Maturity Assessment Framework Research Articles

Design of Cybersecurity Maturity Assessment Framework Using NIST CSF v1.1 and CIS Controls v8

Cybersecurity threats are constantly evolving, making it crucial for organizations to maintain a robust and maturing cybersecurity posture. According to the 2022 Annual Report of the Honeynet Project of the National Cyber and Crypto Agency (BSSN), there were 370,022,283 cyber attacks against Indonesia.  One of the strategies that can be implemented is to conduct a cybersecurity maturity assessment to determine the organization's current level of cybersecurity implementation. This paper proposes a design for a cybersecurity maturity assessment framework leveraging two established standards: the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) v1.1 and the Center for Internet Security (CIS) Controls v8. The proposed framework utilizes a mapping between the NIST CSF v.1.1 subcategories and the CIS Controls v8 subcontrols, enabling a comprehensive assessment of an organization's cybersecurity maturity. The assessment methodology focuses on evaluating the implementation and effectiveness of controls aligned with each NIST CSF function. This approach allows organizations to identify strengths and weaknesses in their cybersecurity posture and prioritize areas for improvement. This research developed a mapping between the NIST CSF framework and CIS Controls v8. The mapping aligns 23 integrated cybersecurity categories from NIST CSF (including 64 subcategories out of a possible 108) with 124 subcontrols from CIS Controls v8 (out of a total 153). This combined framework serves as a tool to help organizations improve their cybersecurity maturity and capabilities.

Digital transformation maturity assessment framework for large infrastructure asset owners

This research project developed a framework for assessing digital transformation (DT) maturity in large government-owned corporations (GOCs), focusing on integrating building information modelling (BIM), digital engineering (DE) practices, value of information, data integration aspects, and critical information management competencies, relating to asset management, asset delivery, and asset performance. Recognising DT’s strategic importance in asset lifecycle management, researchers created a practical DT maturity assessment tool applied to an Australian GOC. The framework and Excel assessment tool outline DT maturity across seven categories and 56 indicators, using the analytical hierarchy process (AHP) to rank indicators based on expert input. The tool enables straightforward data input and DT maturity evaluation, helping organisations understand their current DT status and set improvement targets. Workshops with DT professionals validated the tool’s effectiveness through a case study, offering insights into DT maturity levels and a roadmap for technological integration and data-driven decision-making. The research highlights DT’s role in enhancing efficiency, innovation, and safety, emphasising the need for strategic alignment with organisational objectives.

Assessing progressive green university campus maturity: A framework for sustainable development in Malaysian higher education institutions

The concept of "Green University Campus" is used in a more general sense to refer to social, economic, environmental, and educational aspects. In order to assist in directing sustainability initiatives among educational institutions, this study will discuss the progressive green university campus maturity assessment instrument and framework. In order to help universities and colleges build more environmentally friendly campuses, this study analyses the ecocity theory and examines the consequences of its suggested usage in higher education. The study looks at prior attempts at sustainability and shows how the idea of an eco-campus can be used effectively and practically. Plans for sustainability and the "Green Campus" concept are present at most Malaysian universities. On college campuses, sustainability and turning green are topics that are becoming more and more popular. In Malaysia's higher education system, a strategic framework is required as a road map for developing green campuses. This study employs compliance plans and methods to monitor and manage environmentally sustainable indicators and categories. It was determined to evaluate the performance of each model in relation to achieving sustainability goals.

Zero trust cybersecurity: Critical success factors and A maturity assessment framework

Zero trust cybersecurity is beginning to replace traditional perimeter-based security strategies and is being adopted by organizations across a wide range of industries. However, the implementation of zero trust is a complex undertaking, different from traditional perimeter-based security, and requires a fresh approach in terms of its management. As such, a clear set of critical success factors (CSFs) will help organizations to better plan, assess, and manage their zero trust cybersecurity. In response, we investigated the CSFs for implementing zero trust cybersecurity by conducting a three-round Delphi study to obtain the consensus from a panel of 12 cybersecurity experts. We built a multi-dimensional CSFs framework that comprises eight dimensions, namely identity, endpoint, application and workload, data, network, infrastructure, visibility and analytics, and automation and orchestration. Based on the CSFs, we developed a maturity assessment framework enabling organizations to evaluate their zero trust maturity. This paper contributes to a theoretical understanding of how to deploy zero trust from multiple dimensions and offers a viable guidance framework for organizations from a practical perspective. This paper is useful for organizational stakeholders who are in the process of planning, reviewing, or implementing zero trust cybersecurity.

An innovation maturity assessment framework for universities with an integrated ANP approach

PurposeIdentifying the criteria that effectively drive innovation in universities is critical to assessing their innovation maturity level, and hence, planning for the improvements required to reach a target level. This paper aims to propose a three-phase approach to develop a multidimensional maturity assessment framework used by university decision-makers to determine their level of innovation readiness.Design/methodology/approachFirst, a systematic collection of evaluation criteria from the literature is conducted. The results are mapped into different categories in a hierarchical and multidimensional way, and validated by experts. The second phase aims to identify the critical factors and their priorities, which are determined using analytic network process (ANP). To facilitate that, a panel of thirteen experts is formed and questionnaires are sent to rank the importance of the criteria and their elements. Finally, a maturity assessment tool is developed to complement the framework, allowing decision-makers to determine the level of innovation maturity with respect to each dimension and the overall position.FindingsResults revealed three clusters, eight criteria and 26 subcriteria related to innovation in universities. The findings about the relative importance of the various attributes are reflected in the developed assessment tool and taken into consideration in the maturity indices computation approach.Originality/valueTo the best of the authors’ knowledge, this is the first attempt to develop a comprehensive list of innovation success drivers in universities and to use this list to design an innovation maturity assessment framework

A review & analysis of current IoT maturity & readiness models and novel proposal

Internet of Things (IoT) environments are characterized by a high level of diversity and heterogeneity as there are numerous standards and approaches. This adds complexity and raises questions concerning enterprises’ strategies, organizational structures, and technological capabilities. As a result, a tool is required to assist enterprises in their transition to IoT technologies and practices, as well as to guide them in improving their capabilities. Several Maturity Models (MM) have been developed for this purpose, to assist enterprises in understanding their current position and identifying the need for improvements based on guidelines and indicators. However, there are several gaps in current models due to the lack of IoT-specific assessment approaches and models. Therefore, existing models must be upgraded to take into consideration major gaps and recommendations. Our main goal, in this research, is to provide a structured methodology and a holistic model fitting to the IoT context. The main contributions of this paper are (i) firstly, it summarizes the current state of the art of IoT MM proposed by various initiatives in several countries while highlighting their origin, scope, objectives, and assessment approaches, and (ii) secondly it outlines the research gaps and limits of existing maturity models and (iii) thirdly it proposes a new IoT maturity assessment framework to better help companies to recognize their current situation regarding IoT transformation as well as undertaking the right improvement actions plans in a structured manner. The proposed framework includes a methodology and a maturity model with 5 levels, 5 dimensions, 13 sub-dimensions, and 62 assessment criteria. Afterward, a practical tool has been developed to provide a user-friendly self-assessment for companies.

Cyber Security Maturity Assessment Framework for Technology Startups: A Systematic Literature Review

Cybersecurity has gained increasing importance among firms of different sizes and industries due to the significant rise of cyber-attacks over time. Technology startups are particularly vulnerable to cyber-attacks due to the lack of cyber security measures. This is because of limited human capital and financial resources to quantify cyber risks and allocate appropriate investments to cyber security. Technology startups are suppliers and vendors to large organisations such as MNCs, government and financial institutions. They could possibly have a network connection back to the large organisations and might even store confidential information of these large organisations such as financial records, personal data and other proprietary information. As such, with the lack of appropriate cyber security measures, technology startups may be an attack vector for malicious hackers to gain entry to the large organisations. Focusing on technology startups, this study conducted a systematic literature review on cyber security maturity assessment frameworks. This study addressed five research questions on the existing cyber security maturity assessment frameworks in various industries, the target for implementation, cyber security maturity level, shared control domains of these frameworks, and the quantification of the return of cyber security investments. Referring to the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) checklist, a detailed analysis was performed on 24 published research articles (out of 650) from reputable journals and conference proceedings from January 2011 to June 2022. The results revealed the lack of an end-to-end cyber security maturity assessment framework for technology startups. Despite the similarities in the cyber security maturity level for certain frameworks, the results revealed no singular framework that can evaluate the cyber security maturity level of technology startups. The results further revealed the lack of studies on the quantification of the return of cyber security investments in an end-to-end cyber security maturity assessment framework for technology startups. This put the startup in a vulnerable position since management is not able to obtain relevant data on the startup’s cyber maturity posture and without such information, they are not able to appropriately justify their security investments to mitigate the evolving cyber risks.

SPORT MANAGEMENT MATURITY ASSESSMENT: APPLICATION TO COSMA COMPETENCIES SCALE

The results of a literature survey on the application of management science fields to sport management are presented. The most prominent Critical Success Factors and Enablers for their achievement, identified in the SM maturity assessment frameworks are specified. Existing published work in sport management per critical success factor and enabler category is also presented thus providing a theoretical basis for their significance in the sport management field. A novel holistic sports management maturity assessment framework is proposed. The framework is based on and includes, a ten-by-ten matrix, the most prominent critical success factors and enablers identified in the literature survey. The proposed framework is then applied to the most known sport management competencies accreditation framework called COSMA. The result of this application is a proposed novel “tracking matrix”. Both the proposed maturity frameworks and the tracking matrix can be used by both academics and practitioners in the SM field.

Knowledge management maturity assessment frameworks: A proposed holistic approach

AbstractThe paper aims to provide a systematic overview of the maturity models used in knowledge management (KM) with the purpose of identifying different perspectives, contributions, shortcomings, and implementation gaps. This study can be characterized as a theoretical research based on a systematic literature review. As a result of this analysis, KM key points and knowledge management maturity models (KMMMs) critical success factors (CSFs) are pointed out and recorded. The concept of standardization and its relation to KM, presenting known KM Standards and their core principles is explored. Even though there is a large number of publications on KM, a literature gap is identified in publications regarding the field of KM Standards and corresponding case studies. Based on the most widely spread critical success factors used in the knowledge management maturity assessment presented in the literature survey, the objective of this paper is to propose a holistic and integrated knowledge management maturity assessment framework encompassing the core guidelines of ISO 30401 in order to be used by researchers and practitioners for future reference in the form of a generic maturity assessment web matrix.

Adaptable Security Maturity Assessment and Standardization for Digital SMEs

ABSTRACT Small and Medium-sized Enterprises (SMEs) constitute a very large part of every country’s economy and play an essential role in economic growth and social development. SMEs are frequent targets of cyberattacks. Unlike large enterprises, SMEs generally have limited capabilities regarding cybersecurity practices. Assessment and improvement of cybersecurity capabilities are crucial for SMEs to survive and sustain their operations. Despite the availability of maturity assessment models and standards to assess and improve cybersecurity capabilities, SMEs’ specific requirements and roles in the digital ecosystem are often neglected. This paper presents high-level SME requirements regarding cybersecurity maturity assessment and standardization and translates them into an Adaptable Security Maturity Assessment and Standardization (ASMAS) framework to address this gap. The framework is demonstrated by a web-based software prototype. In the evaluation study conducted with SMEs, we obtained positive results for perceived usefulness, perceived ease of use of the framework, and intention to use it.

The development of data analytics maturity assessment framework: DAMAF

AbstractToday, data analytics plays a vital role in attaining competitive advantage, generating business value, and driving revenue streams for organizations. Thus, the organizations pay significant attention to improve their data analytics maturity. Nevertheless, the existing literature is dramatically limited in proposing a comprehensive roadmap to assist organizations for this scope. Thus, this study focuses on developing data analytics maturity assessment framework (DAMAF) that evaluates the organizational data analytics maturity in a staged manner from maturity level 0: incomplete to maturity level 5: optimizing. The DAMAF comprises the nine different data analytics attributes to address the specific needs of each data analytics maturity level. Accordingly, it aims to support organizations in assessing their current data analytics maturity, determining organizational gaps in data analytics, and preparing an extensive roadmap and suggestions for data analytics maturity improvement. In this research, we employed the DAMAF in an organization as a case study to evaluate its applicability and usefulness. The results showed that DAMAF properly reveals the data analytics gaps and provides a structured roadmap for continuously advancing the data analytics maturity of an organization.

Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia.

The Saudi Arabia government has proposed different frameworks such as the CITC’s Cybersecurity Regulatory Framework (CRF) and the NCA’s Essential Cybersecurity Controls (ECC) to ensure data and infrastructure security in all IT-based systems. However, these frameworks lack a practical, published mechanism that continuously assesses the organizations’ security level, especially in HEI (Higher Education Institutions) systems. This paper proposes a Cybersecurity Maturity Assessment Framework (SCMAF) for HEIs in Saudi Arabia. SCMAF is a comprehensive, customized security maturity assessment framework for Saudi organizations aligned with local and international security standards. The framework can be used as a self-assessment method to establish the security level and highlight the weaknesses and mitigation plans that need to be implemented. SCMAF is a mapping and codification model for all regulations that the Saudi organizations must comply with. The framework uses different levels of maturity against which the security performance of each organization can be measured. SCMAF is implemented as a lightweight assessment tool that could be provided online through a web-based service or offline by downloading the tool to ensure the organizations’ data privacy. Organizations that apply this framework can assess the security level of their systems, conduct a gap analysis and create a mitigation plan. The assessment results are communicated to the organization using visual score charts per security requirement per level attached with an evaluation report.

Introduction of a digital maturity assessment framework for construction site operations

Digital technologies as enablers for more sustainable improvements of construction site processes contain interesting opportunities. Little is known how to, in a structured way, assess and implement digital technologies to support development and improvement of construction site operations. Maturity frameworks assess the status quo and guide decision makers to potential improvements. The purpose of this research is to develop a framework for assessing digital maturity of construction site operations. Literature and empirical data were utilized to develop and validate the framework. The framework contains assessment areas that specify the areas of potential improvements, maturity levels that indicate the progression towards maturity, assessment criteria that define organizational aspects of the assessment, and an assessment procedure to guide assessors. The maturity assessment framework contributes potentially to systematization of evaluative processes creating opportunities for a change within processes and organizations enabled by digital initiatives and to long-term improvements on project portfolio level.

Cyber Hygiene Maturity Assessment Framework for Smart Grid Scenarios

Cyber hygiene is a relatively new paradigm premised on the idea that organizations and stakeholders are able to achieve additional robustness and overall cybersecurity strength by implementing and following sound security practices. It is a preventive approach entailing high organizational culture and education for information cybersecurity to enhance resilience and protect sensitive data. In an attempt to achieve high resilience of Smart Grids against negative impacts caused by different types of common, predictable but also uncommon, unexpected, and uncertain threats and keep entities safe, the Secure and PrivatE smArt gRid (SPEAR) Horizon 2020 project has created an organization-wide cyber hygiene policy and developed a Cyber Hygiene Maturity assessment Framework (CHMF). This article presents the assessment framework for evaluating Cyber Hygiene Level (CHL) in relation to the Smart Grids. Complementary to the SPEAR Cyber Hygiene Maturity Model (CHMM), we propose a self-assessment methodology based on a questionnaire for Smart Grid cyber hygiene practices evaluation. The result of the assessment can be used as a cyber-health check to define countermeasures and to reapprove cyber hygiene rules and security standards and specifications adopted by the Smart Grid operator organization. The proposed methodology is one example of a resilient approach to cybersecurity. It can be applied for the assessment of the CHL of Smart Grids operating organizations with respect to a number of recommended good practices in cyber hygiene.

QUANTUMIZED GENETIC ALGORITHM FOR SEGMENTATION AND OPTIMIZATION TASKS

Specialists mostly assess the skeletal maturity of short-height children by observing their left hand X-Ray image (radiograph), whereas precise separation of areas capturing the bones and growing plates is always not possible by visual inspection. Although a few attempts are made to estimate a suitable threshold for segmenting digitized radiograph images, their results are not still promising. To finely estimate segmentation thresholds, this paper presents the quantumized genetic algorithm (QGA) that is the integration of quantum representation scheme in the basic genetic algorithm (GA). This hybridization between quantum inspired computing and GA has led to an efficient hybrid framework that achieves better balance between the exploration and the exploitation capabilities. To assess the performance of the proposed quantitative bone maturity assessment framework, we have collected an exclusive dataset including 65 left-hand digitized images, aged from 3 to 13 years. Thresholds are estimated by the proposed method and the results are compared to harmony search algorithm (HSA), particle swarm optimization (PSO), quantumized PSO and standard GA. In addition, for more comparison of the proposed method and the other mentioned evolutionary algorithms, ten known benchmarks of complex functions are considered for optimization task. Our results in both segmentation and optimization tasks show that QGA and GA provide the best optimization results in comparison with the other mentioned algorithms. Moreover, the empirical results demonstrate that QGA is able to provide better diversity than that of GA.

A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom

As organisations are vulnerable to cyberattacks, their protection becomes a significant issue. Capability Maturity Models can enable organisations to benchmark current maturity levels against best practices. Although many maturity models have been already proposed in the literature, a need for models that integrate several regulations exists. This article presents a light, web-based model that can be used as a cybersecurity assessment tool for Higher Education Institutes (HEIs) of the United Kingdom. The novel Holistic Cybersecurity Maturity Assessment Framework incorporates all security regulations, privacy regulations, and best practices that HEIs must be compliant to, and can be used as a self assessment or a cybersecurity audit tool.

The level of use of information and communication technology at vocational high school

Learning in the 4.0 era uses the concept of 4C (Communication, Collaboration, Critical Thinking, and Problem Solving, Creativity, and Innovation). This concept is linear to the use of information and communication technology (ICT). Technology literacy is involved in all subjects of learning. This phenomenon triggers the teachers, the students, and the school environment to play an active role so that technological progress has meaningfulness in increasing student competence. This study aims to: (1) describe the level of the use of ICT use, (2) determine the factors that influence the use of ICT, and (3) describe the ability of teachers to use ICT in the learning process. This research is a mixed-method with a sequential explanatory strategy. The data collected use questionnaires, interviews, observations, and documentation. The results obtained: (1) the level of ICT utilization in the learning process is at level 4, which means Managed and Measurable. (2) the factors that influence the use of ICT in the learning process in Makassar City Vocational High School based on the Resiliency Maturity Assessment Framework screen components namely data application factors, and (3) the ability teachers in utilizing ICTs in the learning process at Vocational High School in Makassar City meet the criteria very well.

Towards a Smart Manufacturing Maturity Assessment Framework: A Socio-Technical Perspective

Researchers of information technology (IT) have often suggested that there is no clear relevance between the IT investment and return on investment (ROI) of enterprises. This phenomenon is called “productivity paradox”. However, research on smart manufacturing capability maturity did not reflect empirically the fact that enterprises rarely benefit from information systems. Therefore, the aim of this article attempts to explore how humans and technologies are related and propose a smart manufacturing maturity assessment framework that can reveal the interaction between humans and technologies. This research addressed two questions, (a) what domains can be identified for smart manufacturing, and (b) how to harmonize all of the technical and social factors affecting maturity and benefits. A complicated concept “socio-technical system” was surveyed for interpreting how enterprises benefit from technologies. Results of this study showed a smart manufacturing maturity assessment framework from the socio-technical perspective. As an explanation, the understanding of manufacturing operations management (MOM) capability maturity model (CMM) within the framework in the case study and its results were presented. To conclude, this study may be regarded as a meta-model or reference model for specific maturity models, as well as has the merit of offering valuable insights into the maturity assessment.

A proposed maturity assessment framework of the Greek local government Web Electronic Services

Purpose This paper aims to construct an assessment framework to establish a maturity model for Web Electronic Services offered at a local government level and investigate the maturity of Greek municipalities in the E-Government field, trying to correlate how this is affected by demographic variables. Design/methodology/approach An original assessment framework regarding municipal Electronic Services was created based on the literature review. The assessment framework was included in a methodological approach supported by the PROMETHEE II method, as well as by selected statistical methods. The framework and the methodological approach were applied in the case of Greek municipalities. Findings The analysis revealed the low maturity level of Greek municipalities in Electronic Services sector. The Greek case study indicated that the proposed framework and methodological approach could provide useful insights to municipalities for the improvement of its E-Government Web services based on their strategic preferences. Research limitations/implications The assessment took place only in Greece, assessing all the country's municipalities and conducting research only in the municipalities’ websites. The proposed methodology suggests that the PROMETHEE II multi-criteria decision analysis method can support the assessment of the maturity level of local government entities. Moreover, the combination of the PROMETHEE II–empowered assessment framework with demographic statistical analysis can assist orthological decision-making concerning future investments in Web Electronic Services. The methodology could be a good option for future research efforts (assessments) in municipalities, in Greece and worldwide. Practical implications The framework is both easy to use and fairly complete. The fact that the assessment was conducted in all the Greek municipalities makes it much more reliable, as it provides the whole picture. The suggested methodology which includes the proposed framework could be used in the cases of municipalities in other countries to assist future actions concerning the investment in Web Electronic Services. Originality/value This study provided a medium-size framework, being both complete and easy to use during the evaluation process of all the municipalities in Greece. In addition, the statistical analysis received data from a decision-making tool to execute the clustering (Cluster analysis is usually performed based on the raw data).

Maturity Levels of Student Support E- Services Within an Open Distance E-learning University

The University of South Africa (UNISA) is one of the distance education universities that is shifting from open distance learning (ODL) to open distance e-learning (ODeL). UNISA started as a correspondence institution in the 1950s and it has since evolved into an ODeL university. The aim of this research was to assess and determine the maturity levels of UNISA lecturers’ and tutors’ explorations of various forms of e-learning technologies to support students in an ODeL environment. Semi-structured interviews were conducted with 12 academic staff members. A hybrid approach involving inductive and deductive reasoning was used to guide the whole research process. The online course design maturity model (OCDMM) was modified and adapted in order to guide data collection, data analysis, and the interpretation of results. The results of the study indicate that the maturity levels of UNISA’s student support e-learning technologies are at the basic levels of the maturity assessment framework for open distance e-learning. It is hoped that the results of this research will serve as a starting point that the University can use to constantly measure improvements made in advancing e-learning activities.