An Overview of the Community Cyber Security Maturity Model

An Overview of the Community Cyber Security Maturity Model

Gregory B. White (The University of Texas at San Antonio, USA) and Mark L. Huson (The University of Texas at San Antonio, USA)
DOI: 10.4018/978-1-60566-326-5.ch015
OnDemand PDF Download:


The protection of cyberspace is essential to ensure that the critical infrastructures a nation relies on are not corrupted or disrupted. Government efforts generally focus on securing cyberspace at the national level. In the United States, states and communities have not seen the same concentrated effort and are now the weak link in the security chain. Until recently there has been no program for states and communities to follow in order to establish a viable security program. Now, however, the Community Cyber Security Maturity Model has been developed to provide a framework for states and communities to follow to prepare for, prevent, detect, respond to, and recover from potential cyber attacks. This model has a broad applicability and can be adapted to be used in other nations as well.
Chapter Preview

Introduction: The Need For Community Cyber Security Programs

In the introductory letter contained in the National Strategy to Secure Cyberspace, the President of the United States made the following statement concerning the challenge the nation faces in securing cyberspace:

Securing cyberspace is an extraordinarily difficult strategic challenge that requires a coordinated and focused effort from our entire society—the federal government, state and local governments, the private sector, and the American people. (White House, 2003)

The vision embodied in this statement, that securing cyberspace is an effort that an entire society must be part of, is extraordinary. It also, however, is a vision that has often been overlooked by the various federal agencies involved in securing the nation’s cyberspace. Entities such as the US-Computer Emergency Readiness Team (US-CERT), part of the Department of Homeland Security (DHS), have been formed to address significant attacks on the nation’s Internet infrastructure. The US-CERT and DHS have worked diligently to develop the channels necessary at the national level to address cyber attacks or significant cyber events that could impact the nation’s cyber infrastructure. The issues are formidable – what information should be shared between organizations and how? Who is responsible for responding to the various types of threats/attacks that could occur? When does an event change from a criminal activity to a national security event and who makes that decision? Developing a construct that addresses these issues at the national level is difficult but a framework capable of addressing the national-level concerns is slowly evolving.

What has been slower to evolve is the rest of the picture as described in the President’s statement. How state and local governments, the private sector (at and below the national level), and the American people participate in securing cyberspace has not been fully addressed (White House, 2003). Organizations, such as the Multi-State Information Sharing and Analysis Center (MS-ISAC), have been created to serve as focal points for the cyber security efforts at the state level but their complete roles in serving states and communities have not been defined. (MS-ISAC, 2008) Alternatively, some states have turned to their fusion centers to help organize their cyber information sharing and incident reporting functions. “A fusion center is an effective and efficient mechanism to exchange information and intelligence, maximize resources, streamline operations, and improve the ability to fight crime and terrorism by merging data from a variety of sources” (DHS, 2008). Fusion centers are generally staffed with individuals who have either a law enforcement or an intelligence background. Exercises have demonstrated that most states and communities have little to no experience in cyber security and the processes they are to use to fight cyber crime and cyber terrorism are not developed. Local organization to defend against cyber attacks is similarly non-existent in other countries as well. National-level entities exist for incident response (e.g. the AusCERT in Australia (AusCERT, 2008)) but community response capabilities are lacking.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Merrill Warkentin
Kenneth J. Knapp
Kenneth J. Knapp
Chapter 1
Jaziar Radianti, Jose J. Gonzalez
This chapter discusses the possible growth of black markets (BMs) for software vulnerabilities and factors affecting their spread. It is difficult... Sample PDF
Dynamic Modeling of the Cyber Security Threat Problem: The Black Market for Vulnerabilities
Chapter 2
Somak Bhattacharya, Samresh Malhotra, S. K. Ghosh
As networks continue to grow in size and complexity, automatic assessment of the security vulnerability becomes increasingly important. The typical... Sample PDF
An Attack Graph Based Approach for Threat Identification of an Enterprise Network
Chapter 3
Robert F. Mills, Gilbert L. Peterson, Michael R. Grimaila
The purpose of this chapter is to introduce the insider threat and discuss methods for preventing, detecting, and responding to the threat. Trusted... Sample PDF
Insider Threat Prevention, Detection and Mitigation
Chapter 4
Richard T. Gordon, Allison S. Gehrke
This chapter describes a methodology for assessing security infrastructure effectiveness utilizing formal mathematical models. The goal of this... Sample PDF
An Autocorrelation Methodology for the Assessment of Security Assurance
Chapter 5
Ken Webb
This chapter results from a qualitative research study finding that a heightened risk for management has emerged from a new security environment... Sample PDF
Security Implications for Management from the Onset of Information Terrorism
Chapter 6
Yves Barlette, Vladislav V. Fomin
This chapter introduces major information security management methods and standards, and particularly ISO/IEC 27001 and 27002 standards. A... Sample PDF
The Adoption of Information Security Management Standards: A Literature Review
Chapter 7
Peter R. Marksteiner
Information overload is an increasingly familiar phenomenon, but evolving United States military doctrine provides a new analytical approach and a... Sample PDF
Data Smog, Techno Creep and the Hobbling of the Cognitive Dimension
Chapter 8
John W. Bagby
The public expects that technologies used in electronic commerce and government will enhance security while preserving privacy. These expectations... Sample PDF
Balancing the Public Policy Drivers in the Tension between Privacy and Security
Chapter 9
Indira R. Guzman, Kathryn Stam, Shaveta Hans, Carole Angolano
The goal of our study is to contribute to a better understanding of role conflict, skill expectations, and the value of information technology (IT)... Sample PDF
Human Factors in Security: The Role of Information Security Professionals within Organizations
Chapter 10
Nikolaos Bekatoros HN, Jack L. Koons III, Mark E. Nissen
The US Government is moving apace to develop doctrines and capabilities that will allow the Department of Defense (DoD) to exploit Cyberspace for... Sample PDF
Diagnosing Misfits, Inducing Requirements, and Delineating Transformations within Computer Network Operations Organizations
Chapter 11
Rodger Jamieson, Stephen Smith, Greg Stephens, Donald Winchester
This chapter outlines components of a strategy for government and a conceptual identity fraud enterprise management framework for organizations to... Sample PDF
An Approach to Managing Identity Fraud
Chapter 12
Alanah Davis, Gert-Jan de Vreede, Leah R. Pietron
This chapter presents a repeatable collaboration process as an approach for developing a comprehensive Incident Response Plan for an organization or... Sample PDF
A Repeatable Collaboration Process for Incident Response Planning
Chapter 13
Dean A. Jones, Linda K Nozick, Mark A. Turnquist, William J. Sawaya
A pandemic influenza outbreak could cause serious disruption to operations of several critical infrastructures as a result of worker absenteeism.... Sample PDF
Pandemic Influenza, Worker Absenteeism and Impacts on Critical Infrastructures: Freight Transportation as an Illustration
Chapter 14
Preeti Singh, Pranav Singh, Insu Park, JinKyu Lee
We live in a digital era where the global community relies on Information Systems to conduct all kinds of operations, including averting or... Sample PDF
Information Sharing: A Study of Information Attributes and their Relative Significance During Catastrophic Events
Chapter 15
Gregory B. White, Mark L. Huson
The protection of cyberspace is essential to ensure that the critical infrastructures a nation relies on are not corrupted or disrupted. Government... Sample PDF
An Overview of the Community Cyber Security Maturity Model
Chapter 16
Doug White, Alan Rea
In this chapter the authors present essential server security components and develop a set of logical steps to build hardened servers. The authors... Sample PDF
Server Hardening Model Development: A Methodology-Based Approach to Increased System Security
Chapter 17
Jeff Teo
Computer attacks of all sorts are commonplace in today’s interconnected, globalized society. A computer worm, written and released in one part of... Sample PDF
Trusted Computing: Evolution and Direction
Chapter 18
Miguel Jose Hernandez y Lopez, Carlos Francisco Lerma Resendez
This chapter discusses the basic aspects of Honeypots, how they are implemented in modern computer networks, as well as their practical uses and... Sample PDF
Introduction, Classification and Implementation of Honeypots
About the Contributors