- Zivile Necejauskaite
Introductory
Event organizer(s)
Description
The course introduces the core principles of CIIP from a national cybersecurity perspective. Day one focuses on methodologies for identifying and classifying CII, understanding key threats, and reviewing international good practices. It also covers stakeholder roles and responsibilities, supported by an interactive exercise to map national CII and relevant actors.
Furthermore, the participants will learn how to build and implement a national CIIP framework, also the legal and policy foundations, risk assessment approaches, and coordination mechanisms will be analysed and discussed in group. Participants will engage in a group activity to outline key elements of a national CIIP action plan, concluding with a session to summarize key insights and define next steps.
Target audience is: policymakers, regulators, and senior officials from government ministries, national cybersecurity agencies, and regulatory bodies who are involved in the development, coordination, or oversight of national Critical Infrastructure Protection.
Participant profile:
- Officials or experts from government ministries, national cybersecurity agencies, critical infrastructure regulators, or security/intelligence organizations
- Senior representatives from critical infrastructure operators, telecommunications, energy, finance, transportation, healthcare, or other key sectors designated as critical
- Members of national cybersecurity coordination bodies, CERTs/CSIRTs, or policy development teams involved in CIIP.
Qualifications or experience needed to participate in this training course:
- Professional experience in cybersecurity, information security management, critical infrastructure management, or related national security fields.
- Prior involvement in policy, regulatory, or operational activities related to national cybersecurity or critical infrastructure protection is highly desirable.
- Basic familiarity with national governance structures and public–private coordination mechanisms in the context of cybersecurity.
- Proficiency in English (both spoken and written) is required, as the course includes group discussions, case studies, and collaborative exercises.
Upon completion of this course, participants will be able to:
- Explain the concept, scope, and strategic importance of CIIP within the broader national cybersecurity and resilience framework, including its role in safeguarding essential services and national security.
- Examine the CII identification and classification methodologies.
- Analyze key threats, vulnerabilities, and risks facing CII sectors
- Apply national-level risk assessment and risk management approaches to enhance resilience and continuity of essential functions.
- Apply the core components of a national CIIP framework, including governance structures, coordination mechanisms, capacity-building measures, and performance monitoring tools.
- D delineate institutional roles and responsibilities across government entities, regulators, private sector operators, and national CERT/CSIRT teams to ensure an integrated and cooperative CIIP ecosystem.
- Evaluate and discuss the legal, policy, and regulatory foundations necessary to support CIIP implementation, including information sharing, compliance mechanisms, and international cooperation.
- Design elements of a national CIIP action plan or roadmap, integrating policy, technical, and organizational measures to strengthen national preparedness and response capabilities.
The course consists of 9 modules and is divided into 3 online sessions, one session per day. Each online session lasts 5 hours with a 30-minute break. All necessary course materials and additional resources (if any) will be provided through the ITU Academy platform.
To ensure maximum engagement and retention, the 4MAT teaching methodology will be utilized in all sessions. This involves interactive discussions on a topic, practical assignments, workgroup discussions. At the end of each day, a review will be conducted to reinforce the key takeaways. The course will combine expert presentations to introduce key concepts with collaborative group work and case studies that encourage participants to apply learning to real-world national contexts. Facilitated discussions will promote peer exchange and critical reflection, while short knowledge checks and daily summaries will help consolidate understanding and ensure practical takeaways for each participant.
Participants will be assessed based on their performance in two components: a multiple-choice quiz (60%) and a case study exercise (40%), as outlined in the table above. The quiz will evaluate participants’ understanding of key concepts and principles covered throughout the course, while the case study will assess their ability to apply CIIP knowledge to practical, real-world scenarios.
To be eligible to take the assessment and receive a certificate of completion, participants must attend at least 80% of the total course sessions. Active participation in discussions and group work will also be considered an integral part of the overall learning process.
Multiple choice quiz: 60
Case study: 40
Total 100%
A total score of 70% or higher is required to obtain the ITU certificate
Day 1 11:00-16:00 05th May Tuesday
Session-1 Foundations of Critical Information Infrastructure Protection
- Overview of CIIP within the national cybersecurity ecosystem
- Relationship between CIIP and broader CIP
- Core principles, terminology, and objectives
- Methodologies for identifying CII
- Dependency analysis and interconnection mapping
- Prioritization and classification frameworks
- Interactive Session: CII Identification and Mapping Exercise – Participants collaboratively map national CII and related stakeholders
Key learning points
- Explain the national importance of CIIP within the broader cybersecurity framework,
- Recognize key threats and risks to CII
- Apply methods for identifying and classifying critical assets,
- Map national CII and stakeholder relationships.
Day 2 11:00-16:00 06th May Wednesday
Session-2 Governance, Standards, and Legal Foundations for CIIP
- Government, private sector, and regulatory roles in CIIP
- National coordination models and public–private partnerships
- Crisis management and communication structures
- Comparative overview of CIIP approaches
- Lessons from international frameworks and best practices
- Adapting global models to national contexts
Key learning points
Define institutional roles and responsibilities for CIIP governance
Analyze national coordination and public–private collaboration models
Compare international CIIP standards and good practices
Examine the legal, policy, and regulatory instruments that support effective national CIIP implementation.
Day 3
Session-3 Building a National CIIP Framework and Action Plan
- Framework components: governance, risk management, capacity building
- Implementation challenges and success factors
- Interactive Session: CIIP Framework Formulation Workshop
- Defining actionable priorities and milestones
- Monitoring, evaluation, and continuous improvement
Key learning points
Describe the key components of a national CIIP framework
Identify implementation challenges and strategies
Develop an outline for a national CIIP action plan covering governance and risk management,
Propose indicators and next steps to advance national CIIP initiatives.
Registration information
Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.
