The community cyber security maturity model

Reports of cyber security breaches are common in the media and security events have affected millions. Even with a greater awareness of cyber security, the problem has not decreased as sectors increase their dependence on critical cyber infrastructures. States and communities have joined the growing list of organizations trying to establish viable and sustainable cyber security programs to prepare for cyber events when they inevitably occur. The Community Cyber Security Maturity Model (CCSMM)¹ was developed to assist in the development of programs by providing three important mechanisms: a “yardstick” to determine current cyber security posture and maturity, a “roadmap” to help improve security posture, and a common point of reference for individuals to share experiences and lessons learned. This paper discusses the development of the model and describes initial results in states and communities adopting it. The paper also discusses what remains to be accomplished and areas for further research.