Home // CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems // View article


Evaluations of Information Security Maturity Models: Measuring the NIST Cybersecurity Framework Implementation Status

Authors:
Majeed Alsaleh
Mahmood Niazi

Keywords: security; information security; maturity model; measurement metrics.

Abstract:
Many organizations with critical infrastructure sectors and other businesses have started to adopt the National Institute of Standards and Technology (NIST) cybersecurity framework. As cybersecurity is a long-term investment, organizations adopting the framework need to sustain their cybersecurity capabilities and ensure growth toward the maturity level needed to deliver the desired outcome. Therefore, the maturity capability of the cybersecurity program needs to be assessed regularly. Several capability maturity models can be used to measure the progress of implementing the cybersecurity pro-gram. However, attempts are still being made to define a capability maturity model to be used specifically for measuring the cybersecurity programs that adopt the NIST cybersecurity framework. With the aim of identifying and applying evaluation criteria, this paper reviews multiple existing maturity models and compares their scale levels definitions and the used assessment methodology. The researchers determined the criteria based on subject matter experts’ feedback. A survey was conducted to define the values of the criteria that organizations are looking for in order to select the best-fit capability maturity models to use in measuring the progress of NIST CSF implementation.needed to deliver the desired outcome. Therefore, the maturity capability of the cybersecurity program needs to be assessed regularly. Several capability maturity models can be used to measure the progress of implementing the cybersecurity program. However, attempts are still being made to define a capability maturity model to be used specifically for measuring the cybersecurity programs that adopt the NIST cybersecurity framework. With the aim of identifying and applying evaluation criteria, this paper reviews multiple existing maturity models and compares their scale levels definitions and the used assessment methodology. The researchers determined the criteria based on subject matter experts’ feedback. A survey was conducted to define the values of the criteria that organizations are looking for in order to select the best-fit capability maturity models to use in measuring the progress of NIST CSF implementation.

Pages: 13 to 24

Copyright: Copyright (c) IARIA, 2021

Publication date: October 3, 2021

Published in: conference

ISSN: 2519-8599

ISBN: 978-1-61208-893-8

Location: Barcelona, Spain

Dates: from October 3, 2021 to October 7, 2021