To see the other types of publications on this topic, follow the link: Cybersecurity maturity model.
Journal articles on the topic 'Cybersecurity maturity model'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 journal articles for your research on the topic 'Cybersecurity maturity model.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse journal articles on a wide variety of disciplines and organise your bibliography correctly.
1
Kour, Ravdeep, Ramin Karim, and Adithya Thaduri. "Cybersecurity for railways – A maturity model." Proceedings of the Institution of Mechanical Engineers, Part F: Journal of Rail and Rapid Transit 234, no. 10 (2019): 1129–48. http://dx.doi.org/10.1177/0954409719881849.
Full textAbstract:
With the advancements in and widespread adoption of information and communication technologies in infrastructures, cyber-attacks are becoming more frequent and more severe. Advanced cybersecurity threats with automated capabilities are increasing in such sectors as finance, health, grid, retail, government, telecommunications, transportation, etc. Cyber-attacks are also increasing in railways with an impact on railway stakeholders, e.g. threat to the safety of employees, passengers, or the public in general; loss of sensitive railway information; reputational damage; monetary loss; erroneous decisions; loss of dependability, etc. There is a need to move towards advanced security analytics and automation to identify, respond to, and prevent such security breaches. The objective of this research is to reduce cyber risks and vulnerabilities and to improve the cybersecurity capabilities of railways by evaluating their cybersecurity maturity levels and making recommendations for improvements. After assessing various cybersecurity maturity models, the Cybersecurity Capability Maturity Model (C2M2) was selected to assess the cybersecurity capabilities of railway organizations. The contributions of this research are as follows. First, a new maturity level MIL4 (Maturity Indicator Level 4) is introduced in the C2M2 model. Second, the C2M2 model is adapted by adding advanced security analytics and threat intelligence to develop the Railway-Cybersecurity Capability Maturity Model (R-C2M2). The cybersecurity maturity of three railway organizations is evaluated using this model. Third, recommendations and available standards & guidelines are provided to the three railway organizations to improve maturity levels within different domains. In addition, they are given an action plan to implement the recommendations in a streamlined way. The application of this model will allow railway organizations to improve their capability to reduce the impacts of cyber-attacks and eradicate vulnerabilities. The approach can also be extended to other infrastructures with necessary adaptations.
2
Yigit Ozkan, Bilge, Sonny van Lingen, and Marco Spruit. "The Cybersecurity Focus Area Maturity (CYSFAM) Model." Journal of Cybersecurity and Privacy 1, no. 1 (2021): 119–39. http://dx.doi.org/10.3390/jcp1010007.
Full textAbstract:
The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.
3
P, Dr Rachana. "Strategic Approaches to Cybersecurity Audits for Control Evaluation." INTERANTIONAL JOURNAL OF SCIENTIFIC RESEARCH IN ENGINEERING AND MANAGEMENT 08, no. 12 (2024): 1–5. https://doi.org/10.55041/ijsrem40065.
Full textAbstract:
This article presents an empirical study evaluating the effectiveness of the CyberSecurity Audit Model (CSAM 2.0) at a Canadian higher education institution. CSAM 2.0 is a comprehensive model used to assess cybersecurity assurance, maturity, and readiness in medium to large organizations and at the national level. It allows for the effective evaluation of security controls across various cybersecurity domains. The study highlights global best practices in cybersecurity audits, highlighting the lack of standardized guidelines and weaknesses in cybersecurity training programs. The paper details CSAM 2.0's structure and architecture, sharing results from three research scenarios: (1) a single audit focusing on awareness education, (2) audits in multiple domains such as governance, legal compliance, and incident management, and (3) a full audit covering all model domains. The study concludes that CSAM 2.0 offers valuable insights for improving cybersecurity practices and addressing vulnerabilities. Keywords: Cybersecurity, Cybersecurity Audits, Cybersecurity Audit Model, Cybersecurity Assurance, Cybersecurity Maturity, Control Evaluation, Risk Management, Incident Response, Cybersecurity Domains, Cybersecurity Training.
4
Princess Eloho Odio, Richard Okon, Mary Oyenike Adeyanju, Eseoghene Kokogho, and Obianuju Clement Onwuzulike. "Developing a cybersecurity maturity model for fintech firms using predictive analytics." International Journal of Science and Technology Research Archive 8, no. 1 (2025): 023–49. https://doi.org/10.53771/ijstra.2025.8.1.0021.
Full textAbstract:
As the fintech industry expands, so does the sophistication of cybersecurity threats, making it critical for firms to adopt proactive and resilient security measures. This abstract proposes a cybersecurity maturity model specifically designed for fintech firms, incorporating predictive analytics to assess and enhance their cybersecurity posture. By leveraging predictive analytics, this model enables fintech companies to anticipate potential vulnerabilities, detect emerging threats, and strengthen their security strategies before incidents occur. The proposed cybersecurity maturity model is structured into distinct stages, ranging from basic security measures to advanced predictive capabilities. Each stage represents the evolution of a fintech firm's cybersecurity maturity, with predictive analytics playing a central role in moving from reactive to proactive defense mechanisms. Through the integration of machine learning algorithms and data-driven insights, the model can predict future risks based on historical attack data, threat patterns, and internal security metrics. This predictive capability allows fintech companies to identify vulnerabilities in real-time, prioritize security resources, and implement mitigation strategies ahead of potential attacks. The model also emphasizes continuous monitoring and data collection from various sources, such as transaction logs, network traffic, and user behavior, to build a comprehensive security profile. Predictive analytics can then process this data to provide forecasts on potential threats, attack vectors, and security gaps. The application of predictive analytics enhances decision-making, allowing cybersecurity teams to allocate resources more effectively and implement targeted interventions. Furthermore, this cybersecurity maturity model provides a framework for fintech companies to measure their progress, ensuring a systematic approach to enhancing security. It also fosters a culture of continuous improvement, aligning with the dynamic and evolving nature of cybersecurity in the fintech sector. Ultimately, by adopting predictive analytics, fintech firms can enhance their ability to protect digital financial operations, build customer trust, and comply with regulatory standards.
5
Zwarts, Hendrik, Jaco Du Toit, and Basie Von Solms. "Augmenting Cybersecurity Awareness at Critical Infrastructures in Developing Countries Through a Cybersecurity Governance Maturity Model." European Conference on Cyber Warfare and Security 24, no. 1 (2025): 726–33. https://doi.org/10.34190/eccws.24.1.3708.
Full textAbstract:
As the utilization of cyber systems in the management and operation of critical infrastructures have grown, the cybersecurity threats to critical infrastructure sectors such as energy, healthcare, transportation and water simultaneously increased exponentially. Critical infrastructures in developing countries are particularly vulnerable to growing cybersecurity threats due to limited resources, inadequate cybersecurity policies and a general shortage of skilled cybersecurity specialists. Addressing these vulnerabilities is essential for developing countries to ensure the operational continuity, data protection and public safety associated with functioning critical infrastructures. An explorative literature review identified a number of aspects that can be used to counter the increasing cybersecurity threats to critical infrastructures in developing countries. Literature suggests that although there are defined norms and standards for critical infrastructures in developing countries, there is room for improvement in terms of the contribution that enhanced cybersecurity awareness can accomplish. A good cybersecurity awareness program must include sufficient training that is aligned with an organization’s objectives, focus on raising cybersecurity awareness while performing normal duties whilst creating an interactive cybersecurity communication culture between all stakeholders. This paper presents research that is in progress to develop a functional cybersecurity governance maturity model aimed at capacitating role players responsible for the safeguarding of critical infrastructure systems in developing countries. The primary aim of the evolving Critical Infrastructure Cyber Governance Maturity Model (CICGM²) is to improve the cybersecurity governance of critical infrastructure systems in developing countries. The purpose of the article is to specifically describe how the CICGM² can be used to assess and determine the level of maturity of cybersecurity awareness programs at critical infrastructures in developing countries. The integration of recognized cybersecurity governance frameworks and established cybersecurity maturity models into the CICGM² presents unique opportunities to establish, measure and manage cybersecurity awareness initiatives at critical infrastructure systems in developing countries. This article contributes to the field of cybersecurity governance by offering a non-technical, scalable and adaptable CICGM² for key stakeholders at critical infrastructures in developing countries that can be used to determine the level of the cybersecurity awareness initiatives for the facilities that they are responsible for.
6
Büyüközkan, Gülçin, and Merve Güler. "Cybersecurity maturity model: Systematic literature review and a proposed model." Technological Forecasting and Social Change 213 (April 2025): 123996. https://doi.org/10.1016/j.techfore.2025.123996.
Full text
7
Dotsenko, T. V., and M. V. Kuzmenko. "Maturity of the country's cybersecurity system in the conditions of war: assessment trends." Economic Bulletin of Dnipro University of Technology 87 (September 2024): 34–43. http://dx.doi.org/10.33271/ebdut/87.034.
Full textAbstract:
Methods. The study used the following methods: an inductive approach to formulating the concept of maturity of the country's cybersecurity system in military conditions; a deductive method to derive the concept of assessing the maturity of the country's cybersecurity system during military operations; content analysis identified the key elements of assessing the maturity of the national cybersecurity system in military operations; strategic analysis identified the main vectors of assessing the problem under study, and the latest approaches to assessing the national cybersecurity system. Results. The latest trends in assessing the maturity of the country's cybersecurity system, taking into account the aspect of military conditions, are identified: the existing regulatory and legal framework at the international and national levels is indicated; the concept of maturity and assessment of the maturity of the country's cybersecurity system during military operations is formulated. The paper outlines the key elements of assessing the maturity of the national cybersecurity system in military operations: adaptability, interoperability, readiness, partnership, cyber reserves, vulnerabilities and threats, and training. The main vectors of assessment are identified: assessment of cyber threats, cyber attacks, infrastructure protection, interaction of cybersecurity actors, level of personnel training; the latest approaches to system assessment are noted. A scheme of future key challenges, trends, and recommendations for assessing the maturity of the national cybersecurity system in wartime has been formed. Novelty. The study of the specifics of assessing the maturity of the country's cybersecurity system identifies key elements, vectors, approaches, and methods for assessing the cyber defence system. Weaknesses and vulnerabilities, existing progress in the development of cyber defence of the system are identified, and the necessary activities to enhance the effectiveness of national security in times of war are identified. Practical value. The experience of previous achievements in the functioning of cybersecurity systems is summarised, the most effective practices and methods of cyber resilience are identified, recommendations for assessing the maturity of the national cybersecurity system in times of war are proposed, which will optimise existing and potential resources, and will help to create the preconditions for further development of the latest model of cyber defence assessment.
8
Aliyu, Aliyu, Leandros Maglaras, Ying He, et al. "A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom." Applied Sciences 10, no. 10 (2020): 3660. http://dx.doi.org/10.3390/app10103660.
Full textAbstract:
As organisations are vulnerable to cyberattacks, their protection becomes a significant issue. Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate several regulations exists. This article presents a light, web-based model that can be used as a cybersecurity assessment tool for Higher Education Institutes (HEIs) of the United Kingdom. The novel Holistic Cybersecurity Maturity Assessment Framework incorporates all security regulations, privacy regulations, and best practices that HEIs must be compliant to, and can be used as a self assessment or a cybersecurity audit tool.
9
Peliukh, O. I., M. V. Yesina, and D. Yu Holubnychyi. "CERT-UA assessment based on the CSIRT ENISA Maturity Model." Radiotekhnika, no. 213 (June 16, 2023): 41–48. http://dx.doi.org/10.30837/rt.2023.2.213.04.
Full textAbstract:
Cybersecurity threats are steadily increasing in today's world, which is characterised by increased openness and integration into the global network. The proliferation of cyber incidents, including hacker attacks, confidential data leaks and information theft, is becoming an extremely pressing issue in this context. Accordingly, the eradication of these threats requires the development of effective methods of responding to cyber incidents. The central theme of this article is to consider the critical importance of assessing and improving the effectiveness of cyber incident response teams. The structure of such a team, including cybersecurity specialists, network engineers, analysts, etc., is aimed at identifying, analysing and overcoming threats in cyberspace. The key aspects of assessing such a team, like abilities, experience, communication skills and level of cooperation, are presented clearly through the prism of the updated ENISA CSIRT Maturity Model. The article uses the Computer Emergency Response Team in Ukraine (CERT-UA), a national team operating under the leadership of the State Service for Special Communications and Information Protection of Ukraine, to illustrate the methods of assessing a cyber incident response team. The assessment of the team, based on the ENISA CSIRT Maturity Model, points to key aspects that determine its effectiveness. The paper provides a clear view of the process of measuring cyber incident response teams through a systematic approach that identifies their strengths and weaknesses. The maturity analysis of the CERT-UA provides recommendations for further development of the team, which can be an important resource for academics, cybersecurity experts and government officials interested in improving the effectiveness of cyber threat response. It highlights the importance of assessing cyber incident response teams to ensure cybersecurity and information protection. Awareness of this issue contributes to continuous improvement and readiness to respond effectively to growing challenges in the modern digital environment.
10
Abdullahi Garba, Adamu, Aliyu Musa Bade, Muktar Yahuza, and Ya’u Nuhu. "Cybersecurity capability maturity models review and application domain." International Journal of Engineering & Technology 9, no. 3 (2020): 779. http://dx.doi.org/10.14419/ijet.v9i3.30719.
Full textAbstract:
Cybersecurity is a way of protecting organization critical assets, through the identification of cyber threats that can compromise the information stored, it involves the protection, identification, and responding to threats. The main aim of this article is to conduct an ample review of the published cybersecurity capability maturity models using a systematic review of published articles from 2014 to 2019. Features of Hal- vorsen and Conradi’s taxonomy were adopted to explain the models identified. The results indicated adopting a model to a certain organization is not feasible. However, modification is required before implementation, as the cost of implementation is not available when conducting this research.
11
Razikin, Khairur, and Agus Widodo. "General Cybersecurity Maturity Assessment Model: Best Practice to Achieve Payment Card Industry-Data Security Standard (PCI-DSS) Compliance." CommIT (Communication and Information Technology) Journal 15, no. 2 (2021): 91–104. http://dx.doi.org/10.21512/commit.v15i2.6931.
Full textAbstract:
The use of technology in the era of the Industrial Revolution 4.0 is essential, marked by the use of technology in the economy and business. This situation makes many companies in the payment sector have to improve their information technology security systems. In Indonesia, Bank Indonesia and the Financial Services Authority (Otoritas Jasa Keuangan - OJK) are agencies that provide operational permits for companies by making Payment Card Industry-Data Security Standard (PCI-DSS) certification as one of the requirements for companies to obtain operating permits. However, not all companies can easily get PCI-DSS certification because many companies still do not meet the PCI-DSS requirements. The research offers a methodology for measuring the level of technology and information maturity using general cybersecurity requirements adopted from the cybersecurity frameworks of CIS, NIST, and Cobit. Then, the research also performs qualitative calculations based on interviews, observations, and data surveys conducted on switching companies that have been able to implement and obtain certification. PCI-DSS to produce practical cybersecurity measures, in general, can be used as a measure of the maturity of technology and information security. The results and discussion provide a model assessment tool on the procedures and requirements needed to obtain PCI-DSS certification. The maturity level value of PT XYZ is 4.0667 at maturity level 4, namely quantitatively managed, approaching level 5 as the highest level at maturity level.
12
Coleman, Joe. "The DOD's CMMC 2.0: What Heat Treaters Need to Know." AM&P Technical Articles 182, no. 2 (2024): 37–39. http://dx.doi.org/10.31399/asm.amp.2024-02.p037.
Full textAbstract:
Abstract Cybersecurity Maturity Model Certification (CMMC) 2.0 represents the most recent iteration of the US Department of Defense's cybersecurity regulations. The CMMC 2.0 framework was developed to improve the cybersecurity posture of defense contractors and their supply chain, including heat treaters. This article reviews key requirements and how DoD contractors can prepare for compliance.
13
Abhilash Maroju, Srinivas A Vaddadi, Sravanthi Dontu, Rohith Vallabhaneni,. "An Empirical Paradigm on Cybersecurity Vulnerability Mitigation Framework." International Journal on Recent and Innovation Trends in Computing and Communication 11, no. 9s (2023): 786–92. http://dx.doi.org/10.17762/ijritcc.v11i9s.9484.
Full textAbstract:
Current cybersecurity vulnerability assessment tools were developed in accordance with guidelines established by entities like the National Institute of Standards and Technology (NIST) and the United States Department of Energy. When assessing their facility's cybersecurity maturity, owners and operators of critical infrastructure frequently use frameworks like the NIST Cybersecurity Framework (CSF) and the cybersecurity capability maturity model (C2M2). These frameworks are great at finding vulnerabilities and doing qualitative cybersecurity analysis, but they don't help you get to the level of cybersecurity maturity you want by letting you prioritise how you fix those flaws. Cyber dangers pose a significant risk to businesses and are becoming more pervasive in our everyday lives. In this way, businesses may devise a strategy and set of guidelines by simulating a breach attack. But these strategies are based on experts' tacit knowledge. In response to this problem, the authors of this study suggest an automated and formal process for creating prioritised action plans to enhance environmental transparency. An experiment proving the validity of the proposed method was conducted, yielding consistent and applicable results to the tested scenario. Through testing against a real-world cyberattack that targeted industrial control systems at a critical infrastructure facility, this article presents a thorough architecture of CyFEr and demonstrates its application to CSF.
14
Roy, Yanina, Olena Riabchun, and Valeriy Yermoshin. "MATURITY MODEL OF CYBER SECURITY SYSTEM OPPORTUNITIES AT CRITICAL INFRASTRUCTURE FACILITIES OF THE ES-C2M2 ENERGY SECTOR." Cybersecurity: Education, Science, Technique 2, no. 10 (2020): 67–74. http://dx.doi.org/10.28925/2663-4023.2020.10.6774.
Full textAbstract:
Currently, a large set of IS maturity assessment models based on similar principles is available for both commercial and government organizations and institutions. At the same time, the actual use of such models is quite limited, primarily due to the weak attachment to the characteristics of specific organizations. This problem is partially solved by adapting existing approaches in the form of industry models (for example, ES-C2M2 for companies in the energy sector, ONG-C2M2 for companies in the oil and gas sector). Moreover, the emergence of a new model is very likely, which includes not only qualitative analysis through a set of characteristics / domains, but also a quantitative assessment of cybersecurity, which will use the assessment for both strategic and operational planning, as well as create an advanced expert analytical system . The best solution today is to start implementing any of the existing evaluation models with further adaptation and expansion for your own needs. Similar principles of model building will allow in the future to migrate painlessly to a more appropriate, while the experience gained in the assessment, as well as statistics will judge the progress of IS processes in the enterprise, and, importantly, in a convenient and understandable for senior management. The ES-C2M2 Cyber Security Maturity Model can significantly help energy sector organizations to assess and improve their cybersecurity areas. The ES-C2M2 Capability Maturity Model is part of the DOE Cybersecurity Capability Maturity Program (C2M2) and was developed to address the unique characteristics of the energy subsector. The opportunity maturity model is a tool for self-assessment to measure and improve their cybersecurity areas. International standards and practices in the field of information security recommend that organizations when planning IS activities to assess the current state of IS and set a target for the near future, the achievement of which will allow the company to effectively address existing threats and respond to new challenges and threats of IS.
15
Panalangin, Mansur L., Ariel Roy L. Reyes, Haron A. Mohamad, Shahara A. Abo, and Arnold S. Cararag. "Building a Resilient Computer Emergency Response Team (CERT): A Strategic Approach Using SWOT Analysis and the CERT Resilience Maturity Model for Cybersecurity Preparedness in the Bangsamoro Government, Philippines." American Journal of Innovation in Science and Engineering 4, no. 2 (2025): 41–48. https://doi.org/10.54536/ajise.v4i2.4289.
Full textAbstract:
exposed clients to risks during online transactions and service access. These incidents underscore the urgent need to enhance the region’s cybersecurity preparedness and establish a resilient Computer Emergency Response Team (CERT). This study evaluates the current state of cybersecurity readiness across selected Bangsamoro Government ministries, offices, and agencies by integrating SWOT analysis with the CERT Resilience Management Model (CERT-RMM). Through this structured approach, the study identifies key strengths, weaknesses, opportunities, and threats while determining the current maturity level of the government’s operational resilience. Based on the findings, actionable recommendations are provided to advance maturity levels and build a robust cybersecurity framework. The results aim to support the Bangsamoro Government in strengthening its digital infrastructure, ensuring secure service delivery, and mitigating emerging cyber threats effectively.
16
Kulugh, Victor Emmanuel, Ageebee Silas Faki, and Egena Onu. "Theoretical Framework of Cybersecurity Resilience Maturity Assessment Model for Critical Information Infrastructure." Dutse Journal of Pure and Applied Sciences 11, no. 1b (2025): 75–85. https://doi.org/10.4314/dujopas.v11i1b.9.
Full textAbstract:
Modern Societies depend heavily on Critical infrastructures (CIs) to thrive. The CI in turn is driven by critical information infrastructures (CIIs) which is a combination of information technology (IT) and operations technology (OT). However, the CIs are underpinned by the CIIs, thus, they (CIs) inherit the vulnerabilities of the CIIs and share the same threats as the CIIs. Failure of the CIIs driving the CIs will potentially lead to catastrophic consequences arising from cascaded, escalating and common cause effects against other dependent/ interdependent CIs/CIIs. Consequently, the CIIs should be resilient against cyberattacks. To enhance the cybersecurity resilience of CIIs, maturity models (MM) are developed to measuretheir cybersecurity resilience, determine resilience gaps and proactively close these gaps for improved resilience. However, existing MMs and frameworks for this purpose lack theoretical foundations or at least their underlying theories are not transparent. This makes the models either too generic or too industry-specific for adoption in the CII ecosystem. Consequently, this article proposes a theoretical framework for developing cybersecurity resiliency maturity assessments models for CIIs based a combination of the Bruneau Resilience Theory (BRT), Socio-Technical Systems Theory (STST) and Hollings’ Ecosystem Theory of Resilience (HETR). While the BRT supports the presentation of an MM that addresses CII resilience quantification from 3 temporal dimensions, namely; pre-event, event management (during-event) and post-event activities; the STST provides the ground for a proportionate combination of controls that measures the ability of CIIs to treat threats of technogenic, anthropogenic and naturogenic origin; lastly, the HETR forms the basis for continuous resilience assessment at defined regular intervals.
17
Sabillon, Regner, Juan Ramon Bermejo Higuera, Jeimy Cano, Javier Bermejo Higuera, and Juan Antonio Sicilia Montalvo. "Assessing the Effectiveness of Cyber Domain Controls When Conducting Cybersecurity Audits: Insights from Higher Education Institutions in Canada." Electronics 13, no. 16 (2024): 3257. http://dx.doi.org/10.3390/electronics13163257.
Full textAbstract:
This study validates a comprehensive cybersecurity audit model through empirical analysis in three higher education institutions in Canada. The research aims to enhance cybersecurity resilience by assessing the effectiveness of cybersecurity controls across diverse educational environments. Given the increasing frequency and sophistication of cyberattacks targeting educational institutions, this research is essential to ensure the protection of sensitive academic and personal data. Data were collected through detailed audits involving system vulnerabilities, compliance with security policies, and incident response management at each institution. The findings underscore the importance of tailored cybersecurity strategies and continuous auditing to mitigate cyber risks in the Canadian higher education sector. This study contributes to the field by validating a versatile audit tool that can be adapted to various institutional contexts, promoting enhanced cybersecurity practices and evaluating the effectiveness of cybersecurity safeguards across the higher education sector in Canada. The results of the audit model validations provide the cybersecurity maturity rating of each institution. Further research is recommended to refine the model and explore its application in other industries and sectors.
18
Domnik, Jan, and Alexander Holland. "On Data Leakage Prevention Maturity: Adapting the C2M2 Framework." Journal of Cybersecurity and Privacy 4, no. 2 (2024): 167–95. http://dx.doi.org/10.3390/jcp4020009.
Full textAbstract:
In an evolving cybersecurity landscape marked by escalating data breaches and regulatory demands, data leakage prevention (DLP) has emerged as one of several defense mechanisms. This study underscores unresolved foundational issues within DLP, revealing that it remains a significant challenge in large organizations. This highlights the necessity for a holistic approach to DLP to effectively address these persistent challenges. By developing a DLP Maturity Model, adapted from the renowned C2M2 framework, this research provides a comprehensive tool for assessing organizational DLP capabilities and pinpointing critical gaps. Applying the DLP Maturity Model within the financial sector as demonstrated through a banking scenario showcases its relevance and added value. This application illuminates the model’s effectiveness in securing sensitive data and adhering to essential regulatory standards, highlighting its adaptability across various compliance landscapes. Implementing this DLP Maturity Model in a banking scenario showcases its applicability, highlighting its ability to formulate a strategy to secure sensitive data and comply with regulatory standards. This approach aligns with the concept of a continuous risk-based strategy, merging the holistic model to identify and address critical insider risks within organizations. The study addresses a specific gap in DLP research, notably the lack of a holistic framework for assessing and enhancing DLP strategies across organizations. It equips practitioners with a foundational tool to determine current DLP maturity and devise strategies for mitigating insider-driven data breach risks, thereby bolstering organizational cybersecurity resilience.
19
Ferreira, Daniel Jorge, and Henrique São Mamede. "Predicting Cybersecurity Risk - A Methodology for Assessments." ARIS2 - Advanced Research on Information Systems Security 2, no. 2 (2022): 50–63. http://dx.doi.org/10.56394/aris2.v2i2.23.
Full textAbstract:
Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.
20
Patrick, Mayala, Edrick Mugisha, Keneth Mbaga, and Mansour Likamba. "Cybersecurity in Tanzanian Maritime Operations: Exploring Global Best Practices and Their Local Adaptation Using the Cybersecurity Capability Maturity Model (C2M2)." Social Science and Humanities Journal 8, no. 10 (2024): 5688–97. http://dx.doi.org/10.18535/sshj.v8i10.1421.
Full textAbstract:
The increasing integration of digital technologies in maritime operations has significantly enhanced efficiency in cargo tracking, port management, and communication systems. However, this digital transformation also introduces substantial cybersecurity risks, particularly in developing regions like Tanzania, where technological infrastructure and specialized skills may lag behind global standards. This study evaluates the cybersecurity readiness of three key Tanzanian maritime organizations Tanzania Ports Authority (TPA), Tanzania Shipping Agency Corporation (TASAC), and SINOTASHIP using the Cybersecurity Capability Maturity Model (C2M2). Through a detailed assessment across ten C2M2 domains, the study identifies existing strengths and critical gaps in areas such as risk management, asset management, and incident response. The findings reveal that while basic cybersecurity practices exist, they are largely reactive, with most domains scoring between Level 1 (Initial) and Level 3 (Defined). This lack of advanced, proactive measures poses significant risks to Tanzania's maritime infrastructure, particularly given the strategic role of ports like Dar es Salaam in regional trade. The study highlights the need for tailored improvements, including enhanced asset management, continuous workforce training, and real-time monitoring systems, to bridge the gap between global standards and local practices. By implementing these measures, Tanzanian maritime operations can strengthen their resilience against cyber threats, ensuring secure and efficient port operations in an increasingly interconnected world.
21
Almomani, Iman, Mohanned Ahmed, and Leandros Maglaras. "Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia." PeerJ Computer Science 7 (September 9, 2021): e703. http://dx.doi.org/10.7717/peerj-cs.703.
Full textAbstract:
The Saudi Arabia government has proposed different frameworks such as the CITC’s Cybersecurity Regulatory Framework (CRF) and the NCA’s Essential Cybersecurity Controls (ECC) to ensure data and infrastructure security in all IT-based systems. However, these frameworks lack a practical, published mechanism that continuously assesses the organizations’ security level, especially in HEI (Higher Education Institutions) systems. This paper proposes a Cybersecurity Maturity Assessment Framework (SCMAF) for HEIs in Saudi Arabia. SCMAF is a comprehensive, customized security maturity assessment framework for Saudi organizations aligned with local and international security standards. The framework can be used as a self-assessment method to establish the security level and highlight the weaknesses and mitigation plans that need to be implemented. SCMAF is a mapping and codification model for all regulations that the Saudi organizations must comply with. The framework uses different levels of maturity against which the security performance of each organization can be measured. SCMAF is implemented as a lightweight assessment tool that could be provided online through a web-based service or offline by downloading the tool to ensure the organizations’ data privacy. Organizations that apply this framework can assess the security level of their systems, conduct a gap analysis and create a mitigation plan. The assessment results are communicated to the organization using visual score charts per security requirement per level attached with an evaluation report.
22
Uraipan, Naris, Prasong Praneetpolgrang, and Tharini Manisri. "Application of an Analytic Hierarchy Process to Select the Level of a Cyber Resilient Capability Maturity Model in Digital Supply Chain Systems." ECTI Transactions on Computer and Information Technology (ECTI-CIT) 15, no. 2 (2021): 198–207. http://dx.doi.org/10.37936/ecti-cit.2021152.240631.
Full textAbstract:
Cyber resilient is the ability to prepare for, respond to and recover from cyber attacks. Cyber resilient has emerged over the past few years because traditional cybersecurity measures are no longer enough to protect organizations from the spate of persistent attacks. It helps an organization protect against cyber risks, defend against and limit the severity of attacks, and ensure its continued survival despite an attack.The cyber resilient capability maturity model is a very important element within an effective in digital supply chain. The maturity model has 6 components: identify, protect, detect, respond, recover and continuity which affect the cybersecurity of the organization. To measure the maturity level needs a holistic approach. Therefore, the analytic hierarchy process (AHP) approach which allows both multi-criteria and simultaneous evaluation. Generally, the factors affecting cyber resilient in digital supply chain have non-physical structures. Therefore, the real problem can be represented in a better way by using fuzzy numbers instead of numbers to evaluate these factors. In this study, a fuzzy AHP approach is proposed to determine the cyber resilient capability maturity level in digital supply chain. The proposed method is applied in a real SMEs company. In the application, factors causing are weighted with triangular fuzzy numbers in pairwise comparisons. The result indicate that the weight factors from comparing the relationship of all factors put the importance of identify factors first, followed by protect, detect, respond, recover and continuity respectively.
23
Pigola, Angélica, and Priscila Rezende da Costa. "Dynamic Capabilities in Cybersecurity Intelligence: A Meta-Synthesis to Enhance Protection Against Cyber Threats." Communications of the Association for Information Systems 53, no. 1 (2023): 1099–135. http://dx.doi.org/10.17705/1cais.05347.
Full textAbstract:
Advanced cybersecurity threats with automated capabilities are on the rise in industries such as finance, healthcare, technology, retail, telecoms, and transportation, as well as government. It is necessary to conduct analyses of cybersecurity-related resources and capabilities to build cybersecurity intelligence (CI). The purpose of this paper is to suggest a dynamic capability in a cybersecurity intelligence (DCCI) model based on existing literature that helped firms reduce risks of cyber violations and advance the development of systems and the life cycle of firms. Through a meta-synthesis, an abduction and induction approach through eight methodological steps analyzed in forty-seven case studies the presence of cybersecurity capabilities to build CI. Combining theoretical and practical information security maturity models as a foundation, we understand capabilities building to improve the predictability of cyber incidents. The results evidenced four second-order dimensions to build CI named doing, enabling, improving, and managing cybersecurity, and eight first-order outcomes to represent the DCCI model. This research makes an unprecedented contribution to international and national scenarios, as it will allow firms to innovate their resource management processes and abilities to enable better cybersecurity projects and reduce the impacts of potential cyberattacks with the probability of eradicating vulnerabilities.
24
Varona Taborda, María Alejandra. "Dynamic Cybersecurity Model based on ISO standards for Higher Education Institutions in Colombia." Ingeniería Solidaria 17, no. 3 (2021): 1–21. http://dx.doi.org/10.16925/2357-6014.2021.03.05.
Full textAbstract:
Introduction: This article is the result of a research process whose product was to generate a guide for Higher Education Institutions (in Spanish, IES) to adopt a Cybersecurity Model based on ISO standards (International Organization for Standardization).
 Problem: IES do not have a cybersecurity model aligned to the ISO / IEC 27032: 2012 standard (International Organization for Standardization / International Electrotechnical Commission), which causes a lack of clarity and uncertainty in the level of maturity and low efficiency in processes and information security controls to be implemented.
 Objective: Propose a dynamic model of cybersecurity based on ISO standards for IES.
 Methodology: The development of this work was oriented under a line of applied research, by virtue of the fact that it was necessary to address the problem based on previous knowledge that allowed supporting the theoretical contributions and the activities proposed to determine the possible causes of the problem and give it a possible solution.
 Results: The generation of this dynamic model allows it to be adapted to the different needs and requirements of IES.
 Conclusion: IES can implement a cybersecurity model to prevent and protect information at the cyberspace level.
 Originality: The work carried out generates a great contribution, which is the generation of a dynamic cybersecurity model, since at present there are no specific models for IES.
 Limitations: The model implementation guide is established in a general way to be applied later to an organization in any sector.
 Keywords: Dynamic Cybersecurity Model, Higher Education Institutions, ISO/IEC 27032: 2012, Security Standards.
25
Mori, Shigeo, and Atsuhiro Goto. "Reviewing National Cybersecurity Strategies." Journal of Disaster Research 13, no. 5 (2018): 957–66. http://dx.doi.org/10.20965/jdr.2018.p0957.
Full textAbstract:
The damages caused by cyber-attacks are becoming larger, broader and more serious and to include monetary losses and losses of lifeline. Some cyber-attacks are arguably suspected to be parts of national campaigns. Under such circumstances, the public sector must endeavour to enhance the national cybersecurity capacities. There are several benchmarks for national cybersecurity, i.e., a snapshot relative assessment of a nation’s cybersecurity strength at a global level. However, by considering the development of technology, attackers’ skills and capacities of other nations, we believe that it is more important to review the national strategy for cybersecurity capacity enhancement and to ensure that the national capacity advances adequately in the coming years. We propose a method of reviewing national strategies. Additionally, we performed a trial review of the Japanese cybersecurity strategy using the Cybersecurity Capacity Maturity Model for Nations (CSCMMN) developed by the Global Cyber Security Capacity Centre. This trial proved to be workable because it detected various possibly inadequate (insufficient, inappropriate or inefficient, although further investigation is needed) approaches in the Japanese strategy. Moreover, the review also discovered the shortcomings of the capacity areas in the CSCMMN. We plan to improve the reviewing method and develop the improvement process of national strategies for cybersecurity capacity enhancement.
26
Baykız, Tekin, and Şuay Nilhan Açıkalın. "THE DIGITALIZATION OF DIPLOMACY MATURITY MODEL (DD-MM): A NEW MODEL FOR OPTIMIZING DIPLOMATIC DIGITALIZATION." Journal of Nusantara Studies (JONUS) 9, no. 2 (2024): 441–73. http://dx.doi.org/10.24200/jonus.vol9iss2pp441-473.
Full textAbstract:
This paper introduces the Digitalization of Diplomacy Maturity Model (DD-MM), a comprehensive framework designed to assess and enhance the digital capabilities of diplomatic institutions. The DD-MM encompasses four critical dimensions: people, digital visibility, technology and security, and policies, providing a structured approach to evaluate and advance the maturity of digital diplomacy practices. In the people dimension, the model emphasizes role definitions, change management, and specialized training programs, highlighting the need for diplomats to acquire digital literacy and competency. The digital visibility dimension focuses on the strategic use of social media and other online platforms to enhance a nation's presence and influence in the digital sphere, emphasizing engagement with a global audience and proactive digital communications management. The technology and security dimension addresses ICT infrastructure, cybersecurity, and data management, advocating for the adoption of state-of-the-art technologies to support diplomatic activities and ensure the security of sensitive information. The policies dimension underscores the necessity for clear guidelines and regulatory frameworks to govern the use of digital tools in diplomacy, including the formulation of policies that align with international standards and promote ethical practices. The DD-MM outlines a clear pathway for continuous improvement, guiding institutions from the initial stages of digital integration to advanced levels of optimization and strategic alignment. Keywords: Digitalization of diplomacy, maturity model, model development, digital public diplomacy. Cite as: Baykız, T., & Açıkalın, Ş. N. (2024). The digitalization of diplomacy maturity model (DD-MM): A new model for optimizing diplomatic digitalization. Journal of Nusantara Studies, 9(2), 441-473. http://dx.doi.org/10.24200/jonus.vol9iss2pp441-473
27
Rohith, Lakshmi Narasimha. "Defining Observability Maturity: A Blueprint for Scalable and Resilient IT Operations." International Scientific Journal of Engineering and Management 03, no. 09 (2024): 1–7. https://doi.org/10.55041/isjem02080.
Full textAbstract:
In today's rapidly evolving IT landscape, organizations are faced with the challenge of maintaining high availability, performance, and security in increasingly complex, distributed systems. Traditional monitoring approaches rely on static thresholds and rule-based alerts, these are no longer adequate to manage modern cloud-native architectures, microservices, and hybrid environments. To address these challenges, organizations must advance their observability maturity by integrating AI-driven analytics, automation, and predictive insights into their operations. This paper introduces the Observability Maturity Model (OMM), a structured framework designed to help organizations assess their observability capabilities and develop a roadmap for improvement. The model defines five stages of maturity: Reactive, Proactive, Predictive, Automated, and Autonomous. Each stage representing a progression from basic monitoring to fully AI-driven observability. For each stage, the paper outlines the key characteristics, challenges, and best practices that organizations can adopt to enhance incident detection, reduce Mean Time to Resolution (MTTR), improve security posture, and optimize business performance. Finally, the paper discusses the future of AI- driven observability, its role in AIOps, cybersecurity, and compliance, and the importance of Observability-as-Code (OaC) in modern DevOps pipelines. By following the OMM framework, organizations can transition from reactive troubleshooting to predictive and autonomous observability, ensuring resilient and efficient IT operations in an increasingly data-driven world. Keywords— Observability Maturity Model (OMM), Observability vs. Monitoring, AI-driven Observability, Predictive Analytics in IT Operations, Automated Root Cause Analysis (RCA), Mean Time to Detect (MTTD), Mean Time to Resolve (MTTR), Self- Healing IT Systems, Observability-as-Code (OaC), AIOps and IT Automation, Cloud-Native Observability, Proactive Incident Detection, Service Level Objectives (SLOs), Service Level Indicators (SLIs), Cybersecurity and Compliance in Observability
28
Hochstetter-Diez, Jorge, Mauricio Diéguez-Rebolledo, Julio Fenner-López, and Cristina Cachero. "AIM Triad: A Prioritization Strategy for Public Institutions to Improve Information Security Maturity." Applied Sciences 13, no. 14 (2023): 8339. http://dx.doi.org/10.3390/app13148339.
Full textAbstract:
In today’s world, private and government organizations are legally obligated to prioritize their information security. They need to provide proof that they are continually improving their cybersecurity compliance. One approach that can help organizations achieve this goal is implementing information security maturity models. These models provide a structured framework for measuring performance and implementing best practices. However, choosing a suitable model can be challenging, requiring cultural, process, and work practice changes. Implementing multiple models can be overwhelming, if possible. This article proposes a prioritization strategy for public institutions that want to improve their information security maturity. We thoroughly analyzed various sources through systematic mapping to identify critical similarities in information security maturity models. Our research led us to create the AIM (Awareness, Infrastructure, and Management) Triad. This triad is a practical guide for organizations to achieve maturity in information security practices.
29
Blinov, A. V., and S. V. Bezzateev. "DevSecOps: UNIFYING DEVELOPMENT AND SECURITY PROCESSES." Voprosy kiberbezopasnosti 2, no. 66 (2025): 78–89. https://doi.org/10.21681/2311-3456-2025-2-78-89.
Full textAbstract:
Research objective: the objective of this study is to examine and describe the concept of DevSecOps, its structure, and key components, as well as to develop a simplified DevSecOps maturity model. This model can be utilized by organizations to assess their current DevSecOps maturity level and identify priority areas for the phased implementation of secure software development practices. Methods: the research involved analyzing modern approaches to integrating security into DevOps processes, developing a DevSecOps maturity model based on international standards and practices, and creating methodologies for maturity assessment and metrics for monitoring and managing security. Results: the research revealed that DevSecOps unifies development, operations, and security processes, reducing cybersecurity risks by integrating protective measures at the early stages of the software lifecycle. Three key domains of DevSecOps were identified: technology, processes, and people, which form the foundation for transitioning to secure development. The proposed maturity model comprises three levels and 24 activities that organizations can use for self-assessment and strategy development for implementation. Additionally, metrics were introduced to monitor progress and evaluate the effectiveness of DevSecOps practices, including vulnerability detection and remediation time, early detection rates, and performance coefficients. Practical significance: a simplified DevSecOps maturity model was developed, providing a structured approach to implementing secure development practices. For the first time, comprehensive metrics for DevSecOps monitoring were proposed, enabling organizations to adopt a systematic approach to security management and risk minimization.
30
Vivek Madan. "The Role of Compliance in Cybersecurity: Strengthening the Digital Fortress." International Journal of Scientific Research in Computer Science, Engineering and Information Technology 11, no. 2 (2025): 3757–61. https://doi.org/10.32628/cseit25112851.
Full textAbstract:
In today's digitally driven world, cybersecurity compliance is emerging as a core pillar of modern risk management. As cyber threats grow in sophistication and frequency, aligning with frameworks like GDPR, ISO/IEC 27001, HIPAA, SOC 2, and NIST 800-53 goes far beyond checking regulatory boxes. These standards represent a strategic approach to digital risk fostering operational resilience, organizational trust, and long-term excellence. This article dives into the measurable value of cybersecurity compliance, utilizing industry data, visual benchmarks, and a compliance maturity model. It also unpacks the challenges organizations face during implementation and provides a set of modern strategies to navigate them successfully. Ultimately, this paper positions compliance not just as a requirement but as a business enabler.
31
Fleming, Courtney, Mark Reith, and Wayne Henry. "Securing Commercial Satellites for Military Operations: A Cybersecurity Supply Chain Framework." International Conference on Cyber Warfare and Security 18, no. 1 (2023): 85–92. http://dx.doi.org/10.34190/iccws.18.1.1062.
Full textAbstract:
The increased reliance on commercial satellites for military operations has made it essential for the Department of Defense (DoD) to adopt a supply chain framework to address cybersecurity threats in space. This paper presents a satellite supply chain framework, the Cybersecurity Supply Chain (CSSC) Framework, for the DoD in the evaluation and selection of commercial satellite contracts. The proposed strategy is informed by research on cybersecurity threats to commercial satellites, national security concerns, current DoD policy, and previous cybersecurity frameworks. This paper aims to provide a comprehensive approach for safeguarding commercial satellites used by the DoD and ensuring the security of their supporting components. Inspired by the National Institute of Standards and Technology (NIST) 800-171 requirements and the DoD’s future Cybersecurity Maturity Model Certification (CMMC) process, the two-part framework significantly streamlines the NIST requirements to accommodate small businesses. It also extends key NIST requirements to commercial-off-the-shelf (COTS) suppliers. The CSSC Framework complements the CMMC certification process by addressing the need for cybersecurity requirements for all subcontractors supporting a commercial space asset. The framework incorporates a scoring process similar to CMMC scoring, granting points to a subcontractor for meeting the cybersecurity requirements outlined by the framework. In addition, the framework creates a space architecture overview that details the overall bid score and establishes a matrix based on individual requirements. This model and matrix allow DoD acquisition personnel to closely analyze each contract bid, comparing the subcontractor's strengths and weaknesses to other bidders. The CSSC Framework will allow the DoD to apply NIST standards to subcontractors who do not meet the requirements for CMMC certification.
32
Levy, Yair, and Ruti Gafni. "Towards the quantification of cybersecurity footprint for SMBs using the CMMC 2.0." Online Journal of Applied Knowledge Management 10, no. 1 (2022): 43–61. http://dx.doi.org/10.36965/ojakm.2022.10(1)43-61.
Full textAbstract:
Organizations, small and big, are faced with major cybersecurity challenges over the past several decades, as the proliferation of information systems and mobile devices expand. While larger organizations invest significant efforts in developing approaches to deal with cybersecurity incidents, Small and Medium Businesses (SMBs) are still struggling with ways to both keep their businesses alive and secure their systems to the best of their abilities. When it comes to critical systems, such as defense industries, the interconnectivities of organizations in the supply-chain have demonstrated to be problematic given the depth required to provide a high-level cybersecurity posture. The United States (U.S.) Department of Defense (DoD) with the partnership of the Defense Industry Base (DIB) have developed the Cybersecurity Maturity Model Certification (CMMC) in 2020 with a third-party mandate for Level 1 certification. Following an outcry from many DIB organizations, a newly revised CMMC 2.0 was introduced in late 2021 where Level 1 (Fundamental) was adjusted for annual self-assessment. CMMC 2.0 provides the 17 practices that organizations should self-assess. While these 17 practices provide initial guidance for assessment, the specific level of measurement and how it impacts their overall cybersecurity posture is vague. Specifically, many of these practices use non-quantifiable terms such as “limit”, “verify”, “control”, “identify”, etc. The focus of this work is to provide SMBs with a quantifiable method to self-assess their Cybersecurity Footprint following the CMMC 2.0 Level 1 practices. This paper outlines the foundational literature work conducted in support of the proposed quantification Cybersecurity Footprint Index (CFI) using 26 elements that correspond to the relevant CMMC 2.0 Level 1 practices.
33
Гузенко, Н. В. "Цифровая зрелость транспортной инфраструктуры как стратегический ресурс пространственного развития регионов". Vestnik of Rostov state University (RINH) 32, № 2 (2025): 21–34. https://doi.org/10.54220/v.rsue.1991-0533.2025.90.2.002.
Full textAbstract:
Введение. В условиях цифровой трансформации транспортная инфраструктура приобретает новое стратегическое значение для пространственного развития регионов. Цель исследования – формализация модели оценки цифровой зрелости инфраструктуры с учетом отраслевой специфики и межрегиональных различий. Материалы и методы. Исследование основано на контент-анализе отечественных и зарубежных научных публикаций, сравнении зрелостных моделей, а также систематизации критериев цифровой трансформации транспортной инфраструктуры. Использованы методы системного анализа, сопоставления и концептуального моделирования. Результаты исследования. Разработана авторская модель цифровой зрелости транспортной инфраструктуры, включающая пять параметров (интеграция технологий, интеллектуальное управление, аналитика данных, кибербезопасность, кадрово-организационная зрелость) и пять уровней зрелости. Модель позволяет проводить как горизонтальные (межрегиональные), так и вертикальные (по типам транспортных систем) сравнения. Уточнены индикаторы и прогнозируемые эффекты перехода между уровнями зрелости. Обсуждение и заключение. Сравнительный анализ существующих моделей показал их ограниченность применительно к транспортной отрасли. Предложенная модель учитывает специфические риски и институциональные особенности инфраструктурных объектов. Ее применение дает возможность системно оценивать готовность регионов к цифровой трансформации и использовать зрелость как показатель устойчивого развития. Introduction. In the context of digital transformation, transport infrastructure acquires new strategic importance for the spatial development of regions. The purpose of the study is to formalize a digital maturity assessment model tailored to sectoral and interregional characteristics. Materials and methods. The research is based on content analysis of Russian and international scientific literature, comparative evaluation of maturity models, and systematization of digital transformation criteria. Methods include systems analysis, comparative approach, and conceptual modelling. Research results. The author proposes a digital maturity model for transport infrastructure, comprising five parameters (technology integration, intelligent control, data analytics, cybersecurity, human-organizational maturity) and five maturity levels. The model allows both horizontal (interregional) and vertical (by transport system type) comparisons. Indicators and expected outcomes of maturity level transitions are specified. Discussion and conclusion. A comparative analysis of existing models reveals their limited applicability to the transport sector. The proposed model accounts for specific risks and institutional characteristics of infrastructure. Its application enables systematic evaluation of regional readiness for digital transformation and positions digital maturity as a metric of sustainable development.
34
Tabim, Verônica Maurer, Cíntia Wilke Franco, and João Pedro Hoerde. "Digital transformation in e-commerce logistics." Brazilian Journal of Operations & Production Management 21, no. 1 (2024): 1641. http://dx.doi.org/10.14488/bjopm.1641.2024.
Full textAbstract:
Highlights: This article addresses the diagnosis of digital maturity in e-commerce logistics, specifically the final delivery stage, known as the last-mile. The last-mile has greater digitization demand than traditional logistics due to the extreme speed of the virtual world during shopping, where customers transfer these same expectations to delivery services. Goal: The main objective of this work is to evaluate the digital maturity of the last-mile area of operation of an e-commerce logistics company. Methodology: This study evaluates the maturity model in a case study with the company E-commerceCo. Interviews were conducted with key employees for data gathering. Results: The proposed method allows defining and analyzing the digital maturity of the last-mile area of the company in question, understanding strengths, such as a culture open to innovation and digitally mature, and weaknesses, such as technical limitations imposed by the main system used and lack of cybersecurity barriers. Limitations of the investigation: Since it is a single case study, it does not allow a broad generalization to industries in other branches. Another limitation is that this study is focused on Brazilian logistics operations, which may differ from other countries. Practical implications: This research is relevant to serve as a reference for other companies in the e-commerce logistics sector to assess their digital maturity from the proposed model and compare common challenges and opportunities. In addition, it will help the studied company to create a successful digital transformation strategy. Originality / Value: We propose a new approach on how to evaluate the digital maturity of the last-mile area of operation of an e-commerce logistics company.
35
Malik, Anum, Kaleem Arshid, Nooruddin Noonari, and Rizwan Munir. "Artificial Intelligence-Driven Cybersecurity Framework Using Machine Learning for Advanced Threat Detection and Prevention." Scholars Journal of Engineering and Technology 13, no. 06 (2025): 401–23. https://doi.org/10.36347/sjet.2025.v13i06.005.
Full textAbstract:
The escalating complexity, frequency, and diversity of cyber threats in today's hyper-connected digital landscape have rendered traditional security frameworks insufficient. In response, this research introduces a comprehensive, Al-driven cybersecurity architecture underpinned by state-of-the-art machine learning (ML) algorithms and the Artificial Neural Network-Interpretive Structural Modeling (ANN-ISM) paradigm. The proposed system is engineered to deliver real-time threat detection, advanced vulnerability assessment, intelligent risk response, and scalable threat mitigation capabilities. This study adopts a multi-dimensional methodology involving a systematic literature review, empirical validation through industry-level surveys, and a case-based evaluation of insecure coding practices. Central to this framework is the integration of supervised, unsupervised, and reinforcement learning for adaptive anomaly detection and adversarial threat resilience. Furthermore, the incorporation of federated learning offers decentralized, privacy-preserving threat intelligence, while Explainable AI (XΑΙ) modules ensure transparency and trust in decision-making. To operationalize the model, we classify cybersecurity maturity levels and establish a multi-layered response mechanism tailored to evolving organizational needs. The results of the implemented framework demonstrate significant improvements over traditional systems in terms of predictive accuracy, response time, and adaptability to emerging threats. By aligning Al innovations with real-world software development practices and adversarial defense strategies, this research provides a forward-looking foundation for building scalable, intelligent, and sustainable cybersecurity infrastructures.
36
Amanda, Delpia, Nurul Mutiah, and Syahru Rahmayudha. "Analisis Tingkat Kematangan Keamanan Informasi Menggunakan NIST Cybersecurity Framework dan CMMI." Coding Jurnal Komputer dan Aplikasi 11, no. 2 (2023): 291. http://dx.doi.org/10.26418/coding.v11i2.65088.
Full textAbstract:
Pemanfaatan teknologi informasi di lingkungan perguruan tinggi, khususnya Universitas Tanjungpura (Untan), telah membawa berbagai kemudahan, salah satunya adalah akses informasi yang efisien. Untan menggunakan Sistem Informasi Akademik (SIAKAD) untuk mengelola data akademik dari semua fakultas. Walaupun SIAKAD memberikan manfaat besar, penggunaan teknologi ini juga membawa risiko keamanan data yang perlu diperhatikan. Ketika data dan informasi semakin banyak disimpan dan dikelola, risiko kerusakan, kehilangan, atau tereksposnya data kepada pihak tak berwenang juga semakin meningkat. Oleh karena itu, penting untuk diketahui tingkat kematangan keamanan informasi pada SIAKAD Untan guna melindungi data dan informasi yang ada karena semakin tinggi tingkat kematangan, maka akan semakin baik proses pengelolaan teknologi informasi sehingga secara tidak langsung dapat berdampak pada keamanan teknologi informasi untuk mencapai tujuan organisasi. NIST cybersecurity framework merupakan framework manajemen risiko keamanan informasi yang digunakan untuk menganalisis proses manajemen risiko, Untuk penilaian tingkat kematangan SIAKAD Untan menggunakan CMMI yang merupakan model penilaian kematangan dan kemampuan organisasi perangkat lunak untuk mengukur tingkat kematangan SIAKAD Untan dalam penilaian proses manajemen risiko. Hasil penilaian menunjukkan bahwa kategori ID.AM dan ID.RA telah mencapai level 2, sehingga maturity level function identify berada pada level 2. Dari level tersebut diberikan 92 rekomendasi perbaikan untuk mencapai level 3 yang diharapkan.
37
Fajri, Khafidh Sunny Al, and Ruki Harwahyu. "Information Security Management System Assessment Model by Integrating ISO 27002 and 27004." MALCOM: Indonesian Journal of Machine Learning and Computer Science 4, no. 2 (2024): 498–506. http://dx.doi.org/10.57152/malcom.v4i2.1245.
Full textAbstract:
The rapid development of information and communication technology has also led to a significant increase in cybercrime activities. According to the Annual Cybersecurity Monitoring Report by the National Cyber and Cryptography Agency, there were 495 million instances of traffic anomalies or attempted attacks in 2020, which rose to 1.6 billion in 2021 in Indonesia. Implementing the ISO 27001 standard for information security management system (ISMS) can help mitigate these cyber-attack attempts. However, with various levels of resources and organizational commitment, different levels of ISMS maturity can be achieved. Therefore, there is a need for an ISMS assessment model. This is crucial, considering cyber incidents such as data breaches in organizations that have implemented or are certified with ISO 27001. This research proposed a concept of ISMS assessment model by integrating ISO 27002 and 27004 to a case study (Directorate XYZ), where the guidance function of ISO 27002 is transformed into assessment parameters and ISO 27004 for measuring performance. Using this model, the score of the case study’s ISMS was found to be 53.925, which is still below the established standard of 80.
38
Kvint, V. L., A. V. Babkin, and E. V. Shkarupeta. "Strategizing of forming a platform operating model to increase the level of digital maturity of industrial systems." Russian Journal of Industrial Economics 15, no. 3 (2022): 249–61. http://dx.doi.org/10.17073/2072-1633-2022-3-249-261.
Full textAbstract:
The authors of the article suggest the strategy of forming a platform operating model to increase the level of digital maturity of industrial systems in the changing conditions of reality. They have analyzed the current situation on adapting industrial systems to the changing conditions of reality of 2022: the sanctions restrictions and the COVID-19 pandemic crisis. In analogy with the bionics companies concept the authors introduce the term of «bionic industrial systems» as the aggregate of economic entities which form the closed cycle of producing artificial products by machine and combine new technology with human ability of transforming operations on the basis of digital strategizing, develop the experience, customer relationships and more effective performance, increase the pace of innovation significantly. There is a conclusion that bionic industrial systems are characterized by the presence of digital strategies, high level of digital maturity which should be evaluated according to the index of digital acceleration. The authors suggest four strategies allowing transformation of industrial systems into bionic ones and maximize their value on the basis of digital strategizing. The use of platform operating model is considered to be the key distinctive feature of the bionic industrial systems. The article presents the strategy of forming a platform operating model of bionic industrial systems based on the model of digital transformation of the transactions of the Deloitte company. This is the structure describing the digital path on the basis of defining 10 evolution stages taking into account cybersecurity and digital culture. The digital industrial platform ZIIoT by the Russian IT-company «Tsifra» (Digit) has been studied as the best experience, and the authors present practical cases of its implementation in Gasprom, Lukoil, Novolipetsk Metallurgical Plant. The implementation of the strategy of forming a platform operating model in industrial systems is expected to result in reducing costs due to accelerated implementation of digital scenarios, additional income and opportunities of diversification through digital strategizing, etc. The authors introduce the concept of forming a platform operating model to increase the level of digital maturity of industrial systems.
39
Aibueva, Rayana A. M., and Hamid Sh Nasurov. "CYBERSECURITY OF COMPANIES: THE IMPORTANCE OF TRAINING EMPLOYEES IN DIGITAL LITERACY TO PROTECT CORPORATE DATA." EKONOMIKA I UPRAVLENIE: PROBLEMY, RESHENIYA 2/15, no. 155 (2025): 5–11. https://doi.org/10.36871/ek.up.p.r.2025.02.15.001.
Full textAbstract:
The article discusses the critical role of digital literacy of employees as a key element of the cybersecurity strategy in the corporate environment. Against the backdrop of the growing number of targeted attacks, social engineering and data leaks caused by the human factor, special attention is paid to the theoretical and methodological foundations of the formation of secure behavior. The analytical framework is a synthesis of the technology acceptance model (TAM) and the theory of planned behavior (TPB), which allows for a comprehensive assessment of the cognitive, normative and behavioral determinants of conscious compliance with information security policies. The research methodology is based on structural modeling (PLS-SEM) and semi-structured interviews conducted in the environment of Russian companies. The data obtained confirm the significant impact of digital literacy training on reducing the number of incidents, improving behavioral attitudes and increasing the level of control over compliance with information security standards. The practical value of the work lies in offering operational tools for assessing the effectiveness of training programs, including digital maturity measurement scales and calculating the ROI and IRR of investments in human capital.
40
ANNA, ANGELOGIANNI, POLITIS ILIAS, MOHAMMADI FARNAZ, and XENAKIS CHRISTOS. "On Identifying Threats and Quantifying Cybersecurity Risks of Mnos Deploying Heterogeneous Rats." IEEE ACCESS 8 (December 16, 2020): 224677–701. https://doi.org/10.1109/ACCESS.2020.3045322.
Full textAbstract:
Wireless networks constitute a significant attack vector for adversaries due to their wide usage in our everyday life. As the fifth generation of wireless networks reaches maturity, several vulnerabilities affecting earlier generations have been resolved. Nevertheless the coexistence of legacy wireless technologies is giving rise to the risk of allowing adversaries to perform downgrade attacks, thus bypassing the improved security of the state-of-the-art communication networks. Vulnerabilities due to the trade-off between security and usability could also exist in the latest wireless networking technologies; hence mobile network operators need to be aware of the risks related to both protocol vulnerabilities and configuration defects. This paper proposes a methodology for the systematic identification of vulnerabilities associated with wireless access protocols and systems and the quantitative evaluation of the resulting risks for mobile operators using attack trees, while considering the current legislative frameworks. The proposed methodology has been designed to aid both, mobile operators towards planning more effective cybersecurity strategies and adopting efficient defences to minimise the probability of an attack and predict its impact on the operational, market and business aspects of mobile network operators. The proposed risk assessment analysis is evaluated over three distinct vertical scenarios, namely an emergency call, a high-speed train commute and a massive public event, with the most relevant threats and their impact being measured and discussed. The evaluation of the model revealed significant results for mobile network operators that are deploying a mix of legacy and state of the art cellular technologies.
41
CHISOM ELIZABETH ALOZIE and UZOAMAKA OKAFOR. "Balancing efficiency and security: The role of voluntary standards and emerging technologies in cyber risk management framework in the global space." World Journal of Advanced Research and Reviews 26, no. 2 (2025): 2411–33. https://doi.org/10.30574/wjarr.2025.26.2.1896.
Full textAbstract:
This research investigates the evolving balance between operational efficiency and security controls in global cyber risk management frameworks. Through a mixed-methods approach combining quantitative survey data from 183 organizations across 27 countries and qualitative insights from 42 in-depth interviews with cybersecurity leaders, the study examines how voluntary standards and emerging technologies shape contemporary risk management practices. Findings reveal that organizations achieving optimal security-efficiency balance demonstrate three key characteristics: integrated risk governance structures, dynamic adaptation of voluntary frameworks, and strategic implementation of automation technologies. The research identifies significant variations in framework adoption across different regions, with harmonization challenges stemming from regulatory fragmentation, organizational maturity disparities, and technological capability gaps. A novel "Adaptive Security-Efficiency Model" is proposed, offering organizations a structured approach to calibrating security controls with operational needs while remaining responsive to evolving threat landscapes. This study contributes to both scholarly understanding and practical implementation of balanced cyber risk management in an increasingly complex global environment.
42
Prasanna Kumar Kandregula. "Building secure projects: Cybersecurity principles for every stage." International Journal of Science and Research Archive 15, no. 2 (2025): 723–32. https://doi.org/10.30574/ijsra.2025.15.2.1460.
Full textAbstract:
The scale and sophistication of threats in the world of cybersecurity are steadily increasing and they thus become increasingly delimitative toward organizations of whichever industry. Many projects are failing to incorporate maintainable practices of cybersecurity since its earlier concept phase to delivery, due to which the practical linkage culminating in a plethora of data breaches, financial losses resounding in cost, and reputation, and having grievous regulatory penalties. Our assertion also surmises keeping security as a parallel activity or as an afterthought that must systematically be integrated into every phase of the project life cycle, commencing from the initial stages of conceptualization and system design to development, deployment, and maintenance on an ongoing basis. We present comprehensive, stage-based cybersecurity, which aligns the established principles and controls with the lifecycle stages and ensures a proactive, methodical and sustainable approach to building secure systems. The research examines the inadequacies of traditional security paradigms geared towards incident response and remedy post-deployment. A detailed study of academic literature, industry white papers, and guidelines on security such as NIST SP 800-53, ISO/IEC 27001, and OWASP SAMM provides the best practices that contribute to embedding security as early and never-ending. A lifecycle model is proposed and includes considerations for threat modeling during planning, secure architecting, secure coding practices, and CI/CD pipeline hardening. The real-time monitoring and runtime protection post-launch are added to this configuration. To affirm the propriety of the model, we observed real-world case studies about critical security incidents such as Equifax and SolarWinds and just sometimes demonstrated how the said hacks were given due attention; that is, earlier with security in the main frame. This paper is framed in the methodology section, where hybrid research design is adopted that involves expert interview sessions, qualitative analysis of secure software development lifecycle (SSDLC) implementations, and comparative case studies on traditional versus enhanced security projects. The results find that organizations that adopt end-to-end cybersecurity strategies observe up to 70% fewer post-deployment vulnerabilities, a 50% decrease in incident response times (IRTs), and higher compliance readiness for frameworks such as GDPR and HIPAA. Moreover, maturity in the integration of security capabilities including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Infrastructure-as-Code (IaC) scanning, and Security Information and Event Management (SIEM) platforms highly significant in reducing risks and ensuring resilience improvement. Another pivot of research edging forth the core concept of DevSecOps makes the best acceleration for the acquisition of security development practices by embedding automated security checks into agile workflows. This implies that sensitive information scans, dependency checks, and behavior anomaly detection will be interconnected through development and release pipelines. Additionally, by creating an intrusion matrix of vulnerability on every phase of project operation, the case further stresses key configuration factors of safety of an architectural breakdown, and codes with suitable mitigation measures. Conversely, the methods in this project provide analyses on the trade-offs between the cost of complying with security implementation and security effort, with the cost of securing the systems later on and minimizing downtime through early security investments. Conclusively, this paper suggests certain hands-on recommendations to the practitioners, including a secure-by-design checklist, bifurcating project managers, architects, developers, and IT operations teams. Our advice is to change the culture from within organizations to elevate security to the same level as usability, performance, and functionality. When security is entrenched from the beginning of the project in every phase of the life cycle, then organizations can affirmatively protect sensitive data and critical infrastructure while encouraging innovation in a secure, compliant environment. The proposed framework could henceforth be a tool to enhance project resilience and insecurity against cyber threats and fit well with contemporary digital risk-management practice.
43
Yarovenko, Hanna, Olha Horbachova, Roman Bylbas, and Dmytro Latysh. "Digitalization As a Socio-Economic Challenge: Modeling the Impact On the Level of Cybercrime Considering Socio-Economic, Technological and Institutional Factors." SocioEconomic Challenges 9, no. 2 (2025): 282–315. https://doi.org/10.61093/sec.9(2).282-315.2025.
Full textAbstract:
Today, digital technologies are not just changing reality – they are closely intertwined, forming a new ecosystem. This process brings numerous benefits: fast decision-making, automation of routine tasks, and access to information in one click. At the same time, along with new opportunities, new socio-economic challenges arise – cybercrime is rapidly evolving, acquiring complex forms, prevalence and danger. Hacker attacks, data leaks, and digital fraud have become real challenges that affect not only individual users, but also businesses, state institutions and national security. The digital world has given humanity incredible freedom, but at the same time, new forms of vulnerability. The study is devoted to modelling (based on correlation analysis and OLS, Fixed Effects, Random Effects regression models) the impact of digitalisation on the level of cybercrime, taking into account socio-economic, technological and institutional factors based on panel data of 20 countries for the period 2015-2024. All stages of data processing, model building and visualization of results were implemented using the Python programming language. The information base is data from international organizations (ITU, World Bank, World Integrated Trade Solution), national cybersecurity reports. The analysis showed that the presence of digital infrastructure is not a decisive factor in shaping the level of cybercrime. The scale of cyber incidents is closely related to several additional factors of decisive importance. These include: state regulation of cybersecurity, national legislation, digital competence of users and the technological potential of cybercriminals. The analysis by country confirms that the scale and nature of the impact of digital technologies on the level of cybercrime are largely shaped by institutional maturity, the presence of effective cyber policies, social responsibility of users and the ability of the state to respond promptly to digital challenges. The differences identified between countries with a similar level of digital development, but different levels of security, serve as additional evidence that digitalization is only a condition, not a cause, of the increase in cyber incidents. The results can be used to shape digital policy, improve cybersecurity strategies and predict cyber risks in countries with transformational economies.
44
Khavanov, Artem. "DEVELOPMENT AND IMPLEMENTATION OF COMPLIANCE INDICATORS TO ASSESS THE MATURITY LEVEL OF THE ECONOMIC SECURITY SYSTEM OF ENTERPRISES." Economic scope, no. 201 (June 10, 2025): 230–33. https://doi.org/10.30838/ep.201.230-233.
Full textAbstract:
The article substantiates the theoretical and practical foundations for the development of compliance indicators designed to assess the maturity level of an enterprise’s economic security system. Recognizing that modern enterprises operate in increasingly complex and risk-laden environments, the study emphasizes the need for systematic tools to objectively evaluate the effectiveness and integration of compliance functions. Through a detailed analysis of internationally recognized frameworks—including those of the OECD, ISO 37301, and the UN Global Compact—and a review of best practices from corporate sectors across the EU, the USA, and Central and Eastern Europe, the study proposes a comprehensive five-level model of compliance system development: basic, formalized, integrated, proactive, and leadership levels. Each level captures the degree of institutionalization, integration, and operational depth of compliance within overall enterprise management and risk mitigation processes. The research introduces a structured and multi-dimensional set of indicators, systematically grouped into five functional blocks: organizational and managerial, assessing governance structures and leadership oversight; regulatory and legal, covering policy frameworks and adherence to legal standards; monitoring, focusing on audits, incident reporting, and feedback mechanisms; training and cultural, measuring the depth of compliance awareness and staff engagement; and innovation and digital, evaluating the use of IT tools, early-warning systems, and cybersecurity measures. A 5-point evaluation scale is proposed for each indicator, ranging from the complete absence of processes to their full integration and continuous improvement. Additionally, the methodology provides for weighted coefficients to tailor evaluations to the specific sector, size, and risk profile of the enterprise. An integrated compliance maturity index is introduced as a diagnostic tool that enables enterprises to visualize their compliance strengths and vulnerabilities through a dynamic risk map. The model also incorporates benchmarking to facilitate cross-company comparisons within the same industry, fostering the adoption of best practices and enhancing overall competitive integrity. The proposed model holds significant practical value for internal audits, regulatory reviews, and strategic planning in risk management and corporate governance. The findings also highlight avenues for further research, including pilot testing in various industries, advancement of digital monitoring platforms, and integration of compliance maturity assessments into broader ESG and sustainable development strategies.
45
Khudyntsev, Mykola M., and Igor L. Palazhchenko. "Cybersecurity maturity models for cybersecurity assessment in critical infrastructure." Environmental safety and natural resources 52, no. 4 (2024): 122–34. https://doi.org/10.32347/2411-4049.2024.4.122-134.
Full textAbstract:
The paper includes a list of existing maturity models (cybersecurity maturity) and an analysis of the application of these models for assessing cybersecurity, the level, and maturity of cyber security, the maturity of systems and processes for ensuring cybersecurity in critical infrastructure sectors, in the national cybersecurity system, the development of indicators and indices of the state of security (network, information security, cybersecurity).The paper substantiates and proposes a hierarchy of models for assessing the maturity of cyber security in the national cyber security ecosystem (in the national cyber security system, critical infrastructure, particularly the fuel and energy sector). The investigation's main goal is to intensify the implementation of existing assessment models using multi-level cyber security assessment models (cybersecurity maturity), accumulating statistical data on cyber incidents, cyber-attacks, and countermeasures for further use in predictive analysis and modeling.The tasks of the research are the analysis, comparative analysis of existing models for evaluating the maturity of cyber security, formulation of evaluation models using indicators of cyber security and maturity of cyber security defined by existing normative documents, as well as in the construction of a hierarchy of models for evaluating cyber security in the national system of cyber security, critical infrastructure, fuel and energy sector, development of methodological bases for assessment using cyber security indices. A draft of the methodology for assessing the cyber security of electrical networks, suitable for use in critical infrastructure, has been developed.
46
Ascue, Olga, Omar Valle, and José Santisteban. "BLOCKSAGE: Blockchain-Based Cloud Architecture for Sensitive Data Management in SMEs." Sustainability 17, no. 4 (2025): 1352. https://doi.org/10.3390/su17041352.
Full textAbstract:
Small and medium-sized enterprises (SMEs) face significant challenges from security breaches, which can jeopardize their operational sustainability. This study presents the BLOCKSAGE SME system, a model designed to enhance the security of sensitive data storage and transfer. The system integrates customizable cloud infrastructure, private blockchain networks, Zero Trust architecture, a scalable API, and IPFS encryption, ensuring data privacy and business continuity. Based on a comprehensive literature review of blockchain-based solutions for SMEs, a web-based file-sharing prototype was developed and tested to validate the framework. The system was then evaluated through expert judgment and feedback from SME leaders. The results showed a satisfaction score of 4.06 from cybersecurity and blockchain specialists and 4.2 from the target SME audience on a Likert scale, indicating the system’s feasibility and effectiveness. While the system provides robust security measures, adoption challenges were identified, including the early-stage maturity of blockchain technology and cultural and workforce-related barriers within the Peruvian SME ecosystem. In conclusion, the findings suggest that blockchain-based architectures hold strong potential for addressing security gaps in SMEs, but implementation faces current limitations in resources and knowledge. Future research should explore adapting the system as a Software-as-a-Service (SaaS) solution to improve scalability and accessibility, further supporting the sustainability of SMEs.
47
Muttaqin, Hidayatul, and Kalamullah Ramli. "Designing An Information Security Framework For The Indonesia Water Industry Sector." Cakrawala Repositori IMWI 6, no. 3 (2023): 771–80. http://dx.doi.org/10.52851/cakrawala.v6i3.352.
Full textAbstract:
The majority of Indonesia's water industry sectors have implemented smart water management systems as part of their business development, which has an indirect impact on enterprise information security. However, in general, water sector enterprises continue to place a low priority on information security, and the development of information system frameworks is based on generic norms employed by financial firms. There has been no research on information security frameworks especially built for water firms in Indonesia that use information security standards in the utilities sector. This article proposes a solution in the form of a new framework for Indonesian water firms that combines international information security requirements in the utilities sector with Indonesian government rules. This approach of development combines worldwide standards with national rules. The Cybersecurity Capability Maturity Model (C2M2) and ISO 27019 are two international standards commonly used by utility businesses globally. Government Regulation or Peraturan Pemerintah (PP) Number 71 of 2019 on the Implementation of Electronic Systems and Transactions is the relevant national regulation. The framework addresses information technology, telecommunications, and operational technology, with four approach categories: governance and ecosystem, protection, defense, and resilience. According to the research findings, the newly integrated framework can be applied and is worthy of recommendation. This framework also meets the standards for information security and can be used by Indonesian water corporations.
48
Garba, Adamu Abdullahi, Maheyzah Muhamad Siraj, and Siti Hajar Othman. "An Explanatory Review on Cybersecurity Capability Maturity Models." Advances in Science, Technology and Engineering Systems Journal 5, no. 4 (2020): 762–69. http://dx.doi.org/10.25046/aj050490.
Full text
49
Tolkachov, Maksym, Nataliia Dzheniuk, Serhii Yevseiev, et al. "Development of a method for protecting information resources in a corporate network by segmenting traffic." Eastern-European Journal of Enterprise Technologies 5, no. 9 (131) (2024): 63–78. http://dx.doi.org/10.15587/1729-4061.2024.313158.
Full textAbstract:
The object of the study is a corporate network with a dynamic structure and centralized management. The subject of the research is the processes of ensuring the protection of information resources in the corporate network. The goal is to develop a method of protecting information in the corporate network. The development is based on the Zero Trust Security strategy, according to which access to the network is allowed only after verification and identification of information. The task is to develop an effective method of protecting information resources and managing cyber security in the corporate network, taking into account the complex aspects of malicious influence. The following results were obtained. It is shown that the complex, diverse presentation of information in the network requires a comprehensive approach with the division of mixed content of information into segments according to the target orientation. Based on CISA's (Cybersecurity and Infrastructure Security Agency) Zero Trust Maturity Model, a method of targeted traffic segmentation is proposed. It allows detailed analysis of the interaction between applications, users and corporate network infrastructure, which increases the level of complex threats detection by 15 %. A method of protecting information resources of a socio-cyber-physical system is proposed, which, based on the principle of the Zero Trust Security strategy, improves the monitoring and management of cyber security of information resources by taking into account social aspects. This allows to detect and respond to threats in real time and adapt security policies according to the dynamics of user behavior and general security conditions. Integrating analytical methods and modern technologies into a security strategy creates a foundation for adaptive and resilient cyber defense.
50
Miron, Walter, and Kevin Muita. "Cybersecurity Capability Maturity Models for Providers of Critical Infrastructure." Technology Innovation Management Review 4, no. 10 (2014): 33–39. http://dx.doi.org/10.22215/timreview/837.
Full text