To see the other types of publications on this topic, follow the link: Cybersecurity maturity model.
Journal articles on the topic 'Cybersecurity maturity model'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Cybersecurity maturity model.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Kour, Ravdeep, Ramin Karim, and Adithya Thaduri. "Cybersecurity for railways – A maturity model." Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit 234, no. 10 (October 18, 2019): 1129–48. http://dx.doi.org/10.1177/0954409719881849.
Full textAbstract:
With the advancements in and widespread adoption of information and communication technologies in infrastructures, cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders, e.g. threat to the safety of employees, passengers, or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability, etc. There is a need to move towards advanced security analytics and automation to identify, respond to, and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models, the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First, a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second, the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third, recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition, they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.
2
Yigit Ozkan, Bilge, Sonny van Lingen, and Marco Spruit. "The Cybersecurity Focus Area Maturity (CYSFAM) Model." Journal of Cybersecurity and Privacy 1, no. 1 (February 13, 2021): 119–39. http://dx.doi.org/10.3390/jcp1010007.
Full textAbstract:
The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.
3
P, Dr Rachana. "Strategic Approaches to Cybersecurity Audits for Control Evaluation." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 12 (December 24, 2024): 1–5. https://doi.org/10.55041/ijsrem40065.
Full textAbstract:
This article presents an empirical study evaluating the effectiveness of the CyberSecurity Audit Model (CSAM 2.0) at a Canadian higher education institution. CSAM 2.0 is a comprehensive model used to assess cybersecurity assurance, maturity, and readiness in medium to large organizations and at the national level. It allows for the effective evaluation of security controls across various cybersecurity domains. The study highlights global best practices in cybersecurity audits, highlighting the lack of standardized guidelines and weaknesses in cybersecurity training programs. The paper details CSAM 2.0's structure and architecture, sharing results from three research scenarios: (1) a single audit focusing on awareness education, (2) audits in multiple domains such as governance, legal compliance, and incident management, and (3) a full audit covering all model domains. The study concludes that CSAM 2.0 offers valuable insights for improving cybersecurity practices and addressing vulnerabilities. Keywords: Cybersecurity, Cybersecurity Audits, Cybersecurity Audit Model, Cybersecurity Assurance, Cybersecurity Maturity, Control Evaluation, Risk Management, Incident Response, Cybersecurity Domains, Cybersecurity Training.
4
Dotsenko, T. V., and M. V. Kuzmenko. "Maturity of the country's cybersecurity system in the conditions of war: assessment trends." Economic Bulletin of Dnipro University of Technology 87 (September 2024): 34–43. http://dx.doi.org/10.33271/ebdut/87.034.
Full textAbstract:
Methods. The study used the following methods: an inductive approach to formulating the concept of maturity of the country's cybersecurity system in military conditions; a deductive method to derive the concept of assessing the maturity of the country's cybersecurity system during military operations; content analysis identified the key elements of assessing the maturity of the national cybersecurity system in military operations; strategic analysis identified the main vectors of assessing the problem under study, and the latest approaches to assessing the national cybersecurity system. Results. The latest trends in assessing the maturity of the country's cybersecurity system, taking into account the aspect of military conditions, are identified: the existing regulatory and legal framework at the international and national levels is indicated; the concept of maturity and assessment of the maturity of the country's cybersecurity system during military operations is formulated. The paper outlines the key elements of assessing the maturity of the national cybersecurity system in military operations: adaptability, interoperability, readiness, partnership, cyber reserves, vulnerabilities and threats, and training. The main vectors of assessment are identified: assessment of cyber threats, cyber attacks, infrastructure protection, interaction of cybersecurity actors, level of personnel training; the latest approaches to system assessment are noted. A scheme of future key challenges, trends, and recommendations for assessing the maturity of the national cybersecurity system in wartime has been formed. Novelty. The study of the specifics of assessing the maturity of the country's cybersecurity system identifies key elements, vectors, approaches, and methods for assessing the cyber defence system. Weaknesses and vulnerabilities, existing progress in the development of cyber defence of the system are identified, and the necessary activities to enhance the effectiveness of national security in times of war are identified. Practical value. The experience of previous achievements in the functioning of cybersecurity systems is summarised, the most effective practices and methods of cyber resilience are identified, recommendations for assessing the maturity of the national cybersecurity system in times of war are proposed, which will optimise existing and potential resources, and will help to create the preconditions for further development of the latest model of cyber defence assessment.
5
Aliyu, Aliyu, Leandros Maglaras, Ying He, Iryna Yevseyeva, Eerke Boiten, Allan Cook, and Helge Janicke. "A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom." Applied Sciences 10, no. 10 (May 25, 2020): 3660. http://dx.doi.org/10.3390/app10103660.
Full textAbstract:
As organisations are vulnerable to cyberattacks, their protection becomes a significant issue. Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate several regulations exists. This article presents a light, web-based model that can be used as a cybersecurity assessment tool for Higher Education Institutes (HEIs) of the United Kingdom. The novel Holistic Cybersecurity Maturity Assessment Framework incorporates all security regulations, privacy regulations, and best practices that HEIs must be compliant to, and can be used as a self assessment or a cybersecurity audit tool.
6
Peliukh, O. I., M. V. Yesina, and D. Yu Holubnychyi. "CERT-UA assessment based on the CSIRT ENISA Maturity Model." Radiotekhnika, no. 213 (June 16, 2023): 41–48. http://dx.doi.org/10.30837/rt.2023.2.213.04.
Full textAbstract:
Cybersecurity threats are steadily increasing in today's world, which is characterised by increased openness and integration into the global network. The proliferation of cyber incidents, including hacker attacks, confidential data leaks and information theft, is becoming an extremely pressing issue in this context. Accordingly, the eradication of these threats requires the development of effective methods of responding to cyber incidents. The central theme of this article is to consider the critical importance of assessing and improving the effectiveness of cyber incident response teams. The structure of such a team, including cybersecurity specialists, network engineers, analysts, etc., is aimed at identifying, analysing and overcoming threats in cyberspace. The key aspects of assessing such a team, like abilities, experience, communication skills and level of cooperation, are presented clearly through the prism of the updated ENISA CSIRT Maturity Model. The article uses the Computer Emergency Response Team in Ukraine (CERT-UA), a national team operating under the leadership of the State Service for Special Communications and Information Protection of Ukraine, to illustrate the methods of assessing a cyber incident response team. The assessment of the team, based on the ENISA CSIRT Maturity Model, points to key aspects that determine its effectiveness. The paper provides a clear view of the process of measuring cyber incident response teams through a systematic approach that identifies their strengths and weaknesses. The maturity analysis of the CERT-UA provides recommendations for further development of the team, which can be an important resource for academics, cybersecurity experts and government officials interested in improving the effectiveness of cyber threat response. It highlights the importance of assessing cyber incident response teams to ensure cybersecurity and information protection. Awareness of this issue contributes to continuous improvement and readiness to respond effectively to growing challenges in the modern digital environment.
7
Abdullahi Garba, Adamu, Aliyu Musa Bade, Muktar Yahuza, and Ya’u Nuhu. "Cybersecurity capability maturity models review and application domain." International Journal of Engineering & Technology 9, no. 3 (September 2, 2020): 779. http://dx.doi.org/10.14419/ijet.v9i3.30719.
Full textAbstract:
Cybersecurity is a way of protecting organization critical assets, through the identification of cyber threats that can compromise the information stored, it involves the protection, identification, and responding to threats. The main aim of this article is to conduct an ample review of the published cybersecurity capability maturity models using a systematic review of published articles from 2014 to 2019. Features of Hal- vorsen and Conradi’s taxonomy were adopted to explain the models identified. The results indicated adopting a model to a certain organization is not feasible. However, modification is required before implementation, as the cost of implementation is not available when conducting this research.
8
Razikin, Khairur, and Agus Widodo. "General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance." CommIT (Communication and Information Technology) Journal 15, no. 2 (August 31, 2021): 91–104. http://dx.doi.org/10.21512/commit.v15i2.6931.
Full textAbstract:
The use of technology in the era of the Industrial Revolution 4.0 is essential, marked by the use of technology in the economy and business. This situation makes many companies in the payment sector have to improve their information technology security systems. In Indonesia, Bank Indonesia and the Financial Services Authority (Otoritas Jasa Keuangan - OJK) are agencies that provide operational permits for companies by making Payment Card Industry-Data Security Standard (PCI-DSS) certification as one of the requirements for companies to obtain operating permits. However, not all companies can easily get PCI-DSS certification because many companies still do not meet the PCI-DSS requirements. The research offers a methodology for measuring the level of technology and information maturity using general cybersecurity requirements adopted from the cybersecurity frameworks of CIS, NIST, and Cobit. Then, the research also performs qualitative calculations based on interviews, observations, and data surveys conducted on switching companies that have been able to implement and obtain certification. PCI-DSS to produce practical cybersecurity measures, in general, can be used as a measure of the maturity of technology and information security. The results and discussion provide a model assessment tool on the procedures and requirements needed to obtain PCI-DSS certification. The maturity level value of PT XYZ is 4.0667 at maturity level 4, namely quantitatively managed, approaching level 5 as the highest level at maturity level.
9
Coleman, Joe. "The DOD's CMMC 2.0: What Heat Treaters Need to Know." AM&P Technical Articles 182, no. 2 (March 1, 2024): 37–39. http://dx.doi.org/10.31399/asm.amp.2024-02.p037.
Full textAbstract:
Abstract Cybersecurity Maturity Model Certification (CMMC) 2.0 represents the most recent iteration of the US Department of Defense's cybersecurity regulations. The CMMC 2.0 framework was developed to improve the cybersecurity posture of defense contractors and their supply chain, including heat treaters. This article reviews key requirements and how DoD contractors can prepare for compliance.
10
Abhilash Maroju, Srinivas A Vaddadi, Sravanthi Dontu, Rohith Vallabhaneni,. "An Empirical Paradigm on Cybersecurity Vulnerability Mitigation Framework." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 9s (August 31, 2023): 786–92. http://dx.doi.org/10.17762/ijritcc.v11i9s.9484.
Full textAbstract:
Current cybersecurity vulnerability assessment tools were developed in accordance with guidelines established by entities like the National Institute of Standards and Technology (NIST) and the United States Department of Energy. When assessing their facility's cybersecurity maturity, owners and operators of critical infrastructure frequently use frameworks like the NIST Cybersecurity Framework (CSF) and the cybersecurity capability maturity model (C2M2). These frameworks are great at finding vulnerabilities and doing qualitative cybersecurity analysis, but they don't help you get to the level of cybersecurity maturity you want by letting you prioritise how you fix those flaws. Cyber dangers pose a significant risk to businesses and are becoming more pervasive in our everyday lives. In this way, businesses may devise a strategy and set of guidelines by simulating a breach attack. But these strategies are based on experts' tacit knowledge. In response to this problem, the authors of this study suggest an automated and formal process for creating prioritised action plans to enhance environmental transparency. An experiment proving the validity of the proposed method was conducted, yielding consistent and applicable results to the tested scenario. Through testing against a real-world cyberattack that targeted industrial control systems at a critical infrastructure facility, this article presents a thorough architecture of CyFEr and demonstrates its application to CSF.
11
Roy, Yanina, Olena Riabchun, and Valeriy Yermoshin. "MATURITY MODEL OF CYBER SECURITY SYSTEM OPPORTUNITIES AT CRITICAL INFRASTRUCTURE FACILITIES OF THE ES-C2M2 ENERGY SECTOR." Cybersecurity: Education, Science, Technique 2, no. 10 (2020): 67–74. http://dx.doi.org/10.28925/2663-4023.2020.10.6774.
Full textAbstract:
Currently, a large set of IS maturity assessment models based on similar principles is available for both commercial and government organizations and institutions. At the same time, the actual use of such models is quite limited, primarily due to the weak attachment to the characteristics of specific organizations. This problem is partially solved by adapting existing approaches in the form of industry models (for example, ES-C2M2 for companies in the energy sector, ONG-C2M2 for companies in the oil and gas sector). Moreover, the emergence of a new model is very likely, which includes not only qualitative analysis through a set of characteristics / domains, but also a quantitative assessment of cybersecurity, which will use the assessment for both strategic and operational planning, as well as create an advanced expert analytical system . The best solution today is to start implementing any of the existing evaluation models with further adaptation and expansion for your own needs. Similar principles of model building will allow in the future to migrate painlessly to a more appropriate, while the experience gained in the assessment, as well as statistics will judge the progress of IS processes in the enterprise, and, importantly, in a convenient and understandable for senior management. The ES-C2M2 Cyber Security Maturity Model can significantly help energy sector organizations to assess and improve their cybersecurity areas. The ES-C2M2 Capability Maturity Model is part of the DOE Cybersecurity Capability Maturity Program (C2M2) and was developed to address the unique characteristics of the energy subsector. The opportunity maturity model is a tool for self-assessment to measure and improve their cybersecurity areas. International standards and practices in the field of information security recommend that organizations when planning IS activities to assess the current state of IS and set a target for the near future, the achievement of which will allow the company to effectively address existing threats and respond to new challenges and threats of IS.
12
Sabillon, Regner, Juan Ramon Bermejo Higuera, Jeimy Cano, Javier Bermejo Higuera, and Juan Antonio Sicilia Montalvo. "Assessing the Effectiveness of Cyber Domain Controls When Conducting Cybersecurity Audits: Insights from Higher Education Institutions in Canada." Electronics 13, no. 16 (August 16, 2024): 3257. http://dx.doi.org/10.3390/electronics13163257.
Full textAbstract:
This study validates a comprehensive cybersecurity audit model through empirical analysis in three higher education institutions in Canada. The research aims to enhance cybersecurity resilience by assessing the effectiveness of cybersecurity controls across diverse educational environments. Given the increasing frequency and sophistication of cyberattacks targeting educational institutions, this research is essential to ensure the protection of sensitive academic and personal data. Data were collected through detailed audits involving system vulnerabilities, compliance with security policies, and incident response management at each institution. The findings underscore the importance of tailored cybersecurity strategies and continuous auditing to mitigate cyber risks in the Canadian higher education sector. This study contributes to the field by validating a versatile audit tool that can be adapted to various institutional contexts, promoting enhanced cybersecurity practices and evaluating the effectiveness of cybersecurity safeguards across the higher education sector in Canada. The results of the audit model validations provide the cybersecurity maturity rating of each institution. Further research is recommended to refine the model and explore its application in other industries and sectors.
13
Domnik, Jan, and Alexander Holland. "On Data Leakage Prevention Maturity: Adapting the C2M2 Framework." Journal of Cybersecurity and Privacy 4, no. 2 (March 30, 2024): 167–95. http://dx.doi.org/10.3390/jcp4020009.
Full textAbstract:
In an evolving cybersecurity landscape marked by escalating data breaches and regulatory demands, data leakage prevention (DLP) has emerged as one of several defense mechanisms. This study underscores unresolved foundational issues within DLP, revealing that it remains a significant challenge in large organizations. This highlights the necessity for a holistic approach to DLP to effectively address these persistent challenges. By developing a DLP Maturity Model, adapted from the renowned C2M2 framework, this research provides a comprehensive tool for assessing organizational DLP capabilities and pinpointing critical gaps. Applying the DLP Maturity Model within the financial sector as demonstrated through a banking scenario showcases its relevance and added value. This application illuminates the model’s effectiveness in securing sensitive data and adhering to essential regulatory standards, highlighting its adaptability across various compliance landscapes. Implementing this DLP Maturity Model in a banking scenario showcases its applicability, highlighting its ability to formulate a strategy to secure sensitive data and comply with regulatory standards. This approach aligns with the concept of a continuous risk-based strategy, merging the holistic model to identify and address critical insider risks within organizations. The study addresses a specific gap in DLP research, notably the lack of a holistic framework for assessing and enhancing DLP strategies across organizations. It equips practitioners with a foundational tool to determine current DLP maturity and devise strategies for mitigating insider-driven data breach risks, thereby bolstering organizational cybersecurity resilience.
14
Patrick, Mayala, Edrick Mugisha, Keneth Mbaga, and Mansour Likamba. "Cybersecurity in Tanzanian Maritime Operations: Exploring Global Best Practices and Their Local Adaptation Using the Cybersecurity Capability Maturity Model (C2M2)." Social Science and Humanities Journal 8, no. 10 (October 26, 2024): 5688–97. http://dx.doi.org/10.18535/sshj.v8i10.1421.
Full textAbstract:
The increasing integration of digital technologies in maritime operations has significantly enhanced efficiency in cargo tracking, port management, and communication systems. However, this digital transformation also introduces substantial cybersecurity risks, particularly in developing regions like Tanzania, where technological infrastructure and specialized skills may lag behind global standards. This study evaluates the cybersecurity readiness of three key Tanzanian maritime organizations Tanzania Ports Authority (TPA), Tanzania Shipping Agency Corporation (TASAC), and SINOTASHIP using the Cybersecurity Capability Maturity Model (C2M2). Through a detailed assessment across ten C2M2 domains, the study identifies existing strengths and critical gaps in areas such as risk management, asset management, and incident response. The findings reveal that while basic cybersecurity practices exist, they are largely reactive, with most domains scoring between Level 1 (Initial) and Level 3 (Defined). This lack of advanced, proactive measures poses significant risks to Tanzania's maritime infrastructure, particularly given the strategic role of ports like Dar es Salaam in regional trade. The study highlights the need for tailored improvements, including enhanced asset management, continuous workforce training, and real-time monitoring systems, to bridge the gap between global standards and local practices. By implementing these measures, Tanzanian maritime operations can strengthen their resilience against cyber threats, ensuring secure and efficient port operations in an increasingly interconnected world.
15
Varona Taborda, María Alejandra. "Dynamic Cybersecurity Model based on ISO standards for Higher Education Institutions in Colombia." Ingeniería Solidaria 17, no. 3 (September 6, 2021): 1–21. http://dx.doi.org/10.16925/2357-6014.2021.03.05.
Full textAbstract:
Introduction: This article is the result of a research process whose product was to generate a guide for Higher Education Institutions (in Spanish, IES) to adopt a Cybersecurity Model based on ISO standards (International Organization for Standardization).
Problem: IES do not have a cybersecurity model aligned to the ISO / IEC 27032: 2012 standard (International Organization for Standardization / International Electrotechnical Commission), which causes a lack of clarity and uncertainty in the level of maturity and low efficiency in processes and information security controls to be implemented.
Objective: Propose a dynamic model of cybersecurity based on ISO standards for IES.
Methodology: The development of this work was oriented under a line of applied research, by virtue of the fact that it was necessary to address the problem based on previous knowledge that allowed supporting the theoretical contributions and the activities proposed to determine the possible causes of the problem and give it a possible solution.
Results: The generation of this dynamic model allows it to be adapted to the different needs and requirements of IES.
Conclusion: IES can implement a cybersecurity model to prevent and protect information at the cyberspace level.
Originality: The work carried out generates a great contribution, which is the generation of a dynamic cybersecurity model, since at present there are no specific models for IES.
Limitations: The model implementation guide is established in a general way to be applied later to an organization in any sector.
Keywords: Dynamic Cybersecurity Model, Higher Education Institutions, ISO/IEC 27032: 2012, Security Standards.
16
Almomani, Iman, Mohanned Ahmed, and Leandros Maglaras. "Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia." PeerJ Computer Science 7 (September 9, 2021): e703. http://dx.doi.org/10.7717/peerj-cs.703.
Full textAbstract:
The Saudi Arabia government has proposed different frameworks such as the CITC’s Cybersecurity Regulatory Framework (CRF) and the NCA’s Essential Cybersecurity Controls (ECC) to ensure data and infrastructure security in all IT-based systems. However, these frameworks lack a practical, published mechanism that continuously assesses the organizations’ security level, especially in HEI (Higher Education Institutions) systems. This paper proposes a Cybersecurity Maturity Assessment Framework (SCMAF) for HEIs in Saudi Arabia. SCMAF is a comprehensive, customized security maturity assessment framework for Saudi organizations aligned with local and international security standards. The framework can be used as a self-assessment method to establish the security level and highlight the weaknesses and mitigation plans that need to be implemented. SCMAF is a mapping and codification model for all regulations that the Saudi organizations must comply with. The framework uses different levels of maturity against which the security performance of each organization can be measured. SCMAF is implemented as a lightweight assessment tool that could be provided online through a web-based service or offline by downloading the tool to ensure the organizations’ data privacy. Organizations that apply this framework can assess the security level of their systems, conduct a gap analysis and create a mitigation plan. The assessment results are communicated to the organization using visual score charts per security requirement per level attached with an evaluation report.
17
Pigola, Angélica, and Priscila Rezende da Costa. "Dynamic Capabilities in Cybersecurity Intelligence: A Meta-Synthesis to Enhance Protection Against Cyber Threats." Communications of the Association for Information Systems 53, no. 1 (2023): 1099–135. http://dx.doi.org/10.17705/1cais.05347.
Full textAbstract:
Advanced cybersecurity threats with automated capabilities are on the rise in industries such as finance, healthcare, technology, retail, telecoms, and transportation, as well as government. It is necessary to conduct analyses of cybersecurity-related resources and capabilities to build cybersecurity intelligence (CI). The purpose of this paper is to suggest a dynamic capability in a cybersecurity intelligence (DCCI) model based on existing literature that helped firms reduce risks of cyber violations and advance the development of systems and the life cycle of firms. Through a meta-synthesis, an abduction and induction approach through eight methodological steps analyzed in forty-seven case studies the presence of cybersecurity capabilities to build CI. Combining theoretical and practical information security maturity models as a foundation, we understand capabilities building to improve the predictability of cyber incidents. The results evidenced four second-order dimensions to build CI named doing, enabling, improving, and managing cybersecurity, and eight first-order outcomes to represent the DCCI model. This research makes an unprecedented contribution to international and national scenarios, as it will allow firms to innovate their resource management processes and abilities to enable better cybersecurity projects and reduce the impacts of potential cyberattacks with the probability of eradicating vulnerabilities.
18
Uraipan, Naris, Prasong Praneetpolgrang, and Tharini Manisri. "Application of an Analytic Hierarchy Process to Select the Level of a Cyber Resilient Capability Maturity Model in Digital Supply Chain Systems." ECTI Transactions on Computer and Information Technology (ECTI-CIT) 15, no. 2 (April 27, 2021): 198–207. http://dx.doi.org/10.37936/ecti-cit.2021152.240631.
Full textAbstract:
Cyber resilient is the ability to prepare for, respond to and recover from cyber attacks. Cyber resilient has emerged over the past few years because traditional cybersecurity measures are no longer enough to protect organizations from the spate of persistent attacks. It helps an organization protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.The cyber resilient capability maturity model is a very important element within an effective in digital supply chain. The maturity model has 6 components: identify, protect, detect, respond, recover and continuity which affect the cybersecurity of the organization. To measure the maturity level needs a holistic approach. Therefore, the analytic hierarchy process (AHP) approach which allows both multi-criteria and simultaneous evaluation. Generally, the factors affecting cyber resilient in digital supply chain have non-physical structures. Therefore, the real problem can be represented in a better way by using fuzzy numbers instead of numbers to evaluate these factors. In this study, a fuzzy AHP approach is proposed to determine the cyber resilient capability maturity level in digital supply chain. The proposed method is applied in a real SMEs company. In the application, factors causing are weighted with triangular fuzzy numbers in pairwise comparisons. The result indicate that the weight factors from comparing the relationship of all factors put the importance of identify factors first, followed by protect, detect, respond, recover and continuity respectively.
19
Ferreira, Daniel Jorge, and Henrique São Mamede. "Predicting Cybersecurity Risk - A Methodology for Assessments." ARIS2 - Advanced Research on Information Systems Security 2, no. 2 (December 30, 2022): 50–63. http://dx.doi.org/10.56394/aris2.v2i2.23.
Full textAbstract:
Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.
20
Mori, Shigeo, and Atsuhiro Goto. "Reviewing National Cybersecurity Strategies." Journal of Disaster Research 13, no. 5 (October 1, 2018): 957–66. http://dx.doi.org/10.20965/jdr.2018.p0957.
Full textAbstract:
The damages caused by cyber-attacks are becoming larger, broader and more serious and to include monetary losses and losses of lifeline. Some cyber-attacks are arguably suspected to be parts of national campaigns. Under such circumstances, the public sector must endeavour to enhance the national cybersecurity capacities. There are several benchmarks for national cybersecurity, i.e., a snapshot relative assessment of a nation’s cybersecurity strength at a global level. However, by considering the development of technology, attackers’ skills and capacities of other nations, we believe that it is more important to review the national strategy for cybersecurity capacity enhancement and to ensure that the national capacity advances adequately in the coming years. We propose a method of reviewing national strategies. Additionally, we performed a trial review of the Japanese cybersecurity strategy using the Cybersecurity Capacity Maturity Model for Nations (CSCMMN) developed by the Global Cyber Security Capacity Centre. This trial proved to be workable because it detected various possibly inadequate (insufficient, inappropriate or inefficient, although further investigation is needed) approaches in the Japanese strategy. Moreover, the review also discovered the shortcomings of the capacity areas in the CSCMMN. We plan to improve the reviewing method and develop the improvement process of national strategies for cybersecurity capacity enhancement.
21
Baykız, Tekin, and Şuay Nilhan Açıkalın. "THE DIGITALIZATION OF DIPLOMACY MATURITY MODEL (DD-MM): A NEW MODEL FOR OPTIMIZING DIPLOMATIC DIGITALIZATION." Journal of Nusantara Studies (JONUS) 9, no. 2 (July 31, 2024): 441–73. http://dx.doi.org/10.24200/jonus.vol9iss2pp441-473.
Full textAbstract:
This paper introduces the Digitalization of Diplomacy Maturity Model (DD-MM), a comprehensive framework designed to assess and enhance the digital capabilities of diplomatic institutions. The DD-MM encompasses four critical dimensions: people, digital visibility, technology and security, and policies, providing a structured approach to evaluate and advance the maturity of digital diplomacy practices. In the people dimension, the model emphasizes role definitions, change management, and specialized training programs, highlighting the need for diplomats to acquire digital literacy and competency. The digital visibility dimension focuses on the strategic use of social media and other online platforms to enhance a nation's presence and influence in the digital sphere, emphasizing engagement with a global audience and proactive digital communications management. The technology and security dimension addresses ICT infrastructure, cybersecurity, and data management, advocating for the adoption of state-of-the-art technologies to support diplomatic activities and ensure the security of sensitive information. The policies dimension underscores the necessity for clear guidelines and regulatory frameworks to govern the use of digital tools in diplomacy, including the formulation of policies that align with international standards and promote ethical practices. The DD-MM outlines a clear pathway for continuous improvement, guiding institutions from the initial stages of digital integration to advanced levels of optimization and strategic alignment. Keywords: Digitalization of diplomacy, maturity model, model development, digital public diplomacy. Cite as: Baykız, T., & Açıkalın, Ş. N. (2024). The digitalization of diplomacy maturity model (DD-MM): A new model for optimizing diplomatic digitalization. Journal of Nusantara Studies, 9(2), 441-473. http://dx.doi.org/10.24200/jonus.vol9iss2pp441-473
22
Hochstetter-Diez, Jorge, Mauricio Diéguez-Rebolledo, Julio Fenner-López, and Cristina Cachero. "AIM Triad: A Prioritization Strategy for Public Institutions to Improve Information Security Maturity." Applied Sciences 13, no. 14 (July 19, 2023): 8339. http://dx.doi.org/10.3390/app13148339.
Full textAbstract:
In today’s world, private and government organizations are legally obligated to prioritize their information security. They need to provide proof that they are continually improving their cybersecurity compliance. One approach that can help organizations achieve this goal is implementing information security maturity models. These models provide a structured framework for measuring performance and implementing best practices. However, choosing a suitable model can be challenging, requiring cultural, process, and work practice changes. Implementing multiple models can be overwhelming, if possible. This article proposes a prioritization strategy for public institutions that want to improve their information security maturity. We thoroughly analyzed various sources through systematic mapping to identify critical similarities in information security maturity models. Our research led us to create the AIM (Awareness, Infrastructure, and Management) Triad. This triad is a practical guide for organizations to achieve maturity in information security practices.
23
Fleming, Courtney, Mark Reith, and Wayne Henry. "Securing Commercial Satellites for Military Operations: A Cybersecurity Supply Chain Framework." International Conference on Cyber Warfare and Security 18, no. 1 (February 28, 2023): 85–92. http://dx.doi.org/10.34190/iccws.18.1.1062.
Full textAbstract:
The increased reliance on commercial satellites for military operations has made it essential for the Department of Defense (DoD) to adopt a supply chain framework to address cybersecurity threats in space. This paper presents a satellite supply chain framework, the Cybersecurity Supply Chain (CSSC) Framework, for the DoD in the evaluation and selection of commercial satellite contracts. The proposed strategy is informed by research on cybersecurity threats to commercial satellites, national security concerns, current DoD policy, and previous cybersecurity frameworks. This paper aims to provide a comprehensive approach for safeguarding commercial satellites used by the DoD and ensuring the security of their supporting components. Inspired by the National Institute of Standards and Technology (NIST) 800-171 requirements and the DoD’s future Cybersecurity Maturity Model Certification (CMMC) process, the two-part framework significantly streamlines the NIST requirements to accommodate small businesses. It also extends key NIST requirements to commercial-off-the-shelf (COTS) suppliers. The CSSC Framework complements the CMMC certification process by addressing the need for cybersecurity requirements for all subcontractors supporting a commercial space asset. The framework incorporates a scoring process similar to CMMC scoring, granting points to a subcontractor for meeting the cybersecurity requirements outlined by the framework. In addition, the framework creates a space architecture overview that details the overall bid score and establishes a matrix based on individual requirements. This model and matrix allow DoD acquisition personnel to closely analyze each contract bid, comparing the subcontractor's strengths and weaknesses to other bidders. The CSSC Framework will allow the DoD to apply NIST standards to subcontractors who do not meet the requirements for CMMC certification.
24
Levy, Yair, and Ruti Gafni. "Towards the quantification of cybersecurity footprint for SMBs using the CMMC 2.0." Online Journal of Applied Knowledge Management 10, no. 1 (September 6, 2022): 43–61. http://dx.doi.org/10.36965/ojakm.2022.10(1)43-61.
Full textAbstract:
Organizations, small and big, are faced with major cybersecurity challenges over the past several decades, as the proliferation of information systems and mobile devices expand. While larger organizations invest significant efforts in developing approaches to deal with cybersecurity incidents, Small and Medium Businesses (SMBs) are still struggling with ways to both keep their businesses alive and secure their systems to the best of their abilities. When it comes to critical systems, such as defense industries, the interconnectivities of organizations in the supply-chain have demonstrated to be problematic given the depth required to provide a high-level cybersecurity posture. The United States (U.S.) Department of Defense (DoD) with the partnership of the Defense Industry Base (DIB) have developed the Cybersecurity Maturity Model Certification (CMMC) in 2020 with a third-party mandate for Level 1 certification. Following an outcry from many DIB organizations, a newly revised CMMC 2.0 was introduced in late 2021 where Level 1 (Fundamental) was adjusted for annual self-assessment. CMMC 2.0 provides the 17 practices that organizations should self-assess. While these 17 practices provide initial guidance for assessment, the specific level of measurement and how it impacts their overall cybersecurity posture is vague. Specifically, many of these practices use non-quantifiable terms such as “limit”, “verify”, “control”, “identify”, etc. The focus of this work is to provide SMBs with a quantifiable method to self-assess their Cybersecurity Footprint following the CMMC 2.0 Level 1 practices. This paper outlines the foundational literature work conducted in support of the proposed quantification Cybersecurity Footprint Index (CFI) using 26 elements that correspond to the relevant CMMC 2.0 Level 1 practices.
25
Tabim, Verônica Maurer, Cíntia Wilke Franco, and João Pedro Hoerde. "Digital transformation in e-commerce logistics." Brazilian Journal of Operations & Production Management 21, no. 1 (March 2, 2024): 1641. http://dx.doi.org/10.14488/bjopm.1641.2024.
Full textAbstract:
Highlights: This article addresses the diagnosis of digital maturity in e-commerce logistics, specifically the final delivery stage, known as the last-mile. The last-mile has greater digitization demand than traditional logistics due to the extreme speed of the virtual world during shopping, where customers transfer these same expectations to delivery services. Goal: The main objective of this work is to evaluate the digital maturity of the last-mile area of operation of an e-commerce logistics company. Methodology: This study evaluates the maturity model in a case study with the company E-commerceCo. Interviews were conducted with key employees for data gathering. Results: The proposed method allows defining and analyzing the digital maturity of the last-mile area of the company in question, understanding strengths, such as a culture open to innovation and digitally mature, and weaknesses, such as technical limitations imposed by the main system used and lack of cybersecurity barriers. Limitations of the investigation: Since it is a single case study, it does not allow a broad generalization to industries in other branches. Another limitation is that this study is focused on Brazilian logistics operations, which may differ from other countries. Practical implications: This research is relevant to serve as a reference for other companies in the e-commerce logistics sector to assess their digital maturity from the proposed model and compare common challenges and opportunities. In addition, it will help the studied company to create a successful digital transformation strategy. Originality / Value: We propose a new approach on how to evaluate the digital maturity of the last-mile area of operation of an e-commerce logistics company.
26
Amanda, Delpia, Nurul Mutiah, and Syahru Rahmayudha. "Analisis Tingkat Kematangan Keamanan Informasi Menggunakan NIST Cybersecurity Framework dan CMMI." Coding Jurnal Komputer dan Aplikasi 11, no. 2 (September 1, 2023): 291. http://dx.doi.org/10.26418/coding.v11i2.65088.
Full textAbstract:
Pemanfaatan teknologi informasi di lingkungan perguruan tinggi, khususnya Universitas Tanjungpura (Untan), telah membawa berbagai kemudahan, salah satunya adalah akses informasi yang efisien. Untan menggunakan Sistem Informasi Akademik (SIAKAD) untuk mengelola data akademik dari semua fakultas. Walaupun SIAKAD memberikan manfaat besar, penggunaan teknologi ini juga membawa risiko keamanan data yang perlu diperhatikan. Ketika data dan informasi semakin banyak disimpan dan dikelola, risiko kerusakan, kehilangan, atau tereksposnya data kepada pihak tak berwenang juga semakin meningkat. Oleh karena itu, penting untuk diketahui tingkat kematangan keamanan informasi pada SIAKAD Untan guna melindungi data dan informasi yang ada karena semakin tinggi tingkat kematangan, maka akan semakin baik proses pengelolaan teknologi informasi sehingga secara tidak langsung dapat berdampak pada keamanan teknologi informasi untuk mencapai tujuan organisasi. NIST cybersecurity framework merupakan framework manajemen risiko keamanan informasi yang digunakan untuk menganalisis proses manajemen risiko, Untuk penilaian tingkat kematangan SIAKAD Untan menggunakan CMMI yang merupakan model penilaian kematangan dan kemampuan organisasi perangkat lunak untuk mengukur tingkat kematangan SIAKAD Untan dalam penilaian proses manajemen risiko. Hasil penilaian menunjukkan bahwa kategori ID.AM dan ID.RA telah mencapai level 2, sehingga maturity level function identify berada pada level 2. Dari level tersebut diberikan 92 rekomendasi perbaikan untuk mencapai level 3 yang diharapkan.
27
Fajri, Khafidh Sunny Al, and Ruki Harwahyu. "Information Security Management System Assessment Model by Integrating ISO 27002 and 27004." MALCOM: Indonesian Journal of Machine Learning and Computer Science 4, no. 2 (February 24, 2024): 498–506. http://dx.doi.org/10.57152/malcom.v4i2.1245.
Full textAbstract:
The rapid development of information and communication technology has also led to a significant increase in cybercrime activities. According to the Annual Cybersecurity Monitoring Report by the National Cyber and Cryptography Agency, there were 495 million instances of traffic anomalies or attempted attacks in 2020, which rose to 1.6 billion in 2021 in Indonesia. Implementing the ISO 27001 standard for information security management system (ISMS) can help mitigate these cyber-attack attempts. However, with various levels of resources and organizational commitment, different levels of ISMS maturity can be achieved. Therefore, there is a need for an ISMS assessment model. This is crucial, considering cyber incidents such as data breaches in organizations that have implemented or are certified with ISO 27001. This research proposed a concept of ISMS assessment model by integrating ISO 27002 and 27004 to a case study (Directorate XYZ), where the guidance function of ISO 27002 is transformed into assessment parameters and ISO 27004 for measuring performance. Using this model, the score of the case study’s ISMS was found to be 53.925, which is still below the established standard of 80.
28
Kvint, V. L., A. V. Babkin, and E. V. Shkarupeta. "Strategizing of forming a platform operating model to increase the level of digital maturity of industrial systems." Russian Journal of Industrial Economics 15, no. 3 (October 8, 2022): 249–61. http://dx.doi.org/10.17073/2072-1633-2022-3-249-261.
Full textAbstract:
The authors of the article suggest the strategy of forming a platform operating model to increase the level of digital maturity of industrial systems in the changing conditions of reality. They have analyzed the current situation on adapting industrial systems to the changing conditions of reality of 2022: the sanctions restrictions and the COVID-19 pandemic crisis. In analogy with the bionics companies concept the authors introduce the term of «bionic industrial systems» as the aggregate of economic entities which form the closed cycle of producing artificial products by machine and combine new technology with human ability of transforming operations on the basis of digital strategizing, develop the experience, customer relationships and more effective performance, increase the pace of innovation significantly. There is a conclusion that bionic industrial systems are characterized by the presence of digital strategies, high level of digital maturity which should be evaluated according to the index of digital acceleration. The authors suggest four strategies allowing transformation of industrial systems into bionic ones and maximize their value on the basis of digital strategizing. The use of platform operating model is considered to be the key distinctive feature of the bionic industrial systems. The article presents the strategy of forming a platform operating model of bionic industrial systems based on the model of digital transformation of the transactions of the Deloitte company. This is the structure describing the digital path on the basis of defining 10 evolution stages taking into account cybersecurity and digital culture. The digital industrial platform ZIIoT by the Russian IT-company «Tsifra» (Digit) has been studied as the best experience, and the authors present practical cases of its implementation in Gasprom, Lukoil, Novolipetsk Metallurgical Plant. The implementation of the strategy of forming a platform operating model in industrial systems is expected to result in reducing costs due to accelerated implementation of digital scenarios, additional income and opportunities of diversification through digital strategizing, etc. The authors introduce the concept of forming a platform operating model to increase the level of digital maturity of industrial systems.
29
Muttaqin, Hidayatul, and Kalamullah Ramli. "Designing An Information Security Framework For The Indonesia Water Industry Sector." Cakrawala Repositori IMWI 6, no. 3 (July 7, 2023): 771–80. http://dx.doi.org/10.52851/cakrawala.v6i3.352.
Full textAbstract:
The majority of Indonesia's water industry sectors have implemented smart water management systems as part of their business development, which has an indirect impact on enterprise information security. However, in general, water sector enterprises continue to place a low priority on information security, and the development of information system frameworks is based on generic norms employed by financial firms. There has been no research on information security frameworks especially built for water firms in Indonesia that use information security standards in the utilities sector. This article proposes a solution in the form of a new framework for Indonesian water firms that combines international information security requirements in the utilities sector with Indonesian government rules. This approach of development combines worldwide standards with national rules. The Cybersecurity Capability Maturity Model (C2M2) and ISO 27019 are two international standards commonly used by utility businesses globally. Government Regulation or Peraturan Pemerintah (PP) Number 71 of 2019 on the Implementation of Electronic Systems and Transactions is the relevant national regulation. The framework addresses information technology, telecommunications, and operational technology, with four approach categories: governance and ecosystem, protection, defense, and resilience. According to the research findings, the newly integrated framework can be applied and is worthy of recommendation. This framework also meets the standards for information security and can be used by Indonesian water corporations.
30
Tolkachov, Maksym, Nataliia Dzheniuk, Serhii Yevseiev, Yurii Lysetskyi, Volodymyr Shulha, Ivan Grod, Serhii Faraon, Ihor Ivanchenko, Igor Pasko, and Dmytro Balagura. "Development of a method for protecting information resources in a corporate network by segmenting traffic." Eastern-European Journal of Enterprise Technologies 5, no. 9 (131) (October 23, 2024): 63–78. http://dx.doi.org/10.15587/1729-4061.2024.313158.
Full textAbstract:
The object of the study is a corporate network with a dynamic structure and centralized management. The subject of the research is the processes of ensuring the protection of information resources in the corporate network. The goal is to develop a method of protecting information in the corporate network. The development is based on the Zero Trust Security strategy, according to which access to the network is allowed only after verification and identification of information. The task is to develop an effective method of protecting information resources and managing cyber security in the corporate network, taking into account the complex aspects of malicious influence. The following results were obtained. It is shown that the complex, diverse presentation of information in the network requires a comprehensive approach with the division of mixed content of information into segments according to the target orientation. Based on CISA's (Cybersecurity and Infrastructure Security Agency) Zero Trust Maturity Model, a method of targeted traffic segmentation is proposed. It allows detailed analysis of the interaction between applications, users and corporate network infrastructure, which increases the level of complex threats detection by 15 %. A method of protecting information resources of a socio-cyber-physical system is proposed, which, based on the principle of the Zero Trust Security strategy, improves the monitoring and management of cyber security of information resources by taking into account social aspects. This allows to detect and respond to threats in real time and adapt security policies according to the dynamics of user behavior and general security conditions. Integrating analytical methods and modern technologies into a security strategy creates a foundation for adaptive and resilient cyber defense.
31
Garba, Adamu Abdullahi, Maheyzah Muhamad Siraj, and Siti Hajar Othman. "An Explanatory Review on Cybersecurity Capability Maturity Models." Advances in Science, Technology and Engineering Systems Journal 5, no. 4 (2020): 762–69. http://dx.doi.org/10.25046/aj050490.
Full text
32
Miron, Walter, and Kevin Muita. "Cybersecurity Capability Maturity Models for Providers of Critical Infrastructure." Technology Innovation Management Review 4, no. 10 (October 30, 2014): 33–39. http://dx.doi.org/10.22215/timreview/837.
Full text
33
Miron, Walter, and Kevin Muita. "Cybersecurity Capability Maturity Models for Providers of Critical Infrastructure." Technology Innovation Management Review 4, no. 10 (October 30, 2014): 33–39. http://dx.doi.org/10.22215/timreview837.
Full text
34
Kolomiyets, Ganna M., and Maryna O. Moskalenko. "Confidence-Building Challenges in e-Commerce." Business Inform 8, no. 559 (2024): 224–30. http://dx.doi.org/10.32983/2222-4459-2024-8-224-230.
Full textAbstract:
The aim of the article is to allocate the components of the phenomenon of trust in e-commerce, identify models of trust and generalize the factors that ambiguously affect its strengthening. The search for ways to restore the Ukrainian economy actualizes the study of e-commerce, which has already become a catalyst for economic growth in many countries around the world. In today’s environment, building trusting relationships in the field of e-commerce is critical for the success of online businesses. It is proved that trust is a basic condition for the interaction of participants in online commercial activities. The fundamental structure of trust in e-commerce includes interpersonal, institutional, and digital constructs. In the current trust structure, one of the components that determines the overall trust of the online consumer is a priority. Different models of trust in e-commerce, presented today in different business systems, are a reflection of changes in the fundamental structure and are embodied in the current structure of trust. The challenges of developing trust in e-commerce are driven by cultural values, generational attitudes, and the level of digital maturity of the online consumer, so that building a trajectory for building trust in e-commerce depends on their awareness. In the current environment, the use of new technologies such as the Internet of Things, artificial intelligence, and machine learning in e-commerce creates new challenges for strengthening digital trust, as the reliability and accuracy of information obtained by a machine is questioned without taking into account factors that are subjective and non-obvious. Today, a transitional model of trust is relevant for Ukrainian e-commerce, due to the transformation of economic institutions and deformations of the socio-demographic structure. The development of e-commerce in Ukraine is constrained by a low level of institutional trust, cybersecurity problems, restrictions related to the quantitative and qualitative composition of potential online consumers, etc.
35
Payette, Jay, Esther Anegbe, Erika Caceres, and Steven Muegge. "Secure by Design: Cybersecurity Extensions to Project Management Maturity Models for Critical Infrastructure Projects." Technology Innovation Management Review 5, no. 6 (June 26, 2015): 26–34. http://dx.doi.org/10.22215/timreview/904.
Full text
36
Payette, Jay, Esther Anegbe, Erika Caceres, and Steven Muegge. "Secure by Design: Cybersecurity Extensions to Project Management Maturity Models for Critical Infrastructure Projects." Technology Innovation Management Review 5, no. 6 (June 26, 2015): 26–34. http://dx.doi.org/10.22215/timreview904.
Full text
37
Koolen, Christof, Kim Wuyts, Wouter Joosen, and Peggy Valcke. "From insight to compliance: Appropriate technical and organisational security measures through the lens of cybersecurity maturity models." Computer Law & Security Review 52 (April 2024): 105914. http://dx.doi.org/10.1016/j.clsr.2023.105914.
Full text
38
Kour, Ravdeep, and Ramin Karim. "Cybersecurity workforce in railway: its maturity and awareness." Journal of Quality in Maintenance Engineering ahead-of-print, ahead-of-print (December 18, 2020). http://dx.doi.org/10.1108/jqme-07-2020-0059.
Full textAbstract:
PurposeThe purpose of this research paper is to evaluate and estimate the cybersecurity maturity and awareness risk for workforce management in railway transportation by using Railway-Cybersecurity Capability Maturity Model (R-C2M2) and Information Security Awareness Capability Model (ISACM), respectively.Design/methodology/approachThis research uses a case study strategy, so primary data comprise the majority of data collected. These data were collected through interviews and questionnaires. The secondary data were collected from the literature, technical reports and standards.FindingsThe results show that there is a gap in cybersecurity awareness within the workforce and there is a need to improve this gap. This paper provides some of the recommendations and literature to enhance cybersecurity workforce culture within railway organizations.Practical implicationsIn this paper, the authors have demonstrated that cybersecurity awareness has positive impact on the overall dependability of the railway system.Originality/valueThis paper describes the importance of cybersecurity awareness and training in building more cyber resiliency across the operation and maintenance of railway.
39
Baikloy, Ekkachat, Prasong Praneetpolgrang, and Nivet Jirawichitchai. "Development of Cyber Resilient Capability Maturity Model for Cloud Computing Services." TEM Journal, August 27, 2020, 915–23. http://dx.doi.org/10.18421/tem93-11.
Full textAbstract:
The research objectives were: 1) to develop cyber resilient model, 2) to develop the cyber resilient capability maturity model and 3) to develop self-assessment model for cyber resilient capability of cloud computing services which are qualitative and applicative research. Referring to the cybersecurity concept from National Institute of Standards and Technology (NIST) from the in-depth interview, focusgroup discussion was developed with cybersecurity experts and data collection from cloud services providers. It was found that trend of cyber-attacks was violent with smarter method. The authors had synthesized the concept of cyber resilient capability maturity model for cloud computing services including developed application for cloud services providers to evaluate their organization in order to improve the better cybersecurity level in cloud computing services and the cyber resilient capability maturity model in the future.
40
(GCSCC), Global Cyber Security Capacity Cent. "Cybersecurity Capacity Maturity Model for Nations (CMM) 2021 Edition." SSRN Electronic Journal, 2021. http://dx.doi.org/10.2139/ssrn.3822153.
Full text
41
(GCSCC), Global Cyber Security Capacity Cent. "Cybersecurity Capacity Maturity Model for Nations (CMM) Revised Edition." SSRN Electronic Journal, 2016. http://dx.doi.org/10.2139/ssrn.3657116.
Full text
42
Lee, GangSeok, SuHyun Kim, ImYoung Lee, Suzana Brown, and Yuri Aldoradin Carbajal. "Adapting cybersecurity maturity models for resource‐constrained settings: A case study of Peru." ELECTRONIC JOURNAL OF INFORMATION SYSTEMS IN DEVELOPING COUNTRIES, October 22, 2024. http://dx.doi.org/10.1002/isd2.12350.
Full textAbstract:
AbstractDeveloping countries are rapidly embracing digitalization, but this exposes them to heightened cybersecurity risks. They often look to standard established cybersecurity models from developed countries to build their national defenses. However, significant developmental, political, social, and economic differences can render these models unsuitable for developing countries. This study addresses this gap by proposing a new framework that would be more useful in a developing country context. We first examine existing cybersecurity maturity models (CMMs) and metrics. Through a case study of Peru's national computer security incident response team (CSIRT), we assess the applicability of the security incident management maturity model (SIM3) and the security operation center CMM (SOC‐CMM) frameworks. By applying these frameworks to the Peruvian context, we identify limitations in standard maturity models for developing countries. In response, we propose a novel framework that allows developing countries like Peru to leverage existing models by tailoring them to their specific environment. This tailored approach can be a powerful tool for developing countries to improve and build their cybersecurity on a national level.
43
Tabansky, Lior, and Eynan Lichterman. "PROGRESS: the sectoral approach to cyber resilience." International Journal of Information Security 24, no. 1 (November 7, 2024). http://dx.doi.org/10.1007/s10207-024-00910-3.
Full textAbstract:
AbstractEach critical infrastructure and vital service represents a unique instance of a complex socio-technical–economic system. Resilience in complex systems is an emergent behaviour that occurs from interactions between components and is not easily predictable from understanding each component in isolation. Yet, cybersecurity practice and maturity models still focus on the robustness of separate components: organizational units, firms, or IT applications. Such a fundamental mismatch between theory and tools is among the causes of pervasive cyber insecurity. We introduce the sectoral capability maturity model to enable a comprehensive improvement of systemic resilience. The promoting global cyber resilience for sectors cyber-capability maturity model incorporates the science of complex systems, cybersecurity frameworks, and two decades of CIP operations experience. The model was successfully applied in resilience assessment projects in a dozen countries. Real-life experience emphasizes the benefits of the sectoral approach to cyber resilience: creating feedback loops within the sector, integrating supply chain and third-party risks, facilitating information flows between stakeholders, enabling cooperation with and among ministries, departments and other authorities, weighting in the links and processes between actors in cybersecurity issues. The established value of the sectoral approach calls for applications that will improve the resilience of essential services while lowering sector-wide cybersecurity expenditures.
44
Kulugh, Victor Emmanuel, Uche M. Mbanaso, and Gloria Chukwudebe. "Cybersecurity Resilience Maturity Assessment Model for Critical National Information Infrastructure." SN Computer Science 3, no. 3 (April 10, 2022). http://dx.doi.org/10.1007/s42979-022-01108-x.
Full text
45
J.D., Rafael Dean Brown. "Towards a Qatar Cybersecurity Capability Maturity Model with a Legislative Framework." International Review of Law 2018, no. 4 (December 1, 2019). http://dx.doi.org/10.29117/irl.2018.0036.
Full text
46
Skarga-Bandurova, Inna, Igor Kotsiuba, and Erkuden Rios Velasco. "Cyber Hygiene Maturity Assessment Framework for Smart Grid Scenarios." Frontiers in Computer Science 3 (March 10, 2021). http://dx.doi.org/10.3389/fcomp.2021.614337.
Full textAbstract:
Cyber hygiene is a relatively new paradigm premised on the idea that organizations and stakeholders are able to achieve additional robustness and overall cybersecurity strength by implementing and following sound security practices. It is a preventive approach entailing high organizational culture and education for information cybersecurity to enhance resilience and protect sensitive data. In an attempt to achieve high resilience of Smart Grids against negative impacts caused by different types of common, predictable but also uncommon, unexpected, and uncertain threats and keep entities safe, the Secure and PrivatE smArt gRid (SPEAR) Horizon 2020 project has created an organization-wide cyber hygiene policy and developed a Cyber Hygiene Maturity assessment Framework (CHMF). This article presents the assessment framework for evaluating Cyber Hygiene Level (CHL) in relation to the Smart Grids. Complementary to the SPEAR Cyber Hygiene Maturity Model (CHMM), we propose a self-assessment methodology based on a questionnaire for Smart Grid cyber hygiene practices evaluation. The result of the assessment can be used as a cyber-health check to define countermeasures and to reapprove cyber hygiene rules and security standards and specifications adopted by the Smart Grid operator organization. The proposed methodology is one example of a resilient approach to cybersecurity. It can be applied for the assessment of the CHL of Smart Grids operating organizations with respect to a number of recommended good practices in cyber hygiene.
47
Vance, David, Mingzhou Jin, Christopher Price, Sachin U. Nimbalkar, and Thomas Wenning. "Smart manufacturing maturity models and their applicability: a review." Journal of Manufacturing Technology Management, April 26, 2023. http://dx.doi.org/10.1108/jmtm-03-2022-0103.
Full textAbstract:
PurposeThe purpose of this paper is to review existing smart manufacturing (SM) maturity models' dimensions and maturity levels to assess their applicability and drawbacks. There are many maturity models available but many of them have not been validated or do not provide a useful guide or tool for applications. This gap creates the need for a review of the existing maturity model's applicability.Design/methodology/approachNineteen peer-reviewed maturity models related to “Digital Transformation,” “Industry 4.0” or “Smart Manufacturing” were selected based on a systematic literature review and five consulting firm models were selected based on the author's industry knowledge. The chosen models were analyzed to determine 10 categories of dimensions. Then they are assessed on a 1–5 scale for how applicable they are in the 10 categories of dimensions.FindingsThe five “consulting firm” models have a first-mover advantage, are more widely used in industry and are more applicable, but some require payment, and they lack published details and validation. The 19 “peer reviewed” models are not as widely used, lack awareness in the industry and are not as easy to apply because of no web tool for self-assessment, but they are improving. The categories defined to characterize the models and facilitate comparisons for users include “Information Technology (IT) and Cyber-Physical System (CPS) and Data,” “Strategy and Organization,” “Supply Chain and Logistics,” “Products and Services,” “Culture and Employees,” “Technology and Capabilities,” “Customer and Market,” “Cybersecurity and Risk,” “Leadership and Management” and “Governance and Compliance.” The analyzed maturity models were particularly weak in the areas of cybersecurity, leadership and governance.Practical implicationsResearchers and practitioners can use this review with consideration of their specific needs to determine if a maturity model is applicable or if a new model needs to be developed. The review can also aid in the development of maturity models through the discussion of each of the dimension categories.Originality/valueCompared to existing reviews of SM maturity models, this research determines comprehensive dimension categories and focuses on applicability and drawbacks.
48
"INTEGRATING CYBERSECURITY MATURITY: A HYBRID MODEL FOR BOTH TRADITIONAL ENVIRONMENT AND CLOUD ENVIRONMENT." International Research Journal of Modernization in Engineering Technology and Science, December 24, 2023. http://dx.doi.org/10.56726/irjmets47210.
Full text
49
Alshammari, Fahad H. "Design of capability maturity model integration with cybersecurity risk severity complex prediction using bayesian-based machine learning models." Service Oriented Computing and Applications, November 15, 2022. http://dx.doi.org/10.1007/s11761-022-00354-4.
Full text
50
Hedberg, David, Martin Lundgren, and Marcus Nohlberg. "Cybersecurity in modern cars: awareness and readiness of auto workshops." Information & Computer Security, February 1, 2024. http://dx.doi.org/10.1108/ics-11-2023-0211.
Full textAbstract:
Purpose This study aims to explore auto mechanics awareness of repairs and maintenance related to the car’s cybersecurity and provide insights into challenges based on current practice. Design/methodology/approach This study is based on an empirical study consisting of semistructured interviews with representatives from both branded and independent auto workshops. The data was analyzed using thematic analysis. A version of the capability maturity model was introduced to the respondents as a self-evaluation of their cybersecurity awareness. Findings Cybersecurity was not found to be part of the current auto workshop work culture, and that there is a gap between independent workshops and branded workshops. Specifically, in how they function, approach problems and the tools and support available to them to resolve (particularly regarding previously unknown) issues. Research limitations/implications Only auto workshop managers in Sweden were interviewed for this study. This role was picked because it is the most likely to have come in contact with cybersecurity-related issues. They may also have discussed the topic with mechanics, manufacturers or other auto workshops – thus providing a broader view of potential issues or challenges. Practical implications The challenges identified in this study offers actionable advice to car manufacturers, branded workshops and independent workshops. The goal is to further cooperation, improve knowledge sharing and avoid unnecessary safety or security issues. Originality/value As cars become smarter, they also become potential targets for cyberattacks, which in turn poses potential threats to human safety. However, research on auto workshops, which has previously ensured that cars are road safe, has received little research attention with regards to the role cybersecurity can play in repairs and maintenance. Insights from auto workshops can therefore shed light upon the unique challenges and issues tied to the cybersecurity of cars, and how they are kept up-to-date and road safe in the digital era.