Cyber Security Maturity conceptual Model of Major Telecom(mobile) Operators

Document Type : Original Article

Authors

1 Assistant Professor of Shahed university

2 PhD in SNDU

3 Faculty member of Electrical and Information Technology Research Institute of Iran Scientific and Industrial Research Organization

4 Assistant Professor of Imam Hossein University

Abstract

the need for a cyber security maturity model of telecom operators will be inevitable. In this regard, Firstly, 350 indicators were extracted from about 100 theoretical literatures. Secondly, all components of 17 security maturity models like: C2M2, CySAFE, COBIT-IS, Forrester, etc were studied and 16 common components of those are ranked.The 350 extracted indicators were then mapped in the 16 components. About 40 indicators were not included in these components. So 5 new components (as innovation of proposed model), were added and the remaining 40 indicators located in those, as follows: Architecture and process, emerging technologies, stakeholder management, life cycle management, uncertainty.
Thirdly, 4 widely used security maturity models in ICT businesses were selected. Then, component / indicators of the proposed maturity model were mapped on the 4 selected models to be sure the correspondence of each of the components/ indicators of the proposed model with 4 selected maturity models ones. In addition, by reviewing the theoretical literature and field and library studies, 4 dimensions include: human, process, technology, and data, and 5 maturity levels were selected for proposed model. Finally, a total of 4 dimensions, 18 components, 99 indicators, and 5 maturity levels were obtained as proposed model.

Keywords


  • فهرست منابع و مآخذ   

    • داوری، علی ورضازاده، آرش. (۱۳۹۳). مدل‌سازی معادلات ساختاری با نرم‌افزار پی ال اس، تهران، انتشارات جهاد دانشگاهی.
    • عباس‌زاده، میرمحمد و امانی، جواد .(۱۳۹۰). مقدمه‌ای بر مدل‌یابی معادلات ساختاری به روش پی ال اس و کاربرد آن در علوم رفتاری، انتشارات دانشگاه ارومیه.
    • گرجی، ابراهیم و برخورداری، سجاد .(1388). مبانی روش تحقیق در علوم اجتماعی، تهران، نشر ثالث.

     

    • (2016). A vulnerability-driven cyber security maturity model for measuring national critical infrastructure protection preparedness. International Journal of Critical Infrastructure Protection(elsevier).
    • (2018). Resilience of Critical Infrastructure Elements and Its Main Factors.
    • (2017). Identifying Factors Contributing Towards Information Security Maturity in an Organization. College of Engineering and Computing Nova Southeastern University.
    • Gliner Dias Alencar, et.al. (2018). An Adaptable Maturity Strategy for Information Security. Journal of Convergence Information Technology (JCIT),, 13(2), Volume 13, Number 2, p. 1-12.
    • Grossman, R. L. (2018). A framework for evaluating the analytic maturity of an organization. 38.
    • Jörg Becker, et.al. (2009). Developing Maturity Models for IT Management. Business & Information Systems Engineering, 213–222.
    • (2013). IT risk management: A capability maturity model perspective
    •  
    • (2017). Information Security in an Organization. International Journal of Computer (IJC).
    • (2013). From information security to cyber security. elsevier.
    • (2017). how organisations achieve security maturity. Computer Fraud & Security, Elsevier.
    • (2016). A Digital Maturity Model for Telecommunications Service Providers. Technology Innovation Management Review. 6. Technology Innovation Management Review.
    • W Zhao, et.al. (2017). An Evolution Roadmap for Community Cyber Security Information Sharing. Proceedings of the 50th Hawaii International Conference on System Sciences.
    • (1993). I nstitutions and Collective Action: The New Telecommunications in Western Europe. World Politics, 242 - 270.
    • seif. (2017). Identifying the Effective Components of Information Security Management in Information Technology of Iranian Offshore Oil Company. Journal of Information Technology Management, 9(4).