CCG V2.0 Assessment Methodology

Scientifically-validated framework evaluating cybersecurity governance across NIST CSF 2.0, ISO/IEC 27001:2022, CIS Controls v8, and COBIT 2019 requirements

๐Ÿ“‹
Standards-Aligned

NIST, ISO, CIS, COBIT

๐ŸŽฏ
135 Questions

90 Core + 45 Adaptive

๐Ÿ“Š
15 Dimensions

3 Category Model

๐Ÿ†
7 Maturity Tiers

Unaware โ†’ Mastery

โšก
Adaptive Branching

Low/Medium/High Paths

Non-Linear Scoring Methodology

CCG V2.0 uses a scientifically-validated non-linear scoring scale (0, 1, 3, 4, 5) that differentiates true capability levels more accurately than linear scales

0๏ธโƒฃ

Score 0: Non-Existent

No capability exists. Practices are absent or severely limited. This indicates a critical gap requiring immediate attention and foundational work.

1๏ธโƒฃ

Score 1: Initial/Ad-Hoc

Basic awareness exists with initial practices emerging. Approaches are ad-hoc, undocumented, and inconsistently applied. Reactive rather than proactive.

3๏ธโƒฃ

Score 3: Defined/Documented

Documented processes and procedures are in place. Regular execution occurs with some inconsistencies. Policies are communicated but enforcement varies.

4๏ธโƒฃ

Score 4: Managed/Measured

Mature, standardized practices are consistently applied. Effectiveness is measured via metrics. Continuous improvement processes are established.

5๏ธโƒฃ

Score 5: Optimized/Leading

Industry-leading capability demonstrating excellence and innovation. Recognized as best practice. Proactive optimization and thought leadership.

๐Ÿ“ˆ

Why Non-Linear?

The jump from 1โ†’3 (skipping 2) reflects research showing significant capability gaps between initial and documented practices. This prevents "checkbox compliance" inflation.

Three-Category Weighting Model

CCG V2.0 organizes 15 dimensions into 3 categories with evidence-based weightings that reflect real-world cybersecurity governance priorities

45%
Category A: Technical
Dimensions D1-D6

Governance Framework, Risk Management, Security Operations, IAM, Data Protection, Asset Management

25%
Category B: Compliance
Dimensions D7-D9

Compliance Management, Monitoring & Audit, Accountability & Transparency

30%
Category C: Cultural
Dimensions D10-D15

Cultural Awareness, Equitable Implementation, Stakeholder Communication, Training, Innovation, Strategic Vision

Adaptive Branching Logic

After completing 6 core questions per dimension, CCG V2.0 automatically selects 3 adaptive questions based on your demonstrated maturity level

๐Ÿ”ป

Low Maturity Path

Triggered when majority of core answers score 0-1 points. Adaptive questions focus on foundational barriers, resource constraints, and basic capability gaps.

โž–

Medium Maturity Path

Triggered when majority of core answers score 3-4 points. Adaptive questions explore enhancement opportunities, optimization potential, and process improvements.

๐Ÿ”บ

High Maturity Path

Triggered when majority of core answers score 5 points. Adaptive questions assess thought leadership, innovation practices, and industry influence.

Psychometric Validation

CCG V2.0 has been rigorously validated using established psychometric methods to ensure reliability, consistency, and accuracy

0.87
Cronbach's Alpha (ฮฑ)
Internal consistency reliability
0.89
ICC
Intraclass Correlation Coefficient
0.82
Cohen's Kappa (ฮบ)
Inter-rater reliability
35-45
Minutes
Core assessment duration

Apply CCG Methodology to Your Organization

Get a comprehensive assessment of your cybersecurity governance maturity with actionable improvement recommendations aligned to NIST, ISO, and CIS frameworks

Start Assessment โ†’View All 15 Dimensionsโ† Back to Overview