This extended abstract presents a brief review of our ongoing work to design a cybersecurity resilience maturity measurement (CRMM) framework. This work is aimed at contributing to the cybersecurity effort for African countries, where businesses and individuals are experiencing billions in financial losses. Existing cybersecurity frameworks focus on guidelines with respect to detection, protection and response, but do not offer formal models for quantifying the degree of cyber resilience actually achieved.

This paper presents conceptual work on a cybersecurity resilience maturity measurement (CRMM) model to be applied in organisations as part of cyber-risk management treatment. Drawing on the NIST cybersecurity framework (NIST CSF) and other relevant frameworks, the CRMM approach conceptualised here would enable an organisation to gauge its cybersecurity maturity level on a continuous basis.

The CRMM offers a holistic approach that deemphasises cyber risk as simply due to technology cause and effect. It incorporates technology, process and people in the design. The CRMM model defines a set of cybersecurity resilience quadrants (CRQs), based on quantitative assessment, which depicts the degree of preparedness of the organisation, as an interpretation of risk and resilience.

Uche and Abrahams