A MATURITY FRAMEWORK FOR CYBERSECURITY GOVERNANCE IN ORGANIZATIONS

Abstract

Digitalization necessarily leads organizations to rethink their cybersecurity principles in order to counter all the risks inherent in cybercrime. Cybersecurity governance brings together all the essential elements of cyber defense and effective risk management. Without such governance, dangerous gaps persist, and assets are inevitably compromised. Given the critical decisions that need to be made in an ever-changing cyber threat environment, cybersecurity standards are a critical way for companies to ensure that their security strategy and policies are consistently and measurably implemented. The aim of this paper is to propose a capability maturity framework to assess and improve cybersecurity governance in organizations. The finding will help organizations to evaluate their cybersecurity governance capabilities.

Additional information

Notes on contributors

Yassine Maleh

Yassine Maleh is a cybersecurity professor and practitioner with industry and academic experience. He is a Ph.D. degree in Computer Sciences. Since 2019, He working as a professor of cybersecurity at Sultan Moulay Slimane University, Morocco. He was working for the National Port agency (ANP) in Morocco as a CISO from 2012 to 2019. He has published more than 60 research papers. This includes 8 books, 12 book chapters, 14 peer-reviewed journal articles, and 20 peer-reviewed conference manuscripts. He has served on Program Committees of more than 20 conferences and events and has organized many Symposiums/Workshops as a General Chair. He is an editor of a number of journals including Editor in Chief: International Journal of Smart Security Technologies (IJSST). Associate Editor: IEEE Access (Impact Factor: 4.09), International Journal of Digital Crime and Forensics (IJDCF) and International Journal of Information Security and Privacy (IJISP). He was also a Guest Editor of a special issue on Recent Advances on Cyber Security and Privacy for Cloud-of-Things of the International Journal of Digital Crime and Forensics (IJDCF), Volume 10, Issue 3, July-September 2019. He served and continues to serve as a reviewer of numerous prestigious journals such as Elsevier Ad Hoc Networks, IEEE Network Magazine, IEEE Sensor Journal, ICT Express, and Springer Cluster Computing, etc.

Abdelkebir Sahid

Abdelkebir Sahid is a Ph.D. of the University Hassan 1st in Morocco in the field of Information Systems Management and Agility, since 2014, Sahid has made contributions in the fields of Information Systems Strategic Agility. His research interests include Information Systems Agility, IT Management and Governance. He has published over than 20 papers (Book chapters, international journals, and conferences/workshops). He is the co-author of the book Strategic IT Governance and Performance Frameworks in Large Organizations. He has served and continues to serve on the reviewer of numerous international conferences and journals such as JCIT (Journal of Cases on Information Technology) and IJEUCD (International Journal of End-User Computing and Development).

Mustapha Belaissaoui

Mustapha Belaissaoui is a Professor of Computer Science at Hassan 1st University, Settat, Morocco. He is de Deputy Director of the National School of Business and Management of Settat, Morocco. He is the Head of Management Department and Head of Master Management Information System and Communication at the National School of Business and Management. He obtained his PhD in Artificial Intelligence from Mohammed V University in Rabat. His research interests are Combinatorial Optimization, Artificial Intelligence and Information Systems. He is the author and co-author of more than 70 papers, including journals, conferences, chapters, and books, which appeared in refereed specialized journals and symposia.