With over 15 years of experience, CICTE’s Cybersecurity Program is the regional leader in aiding the Organization of American States (OAS)’ member states to build technical and policy-level cybersecurity capacities. Its initiatives and activities aim to ensure an open, secure, and resilient cyberspace throughout the Western Hemisphere.

Achievements

Resultados Cyber

Activities

The Cybersecurity Program’s regional efforts are multi-faceted and focus on (I) policy development, (II) capacity building (including training and exercises), and (III) research and outreach.

  • I. Policy Development:

    The Program assists OAS member states in developing national cybersecurity strategies that involve all relevant stakeholders and are tailored to each nation’s legislative, cultural, economic, and structural situation.
  • II. Capacity Building:

    The Program helps to establish national computer security incident response teams (CSIRTs) and provides tailored technical assistance and training opportunities to strengthen national institutions and organizations. Addi- tionally, it has the CSIRTAmericas network, which provides threat intelligence and timely cybersecurity information among 29 CSIRTs from 20 OAS Member states.
  • III. Research and Awareness Raising:

    The Program develops technical documents, toolkits, and reports to guide policymakers, CSIRTs, infrastructure operators, private organizations, and civil society by highlighting current developments and identifying key cybersecurity issues and challenges in the region.

Strategic partners

Canada
Estonia
United Kingdom
United States of America
Amazon Web Services
CISCO
Citigroup
Cybernet
Facebook
Florida International University
Global Forum on Cyber Expertise
Governmental Advisory Committee (GAC) of the Internet Corporation for Assigned Names and Numbers
Instituto Nacional de Ciberseguridad (INCIBE)
ISACA
Microsoft
University of Oxford
Trend Micro
Twitter
World Economic Forum (WEF)
Inter-American Defense Board

Meetings

CICTE holds an annual meeting for the working group on cooperation and confidence-building measures in cyberspace.

Others events.

Publications

This publication seeks to provide recommendations and reflections based on international best practices for decisionmakers at public and private sector organizations, regarding both the reality of a ransomware attack and its implications, to illustrate the process that occurs during an event and thus, provide spaces to examine how to address this challenge, what margin of action can be achieved, and how to discover certain patterns that indicate a possible evolution of this type of threat within an organization.

English | Español | Français | Português
This guide is a continuation of the document Best Practices for Establishing a National CSIRT, published by the Organization of American States (OAS) in 2016, focusing on planning and developing a Computer Security Incident Response Team (CSIRT) in the public sector in Latin America and the Caribbean. Based on the OAS's experience and real statistical data, the guide provides general recommendations and is not intended to be a static model but rather an adaptable resource for different local conditions regarding political, cultural, geographical, and legal systems.

English | Español
This document is structured in five parts that address the key considerations relevant for the process of NCS development, implementation, and review ...

English
This paper contains a comparative study of the telecommunication development funds (TDF) of Brazil, Chile, Colombia, and Costa Rica and assesses the feasibility of adopting a similar model for funding initiatives to promote cybersecurity in Latin America. Specifically, the paper examines the existing governance, formation, fund collection, and criteria analysis mechanisms for resource allocation of the TDFs ...

Español | English | Français | Português
This manual provides updated information on the phenomenon of gender violence online, how it manifests and what the regional efforts are being conducted to counter it. The publication also includes practical steps to prevent it and guidance for victims of related cases ...

Español | English
In addition to the publication entitled “Online gender violence against women and girls”, this basic concept guide is directed for cybersecurity-related public institutions, professionals and stakeholders who seek to understand the phenomenon of gender violence. online. It includes recommendations for policy makers and professionals who might handle complaints of this type ...

Español | English
In addition to the publication entitled “Online gender violence against women and girls”, this response guide aims to provide the necessary skills so that women can protect themselves individually and collectively in their online interactions and create their own virtual spaces where they are free from violence through practical advice on prevention, response to attacks, and complaint processes ...

Español | English
This publication provides tools and present best practices for monitoring, consuming, and sharing information, and recommendations for staying safe online, focusing, particularly, on Twitter ...

English | Español | Português
... Experiences, Risks, and strategies of self-care in the new digital normality - The report analyzes the cyber-attack scenario prompted by the health crisis in connection with the dynamics governing women’s access to and use of the Internet along with systemic (online and offline) conditions of gender inequality with a view to identifying certain cyberthreats reportedly affecting women specifically during this phase ...

English | Español | Português
The purpose of this study is to provide comprehensive information on the state of cybersecurity in the Colombian financial system, presenting trends regarding digital security challenges, information security risk management, and security event detection and analysis capabilities ...

Español
The document presents an educational approach to combat it, promoting solutions to include aspects of cybersecurity at all levels of training and education. The publication, likewise, offers a set of tools of initiatives and mechanisms at the national level to generate interest in cybersecurity careers ...

Español | English | Français | Português
This study presents the cyber capabilities of the Federative Republic of Brazil with the objective of allowing the Government to obtain an understanding of its cybersecurity capacity, in order to strategically prioritize its investments in this matter.

Available in:
English | Español | Português
The publication presents an approach on the cyber threats that affect existing democratic processes in Latin America and the Caribbean and advances how to reduce their impacts on regional democracy. In addition, it offers information on the power of disinformation in the digital age, global efforts in cybersecurity and democracy, and some recommendations to protect electoral integrity.

Available in:
English | Español
Boards of directors must take a leadership role in overseeing the security of their company's cyber systems. However, corporate boards in Latin America generally have low to medium maturity levels related to cybersecurity, and most boards have only a “formative” knowledge of cybersecurity. This publication is the result of a multi-stage process in which the OAS and the ISA engaged with hundreds of stakeholders from corporate boards, government, academia, and senior management throughout the region to help organizations protect themselves from cyber threats.

Available in:
Español | English | Português
This whitepaper seeks to provide guidance for the development of a data classification system for the purposes of ensuring access to and protection of information generated and processed by governments. The Whitepaper examines data classification approaches existing at the national and international level, to offer data classification as a functional tool and means to avert potential risks such as under or over classification of information.

Available in:
Español | English | Français | Português
This publication provides tools and good practices for the monitoring, consumption, and distribution of information, as well as recommendations to stay safe online, with a particular focus on Twitter.

Available in:
Español | English | Français | Português
This publication focuses on the NIST Framework, its use, and case studies such as the UK and Uruguay. This a tool for cybersecurity risk management, which enables technological innovation adjusting to all types of organizations.

Available in:
Español | English | Français | Português
The purpose of this study is to provide information on the State of Cybersecurity in the Mexican Financial System. The information analyzed in this study comes from a database of 240 entities and financial institutions participating in the Mexican financial system.

Español »
This publication analyzes cybersecurity dimensions concerning banking entities in the region, as well as its customer to provide a specific panorama of the strengths and weaknesses of this sector.

English »
(OAS-Microsoft, 2018). This report aims to reflect the experiences and practices of critical infrastructure and critical information infrastructure protection in Latin America and the Caribbean. As a region with a long history of cooperation and one of the first to cooperate on addressing cybersecurity threats, these learnings can be a valuable reference for the cybersecurity and critical infrastructure community.

Abrir »
This study aims to deepen the knowledge of cybersecurity risks, challenges and opportunities in Latin America and the Caribbean. Using surveys and other data provided by experts and officials from thirty-two OAS member states, the report examines each country's “cyber maturity” in five dimensions: 1) cyber security policy and strategy; 2) cyber culture and society; 3) cybersecurity education, training, and competencies; 4) legal and regulatory frameworks; and 5) standards, organizations, and technologies.

Español | English
This report is intended to shed light on cybercrime activity and trends that take place in the Americas within the critical infrastructure sector. It also aims to provide insight on how fostering collaboration between these industries and their governments can strengthen their ability to combat cyber-attacks.

Español | English
The report provides a truly comprehensive landscape of cybersecurity in the Americas, with information submitted by 30 out of the 32 countries in Latin America and the Caribbean. Together, the information provided a clear picture of where the region stood with regards to the cybersecurity by 2014. The report represents a multi-stakeholder effort, with contributions from Symantec, AMERIPOL, Microsoft, LACNIC, ICANN, and the Anti-Phishing Working Group.

Español | English
The information collected in this publication provides a complete overview of the attacks suffered by both the public and private sectors, as well as their level of preparedness to defend themselves against such attacks. The study tries to present the information according to the different profiles of both public and private institutions and numerous statistical tools have been used to facilitate the reader to draw their own conclusions.

Español
This guide discusses various types of CSIRTs, including the National CSIRTs, responding to security incidents computer science at the level of a state-country. This document analyzes the project management process for the creation and implementation of a national CSIRT, including different criteria and necessary considerations to define its constitution, mission, vision, scope, services, times, and legal and institutional or organizational aspects. In addition, the guide presents detailed descriptions of the infrastructure, including hardware, software, and technical procedures. Finally, different policies and procedures are analyzed required for smooth CSIRT operation. I also know analyze guidelines for membership and participation in certain international organizations, such as the Teams Forum Incident Response and Security (FIRST).

English | Español