cyber code of conduct for appropriate use of ICTs and promulgating a genuine security policy that stipulates the standards that cybersecurity users (entities, partners and providers) will be expected to meet.
To set up a cybersecurity process, it is important to identify correctly the assets and resources that need to be protected, so as to accurately define the scope of security needed for effective protection. This requires a global approach to security, one that is multidisciplinary and comprehensive. Cybersecurity does not sit well with a freewheeling world that places a premium on permissiveness. What is required is a set of core principles of ethical behaviour, responsibility and transparency, embodied in an appropriate legal framework and a pragmatic body of procedures and rules. These must be enforced locally, of course; but they must also be applied across the international community and be compatible with the existing international directives.
