Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
2013 ITU survey on measures taken to raise awareness on cybersecurity
ITU‐D Study Group Question 22‐1/1Securing information and communication networks: best practices for
developing a culture of cybersecurity
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
SURVEY BACKGROUND
Raising awareness of different aspects of cybersecurity and developing a culture of cybersecurityawareness is regarded by many as an integral part of a nation’s cybersecurity strategy and requires collaboration among the different stakeholders and coordinated actions to be taken.
The ITU‐D Study Group 1 Rapporteur Group for Question 22‐1/1 dedicated to “Securing information and communication networks: best practices for developing a culture of cybersecurity”, at its meeting held on 13 September 2012 in Geneva, agreed to issue a survey on measures taken in member states to raise awareness on cybersecurity.
SURVEY OBJECTIVES
The purpose of the 2013 ITU survey on measures taken to raise awareness on cybersecurity is to collect ideas from all sources on how countries, businesses and expert groups are educating and encouraging individuals and entities on the subject of cybersecurity, including child online protection, and the cybersecurity needs of persons with disabilities. (See reference in item 2.(b)(v), of the work program for ITU‐D SG1 Question 22‐1/1 as agreed during WTDC‐10 at:http://www.itu.int/net3/ITU‐D/stg/rgqlist.aspx?rgq=D10‐RGQ22.1.1&stg=1
The input received through the survey will be shared during the next ITU‐D Study Group 1 Rapporteur Group meeting for Question 22‐1/1 which will take place in Geneva on 19 April 2013 and incorporated into the final outputs and guidelines to come out of the work on SG1 Question 22‐1/1 during the 2010‐2014 study period.
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Overview of Answers Received (as of 27 June 2013)
The non‐members are, in fact, members of IMPACT, to whom the survey was disseminated.
193 Member States in ITU
Answers were received from 50 Member States
1 Observer1 Regional/International Organisation
5 Sector Members and5 non‐members
62 entries received
List of countries and observers (Res.99 (Rev. Guadalajara, 2010)) who participated (55)
Afghanistan, Andorra, Australia, Belarus, Benin, Bhutan, Brazil, Bulgaria, Burkina Faso,
Cambodia, Colombia, Côte d’Ivoire, Croatia, Cyprus, Dominican Republic, Egypt, France, Hungary, Iraq, Italy, Japan, Lebanon, Lesotho, Malaysia, Maldives, Mali, Mauritius, Moldova, Morocco, Myanmar, Namibia, Niger, Norway, Oman, Pakistan, Panama, Portugal, Serbia, Sri Lanka, Sudan, Swaziland, Switzerland, Syria, Tanzania, Togo, Trinidad and Tobago, Tunisia, Uganda, Ukraine, United States of America, Vanuatu, Venezuela, Viet Nam, Zambia and
Palestine
The Questionnaire was sent to Administrations of ITU Member States and Observer (Res. 99), ITU‐D Sector Members, Associates and Academia, ManagementTeams for ITU‐D Study Groups 1 and 2, Observers (Regional and International Organizations) and members of IMPACT.
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Survey QuestionsCONTACT INFORMATION
a. Contact details
b. Please select the name of your Administration/Organization from the list.(If it is not available, indicate the name in the field below the list)
c.
Region where your organization is based:AfricaThe AmericasAsia and PacificArab StatesCIS countriesEurope
d. Country/countries where your organization is based
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)SURVEY
1
In your opinion, how important is raising awareness on cybersecurity as a basic step to achieving security in cyberspace?
Not importantSomewhat importantImportantVery important
2
Has your country already adopted a general framework/strategy for cybersecurity? If not, move directly to survey question 5.
YesNo
If yes, please provide links/references:
3
If you answered ‘yes’ to the previous question, has any part of this policy/framework/strategy been directed to raising the awareness of the general public?
YesNo
If yes, please provide links/references:
4 If you answered ‘yes’ to the previous question, at which stage of the general framework/strategy for cybersecurity should the raising of awareness start?
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
5
If your country has not yet adopted a general framework/strategy for cybersecurity, has it been discussing/developing/formulating one? (If “No” is selected, please move directly to question 9)
YesNo
If yes, please provide links/references:
6Do these discussions/formulations include raising cybersecurity awareness?
YesNo
If yes, please provide links/references:
7 At which stage of the general framework/strategy for cybersecurity should awareness raising start according to these discussions/formulations?
8 Who are the parties concerned with raising public awareness on cybersecurity, in accordance with the legislations/policies/practices adopted in your country?
9
Are there other parties not identified by the legislations/policies/practices that are concerned with raising public awareness on cybersecurity?
YesNo
If yes, please specify:
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
10Was any specific research or survey conducted concerning cybersecurity in your country and/or region?
YesNo
If yes, please provide links/references:
11
Which groups are targeted by cybersecurity awareness campaigns in your country?ChildrenYouthStudentsElderly peoplePersons with disabilitiesPrivate institutionsGovernment agenciesOthers
If “others” was selected, please specify:
12
Which one of the groups identified below is more targeted? Please arrange in order of 1 to 6 for the highly targeted to the less targeted? (1 to indicate highly targeted and 6 to indicate less targeted)
ChildrenYouthStudentsElderly peoplePersons with disabilitiesPrivate institutionsGovernment agenciesOthers
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
13
Has your country designed, or is in the process of designing, a dedicated plan in the general cybersecurityframework/strategy for persons with disabilities?
YesNo
If yes, please provide links/references:
14
What are the cybersecurity issues that are addressed by existing awareness campaigns?Internet safetyPrivacyFraudPhishingMalwareChild Online ProtectionOther, such as cyber‐bullying and harassment, identity theft, spam, firewalls, passwords, shopping and business
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
15
What is the degree of importance of each issue? Please arrange in order of the most important to the less important and give reasons for such order?
Internet safetyPrivacyFraudPhishingMalwareChild Online ProtectionOther, such as cyber‐bullying and harassment, identity theft, spam, firewalls, passwords, shopping and business
16 What are the mechanisms used to raise awareness among the targeted groups stated in question 11?
Please provide links/references:
17 Are there unconventional channels used for cybersecurity awareness? If yes, what are they?
Please provide links/references:
18
Are there certain technologies related to providing cybersecurity, such as anti‐virus or anti‐spam software, available to the persons with disabilities?
YesNo
Please provide links/references:
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Survey Questions (Cont’d)
19
Is the public encouraged to use the different technologies for cybersecurity such as anti‐virus or anti‐spam software?
YesNo
If yes, please specify:
20
If the answer is ‘yes’ to the previous question, are these different types of technologies made available to the public and how?
YesNo
If yes, please specify:
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
c Region where your organization is based:
62 responses receivedAfrica9
22%
The Americas
915%
Asia and Pacific1321%
Arab States7
11%
CIS countries
35%
Europe1321%
Developed countries24.19%
Transition countries8.06%
Developing countries38.71%
Least developed countries29.03%
Responses by level of
development
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
SURVEY
1 In your opinion, how important is raising awareness on cybersecurity as a basic step to achieving security in cyberspace?
62 responses received
0 0
8
54
0
10
20
30
40
50
60
Not important Somewhat important Important Very important
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
2 Has your country already adopted a general framework/strategy for cybersecurity?
60 responses received
60% 60% 59%
50%
40% 40% 41%
50%
0%
10%
20%
30%
40%
50%
60%
70%
Developed countries Transition countries Developing countries Least developedcountries
Yes No
Yes3457%
No2643%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
3If you answered ‘yes’ to the previous question, has any part of this policy/framework/strategy been directed to raising the awareness of the general public?
39 responses received
Yes3179%
No8
21%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
5 If your country has not yet adopted a general framework/strategy for cybersecurity, has it been discussing/developing/formulating one?
48 responses received
Yes3267%
No1633%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
6 Do these discussions/formulations include raising cybersecurityawareness?
30 responses received
Developedcountries
Transitioncountries
Developingcountries
Least developed countries
Yes 5 4 11 9
No 0 0 1 0
Responses by level of development:
Yes2997%
No13%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
9Are there other parties not identified by the legislations/policies/practices that are concerned with raising public awareness on cybersecurity?
54 responses receivedResponses by level of development:
Yes3361%
No2139%
100%
50%42%
67%
0%
50%58%
33%
0%
20%
40%
60%
80%
100%
120%
Developedcountries
Transitioncountries
Developingcountries
Least developedcountries
Yes
No
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
10 Was any specific research or survey conducted concerning cybersecurityin your country and/or region?
53 responses received
Developedcountries
Transitioncountries
Developingcountries
Least developedcountries
Yes 83% 50% 44% 53%
No 17% 50% 56% 47%
Results by level of development:Yes3464%
No1936%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
11 Which groups are targeted by cybersecurity awareness campaigns in your country?
*Replies to more than one item possible
17%
18%17%
9%
7%
13%
16%
3%
0%
2%
4%
6%
8%
10%
12%
14%
16%
18%
20%
Children Youth Students Elderly people Persons withdisabilities
Privateinstitutions
Governmentagencies
Others
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
12 Which one of the groups identified below is more targeted? Please arrange in order of 1 to 6 for the highly targeted to the less targeted?
26.67%
17.78%
15.56%
4.44%2.22%
6.67%
25.56%
1.11%
Children
Youth
Students
Elderly people
Persons with disabilities
Private institutions
Government agencies
Others
Percentage of value 1 responses assigned to each category
Total number of responses received with value 1: 90Some respondents assigned value 1 more than once
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
13Has your country designed, or is in the process of designing, a dedicated plan in the general cybersecurity framework/strategy for persons with disabilities?
56 responses received
Results by level of development:The ‘No’ is predominant in all categories of countries
Yes7
12%
No4988%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
14 What are the cybersecurity issues that are addressed by existingawareness campaigns?
341 responses received*Replies to more than one item possible
Internet safety5617%
Privacy4914%
Fraud4914%Phishing
4814%
Malware4814%
Child Online Protection
5115%
Others4012%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
15What is the degree of importance of each issue? Please arrange in order of the most important to the less important and give reasons for such order?
Percentage of value 1 responses assigned to each category
Total number of responses received with value 1: 87Some respondents assigned value 1 more than once
24.14%24% 1.15%
1%
9.20%9%
14.94%15%
36.78%37%
13.79%14%
Privacy
Fraud
Phishing
Malware
Child Online Protection
Others
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
18Are there certain tools and technical measures related to providing cybersecurity, such as anti‐virus or anti‐spam software, available to the persons with disabilities?
52 responses receivedResults by level of development:
0%
20%
40%
60%
80%
100%
120%
Developed countries Transition countries Developingcountries
Least developedcountriesYes No
Yes1325%
No3975%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
19 Is the public encouraged to use the different tools and technical measures for cybersecurity such as anti‐virus or anti‐spam software?
53 responses received
Yes4687%
No7
13%
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
20 If the answer is ‘yes’ to the previous question, are these different types of tools and technical measures made available to the public and how?
46 responses received
Yes3474%
No1226%
100% 100%
74%
42%
0% 0%
26%
58%
0%
20%
40%
60%
80%
100%
120%
Developed countries Transition countries Developing countries Least developedcountries
Yes
No
August 2013
ITU‐D Study Group Question 22‐1/12013 ITU survey on measures taken to raise awareness on cybersecurity
Information compiled by the Secretariat to theITU‐D Study Groups