A Concept & Compliance Study of Security Maturity Models with ISO 21827

Rabii Anass, Assoul Saliha, Roudiès Ounsa

Abstract

Ever since the success of maturity models in software engineering, the creation of security maturity models began enlarging the choice pool for organizations. Yet their implementation rate has been low and their impact difficult to perceive. This security maturity model choice grew even larger in the last decade regardless of the existence of the standard security maturity model ISO 21827. Amongst governmental approaches, CCSMM is the US national security maturity model supported by a presidential policy for national preparedness. MMISS-SME is one of the only validated security maturity model created by academia between 2007 and 2018. Our research aims to study the added value and compliance of CCSMM and MMISS-SME with the ISO 21827 standard and their shared core concepts. We presented each security maturity model’s main lines and modeled their core concepts. Our study shows that the standard encompasses all security engineering concepts yet leaving room for characterization and customization to the organizations. However, CCSMM and MMISS-SME provide nuances in both functions and concepts seeing that they were created for specific contexts such as SMEs or the US local government and their vital organisms.

Download


Paper Citation


in Harvard Style

Anass R., Saliha A. and Ounsa R. (2020). A Concept & Compliance Study of Security Maturity Models with ISO 21827.In Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS, ISBN 978-989-758-423-7, pages 385-392. DOI: 10.5220/0009569703850392


in Bibtex Style

@conference{iceis20,
author={Rabii Anass and Assoul Saliha and Roudiès Ounsa},
title={A Concept & Compliance Study of Security Maturity Models with ISO 21827},
booktitle={Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS,},
year={2020},
pages={385-392},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0009569703850392},
isbn={978-989-758-423-7},
}


in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Enterprise Information Systems - Volume 2: ICEIS,
TI - A Concept & Compliance Study of Security Maturity Models with ISO 21827
SN - 978-989-758-423-7
AU - Anass R.
AU - Saliha A.
AU - Ounsa R.
PY - 2020
SP - 385
EP - 392
DO - 10.5220/0009569703850392