The Cyber-resilience Improvement Indicators (CII) model is a tool to diagnose and measure the capacity of organizations to resist and overcome disasters and disturbances from the digital environment.
The CII (IMC from Spanish Indicadores para la Mejora de la Ciberresiliencia) model allows organizations to assess their capability to anticipate, resist, recover and evolve after suffering incidents that may affect the provision of their services. The model defines four goals, which correspond to the aforementioned resilience capabilities, and nine functional domains: cybersecurity policy, risk management, training, vulnerability management, continuous supervision, incident management, continuity management, configuration and change management, and communication.
The CII model consists of three documents: the Methodology, the Dictionary of indicators and the Question form. The Methodology contains the conceptual framework. The Dictionary of indicators describes the metrics that the IMC model supports. The Question form consists of a template with which organizations can assess their resilience as described in the Methodology.