Information and cyber security maturity models: a systematic literature review

Rabii, Anass; Assoul, Saliha; Touhami, Khadija Ouazzani; Roudiès, Ounsa

doi:10.1108/ics-03-2019-0039

Cited by 40 publications

(28 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Previous studies have investigated information security and cybersecurity maturity models [26][27][28]. These maturity models have different focuses according to their purpose and target.…”

Section: Information Security and Cybersecurity Maturity Modelsmentioning

confidence: 99%

The Cybersecurity Focus Area Maturity (CYSFAM) Model

Özkan

Lingen

Spruit

2021

JCP

View full text Add to dashboard Cite

The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.

show abstract

“…Previous studies have investigated information security and cybersecurity maturity models [26][27][28]. These maturity models have different focuses according to their purpose and target.…”

Section: Information Security and Cybersecurity Maturity Modelsmentioning

confidence: 99%

The Cybersecurity Focus Area Maturity (CYSFAM) Model

Özkan

Lingen

Spruit

2021

JCP

View full text Add to dashboard Cite

show abstract

“…On the other hand, academia has also produced countless information security maturity models such as SOASMM for SOA architecture [9], MMISS-SME [10] for small and medium enterprises, CCSMM for American governmental entities [11] or ISMM-PCI [12] for the payment card industry. Through our systematic literature review [1], we became aware of the lack of implementation and validation results for academic security maturity models. We also perceived that the academic shift towards specialization is also related to the implementation issue, hence why our solution intervenes at the implementation phase.…”

Section: Related Work and Problematicmentioning

confidence: 99%

“…We can rely on existing references such as standards or prominent security maturity models in order to extract these concepts. In fact, we analyzed and compared the main security concepts used in the security maturity models we found through our systematic literature review [1]. We have found that these models are highly connected to the ISO 27001 and ISO 27002 standards [4].…”

Section: Core Conceptmentioning

confidence: 99%

“…Additionally, a plethora of security maturity models were created between 2007 and 2018 to support continuous improvement of security in diverse fields. However, our systematic review [1] of the literature showed that even if many standards and approaches are available, implementation remains problematic. The lack of implementation feedback further makes the study of a real case such as the Capital One Financial Corporation breach [2] more appealing to discuss.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Operational Responsibility and Task Monitoring Method: A Data Breach Case Study

Assoul¹,

Rabii²,

Roudiès³

2021

Adv. sci. technol. eng. syst. j.

Self Cite

View full text Add to dashboard Cite

As a result of digitalization, services become highly dependent on information systems thus increasing the criticality of security management. However, with system complexity and the involvement of more human resources, it becomes more arduous to monitor and track tasks and responsibilities. This creates a lack of visibility hindering decision making. To support operational monitoring, we propose a method composed of i) a core of security concepts from International Standard Organization (ISO) standards ii) a graphical modeling language iii) a guiding process and iv) a tool that provides verification through formal Object Constraint Language (OCL) queries. Applying this method to the case of the Capital One data breach showcases incident prevention through task supervision. The resulting work product is a formal comprehensive map of assets, actors, tasks and responsibilities. The SysML formalism allows different actors to extract information from the map using OCL queries. This allows for regular task and responsibility verification thus closing any window of attack possible.

show abstract

“…Guna melakukan tindakan antisipatif untuk menanggulangi cybercrime tersebut, diperlukan cybersecurity, yaitu tindakan pelindungan atas segala macam bentuk serangan cybercrime dan tindakan pemulihan akibat cybercrime. Beberapa hal yang harus dipenuhi dalam cybersecurity (Humayun et al, 2020;Rabii et al, 2020) adalah ketersediaan (availability), kerahasiaan (confidentiality), integritas (integrity), otentikasi (authentication) dan akuntabilitas (accountability). Ketersediaan (availability) merupakan kemampuan dan ketersediaan informasi atau data yang diperlukan untuk diakses kapanpun hanya oleh pihak yang berwenang.…”

Section: Tinjauan Pustaka Cybercrime Dan Cybersecurityunclassified

Cybercrime dan Cybersecurity pada Fintech: Sebuah Tinjauan Pustaka Sistematis

Riskiyadi

Anggono

Tarjo

2021

JMO

View full text Add to dashboard Cite

This study is intended to determine the cybercrime challenges faced by the fintech industry as well as anticipatory actions in the form of cybersecurity to overcome these challenges. This study employs a systematic literature review method from various articles discussing cybercrime and cybersecurity in fintech that were published in reputable online databases. The findings indicate that cybercrime problems in fintech consist of cybercrime regulations that are not strict, data and information theft, and intellectual property theft in which impacting on the reputation of fintech. Cybersecurity as an attempt to tackle cybercrime in fintech can be performed through proactive action, strengthening regulations, and establishing a reliable cybersecurity framework or procedure. The implications of this research are as an additional reference for academics, practitioners, regulators, and fintech actors related to the fast pace development of cybercrime and cybersecurity in fintech. The limitation of this study is that it only provides an overview and elaborate the results of prior studies instead of provide a further analysis of the relationship between the articles discussed. Recommendations for further research are to increase the scope of the articles studied or apply other literature review methods or conduct empirical research to confirm the results of this study.

show abstract

Information and cyber security maturity models: a systematic literature review

Cited by 40 publications

References 13 publications

The Cybersecurity Focus Area Maturity (CYSFAM) Model

The Cybersecurity Focus Area Maturity (CYSFAM) Model

An Operational Responsibility and Task Monitoring Method: A Data Breach Case Study

Cybercrime dan Cybersecurity pada Fintech: Sebuah Tinjauan Pustaka Sistematis

Contact Info

Product

Resources

About