About this step

In the risk assessment step a country examines its national threats, vulnerabilities and the processes for managing the risk of its critical infrastructure, assets and systems.

Several companies and research institutes publish global, regional and country-specific threat assessments.   These can complement capacity building activities that provide bespoke, additional information, advice and training for a government’s threat assessment.

The CIIP Capacity Framework is a resource for countries wanting to assess their Critical Information Infrastructure Protection (CIIP) capacity.  Countries may also find useful the GFCE white paper Towards Identifying Critical National Infrastructures in the National Cybersecurity Strategy Process.

Several capacity building organisations have their own proprietary frameworks and tools for assessing CI and CII vulnerabilities and risk management processes.