Cybersecurity Governance: International Standards and Norms
Overview
In the current digital era, where cyberspace has evolved into an essential arena for business, communication, governance, and national security, the need for robust cybersecurity governance has never been more critical. With the rise of cyber threats such as data breaches, ransomware, and cyberattacks targeting both private and public sector organizations, effective cybersecurity governance has become a cornerstone of protecting information and ensuring the integrity of digital infrastructures. Governments, organizations, and individuals alike must establish frameworks and policies to safeguard against these ever-evolving risks. This article by Academic Block dives into the importance of cybersecurity governance, the components that constitute it, and the global frameworks aimed at ensuring its efficacy.
The Importance of Cybersecurity Governance
Cybersecurity governance refers to the processes, structures, and policies that ensure the protection of digital assets within organizations and across societies. As organizations become more reliant on digital systems, the governance mechanisms put in place must be adaptable and resilient, allowing for the detection, prevention, and mitigation of cyber threats. Without an adequate governance framework, organizations face the risk of significant financial, reputational, and legal consequences. Furthermore, the increasing prevalence of cyberattacks and the growing sophistication of cybercriminals have made it essential for organizations to not only protect sensitive data but also to ensure compliance with international cybersecurity standards and regulations.
Effective governance serves as the backbone of a cybersecurity strategy, involving the creation of policies, guidelines, and protocols aimed at mitigating risks. At the heart of this framework is the alignment of cybersecurity strategies with organizational goals. This is crucial because cybersecurity does not function in isolation; it must be integrated into an organization’s overall strategy, which includes its business objectives, risk management processes, and compliance requirements.
Key Components of Cybersecurity Governance
Cybersecurity governance encompasses several key components that are designed to provide oversight, structure, and accountability in cybersecurity operations. These components work together to create a unified approach to securing digital systems and networks.
1. Risk Management Framework
At the core of cybersecurity governance is an effective risk management framework. This framework helps identify, assess, and manage cybersecurity risks that could potentially harm the organization. By implementing a risk management approach, organizations can evaluate the likelihood and impact of various cyber threats, from malware attacks to data breaches, and prioritize their cybersecurity efforts accordingly.
Organizations must also integrate risk management strategies with business continuity planning. This ensures that, in the event of a cyberattack, operations can continue with minimal disruption. A successful risk management framework involves continuous monitoring and evaluation to keep pace with the ever-changing landscape of cyber threats.
2. Leadership and Accountability
Effective cybersecurity governance requires clear leadership and accountability. In many organizations, cybersecurity responsibilities are divided between senior leadership, such as the Chief Information Security Officer (CISO), and other departments. However, for governance to be truly effective, cybersecurity must be integrated into the broader leadership structure, with a clear line of accountability that involves both technical and non-technical stakeholders.
Cybersecurity leadership should be responsible for the development and enforcement of policies that mitigate cyber risks, provide direction for strategic cybersecurity decisions, and communicate the importance of cybersecurity to all levels of the organization. Accountability also extends to ensuring that all employees adhere to security protocols and that there is regular oversight of cybersecurity initiatives.
3. Policy and Regulatory Compliance
Governance must also ensure that an organization’s cybersecurity practices align with the relevant laws and regulations. In today’s interconnected world, cybersecurity is subject to a growing number of legal and regulatory frameworks. For instance, the European Union’s General Data Protection Regulation (GDPR), the United States' Health Insurance Portability and Accountability Act (HIPAA), and the Cybersecurity Information Sharing Act (CISA) in the U.S. are just a few examples of regulations that impose strict requirements on organizations to safeguard data.
Compliance with these regulations is not just about avoiding legal consequences; it also builds trust with stakeholders, including customers and partners. Moreover, cybersecurity governance frameworks must account for the increasing trend of cross-border data flows, which require adherence to a range of international regulations. Organizations must continuously update their cybersecurity policies to ensure that they meet evolving regulatory standards, as non-compliance could lead to significant fines or reputational damage.
4. Incident Response and Recovery
Despite best efforts, cyberattacks are inevitable, and organizations must be prepared for such eventualities. A crucial component of cybersecurity governance is the creation of incident response and recovery plans. These plans ensure that, in the event of a cyberattack, there are clear steps for identifying, containing, and mitigating the attack, as well as restoring operations to normal as quickly as possible.
Incident response requires cross-functional coordination among IT, legal, communications, and other departments. Having a robust recovery plan in place allows an organization to minimize downtime, limit financial losses, and ensure that the reputational damage caused by a cyberattack is contained. Effective recovery processes also involve post-incident analysis to identify weaknesses in the system and improve the security posture for future incidents.
The table below encapsulates the core components of cybersecurity governance and highlights their essential roles in ensuring a robust cybersecurity framework for organizations:
- Integrates with business continuity planning.
- Continuous monitoring and evaluation.
- Establishes accountability across both technical and non-technical stakeholders.
- Develops and enforces cybersecurity policies.
- Accounts for cross-border data flows.
- Continuously updates policies to meet evolving regulatory standards.
- Minimizes downtime and financial losses.
- Post-incident analysis to strengthen security.
Case Studies on Cybersecurity Governance
1. Estonia: Leading Digital Nation
Estonia has become a model for digital governance, particularly after the 2007 cyberattacks. In response, the country established the Estonian Information System Authority (RIA) and the Cyber Defense League, fortifying its national cybersecurity infrastructure. Estonia’s approach includes secure digital services like e-residency and the X-Road data exchange system, which facilitates safe communication between public and private entities. Estonia’s cybersecurity model integrates public-private partnerships, cybersecurity drills, and international collaboration with organizations like NATO and the EU. Despite its success, Estonia faces the challenge of continuously updating its systems to counter ever-evolving cyber threats.
2. United States: NIST Cybersecurity Framework
The National Institute of Standards and Technology (NIST) developed a widely adopted Cybersecurity Framework (CSF) that guides industries, particularly critical sectors like energy and healthcare, in managing cybersecurity risks. The framework emphasizes a risk-based approach, enabling organizations to align their cybersecurity strategies with business goals. In the U.S. energy sector, NIST CSF has been instrumental in safeguarding critical infrastructure. However, smaller organizations often face challenges in fully implementing the framework due to limited resources.
3. United Kingdom: National Cyber Security Centre (NCSC)
The National Cyber Security Centre (NCSC) in the UK plays a crucial role in coordinating the country’s cybersecurity efforts. The NCSC provides guidance, certifications, and real-time incident management support, notably during the WannaCry ransomware attack, where it minimized impact on the National Health Service (NHS). The NCSC’s centralized approach helps ensure cohesive cybersecurity strategies across the public and private sectors. However, it faces challenges in rapidly responding to emerging threats and retaining skilled cybersecurity professionals in a fast-evolving landscape.
4. Microsoft: Corporate Cybersecurity Integration
Microsoft integrates cybersecurity across its products, particularly through its Azure cloud platform. The company employs proactive security measures, real-time vulnerability management, and threat intelligence sharing with global cybersecurity organizations. Microsoft collaborates with industry peers to address shared cyber risks. Despite its success, Microsoft must balance security with user experience, especially considering the scale and complexity of its global services and the increasing sophistication of cyber threats.
Global Frameworks for Cybersecurity Governance
While individual organizations must implement their own cybersecurity governance structures, there are also several global frameworks and initiatives that guide and support effective cybersecurity governance on an international scale.
1. The NIST Cybersecurity Framework
The National Institute of Standards and Technology (NIST) Cybersecurity Framework is one of the most widely adopted global frameworks for cybersecurity governance. Originally developed for the United States, the NIST Cybersecurity Framework is now used by organizations worldwide to improve their cybersecurity posture.
The NIST framework provides a flexible and cost-effective approach to managing cybersecurity risks. It is organized around five key functions: Identify, Protect, Detect, Respond, and Recover. This framework helps organizations assess their current cybersecurity posture, identify areas for improvement, and implement best practices to manage and mitigate risks.
2. ISO/IEC 27001
ISO/IEC 27001 is an international standard for information security management systems (ISMS) and is widely recognized for helping organizations develop a structured approach to protecting sensitive information. The standard outlines a set of requirements for establishing, implementing, operating, monitoring, reviewing, and improving an information security management system.
ISO/IEC 27001 helps organizations ensure that they adopt a systematic approach to managing information security risks, ranging from physical and digital threats to compliance-related concerns. By achieving ISO/IEC 27001 certification, organizations demonstrate their commitment to maintaining a high standard of cybersecurity governance.
3. The EU Cybersecurity Act
The European Union Cybersecurity Act, which came into force in 2019, strengthens the EU’s cybersecurity governance framework by creating a European Cybersecurity Certification Framework and enhancing the mandate of the EU Agency for Cybersecurity (ENISA). This legislation is designed to ensure the resilience of critical infrastructure, including in the financial, healthcare, and energy sectors.
The EU Cybersecurity Act provides a solid legal framework for cybersecurity governance across Europe, setting clear requirements for the security of network and information systems, and establishing the grounds for cooperation between EU member states in the event of large-scale cyberattacks.
4. The OECD Cybersecurity Policy Framework
The Organization for Economic Co-operation and Development (OECD) has developed a comprehensive cybersecurity policy framework aimed at fostering international cooperation and improving cybersecurity governance among its member states. The framework emphasizes the importance of resilience in critical sectors such as finance, healthcare, and telecommunications, and promotes collaborative efforts to combat global cyber threats.
The OECD framework also highlights the need for public-private partnerships to improve cybersecurity governance. Given that the private sector owns much of the critical infrastructure, its active participation in cybersecurity governance is crucial for ensuring the security and resilience of cyberspace.
Technological Advancements in Cybersecurity
As cyber threats continue to evolve, advancements in technology play a critical role in transforming cybersecurity practices. Emerging technologies like blockchain, machine learning (ML), artificial intelligence (AI), and advanced encryption techniques are enabling organizations to strengthen their defenses, enhance threat detection, and ensure secure data transmission. Let’s dive into how these technologies are reshaping the cybersecurity landscape.
Blockchain Technology
Blockchain offers decentralized, immutable data storage, making it difficult for cybercriminals to alter records. Its applications in cybersecurity include secure identity management and transparent supply chain monitoring. By preventing unauthorized data tampering and increasing trust, blockchain strengthens overall security, though it faces challenges in scalability and integration with existing systems.
Machine Learning (ML) and Artificial Intelligence (AI)
Machine learning and AI enhance cybersecurity by automating threat detection, anomaly identification, and predictive analysis. These technologies can detect new and unknown threats by analyzing patterns in vast data sets. They also enable real-time automated responses, reducing the time to remediate attacks. However, they are vulnerable to adversarial attacks and require substantial computational resources for effective implementation.
Advanced Encryption Techniques
Encryption remains a core defense against cyber threats. Quantum-resistant encryption is designed to secure data from the emerging threat of quantum computing, while homomorphic encryption allows computations on encrypted data without exposure. End-to-end encryption ensures data security during transmission, but these techniques can be resource-intensive and may slow down system performance.
The Role of Cybersecurity Governance in National Security
Cybersecurity governance is not only crucial for individual organizations but also for national security. Governments worldwide are increasingly recognizing the need to safeguard their national digital infrastructures and protect citizens from cybercrime, cyberterrorism, and espionage. As cyber threats become more sophisticated, national governments have taken proactive steps to develop and implement cybersecurity strategies that align with their broader national security goals.
Many countries have established dedicated national cybersecurity agencies, such as the Cybersecurity and Infrastructure Security Agency (CISA) in the United States, and the National Cyber Security Centre (NCSC) in the United Kingdom. These agencies are tasked with developing national policies, conducting cybersecurity research, and coordinating responses to large-scale cyber incidents.
In addition to national efforts, international cooperation is vital for addressing cyber threats that transcend borders. Organizations like the United Nations and the European Union are actively engaged in promoting international cybersecurity collaboration. Cybersecurity governance at the national level must, therefore, align with global initiatives to ensure comprehensive and effective security measures.
The Future of Cybersecurity Governance
The future of cybersecurity governance is set to evolve significantly, driven by emerging technologies and the continuous rise in cyber threats. Artificial Intelligence (AI) and Machine Learning (ML) will play a crucial role in enhancing predictive threat detection, allowing organizations to proactively identify and mitigate potential risks before they escalate. Zero-trust security models are becoming increasingly important, as they focus on verifying all users and devices within a network, thus reducing the chances of unauthorized access. As cloud adoption grows, ensuring the security of multi-cloud and hybrid environments will be a central concern for governance frameworks, with advanced encryption and stringent access controls becoming essential.
At the executive level, cybersecurity is increasingly being viewed as a strategic business priority, with Chief Information Security Officers (CISOs) being more involved in board-level discussions to ensure cybersecurity practices align with broader organizational goals. Additionally, stricter regulations, such as data protection laws and international cybersecurity frameworks, are expected to raise accountability and standardize practices across industries, helping to ensure a more secure digital landscape. With the rise of quantum computing, quantum-safe security measures, including quantum-resistant encryption, will be critical to protect data from potential vulnerabilities introduced by new technologies.
Public-private partnerships will continue to strengthen, with increased collaboration between governments, private sectors, and international organizations to bolster global cybersecurity resilience and intelligence sharing. Furthermore, the automation of cybersecurity processes—ranging from threat detection to incident response—will improve operational efficiency and speed in dealing with cyber threats. As the demand for cybersecurity professionals grows, organizations will invest more in talent development, ensuring a steady pipeline of skilled individuals to meet the increasing need. Lastly, the establishment of global cybersecurity standards will pave the way for unified and standardized practices, making it easier to respond to threats collectively and more effectively across borders. These advancements will shape the future of cybersecurity governance, creating frameworks that are more resilient, adaptable, and proactive in safeguarding against an increasingly complex cyber landscape.
Final Words
As the digital landscape continues to evolve, cybersecurity governance plays a crucial role in ensuring the resilience and security of systems and information. The growing complexity and frequency of cyber threats have underscored the need for organizations, governments, and international bodies to adopt comprehensive governance frameworks. Effective cybersecurity governance requires robust risk management, clear leadership, policy compliance, and a proactive approach to incident response and recovery.
Global frameworks such as NIST, ISO/IEC 27001, the EU Cybersecurity Act, and the OECD’s cybersecurity guidelines provide valuable guidance to organizations seeking to strengthen their cybersecurity practices. Ultimately, cybersecurity governance is a dynamic and ongoing process that must evolve in response to emerging threats and new technological advancements. Only through effective governance can we hope to safeguard our increasingly interconnected world from the ever-growing range of cyber threats. We hope this article by the Academic Block on Cybersecurity Governance has provided valuable insights into the evolving landscape of global security and the frameworks guiding it. As cybersecurity threats continue to grow in complexity, effective governance remains essential for ensuring resilience and safeguarding critical infrastructures worldwide. If you have any questions or reflections, we encourage you to share them in the comments. Thank you for reading!
This Article will answer your questions like:
Government cyber security refers to the measures and protocols implemented by governmental bodies to protect sensitive information, infrastructure, and services from cyber threats. It encompasses strategies to safeguard data integrity, ensure the availability of digital services, and defend against attacks that could compromise national security. Government agencies employ various tools and frameworks, including risk assessments, incident response plans, and continuous monitoring, to enhance their resilience against evolving cyber threats and vulnerabilities.
Information security governance steps typically include establishing a governance framework, identifying and assessing risks, defining security policies and procedures, and allocating resources effectively. Organizations also need to implement security controls, ensure compliance with relevant regulations, and conduct regular training and awareness programs for employees. Continuous monitoring and assessment of security measures, along with timely updates to policies and technologies, are essential to adapt to the evolving threat landscape and maintain robust information security governance.
A cybersecurity governance framework provides a structured approach for organizations to manage and mitigate cyber risks. It outlines the roles, responsibilities, and processes necessary to establish effective cybersecurity practices. Frameworks often include guidelines for risk management, policy development, compliance with regulations, and incident response. By implementing such a framework, organizations can ensure that cybersecurity is integrated into their overall governance and operational strategies, promoting a culture of security awareness and resilience.
The standard for cybersecurity governance often refers to frameworks such as the NIST Cybersecurity Framework or ISO/IEC 27001. These standards provide guidelines for organizations to manage cybersecurity risks effectively. They emphasize establishing a risk management process, developing policies and procedures, and implementing security controls. Adhering to these standards helps organizations create a robust governance structure that supports compliance, protects information assets, and fosters trust among stakeholders by demonstrating commitment to cybersecurity best practices.
Major components of cybersecurity governance include leadership and organizational structure, risk management processes, policy development, compliance management, and incident response planning. Effective governance also involves continuous monitoring and assessment of security measures, employee training and awareness programs, and collaboration with external stakeholders. By integrating these components into a cohesive framework, organizations can enhance their cybersecurity posture, align security initiatives with business objectives, and foster a culture of security across all levels.
E-governance in cyber security refers to the use of digital technologies by government institutions to deliver services, engage with citizens, and manage information securely. It encompasses measures to protect government websites, databases, and online services from cyber threats, ensuring the confidentiality, integrity, and availability of sensitive information. E-governance initiatives aim to enhance transparency, improve service delivery, and foster citizen participation while implementing robust security protocols to mitigate risks associated with digital interactions.
National cybersecurity strategies have evolved significantly from 2000 to the present, adapting to the rapidly changing threat landscape. Early strategies focused primarily on protecting critical infrastructure and government systems. Over time, there has been a shift toward comprehensive approaches encompassing risk management, public-private collaboration, and international cooperation. Current strategies emphasize resilience, incident response capabilities, and the protection of personal data, reflecting the growing importance of cybersecurity in national security and economic stability in the digital age.
International organizations play a crucial role in cybersecurity governance by establishing frameworks, promoting best practices, and facilitating cooperation among nations. Organizations such as the International Telecommunication Union (ITU) and the United Nations (UN) provide platforms for dialogue and collaboration on cybersecurity issues. They help member states enhance their cybersecurity capacities, develop legal frameworks, and respond to cyber threats collectively, fostering a coordinated international approach to secure cyberspace and combat cybercrime effectively.
Since 2000, the cybersecurity threat landscape has evolved dramatically, characterized by an increase in the frequency, sophistication, and diversity of cyber attacks. The emergence of advanced persistent threats (APTs), ransomware, and cyber espionage has become prevalent, targeting critical infrastructure and sensitive data. Additionally, the rise of social engineering tactics and the exploitation of vulnerabilities in widely used software have highlighted the importance of proactive cybersecurity measures. Organizations must continually adapt their strategies to address these evolving threats effectively.
Major cybersecurity regulations introduced in the 21st century include the General Data Protection Regulation (GDPR) in the EU, which establishes strict data protection and privacy standards; the Health Insurance Portability and Accountability Act (HIPAA) in the U.S., which safeguards healthcare information; and the California Consumer Privacy Act (CCPA), enhancing consumer rights regarding personal data. These regulations reflect a growing recognition of the need for robust cybersecurity practices to protect individuals’ information and ensure organizational accountability in the digital landscape.
Public-private partnerships contribute significantly to cybersecurity governance by facilitating collaboration between government entities and private sector organizations. These partnerships enhance information sharing, enabling stakeholders to share threat intelligence, best practices, and resources effectively. By working together, public and private sectors can develop comprehensive strategies to address emerging threats, promote innovation in cybersecurity technologies, and strengthen the overall security posture of critical infrastructure and services, ensuring a more resilient cybersecurity environment.
Technological advancements have significantly impacted cybersecurity governance by introducing new tools and methodologies for risk assessment, threat detection, and incident response. Innovations such as artificial intelligence (AI) and machine learning enhance the ability to identify patterns and anomalies in network traffic, improving threat detection capabilities. Additionally, advancements in encryption technologies and cloud computing have necessitated updates to governance frameworks to address emerging security challenges, ensuring organizations can effectively protect sensitive data in increasingly complex environments.
Key challenges in cybersecurity governance since 2000 include the rapid evolution of cyber threats, a shortage of skilled cybersecurity professionals, and the complexity of managing security across diverse technologies and platforms. Organizations also face difficulties in ensuring compliance with an increasing number of regulations and standards while maintaining a balance between security and usability. Additionally, the need for effective public-private collaboration remains critical as cyber threats continue to grow in sophistication and frequency.
Risk Associated with Cybersecurity Governance
Evolving Threat Landscape: Cyber threats have become increasingly sophisticated, with new attack vectors such as Advanced Persistent Threats (APTs), ransomware, and zero-day exploits emerging regularly. This constant evolution requires organizations to continually update and adapt their security measures.
Attribution and Accountability: The challenge of accurately attributing cyber attacks to specific actors complicates efforts to hold perpetrators accountable. This ambiguity can lead to difficulties in implementing appropriate responses and sanctions, especially in cases involving state-sponsored attacks.
Insider Threats: Employees, contractors, or other insiders with authorized access can pose significant risks, whether through malicious intent or negligence. Insider threats are particularly difficult to detect and mitigate, often resulting in substantial damage when they occur.
Balancing Security and Privacy: Implementing robust cybersecurity measures often entails extensive data collection and monitoring, which can infringe on individual privacy rights. Striking a balance between ensuring security and protecting privacy remains a contentious and challenging issue.
Regulatory Compliance: The increasing number of cybersecurity regulations, such as GDPR and CCPA, requires organizations to navigate complex legal landscapes. Ensuring compliance can be resource-intensive and challenging, particularly for multinational corporations operating across multiple jurisdictions.
Supply Chain Vulnerabilities: Third-party vendors and suppliers can introduce significant vulnerabilities into an organization’s cybersecurity posture. Attacks on the supply chain, such as the SolarWinds breach, demonstrate how compromising a single supplier can have widespread and severe consequences.
Rapid Technological Change: The fast-paced development of new technologies, such as IoT, 5G, and AI, introduces new vulnerabilities and complexities. Keeping up with these changes and ensuring that cybersecurity measures remain effective is a continuous challenge.
Resource Constraints: Many organizations, especially smaller enterprises, face limitations in terms of budget, expertise, and manpower dedicated to cybersecurity. These constraints can lead to inadequate defenses and make organizations attractive targets for cyber attackers.
Incident Response and Recovery: Effective incident response and recovery plans are crucial, but many organizations are not adequately prepared. Delayed or inadequate responses to cyber incidents can exacerbate damage and prolong recovery times, leading to significant operational and financial impacts.
Cybersecurity Skills Gap: The demand for cybersecurity professionals has outpaced the supply, resulting in a significant skills gap. Organizations struggle to find and retain qualified personnel, undermining their ability to implement and maintain robust cybersecurity measures.
Facts on Cybersecurity Governance
Rapid Growth of Cyber Threats: Cyber attacks have escalated significantly since 2000, with an increasing number of sophisticated threats such as ransomware, phishing, and advanced persistent threats (APTs).
Regulatory Framework Expansion: The introduction of major regulations like GDPR in 2018 and CCPA in 2020 has mandated stricter data protection measures and increased penalties for non-compliance.
Public Sector Initiatives: Governments worldwide have established dedicated agencies such as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in 2018 to enhance national cybersecurity efforts.
Private Sector Involvement: Information Sharing and Analysis Centers (ISACs) have been formed across various industries to facilitate collaboration and threat intelligence sharing among private sector entities.
Technological Advancements: Innovations like artificial intelligence (AI) and machine learning (ML) are increasingly utilized for threat detection and response, improving the effectiveness of cybersecurity measures.
International Collaboration: Treaties like the Budapest Convention on Cybercrime and initiatives by organizations such as the United Nations aim to establish global norms and cooperation frameworks in cyberspace.
Impact on Critical Infrastructure: High-profile attacks on critical infrastructure, such as the 2015 Ukrainian power grid attack and the 2021 Colonial Pipeline ransomware attack, have highlighted vulnerabilities and the need for robust protection measures.
Cybersecurity Workforce Challenges: There is a persistent global shortage of skilled cybersecurity professionals, leading to increased demand for training and education initiatives in the field.
Emergence of Cyber Insurance: The cybersecurity insurance market has grown substantially, providing financial protection against cyber incidents and incentivizing improved security practices.
Evolution of Standards and Best Practices: Frameworks like ISO/IEC 27001 and the NIST Cybersecurity Framework continue to evolve, providing organizations with structured approaches to managing cybersecurity risks and compliance.
Academic References on Cybersecurity Governance
- Bodeau, D., & Church, G. M. (2018). Understanding cyber-security risk governance: A case study of a UK critical infrastructure organization. Risk Management, 20(2), 117-136.
- Buchanan, W. J., & Eliot, C. (2014). Cyber security and resilience. Computer Law & Security Review, 30(3), 235-248.
- Cavusoglu, H., Mishra, B., & Raghunathan, S. (2004). The effect of internet security breach announcements on market value: Capital market reactions for breached firms and internet security developers. International Journal of Electronic Commerce, 9(1), 70-104.
- Clarke, R., & Knake, R. K. (2010). Cyber war: The next threat to national security and what to do about it. Ecco.
- Council of Europe. (2001). Convention on cybercrime.
- Davis, R. C., & Jenkins, A. (Eds.). (2017). Global cyber security capacity centre (GCSCC) research conference 2017: Proceedings. University of Oxford.
- Gangemi, G. T. A., & Ricci, L. (2016). A model for cybersecurity governance. In Proceedings of the 12th International Conference on Cyber Warfare and Security (pp. 103-110). Academic Conferences International Limited.
- Gupta, M., Walp, P., & Blyth, A. (2018). Towards a framework for cybersecurity governance. Journal of Cybersecurity Research, 3(1), 45-61.
- Halderman, J. A., & Felten, E. W. (Eds.). (2013). Technology and governance in the age of the cyber-diaspora. Ashgate Publishing.
- Libicki, M. C. (2017). Cyberdeterrence and cyberwar. RAND Corporation.
- McLoughlin, I., & Kerr, P. (Eds.). (2016). Cyber security and policy: A substantive dialogue. Emerald Group Publishing Limited.
- Nakashima, E., & Miller, G. (2013). Cyber operations: Building, defending, and attacking modern computer networks. New York, NY: Palgrave Macmillan.
- Schneier, B. (2015). Data and Goliath: The hidden battles to collect your data and control your world. W. W. Norton & Company.
- Valeriano, B., & Maness, R. C. (2015). Cyber war versus cyber realities: Cyber conflict in the international system. Oxford University Press.