As defined by Wikipedia:
A maturity model can be viewed as a set of structured levels that describe how well the behaviors, practices and processes of an organization can reliably and sustainably produce required outcomes.
A maturity model can be used as a benchmark for comparison and as an aid to understanding – for example, for comparative assessment of different organizations where there is something in common that can be used as a basis for comparison. In the case of the Capability Maturity Model (CMM), for example, the basis for comparison would be the organisations’ software development processes.
The same approach can be applied to the maturity of a smart city’s cyber security capability. It is anticipated that Smart Cities will have a complex variety of service providers and service arrangements. The City Administration/Governance must be able to organise all the parts of a cyber security capability to achieve effective maturity. Depending upon the size of the city, larger ones may require a tiered cyber security operations model where a Public capability manages one or more Service Providers.
Structure
The model involves five aspects:
- Maturity Levels: a 5-level stage maturity continuum – where the uppermost (5th) level is a notional ideal state where the capability of the city would be systematically managed by a combination of cyber security services, governance, integration, process optimization and continuous process improvement.
- Key Capability Areas: a cyber security capability combining people, process and technologies, when performed together, achieve a set of goals considered important to the security of the city.
- Goals: the goals of a capability represent the targets set by City Stakeholders states that must be achieved in an effective and lasting way. The extent to which the goals have been accomplished is an indicator of how much capability the city has established at that maturity level. The goals signify the scope, boundaries, responsibilities and intent of each key area of people, process and technologies.
- Common Features: common features include practices that implement and instantiate a key capability. There are five types of common features: commitment to perform, ability to perform, activities performed, measurement and analysis, and verifying implementation.
- Key Practices: The key practices describe the elements of infrastructure and practice that contribute most effectively to the implementation and institutionalisation of the capability.
In order to extend a capability maturity model to the size, scale and complexity of a City it is important to consider that a capability may be shared across multiple parties as a hybrid arrangement. This means that the maturity must be achieved by all parties for the whole capability to be measured. This is particularly important when considering common features and key practices with multiple parties and providers.
Levels
There are five levels defined along the continuum of the model:
- Initial – the starting point for a City to begin to agree and scope a capability
- Under Development – the capability is agreed by all parties involved, goals, objectives, requirements and planning implemented
- Defined – the capability is defined and implemented by all parties
- Capable – the capability is quantitatively managed in accordance with agreed-upon metrics.
- Efficient – capability management includes optimisation and continuous improvement.
| Model | Description |
| TR259 Smart City Maturity and Benchmark Model R16.0.1 | This Smart City Maturity and Benchmark Model has been designed to capture the key aspects of a city’s transformation journey to become a smarter city. |
Smart City Cyber Security 