Cover: Developing Cybersecurity Capacity

Developing Cybersecurity Capacity

A proof-of-concept implementation guide

Published Aug 2, 2018

by Jacopo Bellasio, Richard Flint, Nathan Ryan, Susanne Sondergaard, Cristina Gonzalez Monsalve, Arya Sofia Meranto, Anna Knack

Download eBook for Free

FormatFile SizeNotes
PDF file 7.3 MB

Use Adobe Acrobat Reader version 10 or higher for the best experience.

The role played by information communication technologies (ICTs) and by the networks they generate and underpin has continuously increased throughout recent decades. From an economic perspective, the potential positive impact of the Internet and ICTs on growth and development has now been widely recognised. However, the cloak of immunity and anonymity that these technologies can provide, have led to a growth in illicit activities across cyberspace.

This document is a proof-of-concept operational toolbox designed to facilitate the development of national-level cybersecurity capacity building programmes and of holistic policy and investment strategies to tackle challenges in the cyber domain. The document seeks to enable a better translation of the results of national cyber maturity reviews and assessments into tangible policy recommendations and investment strategies, allowing policymakers to develop their countries' cybersecurity capacity.

The proof-of-concept toolbox constitutes the output of a project commissioned by the United Kingdom Foreign and Commonwealth Office. This project comprised two main research and development phases. The first phase of the project entailed a requirements analysis and architecture-design effort. The second phase of the project entailed the development of a proof-of-concept toolbox. The toolbox builds on the framework of the Cybersecurity Capacity Maturity Model for Nations (CMM) created by the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford. The toolbox was designed to provide policymakers and decision makers with instruments facilitating the operationalisation of recommendations generated through a capacity review report completed using the GCSCC CMM.

Key Finding

This proof-of-concept toolbox presents guidelines and recommended approaches as identified through a review of existing literature for cybersecurity capacity building. The document would be best used to act upon the results and the capacity-building recommendations generated following a review of national cybersecurity capacity conducted by external experts employing the Cybersecurity Capacity Maturity Model for Nations created by the Global Cyber Security Capacity Centre.

Research conducted by

The research described in this report was commissioned by the United Kingdom (UK) Foreign and Commonwealth Office (FCO) and conducted by RAND Europe.

This report is part of the RAND research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.

This document and trademark(s) contained herein are protected by law. This representation of RAND intellectual property is provided for noncommercial use only. Unauthorized posting of this publication online is prohibited; linking directly to this product page is encouraged. Permission is required from RAND to reproduce, or reuse in another form, any of its research documents for commercial purposes. For information on reprint and reuse permissions, please visit

RAND is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.