This article aims to introduce the cyber security assess model (CSAM), an important component in cyber security architecture framework, especially for the developing country. This architecture framework is built up with the Enterprise Architecture approach and based on the ISO 27001 and ISO 27002. From the holistic perspective based on EGIF developed previously by UNDP group and the main TOGAF features, ITI-GAF is simplified to suit the awareness, capability and improvement readiness of the developing countries. The result of survey and applying in countries as Vietnam, Lao, Myanmar affirms the applicable value of ITI-GAF and the CSAM. The comprehensive, accurate and prompt assessment when applying ITI-CSAM enables the organization to identify the cybersecurity strengths and weaknesses, thereby determine the key parts need invested and its effects to the whole organization’s cybersecurity, then build up the action plan for short-term and long-term.