Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Information and Operational Technology Security Systems

IOSec 2018: Information and Operational Technology Security Systems pp 49–60Cite as

A Questionnaire Model for Cybersecurity Maturity Assessment of Critical Infrastructures

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11398))

Abstract

Critical infrastructures are important assets for everyday life and wellbeing of the people. People can be effected dramatically if critical infrastructures are vulnerable and not protected against various threats. Given the increasing cybersecurity risks and the large impact that these risks may bring to the critical infrastructures, assessing and improving the cybersecurity capabilities of the service providers and the administrators is crucial for sustainability.

This research aims to provide a questionnaire model for assessing and improving cybersecurity capabilities based on industry standards. Another aim of this research is to provide service providers and the administrators of the critical infrastructures a personalized guidance and an implementation plan for cybersecurity capability improvement.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. ISO/IEC 27032:2012 - Information technology – Security techniques – Guidelines for cybersecurity. https://www.iso.org/standard/44375.html

  2. National Institute of Standards and Technology: Framework for Improving Critical Infrastructure Cybersecurity, Version 1.1. National Institute of Standards and Technology, Gaithersburg, MD (2018)

    Google Scholar 

  3. Paulk, M.C., Curtis, B., Chrissis, M.B., Weber, C.V.: Capability Maturity Model, Version 1.1. IEEE Softw. Los Alamitos. 10, 18–27 (1993). http://dx.doi.org/10.1109/52.219617

    Article  Google Scholar 

  4. Smart Grid Maturity Model, Version 1.2: Model Definition. https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=10035

  5. About the Business Process Maturity Model Specification Version 1.0. https://www.omg.org/spec/BPMM/

  6. People CMM: A Framework for Human Capital Management (SEI Series in Software Engineering Series) | ISBNdb. https://isbndb.com/book/9780321553904

  7. TMMi Model. https://www.tmmi.org/tmmi-model/

  8. Cybersecurity Capability Maturity Model (C2M2) | Department of Energy. https://www.energy.gov/ceser/activities/cybersecurity-critical-energy-infrastructure/energy-sector-cybersecurity-0-0

  9. Open Information Security Management Maturity Model (O-ISM3), Version 2.0. https://publications.opengroup.org/c17b

  10. Cybersecurity Capability Maturity Model. https://www.hsdl.org/?view&did=798503

  11. Spruit, M., Roeling, M.: ISFAM: the information security focus area maturity model. In: ECIS 2014 Proceedings (2014)

    Google Scholar 

  12. van Steenbergen, M., Bos, R., Brinkkemper, S., van de Weerd, I., Bekkers, W.: Improving IS functions step by step: the use of focus area maturity models. Scandinavian J. Inf. Syst. 25, 2 (2013)

    Google Scholar 

  13. Blanchette, S., Keeler, J.K.L.: Self Assessment and the CMMI-AM – A Guide for Government Program Managers, p. 41

    Google Scholar 

  14. e-CF overview | European e-Competence Framework. http://www.ecompetences.eu/e-cf-overview/

  15. van Steenbergen, M., Bos, R., Brinkkemper, S., van de Weerd, I., Bekkers, W.: The design of focus area maturity models. In: Winter, R., Zhao, J.L., Aier, S. (eds.) DESRIST 2010. LNCS, vol. 6105, pp. 317–332. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13335-0_22

    Chapter  Google Scholar 

  16. ISO/IEC 27002:2013 - Information technology – Security techniques – Code of practice for information security controls. https://www.iso.org/standard/54533.html

  17. ETSI: ETSI TR 103 305 .CYBER; Attribute Based Encryption for Attribute Based Access Control (2018)

    Google Scholar 

  18. ISO/IEC 27001:2013 - Information technology – Security techniques – Information security management systems – Requirements. https://www.iso.org/standard/54534.html

  19. Fekete, A.: Common criteria for the assessment of critical infrastructures. Int. J. Disaster Risk Sci. 2, 15–24 (2011). https://doi.org/10.1007/s13753-011-0002-y

    Article  Google Scholar 

  20. Mijnhardt, F., Baars, T., Spruit, M.: Organizational characteristics influencing SME information security maturity. J. Comput. Inf. Syst. 56, 106–115 (2016). https://doi.org/10.1080/08874417.2016.1117369

    Article  Google Scholar 

  21. ISO/IEC 15504-2:2003 - Information technology – Process assessment – Part 2: Performing an assessment. https://www.iso.org/standard/37458.html

Download references

Acknowledgements

This work was made possible with funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 740787 (SMESEC). The opinions expressed and arguments employed herein do not necessarily reflect the official views of the funding body.

Author information

Authors and Affiliations

  1. Department of Information and Computing Sciences, Utrecht University, Princetonplein 5, 3584 CC, Utrecht, Netherlands

    Bilge Yigit Ozkan & Marco Spruit

Authors
  1. Bilge Yigit Ozkan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco Spruit
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Bilge Yigit Ozkan .

Editor information

Editors and Affiliations

  1. University of Patras, Patras, Greece

    Apostolos P. Fournaris

  2. University of Patras, Patras, Greece

    Konstantinos Lampropoulos

  3. Advanced Network Architectures Lab, Barcelona, Spain

    Eva Marín Tordera

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Yigit Ozkan, B., Spruit, M. (2019). A Questionnaire Model for Cybersecurity Maturity Assessment of Critical Infrastructures. In: Fournaris, A., Lampropoulos, K., Marín Tordera, E. (eds) Information and Operational Technology Security Systems. IOSec 2018. Lecture Notes in Computer Science(), vol 11398. Springer, Cham. https://doi.org/10.1007/978-3-030-12085-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-12085-6_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-12084-9

  • Online ISBN: 978-3-030-12085-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation