Can maturity models support cyber security?

Le, Ngoc T.; Hoang, Doan B.

doi:10.1109/pccc.2016.7820663

Cited by 38 publications

(37 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To address these types of information and cybersecurity threats, a security framework is required to provide a common method to measure cybersecurity capabilities within an organisation (Le and Hoang, 2016). The metrics of such a framework should include a capability maturity model that incorporates not only the technical but also the social dimension of security (Carcary et al , 2016).…”

Section: Introductionmentioning

confidence: 99%

Socio-technical systems cybersecurity framework

Malatji

Solms

2019

ICS

View full text Add to dashboard Cite

Purpose This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices. Design/methodology/approach The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced. Findings The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment. Practical implications This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation. Originality/value The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.

show abstract

Section: Introductionmentioning

confidence: 99%

Socio-technical systems cybersecurity framework

Malatji

Solms

2019

ICS

View full text Add to dashboard Cite

show abstract

“…Le and Hoang in [18] investigate existing cybersecurity maturity models to examine their strengths and weaknesses. They provide a comparison of 12 models mapped against five levels of maturity proposed by Humphrey (1989), concluding that models require relevant quantitative metrics for measurable and actionable assessment.…”

Section: Related Workmentioning

confidence: 99%

A NIS Directive Compliant Cybersecurity Maturity Assessment Framework

Drivas

Chatzopoulou²,

Μαγλαράς

et al. 2020

2020 IEEE 44th Annual Computers, Software, and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

The EU NIS Directive introduces obligations related to the security of the network and information systems for Operators of Essential Services and for Digital Service Providers. Moreover, National Competent Authorities for cybersecurity are required to assess compliance with these obligations. This paper describes a novel Cybersecurity Maturity Assessment Framework (CMAF) that is tailored to the NIS Directive requirements. CMAF can be used either as a self-assessment tool from Operators of Essential Services and Digital Service Providers or as an audit tool from the National Competent Authorities for cybersecurity.

show abstract

“…In our previous paper [33], we compared twelve security maturity models in order to investigate their strengths and weaknesses. Cyber security maturity models have shown that they help managers to better manage security of their organizations [34] [35].…”

Section: Cyber Security Maturity Modelmentioning

confidence: 99%

Capability Maturity Model and Metrics Framework for Cyber Cloud Security

Le¹,

Hoang²

2017

SCPE

Self Cite

View full text Add to dashboard Cite

Abstract. Cyber space is affecting all areas of our life. Cloud computing is the cutting-edge technology of this cyber space and has established itself as one of the most important resources sharing technologies for future on-demand services and infrastructures that support Internet of Things (IOTs), big data platforms and software-defined systems/services. More than ever, security is vital for cloud environment. There exist several cloud security models and standards dealing with emerging cloud security threats. However, these models are mostly reactive rather than proactive and they do not provide adequate measures to assess the overall security status of a cloud system. Out of existing models, capability maturity models, which have been used by many organizations, offer a realistic approach to address these problems using management by security domains and security assessment on maturity levels. The aim of the paper is twofold: first, it provides a review of cyber space, cyber security, cloud security models and standards, cyber security capability maturity models and security metrics; second, it proposes a cloud security capability maturity model (CSCMM) that extends existing cyber security models with a security metric framework. CSCMM aims to present a credible overall security assessment of a cloud system to senior managers and to enable security experts to predict and identify necessary security measures.

show abstract

Can maturity models support cyber security?

Cited by 38 publications

References 10 publications

Socio-technical systems cybersecurity framework

Socio-technical systems cybersecurity framework

A NIS Directive Compliant Cybersecurity Maturity Assessment Framework

Capability Maturity Model and Metrics Framework for Cyber Cloud Security

Contact Info

Product

Resources

About