IGF 2022 Day 0 Event #85 Assessing National Cyber Maturity

Monday, 28th November, 2022 (08:15 UTC) - Monday, 28th November, 2022 (09:15 UTC)
Caucus Room 11
  • Governing Data and Protecting Privacy
  • Enabling Safety, Security and Accountability 


  • Professor Wallace Chigona: Co-Director of the Cybersecurity Capacity Centre for Southern Africa (C3SA) & Professor of Information Systems, University of Cape Town 
  • Chris Banda: Head of Malawi CERT, Malawi Communications Regulatory Authority (MACRA)
  • Sam Hall: Cyber Policy Lead, UK Office to the African Union 
  • Colonel Joao Augusto: Deputy Director of Information Security Department, Institutional Security Office of the Presidency in Brazil



Onsite Moderator

Sam Hall – UK Office to the African Union, Foreign, Commonwealth and Development Office (FCDO)

Online Moderator

Andy Penpraze - UK FCDO West Africa Cyber Lead


1. No Poverty
9. Industry, Innovation and Infrastructure
16. Peace, Justice and Strong Institutions


Presentation followed by Q&A with an external moderator from British Embassy Addis Ababa. Time: 60 minutes. 




Session Overview

Join us to learn about the Cybersecurity Capacity Maturity Model (CMM). Developed by Oxford University’s Global Cyber Security Capacity Centre, the CMM is a model to review cybersecurity capacity maturity enabling nations to self-assess, benchmark, better plan investments and national cybersecurity strategies, as well as set priorities for capacity development. It has been conducted by at least 87 states to date, with many undergoing the CMM process a second time to review progress.

Professor Wallace Chigona from the University of Cape Town's Cybersecurity Capacity Centre for Southern Africa will introduce the model. This will be followed by presentations from Brazil and Malawian government representatives who led their respective countries’ CMM processes. We will finish with an open discussion between panellists and the audience.

​​​​​Background on the CMM

The CMM is a tool designed to review a country’s cybersecurity capacity and CMM reviews have been conducted all around the world. They have been instrumental in helping countries identify where their greatest cybersecurity risks as a country lie, and in setting national direction for how to address these gaps. There is a strong link between a nation’s cybersecurity and sustainable digital development, and with the trust and resilience of digital services. This session directly contributes to the ‘Governing Data and Protecting Privacy’ and ‘Enabling Safety, Security and Accountability’ themes of this years’ IGF. 

The CMM considers five ‘Dimensions’ of cybersecurity which together constitute the breadth of national capacity that a country requires to effectively deliver cybersecurity. These are: (i) Delivering cybersecurity policy and strategy (ii) Encouraging responsible cybersecurity culture within society (iii) Building cybersecurity knowledge and capabilities (iv) Creating effective legal and regulatory frameworks (v) Controlling risks through standards and technologies. This presentation will go through each of the five dimensions, explain why they matter for all countries’ cybersecurity journeys, and provide the audience with insight into real-world case studies on conducting a CMM from states at varying stages of cybersecurity maturity.