Lifecycle, principles and good-practices on national cybersecurity strategy development and implementation

The objective of the training is to prepare national leaders and policymakers in thinking strategically about cybersecurity at the national level.


SDG9: Industry, innovation, and infrastructure
SDG17: Partnerships for the goals
SDG 17: Technology
SDG 17: Capacity-building

Cybersecurity is a complex challenge that encompasses multiple different governance, policy, operational, technical and legal aspects. This training provides general knowledge to address, organise and prioritise many of these areas based on existing and well-recognised models, frameworks and other references. The training focuses on elements for protecting civilian aspects of cyberspace and as such, it covers the overarching principles and good practice that need to be considered in the process of drafting, developing and managing a National Cybersecurity Strategy. To this end, the training makes a clear distinction between the “process” that will be adopted by countries during the lifecycle of a National Cybersecurity Strategy (initiation, stocktaking and analysis, production, implementation, reviews) and the “content”, the actual text that would appear in a National Cybersecurity Strategy document. This training does not cover aspects such as the development of defensive or offensive cyber-capabilities by a country’s military, defence forces, or intelligence agencies. The training also provides an overview of the core components of what it takes for a country to become cyber-prepared, highlighting the critical aspects that governments should consider when developing their national strategies and implementation plans. Finally, this training provides to policymakers a holistic, high-level overview of existing approaches and applications, and a reference to additional and complementary resources that can inform specific national cybersecurity efforts.

Download Syllabus

Target Audience

This NCS training is first and foremost targeted at policy-makers responsible for developing a National Cybersecurity Strategy. The secondary audience are all the other public and private stakeholders involved in the development and implementation of a Strategy, such as responsible government staff, regulatory authorities, law enforcement, ICT providers, critical infrastructure operators, civil society, academia and research institutions. The training could also prove useful to the different stakeholders in the international development community, who provide assistance in cybersecurity.

Learning Objectives

At the end of this training users will be able to:

  • Understand the main concepts and definitions of cybersecurity and understand how cybersecurity operates at the National level
  • Efficiently engage with the Guide to Developing a National Cybersecurity Strategy
  • Understand the five phases of lifecycle of a National Cybersecurity Strategy (Initiation; Stocktaking and Analysis; Production; Implementation; Monitoring and Evaluation) and how they can be implemented in the national context
  • Understand the cross-cutting principles to be addressed for developing a forward-looking and holistic National Cybersecurity Strategy
  • Understand relevant cybersecurity good practices and how they can be applied in the national context