Assessing and developing cybersecurity capability
This initiative aims to enable decision makers in governments, international organisations and capacity-building bodies around the world to benchmark national cybersecurity capacity in a comprehensive manner in order to identify priorities for investments and capacity building. It is based on the Cybersecurity Capacity Maturity Model for Nations (CMM) which was developed by the Global Cyber Security Capacity Centre (GCSCC), University of Oxford, in consultation with more than 200 international experts drawn from governments, international organisations, academia, private sector and civil society.
Assessing and Developing National Cybersecurity Capacity
The Cybersecurity Capacity Maturity Model for Nations (CMM) supports to review a country’s cybersecurity capacity in terms of five dimensions:
- Cybersecurity Policy and Strategy: Devising cybersecurity strategy and resilience;
- Cyber Culture and Society: Encouraging responsible cybersecurity culture within society;
- Cybersecurity Education, Training and Skills: Developing cybersecurity knowledge;
- Legal and Regulatory Framework: Creating effective legal and regulatory frameworks; and
- Standards, Organisation and Technologies: Controlling risks through standards, controls and technologies.
The deployment of the CMM consists of an in-country stakeholder consultation process and a comprehensive report, drafted by the GCSCC, which provides recommendations for how to enhance the maturity of each dimension. With this evidence, governments are in an informed position to make investment decisions which will increase the maturity of the cybersecurity capacity of the country.
The initiative by the UK Foreign & Commonwealth Office (FCO), the Organization of American States (OAS) and the Norwegian Ministry of Foreign Affairs, has been vigorous in expanding the reach of the CMM. It was deployed in more than 50 countries across Africa, Asia, Europe, and Oceania since 2015 together with the key strategic international partners of the GCSCC (incl. the Commonwealth Telecommunications Organisation (CTO), the International Telecommunication Union (ITU), and the World Bank), and has significantly underpinned a regional study of the OAS in Latin America and the Caribbean.
Expected outcomes in 2017 and beyond
In the upcoming years the initiative seeks to further expand the deployment of the CMM in cooperation with existing and new partners, gathering experience, knowledge and data about cybersecurity capacity building across the world, and contribute to an increase in the scale, pace, quality and impact of cybersecurity capacity-building initiatives across the world.
- Cybersecurity Capacity Maturity Model for Nations (CMM) (Revised Version 2016)
- Cybersecurity Capacity Review of Madagascar (Report, 2016)
- Cybersecurity Capacity Review Indonesia (Report, 2016)
- Cybersecurity: Are We Ready in Latin America and the Caribbean? (Report, 2016)
- Cyber Security Capacity: Does It Matter? (Paper, 2017)
For more information also visit the Cybersecurity Capacity Portal:
Members and Partners
Participation in this initiative is open to all members of the GFCE.