Stratia Cyber specialise in Information Assurance and Risk Management.

We have years of experience in providing information assurance and information risk management services to all kinds of businesses. It does not matter whether you run a small start-up company or a large corporation, we will ensure your assets are protected and maintained efficiently. Our aim is to find the best form of protection for your business and provide you with the means to manage risks effectively in order to minimise financial costs and prevent damage to your reputation.

Cookie Policy

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Contact Info

Cybersecurity Capability Maturity Model (C2M2)

What is a Cybersecurity Capability Maturity Model (C2M2) assessment?

A C2M2 assessment provides a comprehensive, manageable description of your organisation’s information security. It assesses the maturity of your information security in ten distinct categories (termed “domains”), and clearly illustrates any areas that require improvement.

Additionally, the outputs of a C2M2 assessment provide a valuable foundation if you are considering adopting one of the many formal information security standards such as ISO 27001 or the NIST Cybersecurity Framework, as the content of C2M2 correlates well with these other standards.

What is the C2M2 methodology?

C2M2 assesses approximately 300 controls, split across the ten domains. Each control has a Maturity Indicator Level, or MIL, which is a measure of the control’s significance. For instance a MIL1 (low level) control may relate to the basic existence of a person to whom information security incidents are reported; while a MIL3 (high level) control may be a more specific regime where incidents are reported to and co-ordinated with third parties.

Each control is scored with one of four classifications:

  • Not Implemented: There is no evidence of the control being implemented.
  • Partially Implemented: There is some evidence of relevant activity, usually on an ad-hoc basis.
  • Largely Implemented: Clear evidence exists that controls are in place and used by a significant number of staff.

  • Fully Implemented: Strong controls are fully embedded within the day-to-day operation of the organisation.

The model looks at 10 domains of cybersecurity in the evaluation phase:

  • Risk Management
  • Asset, Change, and Configuration Management
  • Identity and Access Management
  • Threat and Vulnerability Management
  • Situational Awareness
  • Information Sharing and Communications
  • Event and Incident Response, Continuity of Operations
  • Supply Chain and External Dependencies Management
  • Workforce Management
  • Cybersecurity Programme Management

How Stratia Consulting can help

The C2M2 model is freely available and is designed as a self-assessment tool: as such, there is no obligation to engage an outside agency for C2M2 assessments. Practically speaking, though, the model is lengthy and engaging a third party with experience in C2M2 assessments and remediation will generally save time and improve quality, as well as providing an impartial evaluation of your maturity.
Our information security specialist consultants will work with you to:

  • Evaluate your organisation’s capabilities within the ten domains of the C2M2 model and produce a comprehensive report of findings.
  • Identify and prioritise areas for improvement and the actions required.
  • Design and, if required, manage the programme of actions.
  • Re-evaluate your capabilities regularly (normally annually) to monitor information maturity security over time.

Contact us for more information about these services on 0800 644 0193 (Freephone), or email: - You may also fill in the form on the Contact Us Page on our website, and we’ll get back to you.