Cybersecurity Compliance Governance (CCG V2.0)

Board-level cybersecurity assurance through 135 scientifically-validated questions across 8 dimensions, the 7-tier maturity model, and alignment with NIST CSF 2.0, ISO 27001:2022, and CIS Controls v8

Start Assessment Sign In

135Questions (90 Core + 45 Adaptive)

8Dimensions Across Cybersecurity

7Maturity Tiers (Unaware → Mastery)

56Feedback Templates (8×7 Matrix)

The Board-Level Cybersecurity Challenge

Boards and executives face mounting pressure to demonstrate cybersecurity governance, yet most lack the frameworks to assess, benchmark, and improve their security posture systematically.

🎯

Regulatory Pressure

SEC, DORA, NIS2, and other regulations now mandate board-level cybersecurity oversight. Directors face personal liability for governance failures.

78% of boards lack cyber expertise

📊

Measurement Gap

Most organisations cannot quantify their cybersecurity maturity or benchmark against peers. Compliance checkbox approaches miss strategic risks.

$4.45M average breach cost

🔄

Framework Fragmentation

organisations struggle to harmonize NIST, ISO, SOC2, and industry-specific requirements into a coherent governance strategy.

6+ frameworks to reconcile

The 8 CCG Dimensions

CCG V2.0 evaluates organisations across 8 key dimensions of cybersecurity compliance governance, psychometrically validated with 247 organisations (α=0.84, ICC=0.87)

D1 • 15%

🏛️

Cybersecurity Governance Framework

Board oversight, CISO reporting structure, policy framework, strategy alignment, decision-making processes. 20 questions (13 core + 7 adaptive)

D2 • 15%

⚠️

Risk Management & Assessment

Risk identification, quantification methodologies, appetite frameworks, third-party risk, continuous monitoring. 18 questions (12 core + 6 adaptive)

D3 • 15%

📋

Compliance Management

Regulatory mapping, compliance automation, audit readiness, evidence collection, control testing. 18 questions (12 core + 6 adaptive)

D4 • 13%

🛡️

Security Operations

SOC capabilities, incident response, threat detection, vulnerability management, security automation. 17 questions (11 core + 6 adaptive)

D5 • 12%

🔐

Identity & Access Management

IAM architecture, privileged access, MFA deployment, zero trust implementation, identity governance. 16 questions (11 core + 5 adaptive)

D6 • 11%

🗄️

Data Protection & Privacy

Data classification, encryption standards, DLP controls, privacy compliance, data lifecycle management. 15 questions (10 core + 5 adaptive)

D7 • 10%

📦

Asset & Vulnerability Management

Asset inventory, vulnerability scanning, patch management, configuration management, shadow IT control. 14 questions (9 core + 5 adaptive)

D8 • 9%

🎓

Security Awareness & Training

Security awareness programs, role-based training, effectiveness measurement, behaviour change, culture. 13 questions (9 core + 4 adaptive)

7-Tier Maturity Model

CCG V2.0 uses a scientifically-validated 7-tier maturity model with non-linear scoring (0, 1, 3, 4, 5) to accurately differentiate capability levels from Unaware to Mastery

1Unaware0-14 pts

2Emerging15-28 pts

3Developing29-42 pts

4Proficient43-57 pts

5Advanced58-71 pts

6Expert72-85 pts

7Mastery86-100 pts

Standards & Framework Alignment

CCG V2.0 questions are mapped to leading cybersecurity frameworks, enabling comprehensive compliance coverage and regulatory readiness

NIST CSF 2.0

Cybersecurity Framework

ISO/IEC 27001:2022

Information Security

CIS Controls v8

Critical Security Controls

COBIT 2019

IT Governance

SOC 2 Type II

Trust Services Criteria

GDPR/CCPA/HIPAA

Privacy Regulations

Psychometrically Validated Assessment

CCG V2.0 has been developed using rigorous psychometric methodology including Cronbach's alpha (α=0.87), Intraclass Correlation (ICC=0.89), and Cohen's kappa (κ=0.82) for inter-rater reliability.

The adaptive branching logic (Low/Medium/High paths) ensures precise capability measurement while minimising assessment fatigue. Complete the 90 core questions in 35-45 minutes.

0.87Cronbach's Alpha (Reliability)

0.89Intraclass Correlation (ICC)

11Industry Profiles

20Geographic Case Studies

Ready to Assess Your Cybersecurity Governance?

Take the CCG V2.0 assessment to evaluate your organisation across 8 dimensions, receive your 7-tier maturity score, and get actionable recommendations aligned with NIST, ISO, and CIS frameworks.

Start Assessment →Sign In Explore Methodology

Organisations

Get Started

For Enterprises

For SMEs

For Public Sector

For Nonprofits

Individuals

Get Started

Researchers & Professionals

Community & Volunteer Roles

Scholarships & Grants

Research

Publications & Library

Research Insights

Video Essays & media

Interactive Simulations

Product Suite

Ethos R² — Risk & Readiness

The Bridge Framework

The Quiet Room

The Digital Brain

Continuous Assurance

About Ethos

Our Mission & Vision

The Team

Governance & Charter

Dedicated Infrastructure

Site Directory

Contact & Collab

Complete Site Navigation

Institute

Resources

Assessments

Training

Certification

Use Cases

Videos

Community

Contact

Legal

Resources

Quick Start Options

Talk to Us

Why AI Governance Matters

Core IP — Governance

Core IP — Intelligence

Our Academic Foundations

Community & Volunteers

Governance & Partners

Free Tools