Sustainable security advantage in a changing environment: The Cybersecurity Capability Maturity Model (CM2)

With the rapid advancement in technology and the growing complexities in the interaction of these technologies and networks, it is even more important for countries and organizations to gain sustainable security advantage. Security advantage refers to the ability to manage and respond to threats and vulnerabilities with a proactive security posture. This is accomplished through effectively planning, managing, responding to and recovering from threats and vulnerabilities. However not many organizations and even countries, especially in the developing world, have been able to equip themselves with the necessary and sufficient know-how or ability to integrate knowledge and capabilities to achieve security advantage within their environment. Having a structured set of requirements or indicators to aid in progressively attaining different levels of maturity and capabilities is one important method to determine the state of cybersecurity readiness. The research introduces the Cybersecurity Capability Maturity Model (CM2), a 6-step process of progressive development of cybersecurity maturity and knowledge integration that ranges from a state of limited awareness and application of security controls to pervasive optimization of the protection of critical assets.

[1]  Kweku-Muata Osei-Bryson,et al.  Toward a More Practical Approach to Evaluating Programs: The Multi-Objective Realization Approach , 2009 .

[2]  R. Grant Chapter 8 – Prospering in Dynamically-Competitive Environments: Organizational Capability as Knowledge Integration , 1999 .

[3]  Göran Goldkuhl,et al.  Multi-grounded theory - Adding theoretical grounding to grounded theory , 2003 .

[4]  L. Argote,et al.  KNOWLEDGE TRANSFER: A BASIS FOR COMPETITIVE ADVANTAGE IN FIRMS , 2000 .

[5]  R. B. Woodruff,et al.  Customer value: The next source for competitive advantage , 1997 .

[6]  J. Barney,et al.  On becoming a strategic partner: The role of human resources in gaining competitive advantage , 1998 .

[7]  Lawrence E. Cohen,et al.  Social Change and Crime Rate Trends: A Routine Activity Approach , 1979 .

[8]  D. Teece,et al.  DYNAMIC CAPABILITIES AND STRATEGIC MANAGEMENT , 1997 .

[9]  Lawrence E. Cohen,et al.  Human ecology and crime: A routine activity approach , 1980 .

[10]  J. Barney Firm Resources and Sustained Competitive Advantage , 1991 .

[11]  Martin Bichler,et al.  Design science in information systems research , 2006, Wirtschaftsinf..

[12]  Alan R. Hevner,et al.  Introduction to the special issue on design science , 2011, Inf. Syst. E Bus. Manag..

[13]  M. Porter The five competitive forces that shape strategy. , 2008, Harvard business review.

[14]  Alan R. Hevner,et al.  POSITIONING AND PRESENTING DESIGN SCIENCE RESEARCH FOR MAXIMUM IMPACT 1 , 2013 .

[15]  Samir Chatterjee,et al.  A Design Science Research Methodology for Information Systems Research , 2008 .

[16]  T. C. Powell,et al.  Information technology as competitive advantage: the role of human , 1997 .

[17]  Corlane Barclay,et al.  Using Frugal Innovations to Support Cybercrime Legislations in Small Developing States: Introducing the Cyber-Legislation Development and Implementation Process Model (CyberLeg-DPM) , 2014, Inf. Technol. Dev..

[18]  G. White,et al.  The Community Cyber Security Maturity Model , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[19]  Donald H. Rumsfeld Transforming the Military , 2002 .

[20]  Christoph Rosenkranz,et al.  The variety engineering method: analyzing and designing information flows in organizations , 2011, Inf. Syst. E Bus. Manag..

[21]  Kevin Scott,et al.  Capability Maturity Model Integration (Cmmi) for Small Organizations , 2010 .

[22]  B. Wellman,et al.  THE GLOBAL DIGITAL DIVIDE - WITHIN AND BETWEEN COUNTRIES , 2004 .

[23]  D. Teece,et al.  The Dynamic Capabilities of Firms: an Introduction , 1994 .