SoK: Identifying Limitations and Bridging Gaps of Cybersecurity Capability Maturity Models (CCMMs)
Lasini Liyanage, Nalin Asanka Gamagedara Arachchilage, Giovanni, Russello
TL;DR
This paper systematically reviews existing Cybersecurity Capability Maturity Models (CCMMs) to identify their limitations and challenges, aiming to improve their effectiveness in enhancing organizational cybersecurity posture.
Contribution
It provides a comprehensive analysis of 43 publications to uncover gaps and challenges in current CCMMs, proposing directions for future improvements.
Findings
Identified key limitations of current CCMMs.
Highlighted common challenges faced during implementation.
Suggested avenues for enhancing CCMM effectiveness.
Abstract
In the rapidly evolving digital landscape, where organisations are increasingly vulnerable to cybersecurity threats, Cybersecurity Capability Maturity Models (CCMMs) emerge as pivotal tools in enhancing organisational cybersecurity posture. CCMMs provide a structured framework to guide organisations in assessing their current cybersecurity capabilities, identifying critical gaps, and prioritising improvements. However, the full potential of CCMMs is often not realised due to inherent limitations within the models and challenges encountered during their implementation and adoption processes. These limitations and challenges can significantly hamper the efficacy of CCMMs in improving cybersecurity. As a result, organisations remain vulnerable to cyber threats as they may fail to identify and address critical security gaps, implement necessary improvements or allocate resources…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security