About

Cyber security Maturity Assessment of the Global Ecosystem (CMAGE)

We are all part of an increasingly connected and complex global ecosystem and rely on the actions of others as well as our own to sustain and consistently improve cyber security.

CREST International developed the Cyber security Maturity Assessment of the Global Ecosystem (CMAGE), funded by a grant from the Bill & Melinda Gates Foundation, to enable easy analysis of a country’s Cyber Security Ecosystem.

By using CMAGE, accurate and consistent quantitative and qualitative analysis can be carried out and an overall assessment can be made on a nation’s cyber security posture to enable more informed decisions to be made.

What does CMAGE do?

Through gathering, analysis and reporting of data, a CMAGE will show exactly where improvements in a country’s cyber security are needed and provide the evidence to back it up. This gives governments and regulators the vital help they need to formulate and implement realistic cyber security action plans that focus on the areas where improvements needed the most.

CMAGE is also a benchmark, allowing for reassessments over time to demonstrate whether progress has been made.

What does CMAGE measure?

CMAGE is based on a CREST research methodology developed in 2018 and fine-tuned during the 2020 project funded by the Bill & Melinda Gates Foundation. The aim of this project was to increase capacity, capability and consistency in the cyber security ecosystem in eight African and Asian countries.

CMAGE research is based on an assessment of twenty separate Indicators across five Dimensions.

What does CMAGE show?

Following the research and analysis, a report is delivered showing a summary assessment of the key findings, along with a more detailed assessment for each Dimension and Indicator. It also includes a list of suggested actions and ideas for practical measures to improve the cyber security ecosystem.

Below is an example of the results of a CMAGE in a ‘starburst’ diagram.

CREST – building cyber security capacity, capability and consistency

CREST provides internationally recognised accreditations for organisations and professional certifications for individuals, providing vulnerability assessment, penetration testing, cyber incident response, threat intelligence and SOC (Security Operations Centre) services.