Author: Magnus Valgre
Supervisor: Mari Seeba
Abstract: To assess their current security posture and pinpoint areas for improvement, cybersecurity capability evaluations serve as crucial tools for organisations. This thesis delves into the landscape of existing methods outlined in the scientific literature, explores practices at the state level, and investigates efforts to aggregate data across multiple countries simultaneously. Through the selection process, ten relevant methods were identified from the literature, while six countries and five data aggregation methods were chosen for analysis at the state level. The research places a primary focus on the individual organisation within the broader context, aiming to discern how data-gathering practices within the identified methods consider individual organisations and whether such data reaches higher levels through data aggregation. The possible challenges and limitations of the described approaches are identified, and possible directions for further work are identified. The intention is to help progress towards a unified evaluation method for organisations, ensuring results that are both comparable and relevant. By addressing these considerations, the research contributes to the ongoing efforts to enhance the efficacy and standardisation of cybersecurity capability evaluations.