Abstract
According to ESET, cybersecurity can be defined as the protection of information assets, through the treatment of threats that put at risk the information that is processed, stored and transported by information systems that are interconnected; and a process that involves prevention, detection and reaction or response. This article aims to describe and compare the most used cybersecurity capability maturity models, as a result of a systematic review (SR) of published studies from 2012 to 2017. For this, a taxonomy for comparing cybersecurity capability maturity models was developed, based on Halvorsen and Conradi’s taxonomy. Also, the taxonomy is adapted and applied to the cybersecurity capability maturity models identified in the SR. It was observed that the cybersecurity capability maturity models have similar elements because they use processes and levels of maturity, they also manage the risk, although at different levels of depth. Finally, it has been observed that each model due to its particularity has different fields of application.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ponemon Institute. http://engage.hpe.com/PDFViewer?ID={81e3f9d9-32fc-43ba-907a1fda52800f8a}Cost_of_Cyber_Crime
Donaldson, S., Siegel, S., Williams, C.K., Aslam, A.: Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. Apress, Berkeley (2015)
Oxford University Press. https://en.oxforddictionaries.com/definition/secure
welivesecurity. https://www.welivesecurity.com/la-es/2015/06/16/ciberseguridad-seguridad-informacion-diferencia/
Rea-Guaman, A.M., Sánchez-García, I.D., San Feliu, T., Calvo-Manzano, J.A.: Maturity models in cybersecurity: a systematic review. In: 12a Conferencia Ibérica de Sistemas y Tecnologías de Información (CISTI 2017), Lisbon (2017)
Select Business Solutions. http://www.selectbs.com/process-maturity/what-is-the-capability-maturity-model
SSE Project Team: System Security Engineering Capability Maturity Model (SSE-CMM): Model Description Document Version 3.0. Technical report, SSE-CMM (2003)
Department of Energy.: Cybersecurity Capability Maturity Model (C2M2): Version 1.1. Technical report, Department of Homeland Security (2014)
White, G.B.: The community cyber security maturity model. In: IEEE International Conference on Technologies for Homeland Security, pp. 173–178. IEEE Press, Wakefield (2011)
US Department of Homeland Security.: Cybersecurity Capability Maturity Model: Version 1.0. White paper, Department of Homeland Security (2014)
The Open Group.: Open Information Security Management Maturity Model (O-ISM3). Technical report, Open Group (2011)
ISACA (COBIT 5). http://www.isaca.org/COBIT/Pages/COBIT-5-spanish.aspx
International Organization for Standarization. https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-2:v1
Halvorsen, C.P., Conradi, R.: A taxonomy to compare SPI frameworks. In: Ambriola, V. (ed.) EWSPT 2001. LNCS, vol. 2077, pp. 217–235. Springer, Heidelberg (2001). doi:10.1007/3-540-45752-6_17
Axelos Global Best Practices. https://www.axelos.com/Corporate/media/Files/Syllabi/RESILIA-Practitioner-2015-Exam-Syllabus-v1.pdf. RESILIA Practitioner Examination Syllabus
Matthew, J.B.: Advancing Cybersecurity Capability Measurement Using the CERT ® -RMM Maturity Indicator Level Scale: Version 1.1. Technical report, Carnegie Mellon University (2013)
MM Lessing: Best practices show the way to Information Security Maturity. http://researchspace.csir.co.za/dspace/bitstream/handle/10204/3156/Lessing6_2008.pdf?sequence=1&isAllowed=y
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Rea-Guaman, A.M., San Feliu, T., Calvo-Manzano, J.A., Sanchez-Garcia, I.D. (2017). Comparative Study of Cybersecurity Capability Maturity Models. In: Mas, A., Mesquida, A., O'Connor, R., Rout, T., Dorling, A. (eds) Software Process Improvement and Capability Determination. SPICE 2017. Communications in Computer and Information Science, vol 770. Springer, Cham. https://doi.org/10.1007/978-3-319-67383-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-67383-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-67382-0
Online ISBN: 978-3-319-67383-7
eBook Packages: Computer ScienceComputer Science (R0)