A Maturity Model for Cybersecurity Digital Transformation

Cybersecurity is a big concern for organizations, due to the continued digital transformation and technology upgrades as this transformation increases the amount of collected and processed data. Although the state-of-the-art technologies intend to ease people's lives, this comes with more challenges, especially for security practices and regulations. Missing some of them may lead to data leakage, economic losses, denial of service, customer dissatisfaction, or bad reputation. Digital transformation is becoming mandatory than optional for many organizations in order to keep up with the latest technologies. This urge for transformation is more important and critical when these organizations intend to continue providing their services or products, both locally and globally. Nevertheless, cybersecurity is a key challenge while planning and applying such transformation. Digital transformation is not the same as technology adoption. Technology adoption refers to the acceptance, deployment, and implementation of a new technology, in a marketplace, however, digital transformation refers to embracing, integrating of digital technology into all areas of a business, hence, changing how you operate and deliver value to customers. Determining whether the organization is applying the best security practices requires measurements. Maturity models tend to give a certain level of maturity for applying certain practices. In the software industry, the Capability Maturity Model of Integration (CMMI) was introduced by the Software Engineering Institute (SEI) as a procedure to measure the maturity of the software process through providing a set of practices to the organizations [1]. CMMI inspires many specialists in various aspects of software production, in both industry and research, to contribute a number of customized maturity models including cybersecurity maturity models. Several security maturity models are available in industry [2-7]. Those maturity models are applicable in different types of systems like e-governments, finance, and healthcare sectors. However, no cybersecurity maturity models related to digital transformation is available. The absence of such models increases the urge for developing a novel digital transformation cybersecurity maturity model. The development of the cybersecurity digital transformation maturity model is directly related to Vision 2030 in addition to the National Strategy for Digital Transformation