The identification of Critical Information Infrastructure (CII) services has become a top priority for governments and organizations, and is a crucial component of a sound cyber security policy. As the interconnectivity of essential services spreads, the probability of disruptions increases as does the vulnerability of all Critical Infrastructure (CI) sectors. The impact of an undue interruption of essential services may initiate a devastating cascading effect and the collapse of a country’s infrastructures system. The purpose of this work is to propose a framework for countries that are in the process of defining CII or that wish to reassess their definitions to enhance security measures. This paper proposes a methodology that supports the escalated identification of CII services on the basis of two analytical components: the identification of main stakeholders; and, an illustrative framework called the 360-DEGREE-FEEDBACK that seeks to apply a comprehensive and beneficial framework for security and analyses. This study combines qualitative and quantitative methods, benchmarking theoretical contributions, and relying mainly on documentary analysis and secondary statistical data from official sources.

关键信息基础结构（CII）服务的识别已成为政府和组织的头等大事，并且是完善的网络安全政策的重要组成部分。随着基本服务互连的扩展，所有关键基础设施（CI）部门的脆弱性也将增加受到破坏的可能性。不必要地中断基本服务的影响可能会引发毁灭性的连锁反应和一国基础设施系统的崩溃。这项工作的目的是为正在定义CII或希望重新评估其定义以增强安全措施的国家提供一个框架。本文提出了一种方法，该方法基于两个分析组件来支持CII服务的逐步识别：确定主要利益相关者；还有一个名为360度反馈的说明性框架，旨在为安全性和分析应用全面而有益的框架。这项研究结合了定性和定量方法，对理论贡献进行了基准测试，并且主要依赖于文献分析和官方来源的辅助统计数据。