Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015.

Similar presentations

Presentation on theme: "Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015."— Presentation transcript:

1 Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015

2 CMM - Five Dimensions

3 Start-up : At this level either nothing exists, or it is very embryonic in nature. Formative : Some features of the indicators have begun to grow and be formulated, but may be ad-hoc, disorganized, poorly defined - or simply "new". However, evidence of this activity can be clearly evidenced. Established : The elements of the sub-factor are in place, and working. Strategic : Choices have been made about which parts of the indicator are important, and which are less important for the particular organization/nation. Dynamic : There are clear mechanisms in place to alter strategy depending on the prevailing circumstances. Rapid decision-making, reallocation of resources, and constant attention to the changing environment are features of this level. Levels of Maturity

4 Dimension 1 Cybersecurity Policy and Strategy D1-1: National Cybersecurity Strategy D1-2: Incident Response D1-3: Critical National Infrastructure (CNI) Protection D1-4: Crisis Management D1-5: Cyber Defence Consideration D1-6: Digital Redundancy Capacity Dimensions

5 Dimension 2 Cyber culture and society D2-1: Cybersecurity Mind-set D2-2: Cybersecurity Awareness D2-3: Confidence and trust on the Internet D2-4: Privacy online Capacity Dimensions

6 Dimension 3 Cybersecurity education, training and skills D3-1: National availability of cyber education and training D3-2: National development of cybersecurity education D3-3: Corporate training and educational initiatives within companies D3-4: Corporate Governance, Knowledge and Standards Capacity Dimensions

7 Dimension 4 Legal and regulatory frameworks D4-1: Cybersecurity legal frameworks D4-2: Legal investigation D4-3: Responsible Disclosure Capacity Dimensions

8 Dimension 5 Standards, organisations, and technologies D5-1: Adherence to standards D5-2: National Infrastructure Resilience D5-3: Cybersecurity marketplace Capacity Dimensions


10 Dimension 1: Cybersecurity Policy and Strategy D1-1: National Cybersecurity Strategy Indicator: Strategy Development  No evidence of a cyber security national strategy exists; if a cyber component exists it may be the responsibility of one or more departments of government; a process for development has begun without stakeholder consultation  An outline of a national cyber security strategy has been articulated built on government consultation; consultation processes have been established for key stakeholder groups, possibly involving international assistance  A national cyber strategy has been established; a specific mandate to consult across sectors and civil society has been agreed; data and historic trends are used to plan; some understanding of national cyber security risks and threats drives capacity building at a national level  Cyber security strategy is knowledgeably implemented by multiple stakeholders across government; strategy review and renewal processes are confirmed; regular scenario and real-time cyber exercises are conducted; cyber security strategic plans drive capacity building and investments in security; metrics and measurement processes are established, implemented and inform decision making  Continual revision of cyber security strategy is conducted to adapt to changing socio-political, threat and technology environments, driving the multi-stakeholder decision making process; trust and confidence building measures (TCBMs) are undertaken to ensure the continued inclusion and contribution of all stakeholders including the private sector, wider society and international partners

11 coordinated response to cyber attacks/risks Factors Crucial for Combating Cybercrime The national cybersecurity strategy content linked explicitly to national risks, priorities and objectives raise public awareness establish incident response capacity mitigate cybercrime protect critical national infrastructure National Cybersecurity Strategy

12 building trust on internet use promote positive and responsible forms of online behaviour Factors Crucial for Combating Cybercrime Awareness-raising campaigns linked to cyber security strategy Covering a wide range of groups including training courses, seminars and online resources Established metrics for effectiveness Cybersecurity Awareness

13 capacity to understand complex cybercrime cases and inform decision making Factors Crucial for Combating Cybercrime Public and private sector training available for Employees, Law Enforcement, Prosecutors, Experts, Board members Education/Training

14 capacity to address and combat cybercrime Factors Crucial for Combating Cybercrime A comprehensive structure within the criminal justice system for combating cybercrime while respecting human rights Comprehensive ICT legislative and regulatory frameworks addressing cybersecurity Substantive cybercrime law Procedural cybercrime law Cybersecurity legal frameworks

15 technical capacity to prevent cybercrime international and regional cooperation Factors Crucial for Combating Cybercrime Availability and use of critical technologies, processes, business models and standards to support control of cyber across national critical infrastructures and across international cyberspace National Infrastructure Resilience

16 encourage information sharing among participants Factors Crucial for Combating Cybercrime Existence of a market in cybercrime insurance Assessment of financial risks for public and private sector Cybercrime Insurance

17 World Bank: Armenia, Kosovo, Bhutan and Montenegro OAS: Jamaica and Colombia Country Assessments using the CMM February-March 2015

18 Capacity factors in countries assessed thus far range from start- up to established General lack of awareness, education and training General lack of technical standards’ implementation Observations from Capacity Assessments

19 Steps to be taken forward Assessed Capacity Data Strategy for Investment Science requires measurement Academic analysis of data from assessments could reveal geographic, stakeholder, and interdependent factor trends Trends feed into global strategy for investment Ambition is to assess the world’s cybersecurity capacity alongside regional/international partners

20 Steps to be taken forward Assessed Capacity Cooperation Cyber-Harm Devising a model against which countries (or regions, or multi-nationals) can assess their capacity in fighting cybercrime The development of a model to understand cyber-harm to focus prioritisation of investments on more specific capacity harm-reduction Benefits drawing on, not competing with, other similar efforts

21 The CMM is available at:

22 Thank you WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015

Download ppt "Global Cyber Security Capacity Maturity Model - CMM WSIS Forum 2015 – Geneva Dr Maria Bada 25/05/2015."

Similar presentations

Ads by Google