National Cyber Incident Classification Handbook
After an introduction and context-setting section explaining the benefits and challenges of cyber incident classification, the handbook divides the process of setting up a national system into six steps:
Step 1: Set the goals.
Step 2: Engage stakeholders.
Step 3: Establish reporting pathways.
Step 4: Build on existing structures.
Step 5: Implement the system.
Step 6: Refine the system.
To illustrate the principles outlined in this handbook, we use the examples of two fictitious states representing different approaches to cyber incident classification. While these examples are fictitious, the description of their approaches is informed by observations of existing cyber incident classification practices.
The views, opinions, conclusions and other information expressed in this document are not given nor necessarily endorsed by the Organization for Security and Co-operation in Europe (OSCE) unless the OSCE is explicitly defined as the Author of this document.