← Back to the risk model

Institutional Self-Assessment

Where does your institution actually stand?

Answer the questions below to measure your institution against the seven maturity dimensions of the framework, and to profile any asset's criticality and exposure. The model maps to ISO/IEC 27001 and the NIST Cybersecurity Framework, and reflects Bangladesh's current cyber-security and data-protection law, adapted to the higher-education context. Everything is computed live in your browser — nothing is sent anywhere.

00

Regulatory & standards basis

The framework is anchored in the Bangladeshi higher-education context and mapped to international standards. National-law references are current as of June 2026 — confirm against the official Gazette before final submission.

National law · cyber

Cyber Security Ordinance, 2025

Gazetted 21 May 2025 by the Ministry of Law, Justice & Parliamentary Affairs; in force immediately. Repealed the Cyber Security Act, 2023 — itself a replacement for the Digital Security Act, 2018, and earlier the ICT Act, 2006.

National law · data

Personal Data Protection Ordinance, 2025

Bangladesh's first comprehensive data-protection law — approved 9 Oct 2025, gazetted 6 Nov 2025. Amended by the Personal Data Protection (Amendment) Ordinance, 2026 (Ord. No. 23 of 2026, 5 Feb 2026), adding in-country data-localisation for Critical Information Infrastructure. Full enforcement expected ~May 2027.

Higher-ed policy

UGC & BdREN policies · National ICT Policy

University Grants Commission (UGC) ICT governance, the Bangladesh Research and Education Network (BdREN) acceptable-use and security policies, and the National ICT Policy under the ICT Division.

International standards

ISO/IEC 27001 · NIST CSF

The seven maturity dimensions align with ISO/IEC 27001 controls and are grouped by NIST Cybersecurity Framework functions (Identify / Protect & Detect / Respond & Recover).

01

The six-level maturity scale

Every indicator is rated 0–5. The scale is cumulative: a higher level may only be claimed once all lower levels are satisfied. Pick the highest level your institution has genuinely reached for each indicator.

02

Maturity self-assessment

Seven dimensions, grouped by NIST function. Rate each indicator on the 0–5 scale; your dimension and overall maturity update as you go.

Overall maturity

0.0

/ 5

LEVEL 0 · INCOMPLETE

Priority focus

By dimension

03

Profile an asset: criticality & exposure

Answer for a specific system — a student records database, a public portal, a lab workstation. The answers translate into the criticality (c) and exposure (x) values used by the risk model, each on a 0–1 scale.

Asset criticality

0.00

How much the institution depends on this asset.

Exposure

0.00

How reachable and attackable this asset is.

04 · Connect it up

Carry this asset profile straight into the risk score.

The criticality and exposure you just measured are two of the four inputs to the context-aware risk score. Send them to the calculator, then add a CVSS base score and EPSS likelihood to see this asset's real, context-adjusted risk.

Criticality · c0.00
Exposure · x0.00
Open the risk calculator with these values →