Global Cyber Security Capacity Centre

Address: Department of Computer Science, University of Oxford, Wolfson Building, Parks Road Oxford OX1 3QD


Stakeholder group: Academia and Think Tanks

The Global Cyber Security Capacity Centre (GCSCC), a programme of the Oxford Martin School at the University of Oxford, is an international centre for research on cybersecurity capacity building.

The research carried out by the Centre aims to understand and measure cybersecurity capacity maturity across five dimensions:

  • developing cybersecurity policy and strategy;
  • encouraging responsible cyber culture within society;
  • building cybersecurity knowledge and capabilities;
  • creating effective legal and regulatory frameworks; and
  • controlling risks through technology and processes. 

The Centre developed the Cybersecurity Capacity Maturity Model for Nations (CMM), a framework to review cybersecurity capacity maturity across those five dimensions and so enables nations to self-assess, benchmark, better plan investments and national cybersecurity strategies, and set priorities for capacity development.

The CMM has been deployed more than 120 times in over 85 countries around the world by the GCSCC and its regional and strategic partners, including Commonwealth Telecommunications Organisation (CTO), Cybersecurity Capacity Centre for Southern Africa (C3SA), Global Forum on Cyber Expertise (GFCE), International Telecommunication Union (ITU), Norwegian Institute of International Affairs (NUPI), NRD Cyber Security, Oceania Cyber Security Centre (OCSC), Organization of American States (OAS), and World Bank.

The Centre developed and ran the Cybersecurity Capacity Portal, which served as the basis for Cybil, the Cyber Capacity Knowledge Portal of the GFCE, which the GCSCC developed in collaboration with other GFCE knowledge partners – the Australian Strategic Policy Institute (ASPI), DiploFoundation, FIRST, and the Norwegian Institute of International Affairs (NUPI) – in 2019. Cybil functions as a platform for sharing information, experiences and best practices related to cybersecurity capacity building, and contributes to building cybersecurity capacity among policymakers and others with responsibilities in this area.