Cybersecurity capability maturity models review and application domain

  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract

    Cybersecurity is a way of protecting organization critical assets, through the identification of cyber threats that can compromise the information stored, it involves the protection, identification, and responding to threats. The main aim of this article is to conduct an ample review of the published cybersecurity capability maturity models using a systematic review of published articles from 2014 to 2019. Features of Hal- vorsen and Conradi’s taxonomy were adopted to explain the models identified. The results indicated adopting a model to a certain organization is not feasible. However, modification is required before implementation, as the cost of implementation is not available when conducting this research.



  • Keywords

    Cybersecurity Model; Maturity Model; Information Security; Cybersecurity.

  • References

      [1] Kitchenham. Guidelines for performing Systematic Literature Reviews in Software Engineering [Internet]. Durham Durham, UK; 2007. Available from:

      [2] Kitchenham B, Pearl Brereton O, Budgen D, Turner M, Bailey J, Linkman S. Systematic literature reviews in software engineering - A systematic literature review. Inf Softw Technol [Internet]. 2009;51(1):7–15. Available from:

      [3] Webster J, Watson RT. Analyzing the Past to Prepare for the Future: Writing a Literature Review. MIS Q. 2002;26(2):xiii–xxiii.

      [4] MAREW T, KIM J, BAE DH. Systematic Mapping Studies in Software. Int J Softw Eng Knowl Eng. 2007;17(1):33–55.

      [5] Kitchenham BA, Budgen D, Pearl Brereton O. Using mapping studies as the basis for further research - A participant-observer case study. Inf Softw Technol [Internet]. 2011;53(6):638–51. Available from:

      [6] Paulk MC. A History of the Capability Maturity Model for Software. Softw Qual Profile. 2009;1(1):5–19.

      [7] Goksen Y, Cevik E, Avunduk H. A Case Analysis on the Focus on the Maturity Models and Information Technologies. Procedia Econ Financ [Internet]. 2015;19(15):208–16. Available from:

      [8] Weber C V, Garcia SM, Bush M. Key Practices of the Capability Maturity Model. 1993.

      [9] Adler RM. A dynamic capability maturity model for improving cyber security. 2013 IEEE Int Conf Technol Homel Secur HST 2013. 2013;230–5.

      [10] Budgen D, Turner M, Brereton P, Kitchenham B. Using Mapping Studies in Software Engineering. Ppig [Internet]. 2008;2:195–204. Available from:

      [11] White GB. The Community Cyber Security Maturity Model The Center for Infrastructure Assurance and Security. Proc 40th Hawaii Int Conf Syst Sci. 2007;(June):1–8.

      [12] Curtis PD. Evaluating and Improving Cybersecurity Capabilities of the Energy Critical Infrastructure. 2015 IEEE Int Symp Technol Homel Secur. 2015;1–6.

      [13] Johnson L. Cybersecurity framework. Secur Control Eval Testing, Assess Handb. 2020;(February 2014):537–48.

      [14] Miron W, Muita K. Technology Innovation Management Review Cybersecurity Capability Maturity Models for Providers of Critical Infrastructure. Technol Innov Manag Rev [Internet]. 2014;4(October):33–9. Available from:

      [15] Sorini A, Staroswiecki E. 8. Cybersecurity for the Smart Grid [Internet]. The Power Grid. Elsevier Ltd; 2017. 233–252 p. Available from:

      [16] Angel Marcelo Rea-Guaman, Tomás San Feliu JAC-M and IDS-G. Comparative Study of Cybersecurity Capability Maturity Models Angel. Comput Stand Interfaces Softw Process Improv Capab Determ Conf 2017. 2018;60:1–2.

      [17] Von Solms SHB. A maturity model for part of the African Union Convention on Cyber Security. Proc 2015 Sci Inf Conf SAI 2015. 2015;1316–20.




Article ID: 30719
DOI: 10.14419/ijet.v9i3.30719

Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.