Each year the OAS Secretary General publishes a proposed Program-Budget for the coming calendar year. The OAS General Assembly meets in a Special Session to approve the Program-Budget. Find these documents from 1998-2013 here.
Each year in April, the OAS Board of External Auditors publishes a report covering the previous calendar year’s financial results. Reports covering 1996-2016 may be found here.
Approximately six weeks after the end of each semester, the OAS publishes a Semiannual Management and Performance Report, which since 2013 includes reporting on programmatic results. The full texts may be found here.
Here you will find data on the Human Resources of the OAS, including its organizational structure, each organizational unit’s staffing, vacant posts, and performance contracts.
The OAS executes a variety of projects funded by donors. Evaluation reports are commissioned by donors. Reports of these evaluations may be found here.
The Inspector General provides the Secretary General with reports on the audits, investigations, and inspections conducted. These reports are made available to the Permanent Council. More information may be found here.
The OAS has discussed for several years the real estate issue, the funding required for maintenance and repairs, as well as the deferred maintenance of its historic buildings. The General Secretariat has provided a series of options for funding it. The most recent document, reflecting the current status of the Strategy, is CP/CAAP-3211/13 rev. 4.
Here you will find information related to the GS/OAS Procurement Operations, including a list of procurement notices for formal bids, links to the performance contract and travel control measure reports, the applicable procurement rules and regulations, and the training and qualifications of its staff.
The OAS Treasurer certifies the financial statements of all funds managed or administered by the GS/OAS. Here you will find the latest general purpose financial reports for the main OAS funds, as well as OAS Quarterly Financial Reports (QFRs).
Every year the GS/OAS publishes the annual operating plans for all areas of the Organization, used to aid in the formulation of the annual budget and as a way to provide follow-up on institutional mandates.
Here you will find information related to the OAS Strategic Plan 2016-2020, including its design, preparation and approval.
Cybersecurity program
With over 15 years of experience, CICTE’s Cybersecurity Program is the regional leader in aiding the Organization of American States (OAS)’ member
states to build technical and policy-level cybersecurity capacities. Its initiatives and activities aim to ensure an open, secure, and resilient cyberspace throughout the Western Hemisphere.
The Cybersecurity Program’s regional efforts are multi-faceted and focus on (I) policy development, (II) capacity building (including training and exercises), and (III) research and outreach.
I. Policy Development:
The Program assists OAS member states in developing national cybersecurity strategies that involve all relevant stakeholders and are tailored to each nation’s legislative, cultural, economic, and structural situation.
II. Capacity Building:
The Program helps to establish national computer security incident response teams (CSIRTs) and provides tailored technical assistance and training opportunities to strengthen national institutions and organizations. Addi- tionally, it has the CSIRTAmericas network, which provides threat intelligence and timely cybersecurity information among 29 CSIRTs from 20 OAS Member states.
III. Research and Awareness Raising:
The Program develops technical documents, toolkits, and reports to guide policymakers, CSIRTs, infrastructure operators, private organizations, and civil society by highlighting current developments and identifying key cybersecurity issues and challenges in the region.
This publication seeks to provide recommendations and reflections based on international best practices for decisionmakers at public and private sector organizations, regarding both the reality of a ransomware attack and its implications, to illustrate the process that occurs during an event and thus, provide spaces to examine how to address this challenge, what margin of action can be achieved, and how to discover certain patterns that indicate a possible evolution of this type of threat within an organization.
This guide is a continuation of the document Best Practices for Establishing a National CSIRT, published by the Organization of American States (OAS) in 2016, focusing on planning and developing a Computer Security Incident Response Team (CSIRT) in the public sector in Latin America and the Caribbean. Based on the OAS's experience and real statistical data, the guide provides general recommendations and is not intended to be a static model but rather an adaptable resource for different local conditions regarding political, cultural, geographical, and legal systems.
This document is structured in five parts that address the key considerations relevant for the process of NCS development, implementation, and review ...
This paper contains a comparative study of the telecommunication development funds (TDF) of Brazil, Chile, Colombia, and Costa Rica and assesses the feasibility of adopting a similar model for funding initiatives to promote cybersecurity in Latin America. Specifically, the paper examines the existing governance, formation, fund collection, and criteria analysis mechanisms for resource allocation of the TDFs ...
This manual provides updated information on the phenomenon of gender violence online, how it manifests and what the regional efforts are being conducted to counter it. The publication also includes practical steps to prevent it and guidance for victims of related cases ...
In addition to the publication entitled “Online gender violence against women and girls”, this basic concept guide is directed for cybersecurity-related public institutions, professionals and stakeholders who seek to understand the phenomenon of gender violence. online. It includes recommendations for policy makers and professionals who might handle complaints of this type ...
In addition to the publication entitled “Online gender violence against women and girls”, this response guide aims to provide the necessary skills so that women can protect themselves individually and collectively in their online interactions and create their own virtual spaces where they are free from violence through practical advice on prevention, response to attacks, and complaint processes ...
This publication provides tools and present best practices for monitoring, consuming, and sharing information, and recommendations for staying safe online, focusing, particularly, on Twitter ...
... Experiences, Risks, and strategies of self-care in the new digital normality - The report analyzes the cyber-attack scenario prompted by the health crisis in connection with the dynamics governing women’s access to and use of the Internet along with systemic (online and offline) conditions of gender inequality with a view to identifying certain cyberthreats reportedly affecting women specifically during this phase ...
The purpose of this study is to provide comprehensive information on the state of cybersecurity in the Colombian financial system, presenting trends regarding digital security challenges, information security risk management, and security event detection and analysis capabilities ...
The document presents an educational approach to combat it, promoting solutions to include aspects of cybersecurity at all levels of training and education. The publication, likewise, offers a set of tools of initiatives and mechanisms at the national level to generate interest in cybersecurity careers ...
This study presents the cyber capabilities of the Federative Republic of Brazil with the objective of allowing the Government to obtain an understanding of its cybersecurity capacity, in order to strategically prioritize its investments in this matter.
The publication presents an approach on the cyber threats that affect existing democratic processes in Latin America and the Caribbean and advances how to reduce their impacts on regional democracy. In addition, it offers information on the power of disinformation in the digital age, global efforts in cybersecurity and democracy, and some recommendations to protect electoral integrity.
Boards of directors must take a leadership role in overseeing the security of their company's cyber systems. However, corporate boards in Latin America generally have low to medium maturity levels related to cybersecurity, and most boards have only a “formative” knowledge of cybersecurity. This publication is the result of a multi-stage process in which the OAS and the ISA engaged with hundreds of stakeholders from corporate boards, government, academia, and senior management throughout the region to help organizations protect themselves from cyber threats.
This whitepaper seeks to provide guidance for the development of a data classification system for the purposes of ensuring access to and protection of information generated and processed by governments. The Whitepaper examines data classification approaches existing at the national and international level, to offer data classification as a functional tool and means to avert potential risks such as under or over classification of information.
This publication provides tools and good practices for the monitoring, consumption, and distribution of information, as well as recommendations to stay safe online, with a particular focus on Twitter.
This publication focuses on the NIST Framework, its use, and case studies such as the UK and Uruguay. This a tool for cybersecurity risk management, which enables technological innovation adjusting to all types of organizations.
The purpose of this study is to provide information on the State of Cybersecurity in the Mexican Financial System. The information analyzed in this study comes from a database of 240 entities and financial institutions participating in the Mexican financial system.
This publication analyzes cybersecurity dimensions concerning banking entities in the region, as well as its customer to provide a specific panorama of the strengths and weaknesses of this sector.
(OAS-Microsoft, 2018). This report aims to reflect the experiences and practices of critical infrastructure and critical information infrastructure protection in Latin America and the Caribbean. As a region with a long history of cooperation and one of the first to cooperate on addressing cybersecurity threats, these learnings can be a valuable reference for the cybersecurity and critical infrastructure community.
This study aims to deepen the knowledge of cybersecurity risks, challenges and opportunities in Latin America and the Caribbean. Using surveys and other data provided by experts and officials from thirty-two OAS member states, the report examines each country's “cyber maturity” in five dimensions: 1) cyber security policy and strategy; 2) cyber culture and society; 3) cybersecurity education, training, and competencies; 4) legal and regulatory frameworks; and 5) standards, organizations, and technologies.
This report is intended to shed light on cybercrime activity and trends that take place in the Americas within the critical infrastructure sector. It also aims to provide insight on how fostering collaboration between these industries and their governments can strengthen their ability to combat cyber-attacks.
The report provides a truly comprehensive landscape of cybersecurity in the Americas, with information submitted by 30 out of the 32 countries in Latin America and the Caribbean. Together, the information provided a clear picture of where the region stood with regards to the cybersecurity by 2014. The report represents a multi-stakeholder effort, with contributions from Symantec, AMERIPOL, Microsoft, LACNIC, ICANN, and the Anti-Phishing Working Group.
The information collected in this publication provides a complete overview of the attacks suffered by both the public and private sectors, as well as their level of preparedness to defend themselves against such attacks. The study tries to present the information according to the different profiles of both public and private institutions and numerous statistical tools have been used to facilitate the reader to draw their own conclusions.
This guide discusses various types of CSIRTs, including the National CSIRTs, responding to security incidents computer science at the level of a state-country. This document analyzes the project management process for the creation and implementation of a national CSIRT, including different criteria and necessary considerations to define its constitution, mission, vision, scope, services, times, and legal and institutional or organizational aspects. In addition, the guide presents detailed descriptions of the infrastructure, including hardware, software, and technical procedures. Finally, different policies and procedures are analyzed required for smooth CSIRT operation. I also know analyze guidelines for membership and participation in certain international organizations, such as the Teams Forum Incident Response and Security (FIRST).
To support OAS’ member states in building technical and policy capacities to successfully prevent, identify, respond to, and recover from cyber incidents.
Enhance robust, effective, and timely information sharing, cooperation, and coordination among cybersecurity stakeholders at the national, regional, and international level.
Boost access to knowledge and information on cyber threats and risks by public, private and civil society stakeholders as well as Internet users.
Cybersecurity Program Activities
The Cybersecurity Program’s regional efforts are multi-faceted and focus on (I) policy development, (II) capacity building (including training and exercises), and (III) research and outreach.
I. Policy Development: The Program assists OAS member states in developing national cybersecurity strategies that involve all relevant stakeholders and are tailored to each nation’s legislative, cultural, economic, and structural situation.
II. Capacity Building: The Program helps to establish national computer security incident response teams (CSIRTs) and provides tailored technical assistance and training opportunities to strengthen national institutions and organizations. Addi- tionally, it has the CSIRTAmericas network, which provides threat intelligence and timely cybersecurity information among 29 CSIRTs from 20 OAS Member states.
III. Research and Awareness Raising: The Program develops technical documents, toolkits, and reports to guide policymakers, CSIRTs, infrastructure operators, private organizations, and civil society by highlighting current developments and identifying key cybersecurity issues and challenges in the region.