Tool

The Promoting Global Cyber Resilience for Sectors and Society Cyber Capability Maturity Model (PROGRESS CCMM)

About

Publication date: 2021

Author: Tel Aviv University - Regional Cyber Resilience Laboratory

Contact website

Type

Achieving cyber resilient critical infrastructure poses a significant engineering management challenge. Society relies on infrastructure and services that extend beyond the managerial boundaries of a specific organizational entity, yet most existing cybersecurity maturity models typically aim to assess a single organization. The Regional Cyber Resilience Laboratory of the Tel Aviv University offer a systems thinking approach to cyber resilience, with their methodology: Promoting Global Cyber Resilience for Sectors and Society Cyber Capability Maturity Model (PROGRESS CCMM).

The main innovation of the PROGRESS CCMM is that it is able to capture any economic sector as an entire system. The model architecture that captures the sector is embedded in the four dimensions of operation: key entities, sector supervision, within-sector links, and external links. The matrix architecture can accommodate any number of nodes and links between them. Indicators of cyber capabilities comprise five different practice domains: organization; process; people; tools and compliance. As expert assessors populate each of the cells with real data, the current cyber maturity level of the sector is comprehensively reflected.

This tool can benefit development organisations that support the improvement of cybersecurity in a geographic region; Multinational development organisations, NGOs involved in supporting cybersecurity capacity building; Government Ministry wishing to explore the cybersecurity maturity of their sector and to develop plans to strengthen it.

The assessment combines desk and field research. The desk research can typically be carried out using publicly available information and machine-obtained indicators, depending on the resolution required in each assessment. The field research utilizes semi-structured interviews and focus groups, requiring a strong level of commitment from stakeholder organizations.The team brings together a diverse range of stakeholders from participating organizations, CIP experts and researchers to generate a detailed heat map of the entire sector’s cyber capability maturity.

The entire assessment and recommendations process takes two months. Two workshops are held at the end of the process to share the findings and fine-tune the actual recommendations.

For further information, please contact Dr Lior Tabansky via liort@tauex.tau.ac.il