A survey and analysis of cyber security maturity models

Abstract

In an increasingly networked and digital world, companies face increasing threats to their information systems and data. The Cyber-security Maturity Model has proven to be a valuable tool for assessing and improving an organization's information security. This thesis makes a comprehensive comparative analysis of different cyber security models, with the aim of revealing their strengths, limitations and applicability in different organizational contexts. The research uses a systematic research methodology to analyse a set of cyber-security maturity models established in academia and industry. The selected models include Integrated Capability Maturity Model (CMMI), the National Institute of Standards and Technology (NIST) Cyber-security Framework, the ISO/IEC 27001.2013 standard, and the Cyber-security Model (C2M2). The study focuses on key dimensions such as risk assessment, vulnerability management, incident response, and governance and employee awareness. It examines the structures, methods, and metrics of the frameworks to assess their effectiveness in guiding organizations toward improving cyber-security resilience. In addition, the ease of implementation, resource requirements and scalability of each model are explored. By comparing and contrasting the strengths and weaknesses of these cyber-security maturity models, the study aims to provide insight into choosing the most appropriate framework for organizations of different sizes, industries and risk profiles. In addition, options for integrating and synchronizing multiple models will be explored to create a customized and comprehensive cyber-security framework that meets the needs of the organization. The results of this cast light upon on the current landscape of cyber security maturity models and highlight their contributions and limitations. Benchmarking enables organizations to make informed decisions about the selection, implementation and adaptation of cyber-security frameworks to improve their overall security. Finally, this thesis contributes to the development of cyber-security practices by providing a comprehensive assessment of different maturity models that facilitate the development of robust and adaptive strategies to secure organizational assets in an evolving threat landscape.