Adapting cybersecurity maturity models for resource-constrained settings: A case study of Peru

IF 1.1 Q2 SOCIAL SCIENCES, INTERDISCIPLINARY Electronic Journal of Information Systems in Developing Countries Pub Date : 2024-10-22 DOI:10.1002/isd2.12350

GangSeok Lee, SuHyun Kim, ImYoung Lee, Suzana Brown, Yuri Aldoradin Carbajal

{"title":"Adapting cybersecurity maturity models for resource-constrained settings: A case study of Peru","authors":"GangSeok Lee, SuHyun Kim, ImYoung Lee, Suzana Brown, Yuri Aldoradin Carbajal","doi":"10.1002/isd2.12350","DOIUrl":null,"url":null,"abstract":"<p>Developing countries are rapidly embracing digitalization, but this exposes them to heightened cybersecurity risks. They often look to standard established cybersecurity models from developed countries to build their national defenses. However, significant developmental, political, social, and economic differences can render these models unsuitable for developing countries. This study addresses this gap by proposing a new framework that would be more useful in a developing country context. We first examine existing cybersecurity maturity models (CMMs) and metrics. Through a case study of Peru's national computer security incident response team (CSIRT), we assess the applicability of the security incident management maturity model (SIM3) and the security operation center CMM (SOC-CMM) frameworks. By applying these frameworks to the Peruvian context, we identify limitations in standard maturity models for developing countries. In response, we propose a novel framework that allows developing countries like Peru to leverage existing models by tailoring them to their specific environment. This tailored approach can be a powerful tool for developing countries to improve and build their cybersecurity on a national level.</p>","PeriodicalId":46610,"journal":{"name":"Electronic Journal of Information Systems in Developing Countries","volume":"91 1","pages":""},"PeriodicalIF":1.1000,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1002/isd2.12350","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Electronic Journal of Information Systems in Developing Countries","FirstCategoryId":"1085","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1002/isd2.12350","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"SOCIAL SCIENCES, INTERDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

Abstract

Developing countries are rapidly embracing digitalization, but this exposes them to heightened cybersecurity risks. They often look to standard established cybersecurity models from developed countries to build their national defenses. However, significant developmental, political, social, and economic differences can render these models unsuitable for developing countries. This study addresses this gap by proposing a new framework that would be more useful in a developing country context. We first examine existing cybersecurity maturity models (CMMs) and metrics. Through a case study of Peru's national computer security incident response team (CSIRT), we assess the applicability of the security incident management maturity model (SIM3) and the security operation center CMM (SOC-CMM) frameworks. By applying these frameworks to the Peruvian context, we identify limitations in standard maturity models for developing countries. In response, we propose a novel framework that allows developing countries like Peru to leverage existing models by tailoring them to their specific environment. This tailored approach can be a powerful tool for developing countries to improve and build their cybersecurity on a national level.

Abstract Image