Skip to main content
Top

Hint

Swipe to navigate through the chapters of this book

2017 | Supplement | Chapter

Comparative Study of Cybersecurity Capability Maturity Models

Authors : Angel Marcelo Rea-Guaman, Tomás San Feliu, Jose A. Calvo-Manzano, Isaac Daniel Sanchez-Garcia

Published in: Software Process Improvement and Capability Determination

Publisher: Springer International Publishing

share
SHARE

Abstract

According to ESET, cybersecurity can be defined as the protection of information assets, through the treatment of threats that put at risk the information that is processed, stored and transported by information systems that are interconnected; and a process that involves prevention, detection and reaction or response. This article aims to describe and compare the most used cybersecurity capability maturity models, as a result of a systematic review (SR) of published studies from 2012 to 2017. For this, a taxonomy for comparing cybersecurity capability maturity models was developed, based on Halvorsen and Conradi’s taxonomy. Also, the taxonomy is adapted and applied to the cybersecurity capability maturity models identified in the SR. It was observed that the cybersecurity capability maturity models have similar elements because they use processes and levels of maturity, they also manage the risk, although at different levels of depth. Finally, it has been observed that each model due to its particularity has different fields of application.
Literature
1.
go back to reference Ponemon Institute. http://​engage.​hpe.​com/​PDFViewer?​ID=​{81e3f9d9-32fc-43ba-907a1fda52800f8a}Cost_of_Cyber_Crime Ponemon Institute. http://​engage.​hpe.​com/​PDFViewer?​ID=​{81e3f9d9-32fc-43ba-907a1fda52800f8a}Cost_of_Cyber_Crime
2.
go back to reference Donaldson, S., Siegel, S., Williams, C.K., Aslam, A.: Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. Apress, Berkeley (2015) CrossRef Donaldson, S., Siegel, S., Williams, C.K., Aslam, A.: Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. Apress, Berkeley (2015) CrossRef
5.
go back to reference Rea-Guaman, A.M., Sánchez-García, I.D., San Feliu, T., Calvo-Manzano, J.A.: Maturity models in cybersecurity: a systematic review. In: 12a Conferencia Ibérica de Sistemas y Tecnologías de Información (CISTI 2017), Lisbon (2017) Rea-Guaman, A.M., Sánchez-García, I.D., San Feliu, T., Calvo-Manzano, J.A.: Maturity models in cybersecurity: a systematic review. In: 12a Conferencia Ibérica de Sistemas y Tecnologías de Información (CISTI 2017), Lisbon (2017)
7.
go back to reference SSE Project Team: System Security Engineering Capability Maturity Model (SSE-CMM): Model Description Document Version 3.0. Technical report, SSE-CMM (2003) SSE Project Team: System Security Engineering Capability Maturity Model (SSE-CMM): Model Description Document Version 3.0. Technical report, SSE-CMM (2003)
8.
go back to reference Department of Energy.: Cybersecurity Capability Maturity Model (C2M2): Version 1.1. Technical report, Department of Homeland Security (2014) Department of Energy.: Cybersecurity Capability Maturity Model (C2M2): Version 1.1. Technical report, Department of Homeland Security (2014)
9.
go back to reference White, G.B.: The community cyber security maturity model. In: IEEE International Conference on Technologies for Homeland Security, pp. 173–178. IEEE Press, Wakefield (2011) White, G.B.: The community cyber security maturity model. In: IEEE International Conference on Technologies for Homeland Security, pp. 173–178. IEEE Press, Wakefield (2011)
10.
go back to reference US Department of Homeland Security.: Cybersecurity Capability Maturity Model: Version 1.0. White paper, Department of Homeland Security (2014) US Department of Homeland Security.: Cybersecurity Capability Maturity Model: Version 1.0. White paper, Department of Homeland Security (2014)
11.
go back to reference The Open Group.: Open Information Security Management Maturity Model (O-ISM3). Technical report, Open Group (2011) The Open Group.: Open Information Security Management Maturity Model (O-ISM3). Technical report, Open Group (2011)
16.
go back to reference Matthew, J.B.: Advancing Cybersecurity Capability Measurement Using the CERT ® -RMM Maturity Indicator Level Scale: Version 1.1. Technical report, Carnegie Mellon University (2013) Matthew, J.B.: Advancing Cybersecurity Capability Measurement Using the CERT ® -RMM Maturity Indicator Level Scale: Version 1.1. Technical report, Carnegie Mellon University (2013)
Metadata
Title
Comparative Study of Cybersecurity Capability Maturity Models
Authors
Angel Marcelo Rea-Guaman
Tomás San Feliu
Jose A. Calvo-Manzano
Isaac Daniel Sanchez-Garcia
Copyright Year
2017
DOI
https://doi.org/10.1007/978-3-319-67383-7_8

Premium Partner