A Cyber Security Maturity Model for Critical Infrastructures with a Comparative Study Approach
Subject Areas : Technology Development Infrastructures and Supporting organizationsMohamad Akhtari 1 , mohammadali keramati 2 , seyed abdolah amin mousavi 3
1 - Department of Information Technology management, Central tehran branch, Islamic Azad University, tehran, iran
2 - Department of Industrial management, Central tehran branch, Islamic Azad University, tehran, iran
3 - Department of Industrial management, Central Tehran branch, Islamic Azad University, Tehran, Iran
Keywords: Cyber Security, Maturity of Cyber Security, Critical Infrastructure, Comparative Study.,
Abstract :
With the advancement of mankind in the information age and the advent of the digital information age, dependence on national infrastructure has become more important than ever. Lack of cyber security in infrastructure, disrupts the functioning of various sectors such as government, economy and services. By disrupting critical infrastructure, irreparable damage may occur in areas such as human casualties, economic damage, and loss of public confidence. Thus, information technology and cyber security have a special place in the digital arena. Accordingly, one of the most important challenges of different countries today, which can also harm national security, is cyber-attacks. This study explores to provide a cyber security maturity model for critical infrastructure. This study examines and analyzes five crucial models of cyber security maturity.The research shows that the cybersecurity maturity models are significantly similar to each other. By comparative study and comparison between the analyzed models, 48 indicators were obtained. Examination of these indicators shows that some of them overlap with other indicators. Therefore overlapping indices were classified into 16 groups based on frequency. Then, these groups by clustering analysis method and according to the obtained data, using SPSS software were organized in five levels, based on which the cyber security maturity model for critical infrastructure was presented.
1- داناییفرد، حسن، تئوری سازمان: مدرن، نمادین- تفسیری و پست مدرن، چاپ دهم، 1389، انتشارات کتاب مهربان نشر.
2- اخوان، فاطمه، رضا، رادفر "ارائه مدلی برای پایش بلوغ امنیت اطلاعات"، فصلنامه رشد فناوری، شماره 64، شماره صفحه 41-51، تهران، 1399.
3- احمدینیک، مهرداد، بیژنی، شهریار "طراحی و پیادهسازی یک برنامهریز برای هوشمندسازی انتخاب کنترلهای امنیتی: قابل استفاده در پلیس هوشمند"، نشریه علمی فناوری اطلاعات و ارتباطات انتظامی، دوره دوم، شماره پنج، صفحات 79-89، تهران، بهار 1400.
4- افشار، احمد و دیگران "بررسی انواع راهکارهای افزایش امنیت در سیستمهای کنترل صنعتی و زیرساختهای حیاتی"، نشریه علمی پدافند غیرعامل، شماره دوم، صفحات 1-9، تهران، بهار 1400.
5- آقایی، محسن و دیگران "ارائه مدل مفهومی منطقی طبقهبندی تهدیدات سایبری زیرساختهای حیاتی"، نشریه علمی امنیت ملی، شماره دوم، صفحات 201-231، تهران، تابستان 1398.
6- فرامرز قراملکی، احد، روششناسی مطالعات دینی، دانشگاه علوم اسلامی رضوی، چاپ دوم، 1385، انتشارات بوستان حمید.
7- B. Poston “Maslow’s hierarchy of needs”. Surgical Technologis 2009, 353-347: (8)41.
8- Nye, J. Wan, J. “The Rise of China’s Soft Power and Its Implications for the United States”, in Richard Rosecrans and Gu Guoliang, Power and Restraint: A Shared Vision for the U.S.–China Relationship (New York: Public Affairs), pp 28-30. 2006.
9- Whitman, M. Mattord, H., "Roadmap to Information Security: For IT and Infosec Managers", Cengage Learning Publishing, 2011.
10- H. R Javaheri and Others, “Improvement in the Ransomwares Detection Method with New API Calls Feature”, Journal of Electronical & Cyber Defense, Vol 8, 2021.
11- ITU Corporate Annual Report 2008, https://www.itu.int/osg/csd/stratplan/AR2008_web.pdf.
12- ISO/IEC 27032: 2012, Information technology – Security techniques – Guidelines for cybersecurity, https://www.iso.org/standard/44375.html.
13- Ozkan, Y. Bilge, Sprut, M., “A Questionnaire Model for Cybersecurity Maturity Assessment of Critical Infrastructures,” Springer Nature Switzerland AG Conference paper, 2019.
14- Marcelo, A. and Others, “Comparative Study of Cybersecurity Capability Maturity Models” journal of Springer International Publishing AG – pp. 110-113, 2017.
15- Bilge, K. and Others,” A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness”, international journal of critical infrastructure protection, ScienceDirect, Elsevier, pp 47 – 59, 2019.
16- Aliyu, A. and Others, “A Holistic Cybersecurity Maturity assessment framwork for higher education institution in United Kingdom”. Applied Sciences, 2017.
17- Bridget, J., Information Security Maturity Model for Healthcare Organizations in the United State, Ph.D. Thesis, University of Portland State, 2021.
18- ITU “Guide to developing a national cybersecurity strategy 2end edition”, https://ncsguide.org/wp-content/uploads/2021/11/2021-NCS-Guide.pdf, 2021.
19- Knight, J. and Others, “Summaries of Three Critical Infrastructure Applications”, Computer Science Report, No. Cs-97-17, 1997.
20- US Department of Homeland Security, “Cybersecurity Capability Maturity Model: Version 1.0. White paper, Department of Homeland Security”, 2014.
21- Soldatos, J. and Others, Cyber-Physical Threat Intelligence for Critical Infrastructures Security: A Guide to Integrated Cyber-Physical Protection of Modern Critical Infrastructures, Now Publishers Publishing, 2020.
22- Paulk, M.C and Others, “Capability Maturity Model version 1.1 IEEE Softw”. Los Alamitos Journal, Vol 10, pp. 18–27, 1993.
23- U.S Department of Energy, Office of Cybersecurity, Energy Security and Emergency Response,” Cybersecurity Capability Maturity Model (C2M2)”, 2021.
24- White, G.B, “The community cyber security maturity model”, IEEE International Conference on Technologies for Homeland Security, HST, pp.173–178, 2007.
25- United States Agency for International Development (USAID), “understanding cybersecurity maturity models within the context of energy regulation”, 2020.
26- Ozkan, Y., Bilge, Lingen, S., Sprut, M., “The Cybersecurity Focus Area Maturity (CYSFAM) Model” Journal of Cybersecurity and Privacy, Vol 1, pp. 119-139, 2021.
27- U.S, Department of Defense, “Cybersecurity Maturity Model Certification (CMMC)”, DoD, 2020.