OCSC has partnered with the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford to review national cybersecurity capacity and conduct related research in the Pacific using the Cybersecurity Capacity Maturity Model for Nations (CMM).
OCSC provides free national cybersecurity reviews to nations in the Pacific using the CMM. The OCSC team travel to the host nation to meet with a variety of stakeholders across sectors, building up a comprehensive understanding of national cybersecurity capacity informed by the people involved in it, to focus on what is important for your national context.
This initial assessment helps the host nation to document and benchmark their current cybersecurity capacity, to both identity gaps for consideration of investment and enable the measurement of the impact of resulting capacity building activities through a second assessment in the future. The initial CMM report is owned by the host nation and provides the first step towards strengthening a nation’s cybersecurity capacity, informing the development or next iteration of a national cybersecurity strategy, policies and legislative initiatives. Following the finalisation of the report, we can work with you on this journey to strengthening cybersecurity capacity, through our member universities, partners and the international community, to deliver coordinated and sustainable capacity building projects that help you to address your priorities.
The GCSCC developed the CMM as a framework to facilitate the review of the maturity of a country’s cybersecurity capacity in consultation with over two hundred international experts drawn from governments, international organisations, academia, public and private sectors and civil society. The CMM has been deployed more than 100 times in almost 80 nations across the globe. A detailed list of the reviews and links to the published reports can be found on the GCSCC website.
The CMM considers national cybersecurity capacity maturity across the following five dimensions (D): (D1) Cybersecurity Policy and Strategy; (D2) Cyber Culture and Society; (D3) Cybersecurity Education, Training and Skills; (D4) Legal and Regulatory Frameworks; and (D5) Standards, Organisations, and Technologies.
Each dimension contains a number of factors which describe what it means to possess cybersecurity capacity. Each factor presents a number of aspects grouping together related indicators, which describe steps and actions that, once observed, define the stage of maturity of that aspect.