Advertisement

A Questionnaire Model for Cybersecurity Maturity Assessment of Critical Infrastructures

  • Bilge Yigit OzkanEmail author
  • Marco Spruit
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11398)

Abstract

Critical infrastructures are important assets for everyday life and wellbeing of the people. People can be effected dramatically if critical infrastructures are vulnerable and not protected against various threats. Given the increasing cybersecurity risks and the large impact that these risks may bring to the critical infrastructures, assessing and improving the cybersecurity capabilities of the service providers and the administrators is crucial for sustainability.

This research aims to provide a questionnaire model for assessing and improving cybersecurity capabilities based on industry standards. Another aim of this research is to provide service providers and the administrators of the critical infrastructures a personalized guidance and an implementation plan for cybersecurity capability improvement.

Keywords

Cybersecurity Assessment Capability Improvement Critical infrastructure 

Notes

Acknowledgements

This work was made possible with funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 740787 (SMESEC). The opinions expressed and arguments employed herein do not necessarily reflect the official views of the funding body.

References

  1. 1.
    ISO/IEC 27032:2012 - Information technology – Security techniques – Guidelines for cybersecurity. https://www.iso.org/standard/44375.html
  2. 2.
    National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. National Institute of Standards and Technology, Gaithersburg, MD (2018)Google Scholar
  3. 3.
    Paulk, M.C., Curtis, B., Chrissis, M.B., Weber, C.V.: Capability Maturity Model, Version 1.1. IEEE Softw. Los Alamitos. 10, 18–27 (1993). http://dx.doi.org/10.1109/52.219617CrossRefGoogle Scholar
  4. 4.
    Smart Grid Maturity Model, Version 1.2: Model Definition. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=10035
  5. 5.
    About the Business Process Maturity Model Specification Version 1.0. https://www.omg.org/spec/BPMM/
  6. 6.
    People CMM: A Framework for Human Capital Management (SEI Series in Software Engineering Series) | ISBNdb. https://isbndb.com/book/9780321553904
  7. 7.
  8. 8.
  9. 9.
    Open Information Security Management Maturity Model (O-ISM3), Version 2.0. https://publications.opengroup.org/c17b
  10. 10.
    Cybersecurity Capability Maturity Model. https://www.hsdl.org/?view&did=798503
  11. 11.
    Spruit, M., Roeling, M.: ISFAM: the information security focus area maturity model. In: ECIS 2014 Proceedings (2014)Google Scholar
  12. 12.
    van Steenbergen, M., Bos, R., Brinkkemper, S., van de Weerd, I., Bekkers, W.: Improving IS functions step by step: the use of focus area maturity models. Scandinavian J. Inf. Syst. 25, 2 (2013)Google Scholar
  13. 13.
    Blanchette, S., Keeler, J.K.L.: Self Assessment and the CMMI-AM – A Guide for Government Program Managers, p. 41Google Scholar
  14. 14.
    e-CF overview | European e-Competence Framework. http://www.ecompetences.eu/e-cf-overview/
  15. 15.
    van Steenbergen, M., Bos, R., Brinkkemper, S., van de Weerd, I., Bekkers, W.: The design of focus area maturity models. In: Winter, R., Zhao, J.L., Aier, S. (eds.) DESRIST 2010. LNCS, vol. 6105, pp. 317–332. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13335-0_22CrossRefGoogle Scholar
  16. 16.
    ISO/IEC 27002:2013 - Information technology – Security techniques – Code of practice for information security controls. https://www.iso.org/standard/54533.html
  17. 17.
    ETSI: ETSI TR 103 305 .CYBER; Attribute Based Encryption for Attribute Based Access Control (2018)Google Scholar
  18. 18.
    ISO/IEC 27001:2013 - Information technology – Security techniques – Information security management systems – Requirements. https://www.iso.org/standard/54534.html
  19. 19.
    Fekete, A.: Common criteria for the assessment of critical infrastructures. Int. J. Disaster Risk Sci. 2, 15–24 (2011).  https://doi.org/10.1007/s13753-011-0002-yCrossRefGoogle Scholar
  20. 20.
    Mijnhardt, F., Baars, T., Spruit, M.: Organizational characteristics influencing SME information security maturity. J. Comput. Inf. Syst. 56, 106–115 (2016).  https://doi.org/10.1080/08874417.2016.1117369CrossRefGoogle Scholar
  21. 21.
    ISO/IEC 15504-2:2003 - Information technology – Process assessment – Part 2: Performing an assessment. https://www.iso.org/standard/37458.html

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Information and Computing SciencesUtrecht UniversityUtrechtNetherlands

Personalised recommendations