{"title":"Cybersecurity maturity model: Systematic literature review and a proposed model","authors":"Gülçin Büyüközkan, Merve Güler","doi":"10.1016/j.techfore.2025.123996","DOIUrl":null,"url":null,"abstract":"<div><div>The growing importance of cybersecurity stems from its strategic value to various stakeholders, including individuals, businesses, governments, and society as a whole. Ensuring robust cybersecurity programs and assessing maturity levels is critical for organizational resilience. Cybersecurity maturity models have emerged as essential tools for evaluating readiness and guiding improvements. This study aims to systematically review existing research with bibliometric analysis and propose a cybersecurity maturity model that will help organizations assess their readiness. Web of Science and Scopus databases were searched, and bibliometric networks were visualized and explored using the VOSViewer and Biblioshiny software. This study is one of the first attempts to examine cybersecurity maturity areas using the science mapping approach. The proposed cybersecurity maturity model uses bibliometric analysis, literature searches on academic papers, industry reports, and expert opinions. The proposed cybersecurity maturity model comprises five dimensions, fifteen factors, and five levels. The proposed model is applied to three companies to demonstrate the validity using real-world examples. This study significantly contributes to the body of knowledge on cybersecurity maturity. The proposed model serves as the foundation for future researchers interested in determining cybersecurity maturity. Additionally, practitioners can use the proposed maturity factors to lead their cybersecurity systems.</div></div>","PeriodicalId":48454,"journal":{"name":"Technological Forecasting and Social Change","volume":"213 ","pages":"Article 123996"},"PeriodicalIF":13.3000,"publicationDate":"2025-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Technological Forecasting and Social Change","FirstCategoryId":"91","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0040162525000277","RegionNum":1,"RegionCategory":"管理学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2025/2/5 0:00:00","PubModel":"Epub","JCR":"Q1","JCRName":"BUSINESS","Score":null,"Total":0}
引用次数: 0
Abstract
The growing importance of cybersecurity stems from its strategic value to various stakeholders, including individuals, businesses, governments, and society as a whole. Ensuring robust cybersecurity programs and assessing maturity levels is critical for organizational resilience. Cybersecurity maturity models have emerged as essential tools for evaluating readiness and guiding improvements. This study aims to systematically review existing research with bibliometric analysis and propose a cybersecurity maturity model that will help organizations assess their readiness. Web of Science and Scopus databases were searched, and bibliometric networks were visualized and explored using the VOSViewer and Biblioshiny software. This study is one of the first attempts to examine cybersecurity maturity areas using the science mapping approach. The proposed cybersecurity maturity model uses bibliometric analysis, literature searches on academic papers, industry reports, and expert opinions. The proposed cybersecurity maturity model comprises five dimensions, fifteen factors, and five levels. The proposed model is applied to three companies to demonstrate the validity using real-world examples. This study significantly contributes to the body of knowledge on cybersecurity maturity. The proposed model serves as the foundation for future researchers interested in determining cybersecurity maturity. Additionally, practitioners can use the proposed maturity factors to lead their cybersecurity systems.
网络安全日益增长的重要性源于其对各种利益相关者的战略价值,包括个人、企业、政府和整个社会。确保强大的网络安全计划和评估成熟度水平对组织的弹性至关重要。网络安全成熟度模型已经成为评估准备情况和指导改进的重要工具。本研究旨在通过文献计量分析系统地回顾现有研究,并提出一个网络安全成熟度模型,以帮助组织评估其准备情况。检索Web of Science和Scopus数据库,利用VOSViewer和Biblioshiny软件对文献计量学网络进行可视化和探索。本研究是首次尝试使用科学映射方法检查网络安全成熟领域之一。提出的网络安全成熟度模型采用文献计量分析、文献检索、学术论文、行业报告和专家意见。提出的网络安全成熟度模型包括5个维度、15个因素、5个层次。本文将该模型应用于三家公司的实际案例,以验证模型的有效性。本研究对网络安全成熟度的知识体系有重要贡献。所提出的模型为未来对确定网络安全成熟度感兴趣的研究者提供了基础。此外,从业者可以使用建议的成熟度因素来领导他们的网络安全系统。
期刊介绍:
Technological Forecasting and Social Change is a prominent platform for individuals engaged in the methodology and application of technological forecasting and future studies as planning tools, exploring the interconnectedness of social, environmental, and technological factors.
In addition to serving as a key forum for these discussions, we offer numerous benefits for authors, including complimentary PDFs, a generous copyright policy, exclusive discounts on Elsevier publications, and more.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
