AbstractDeveloping countries are rapidly embracing digitalization, but this exposes them to heightened cybersecurity risks. They often look to standard established cybersecurity models from developed countries to build their national defenses. However, significant developmental, political, social, and economic differences can render these models unsuitable for developing countries. This study addresses this gap by proposing a new framework that would be more useful in a developing country context. We first examine existing cybersecurity maturity models (CMMs) and metrics. Through a case study of Peru's national computer security incident response team (CSIRT), we assess the applicability of the security incident management maturity model (SIM3) and the security operation center CMM (SOC‐CMM) frameworks. By applying these frameworks to the Peruvian context, we identify limitations in standard maturity models for developing countries. In response, we propose a novel framework that allows developing countries like Peru to leverage existing models by tailoring them to their specific environment. This tailored approach can be a powerful tool for developing countries to improve and build their cybersecurity on a national level.
Read full abstract