OCSC has partnered with the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford to review national cybersecurity capacity and conduct related research in the Pacific using the Cybersecurity Capacity Maturity Model for Nations (CMM).
OCSC provides complimentary national cybersecurity reviews to nations in the Pacific using the CMM. The OCSC team travels to the host nation to meet with a variety of stakeholders across sectors, building up a comprehensive understanding of national cybersecurity capacity informed by the people involved in it, to focus on what is important for the nation in context ensuring that the CMM recommendations are relevant and applicable.
This initial assessment helps host nations document and benchmark their current cybersecurity capacity, to both identity gaps for consideration of investment and enable the measurement of the impact of resulting capacity building activities through a second assessment in the future. The initial CMM report is owned by the host nation and provides the first step towards strengthening a nation’s cybersecurity capacity, informing the development or next iteration of a national cybersecurity strategy, policies and legislative initiatives. Following the finalisation of the report, the OCSC works with the host nation to strengthen cybersecurity capacity, through OCSC’s member universities, partners and the international community, to deliver coordinated and sustainable capacity building projects that help address each nation’s priorities.
The GCSCC developed the CMM as a framework to facilitate the review of the maturity of a country’s cybersecurity capacity in consultation with over two hundred international experts drawn from governments, international organisations, academia, public and private sectors and civil society. The CMM has been deployed more than 120 times in 85 nations across the globe. A detailed list of the reviews and links to the published reports can be found on the GCSCC website.
The CMM considers national cybersecurity capacity maturity across the following five dimensions (D): (D1) Cybersecurity Policy and Strategy; (D2) Cyber Culture and Society; (D3) Cybersecurity Education, Training and Skills; (D4) Legal and Regulatory Frameworks; and (D5) Standards, Organisations, and Technologies.
Each dimension contains a number of factors which describe what it means to possess cybersecurity capacity. Each factor presents a number of aspects grouping together related indicators, which describe steps and actions that, once observed, define the stage of maturity of that aspect.