WSIS Forum 2015 Geneva Dr Maria Bada 25052015 CMM Five Dimensions Startup At this level either nothing exists or it is very embryonic in nature Formative Some features of the indicators have begun to grow and be formulated but may be adhoc disorganized poo ID: 816747
Download The PPT/PDF document "Global Cyber Security Capacity Maturity ..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Global Cyber Security Capacity Maturity Model - CMM
WSIS
Forum
2015 – Geneva
Dr Maria Bada
25/05/2015
Slide2CMM - Five
Dimensions
Start-up
:
At this level either nothing exists, or it is very embryonic in nature.
Formative
: Some features of the indicators have begun to grow and be formulated, but may be ad-hoc, disorganized, poorly defined - or simply "new". However, evidence of this activity can be clearly evidenced.Established: The elements of the sub-factor are in place, and working. Strategic: Choices have been made about which parts of the indicator are important, and which are less important for the particular organization/nation. Dynamic: There are clear mechanisms in place to alter strategy depending on the prevailing circumstances. Rapid decision-making, reallocation of resources, and constant attention to the changing environment are features of this level.
Levels of Maturity
Slide4Dimension 1
Cybersecurity
Policy and Strategy
D1-1: National
Cybersecurity Strategy D1-2: Incident Response D1-3: Critical National Infrastructure (CNI) Protection D1-4: Crisis Management D1-5: Cyber Defence Consideration D1-6: Digital RedundancyCapacity Dimensions
Slide5Dimension 2
Cyber culture and society
D2-1:
Cybersecurity Mind-set D2-2: Cybersecurity Awareness D2-3: Confidence and trust on the Internet D2-4: Privacy onlineCapacity Dimensions
Slide6Dimension 3
Cybersecurity
education, training and skills
D3-1: National availability of cyber education and training D3-2: National development of cybersecurity education D3-3: Corporate training and educational initiatives within companies D3-4: Corporate Governance, Knowledge and StandardsCapacity Dimensions
Slide7Dimension 4
Legal and regulatory frameworks
D4-1:
Cybersecurity
legal frameworks D4-2: Legal investigation D4-3: Responsible DisclosureCapacity Dimensions
Slide8Dimension 5
Standards, organisations, and technologies
D5-1: Adherence to standards D5-2: National Infrastructure Resilience D5-3: Cybersecurity marketplaceCapacity Dimensions
Slide9Slide10Dimension 1:
Cybersecurity
Policy and Strategy
D1-1: National
Cybersecurity Strategy
Indicator: Strategy Development
No evidence of a cyber security national strategy exists; if a cyber component exists it may be the responsibility of one or more departments of government; a process for development has begun without stakeholder consultation
An outline of a national cyber security strategy has been articulated built on government consultation; consultation processes have been established for key stakeholder groups, possibly involving international assistance
A national cyber strategy has been established; a specific mandate to consult across sectors and civil society has been agreed; data and historic trends are used to plan; some understanding of national cyber security risks and threats drives capacity building at a national level
Cyber security strategy is knowledgeably implemented by multiple stakeholders across government; strategy review and renewal processes are confirmed; regular scenario and real-time cyber exercises are conducted; cyber security strategic plans drive capacity building and investments in security; metrics and measurement processes are established, implemented and inform decision making
Continual revision of cyber security strategy is conducted to adapt to changing socio-political, threat and technology environments, driving the multi-stakeholder decision making process; trust and confidence building measures (TCBMs) are undertaken to ensure the continued inclusion and contribution of all stakeholders including the private sector, wider society and international partners
Slide11coordinated response to
cyber
attacks/risks
Factors Crucial for Combating CybercrimeNational Cybersecurity Strategy
Slide12building trust on internet use promote positive and responsible forms of online behaviourFactors Crucial for Combating CybercrimeCybersecurity Awareness
Slide13capacity
to understand
complex cybercrime cases and inform decision makingFactors Crucial for Combating CybercrimeEducation/Training
Slide14capacity
to address
and combat cybercrimeFactors Crucial for Combating CybercrimeCybersecurity legal frameworks
Slide15technical
capacity
to prevent cybercrime international and regional cooperationFactors Crucial for Combating CybercrimeNational Infrastructure Resilience
Slide16encourage
information
sharing among participants Factors Crucial for Combating CybercrimeCybercrime Insurance
Slide17World Bank:
Armenia, Kosovo, Bhutan and Montenegro
OAS
:
Jamaica and ColombiaCountry Assessments using the CMM February-March 2015
Slide18Capacity
factors in countries assessed thus far range from start-up to
established
General lack of awareness, education and
trainingGeneral lack of technical standards’ implementation
Observations from Capacity Assessments
Slide19Steps to be taken
forward
Science
requires
measurement
Academic analysis of data from assessments could reveal geographic, stakeholder, and interdependent factor trends
Trends feed into global strategy for investment
Ambition is to assess the world’s cybersecurity capacity alongside regional/international partners
Slide20Steps to be taken
forward
D
evising
a model against which countries (or regions, or multi-nationals) can assess their capacity in fighting
cybercrime
The development of a model to understand cyber-harm to focus prioritisation of investments on more specific capacity harm-reduction
Benefits drawing
on, not competing with, other similar efforts
Slide21The CMM is available
at:
http
://www.sbs.ox.ac.uk/cybersecurity-capacity
/
Slide22Thank you
WSIS
Forum
2015 – Geneva
Dr Maria Bada25/05/2015