Comprehensive Report on Cyber Security and Cyber Crime in Africa By the African Union Commission and Symantec Corporation SURVEY Please type your answers. Please indicate for each question answered whether you would like the information to be included in the report anonymously or if it can be used with attribution. We invite you to include additional pages should you need more space for your answers. This survey should be returned digitally to SouhilaA@africa-union.org and William_Wright@Symantec.com. Thank you for your valuable cooperation and contribution. DEADLINE FOR SUBMISSIONS: MONDAY, October 19, 2015 Please identify a focal point in your administration/organisation that could provide a response to further correspondence regarding this questionnaire Dr./Mr./Mrs./Ms. Position Country Name of the Administration/Organization Postal Address Telephone Number Fax Number Email Address __________________________________________________________________________ The individual(s) filling out this survey work for (please check one): ______ A national Computer Security Incident Response Team (CSIRT) or Computer Emergency Response / Readiness Team (CERT) ______ A sectoral Computer Security Incident Response Team (CSIRT) or Computer Emergency Response / Readiness Team (CERT) ______ A national cyber crime investigation unit ______ The Ministry of ICT ______ The Attorney General’s Office ______ The Prime Minister’s Office ______ A National Information Technology Office ______ Other (please specify) __________________________ 1. What is the name of the agency/institution(s) in your country with oversight/leadership on cyber security issues? Who are the major stakeholders concerned and what roles and responsibilities do they assume? Answer/ 2. Does your country maintain a division, branch, unit, or individual specially tasked to investigate cybercrimes? If so, what is/are the unit’s name(s) and which ministry are they a part of? Answer/ 3. Does your country have established mechanisms, procedures, and policies for responding to cyber incidents? Does your government operate a CSIRT or CERT with national-level responsibilities? If so, what is it called and what is its website? What year was it officially founded? Answer/ 4. Does your country have a national policy or strategy that guides and coordinates cyber security efforts? If so, when was it established and what are its main objectives and priorities? Has it been helpful in improving cyber resilience, awareness, etc.? Answer/ 5. What is the role and responsibility of the government with respect to cybersecurity policy and, if a national cybersecurity strategy has been implemented, how is this role reflected in the national strategy? Answer/ 6. What are the main challenges that your government has faced / is facing in the process of development and implementation of a national cybersecurity strategy? Answer/ 7. Does your country have a national cyber security awareness raising campaign? If so, what is it called and when was it established and who is the targeted audience? If your country does not have one, has it considered adopting one? Answer/ 8. Do you work with civil society organizations/NGOs to educate people and raise awareness to mitigate cyber risks? Answer/ 9. In the past year, has your country experienced an increase in the number of cyber incidents, including hacking and other forms of illicit cyber activity? If so, please describe briefly, including any quantitative measures, such as a percentage increase or decrease. What tools do you use to monitor these trends? Answer/ 10. Have illicit cyber activities been met with any new policies, laws, initiatives, or training programs, etc.? Answer/ 11. What is the most significant cyber incident(s) that took place in your country in the past year? Were you able to find out who perpetrated the incident? If so, how were you able to accomplish this? Were the actors who perpetrated the attack located inside or outside of the country? Answer/ 12. Does your government work with the private sector on cyber security issues? Why or why not? Answer/ 13. Do universities or academic institutions in your country maintain cyber security degree programs or classes? Has your government established cyber security education and training centers? Answer/ 14. Has your country been able to establish fruitful working relationships with other countries when managing and responding to cyber security threats? Please elaborate. Answer/ 15. Does your country promote confidence building measures (CBM) and international cooperation in cyberspace by exchanging information on cyber incidents and best practices for cybersecurity? Answer/ 16. Have any global events significantly affected your country’s cyber security posture or development of cyber security capacities? Answer/ 17. What were the biggest impediments to your country’s cyber security advancement in 2015 and what do you see as the most important evolution? Answer/ 18. Has your government adopted personal data protection legislations or have plans to do so in the future? Answer/ 19. In addition to the information already provided, would you like to include any other information relevant to this report? If your national cybersecurity strategy has already been evaluated and/or adopted, what critical lessons have you learned? Answer/