Litcius/Paper detail

The Cybersecurity Focus Area Maturity (CYSFAM) Model

Bilge Yiğit Özkan, Sonny van Lingen, Marco Spruit

2021Journal of Cybersecurity and Privacy31 citationsDOIOpen Access PDF

Abstract

The cost of recovery after a cybersecurity attack is likely to be high and may result in the loss of business at the extremes. Evaluating the acquired cybersecurity capabilities and evolving them to a desired state in consideration of risks are inevitable. This research proposes the CYberSecurity Focus Area Maturity (CYSFAM) Model for assessing cybersecurity capabilities. In this design science research, CYSFAM was evaluated at a large financial institution. From the many cybersecurity standards, 11 encompassing focus areas were identified. An assessment instrument—containing 144 questions—was developed. The in-depth single case study demonstrates how and to what extent cybersecurity related deficiencies can be identified. The novel scoring metric has been proven to be adequate, but can be further improved upon. The evaluation results show that the assessment questions suit the case study target audience; the assessment can be performed within four hours; the organization recognizes itself in the result.

Topics & Concepts

Maturity (psychological)Computer securityFocus (optics)Capability Maturity ModelComputer scienceMetric (unit)State (computer science)Incident responseEngineeringOperations managementPolitical scienceSoftwareAlgorithmLawPhysicsOpticsProgramming languageInformation and Cyber SecurityInformation Technology Governance and StrategyBig Data and Business Intelligence