Abstract
Critical infrastructures are important assets for everyday life and wellbeing of the people. People can be effected dramatically if critical infrastructures are vulnerable and not protected against various threats. Given the increasing cybersecurity risks and the large impact that these risks may bring to the critical infrastructures, assessing and improving the cybersecurity capabilities of the service providers and the administrators is crucial for sustainability.
This research aims to provide a questionnaire model for assessing and improving cybersecurity capabilities based on industry standards. Another aim of this research is to provide service providers and the administrators of the critical infrastructures a personalized guidance and an implementation plan for cybersecurity capability improvement.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
ISO/IEC 27032:2012 - Information technology – Security techniques – Guidelines for cybersecurity. https://www.iso.org/standard/44375.html
National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. National Institute of Standards and Technology, Gaithersburg, MD (2018)
Paulk, M.C., Curtis, B., Chrissis, M.B., Weber, C.V.: Capability Maturity Model, Version 1.1. IEEE Softw. Los Alamitos. 10, 18–27 (1993). http://dx.doi.org/10.1109/52.219617
Smart Grid Maturity Model, Version 1.2: Model Definition. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=10035
About the Business Process Maturity Model Specification Version 1.0. https://www.omg.org/spec/BPMM/
People CMM: A Framework for Human Capital Management (SEI Series in Software Engineering Series) | ISBNdb. https://isbndb.com/book/9780321553904
TMMi Model. https://www.tmmi.org/tmmi-model/
Cybersecurity Capability Maturity Model (C2M2) | Department of Energy. https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0-0
Open Information Security Management Maturity Model (O-ISM3), Version 2.0. https://publications.opengroup.org/c17b
Cybersecurity Capability Maturity Model. https://www.hsdl.org/?view&did=798503
Spruit, M., Roeling, M.: ISFAM: the information security focus area maturity model. In: ECIS 2014 Proceedings (2014)
van Steenbergen, M., Bos, R., Brinkkemper, S., van de Weerd, I., Bekkers, W.: Improving IS functions step by step: the use of focus area maturity models. Scandinavian J. Inf. Syst. 25, 2 (2013)
Blanchette, S., Keeler, J.K.L.: Self Assessment and the CMMI-AM – A Guide for Government Program Managers, p. 41
e-CF overview | European e-Competence Framework. http://www.ecompetences.eu/e-cf-overview/
van Steenbergen, M., Bos, R., Brinkkemper, S., van de Weerd, I., Bekkers, W.: The design of focus area maturity models. In: Winter, R., Zhao, J.L., Aier, S. (eds.) DESRIST 2010. LNCS, vol. 6105, pp. 317–332. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13335-0_22
ISO/IEC 27002:2013 - Information technology – Security techniques – Code of practice for information security controls. https://www.iso.org/standard/54533.html
ETSI: ETSI TR 103 305 .CYBER; Attribute Based Encryption for Attribute Based Access Control (2018)
ISO/IEC 27001:2013 - Information technology – Security techniques – Information security management systems – Requirements. https://www.iso.org/standard/54534.html
Fekete, A.: Common criteria for the assessment of critical infrastructures. Int. J. Disaster Risk Sci. 2, 15–24 (2011). https://doi.org/10.1007/s13753-011-0002-y
Mijnhardt, F., Baars, T., Spruit, M.: Organizational characteristics influencing SME information security maturity. J. Comput. Inf. Syst. 56, 106–115 (2016). https://doi.org/10.1080/08874417.2016.1117369
ISO/IEC 15504-2:2003 - Information technology – Process assessment – Part 2: Performing an assessment. https://www.iso.org/standard/37458.html
Acknowledgements
This work was made possible with funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 740787 (SMESEC). The opinions expressed and arguments employed herein do not necessarily reflect the official views of the funding body.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Yigit Ozkan, B., Spruit, M. (2019). A Questionnaire Model for Cybersecurity Maturity Assessment of Critical Infrastructures. In: Fournaris, A., Lampropoulos, K., Marín Tordera, E. (eds) Information and Operational Technology Security Systems. IOSec 2018. Lecture Notes in Computer Science(), vol 11398. Springer, Cham. https://doi.org/10.1007/978-3-030-12085-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-12085-6_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12084-9
Online ISBN: 978-3-030-12085-6
eBook Packages: Computer ScienceComputer Science (R0)