Cybersecurity Resilience Maturity Assessment Tool for Critical National Information Infrastructure

Abstract

Abstract Cybersecurity resilience maturity assessment of critical national information infrastructure (CNII) is an important process in ensuring that organisations’ capability for resilience are measured and gaps determined vis-à-vis targeted resilience for the purpose of improvements. However, existing solutions do not provide an automated quantitative tool to enable organisation conduct the assessment of their cybersecurity resilience posture at defined regular intervals. This paper presents the cybersecurity resilience maturity assessment tool (CRMAT). The CRMAT is built on the cybersecurity resilience maturity assessment framework and the cybersecurity resilience maturity assessment model (CRMAM). While the CRMAF and CRMAM provide requirements and computational algorithms for the tool respectively. The agile methodology of the software development life cycle (SDLC) was adopted with the MVC (model-view-controller) architectural pattern to implement the software. The software tool has two interfaces, namely; admin interface that enables the setup of the cybersecurity controls and other parameters that will form the basis for the assessment and a report generation interface for all the cybersecurity controls. CRMAT was demonstrated on 31 CNIII organisations and result showed its capability to successfully and accurately compute the CNII resilience index (CNIIRI) and the indexes of other cybersecurity controls indicated in the CRMAF. Comparative analysis of the results showed that 5 (16.13%) of the organisations are in Q4, 9 (29.03%) are in Q3 while 13 (41.94%) and 4 (12.90%) are in Q2 and Q1 respectively. The implication is that the organisations in Q4 has optimised resilience while those in Q1 have the weakest cybersecurity resilience.