Home // CYBER 2021, The Sixth International Conference on Cyber-Technologies and Cyber-Systems // View article
Authors:
Majeed Alsaleh
Mahmood Niazi
Keywords: security; information security; maturity model; measurement metrics.
Abstract:
Many organizations with critical infrastructure sectors and other businesses have started to adopt the National Institute of Standards and Technology (NIST) cybersecurity framework. As cybersecurity is a long-term investment, organizations adopting the framework need to sustain their cybersecurity capabilities and ensure growth toward the maturity level needed to deliver the desired outcome. Therefore, the maturity capability of the cybersecurity program needs to be assessed regularly. Several capability maturity models can be used to measure the progress of implementing the cybersecurity pro-gram. However, attempts are still being made to define a capability maturity model to be used specifically for measuring the cybersecurity programs that adopt the NIST cybersecurity framework. With the aim of identifying and applying evaluation criteria, this paper reviews multiple existing maturity models and compares their scale levels definitions and the used assessment methodology. The researchers determined the criteria based on subject matter experts’ feedback. A survey was conducted to define the values of the criteria that organizations are looking for in order to select the best-fit capability maturity models to use in measuring the progress of NIST CSF implementation.needed to deliver the desired outcome. Therefore, the maturity capability of the cybersecurity program needs to be assessed regularly. Several capability maturity models can be used to measure the progress of implementing the cybersecurity program. However, attempts are still being made to define a capability maturity model to be used specifically for measuring the cybersecurity programs that adopt the NIST cybersecurity framework. With the aim of identifying and applying evaluation criteria, this paper reviews multiple existing maturity models and compares their scale levels definitions and the used assessment methodology. The researchers determined the criteria based on subject matter experts’ feedback. A survey was conducted to define the values of the criteria that organizations are looking for in order to select the best-fit capability maturity models to use in measuring the progress of NIST CSF implementation.
Pages: 13 to 24
Copyright: Copyright (c) IARIA, 2021
Publication date: October 3, 2021
Published in: conference
ISSN: 2519-8599
ISBN: 978-1-61208-893-8
Location: Barcelona, Spain
Dates: from October 3, 2021 to October 7, 2021