Skip to main content
SpringerLink
Log in

Comparative Study of Cybersecurity Capability Maturity Models

  • Conference paper
  • First Online:
Book cover Software Process Improvement and Capability Determination (SPICE 2017)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 770))

Abstract

According to ESET, cybersecurity can be defined as the protection of information assets, through the treatment of threats that put at risk the information that is processed, stored and transported by information systems that are interconnected; and a process that involves prevention, detection and reaction or response. This article aims to describe and compare the most used cybersecurity capability maturity models, as a result of a systematic review (SR) of published studies from 2012 to 2017. For this, a taxonomy for comparing cybersecurity capability maturity models was developed, based on Halvorsen and Conradi’s taxonomy. Also, the taxonomy is adapted and applied to the cybersecurity capability maturity models identified in the SR. It was observed that the cybersecurity capability maturity models have similar elements because they use processes and levels of maturity, they also manage the risk, although at different levels of depth. Finally, it has been observed that each model due to its particularity has different fields of application.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ponemon Institute. http://engage.hpe.com/PDFViewer?ID={81e3f9d9-32fc-43ba-907a1fda52800f8a}Cost_of_Cyber_Crime

    Google Scholar 

  2. Donaldson, S., Siegel, S., Williams, C.K., Aslam, A.: Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. Apress, Berkeley (2015)

    Book  Google Scholar 

  3. Oxford University Press. https://en.oxforddictionaries.com/definition/secure

  4. welivesecurity. https://www.welivesecurity.com/la-es/2015/06/16/ciberseguridad-seguridad-informacion-diferencia/

  5. Rea-Guaman, A.M., Sánchez-García, I.D., San Feliu, T., Calvo-Manzano, J.A.: Maturity models in cybersecurity: a systematic review. In: 12a Conferencia Ibérica de Sistemas y Tecnologías de Información (CISTI 2017), Lisbon (2017)

    Google Scholar 

  6. Select Business Solutions. http://www.selectbs.com/process-maturity/what-is-the-capability-maturity-model

  7. SSE Project Team: System Security Engineering Capability Maturity Model (SSE-CMM): Model Description Document Version 3.0. Technical report, SSE-CMM (2003)

    Google Scholar 

  8. Department of Energy.: Cybersecurity Capability Maturity Model (C2M2): Version 1.1. Technical report, Department of Homeland Security (2014)

    Google Scholar 

  9. White, G.B.: The community cyber security maturity model. In: IEEE International Conference on Technologies for Homeland Security, pp. 173–178. IEEE Press, Wakefield (2011)

    Google Scholar 

  10. US Department of Homeland Security.: Cybersecurity Capability Maturity Model: Version 1.0. White paper, Department of Homeland Security (2014)

    Google Scholar 

  11. The Open Group.: Open Information Security Management Maturity Model (O-ISM3). Technical report, Open Group (2011)

    Google Scholar 

  12. ISACA (COBIT 5). http://www.isaca.org/COBIT/Pages/COBIT-5-spanish.aspx

  13. International Organization for Standarization. https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1

  14. Halvorsen, C.P., Conradi, R.: A taxonomy to compare SPI frameworks. In: Ambriola, V. (ed.) EWSPT 2001. LNCS, vol. 2077, pp. 217–235. Springer, Heidelberg (2001). doi:10.1007/3-540-45752-6_17

    Chapter  Google Scholar 

  15. Axelos Global Best Practices. https://www.axelos.com/Corporate/media/Files/Syllabi/RESILIA-Practitioner-2015-Exam-Syllabus-v1.pdf. RESILIA Practitioner Examination Syllabus

  16. Matthew, J.B.: Advancing Cybersecurity Capability Measurement Using the CERT ® -RMM Maturity Indicator Level Scale: Version 1.1. Technical report, Carnegie Mellon University (2013)

    Google Scholar 

  17. MM Lessing: Best practices show the way to Information Security Maturity. http://researchspace.csir.co.za/dspace/bitstream/handle/10204/3156/Lessing6_2008.pdf?sequence=1&isAllowed=y

Download references

Author information

Authors and Affiliations

  1. Universidad Politécnica de Madrid, ETS Ingenieros Informáticos, Madrid, Spain

    Angel Marcelo Rea-Guaman, Tomás San Feliu & Jose A. Calvo-Manzano

  2. Instituto Politécnico Nacional, Escuela Superior de Ingeniería Mecánica y Eléctrica, Mexico City, Mexico

    Isaac Daniel Sanchez-Garcia

Authors
  1. Angel Marcelo Rea-Guaman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tomás San Feliu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jose A. Calvo-Manzano
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Isaac Daniel Sanchez-Garcia
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jose A. Calvo-Manzano .

Editor information

Editors and Affiliations

  1. University of the Balearic Islands, Palma, Spain

    Antonia Mas

  2. University of the Balearic Islands, Palma, Baleares, Spain

    Antoni Mesquida

  3. Dublin University, Dublin, Ireland

    Rory V. O'Connor

  4. Software Quality Institute, Griffith University, Brisbane, Queensland, Australia

    Terry Rout

  5. Impronova AB, Askim, Sweden

    Alec Dorling

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Rea-Guaman, A.M., San Feliu, T., Calvo-Manzano, J.A., Sanchez-Garcia, I.D. (2017). Comparative Study of Cybersecurity Capability Maturity Models. In: Mas, A., Mesquida, A., O'Connor, R., Rout, T., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2017. Communications in Computer and Information Science, vol 770. Springer, Cham. https://doi.org/10.1007/978-3-319-67383-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-67383-7_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-67382-0

  • Online ISBN: 978-3-319-67383-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation