What is Cyber Maatrika?
Cyber Maatrika is a joint initiative of CySecK and iSPIRT to help organizations with Cybersecurity procurement challenges by creating a repository of model specifications for various cybersecurity solutions.
Link to repository: https://github.com/cyber-maatrika/
Why is Cyber Maatrika necessary?
With rapid evolution of technology, organisations are finding it difficult to identify the specifications to be documented when procuring a technology solution. Organisations may not have in-house expertise to have a full understanding of the features and capabilities of the various solutions available in the market to ensure procurement of the most suitable solution. This lack of expertise is true in many private organisations, but more manifest in public organisations. Public organisations also have a need to conduct their procurement in a more rigid framework that provides little room for subjective decision-making. This creates additional problems for public organisations when procuring deep-tech solutions.
All the above-mentioned factors have resulted in organisations either having to rely on sales pitch from vendors or restricting the bids to only those that feature in selective analyst reports. Whilst the former results in risk of a sub-optimal solution, the latter impedes an open playing field for smaller players who would have promising solutions. This can also result in larger players losing out for factors other than the capabilities of the solutions.
What is the Cyber Maatrika operating model?
The Cyber Maatrika initiative will leverage the spirit of collaboration and co-operation in the cybersecurity community. CySecK and iSPIRT will jointly form the core Cyber Maatrika team. This team will reach out to industry, academia and public organisations to onboard a set of unbiased industry volunteer experts who will then be part of a panel to baseline and maintain the model specifications.
The initiative for each cybersecurity solution will have three stages.
- Stage 1: The core team prepares the initial draft of the specifications covering both technical and service aspects.
- Stage 2: The panel reviews the draft and make updates as necessary to create the initial baseline.
- Stage 3: The panel will periodically refresh the specifications so that they are always up to date. The core team creates a platform where OEMs and other experts can provide feedback to the panel. The panel will meet regularly to review these feedbacks and incorporate as found suitable
What is the expected impact?
- Make procurement of solutions easier for both private and public organisations – Organisations can leverage the model specifications, tailor if necessary to be applicable to their specific context and reuse when doing procurement.
- Increase the probability of procuring an optimal solution – Leveraging these specifications will avoid organisations to fall for sales pitches from vendors and ensure procurement of solutions that would best fit the organisational needs.
- Build capacity in cybersecurity – This will address the challenge faced by private and public organisations alike in having their teams updated with the latest progress in technology.
- Create a level playing field – Procurement can be done based on the best fit solution, rather than limited to those featuring in analyst reports.
What are the expectations from Panel members?
- Have demonstratable expertise in the solution for which the panel is created.
- Be unbiased in reviewing specifications / solutions and providing feedback.
- Sign a Non-Disclosure Agreement to facilitate open conversations between various players in the eco-system.
- It is estimated that the initial review of the draft specifications and progression of the draft to the first baseline may take up to 16 hours depending on the complexity of the solution. A time commitment of this proportion – albeit one that can if necessary be spread over a few weeks – would be necessary.
- The continuous update of the specifications is estimated to need up to 8 hours once every six months.
The participation and contributions by the panel members will be credited in their official capacity or personal capacity or anonymously as would be preferred by the individual member.
Want to contribute and be part of Cyber Maatrika? Just write to us at: email@example.com