Maturity and Process Capability Models and Their Use in Measuring Resilience in Critical Infrastructure Protection Sectors

Maturity and Process Capability Models and Their Use in Measuring Resilience in Critical Infrastructure Protection Sectors

Clemith J. Houston Jr. (University of Colorado Boulder, USA) and Douglas C. Sicker (University of Colorado Boulder, USA)
DOI: 10.4018/978-1-4666-8473-7.ch025
OnDemand PDF Download:
$30.00
List Price: $37.50

Abstract

This paper provides a literature review and survey of maturity and process capability models, Critical Infrastructure Protection (CIP) tools and frameworks to identify strategies for assessing and measuring resilience and risk management capabilities, with a specific focus on the electricity generating sector. The focus is on the use of models such as CERT-RMM, and others, as a means of addressing challenges associated with cyber security and risk management. Foundational concepts, terminology and definitions are provided; examples of maturity and process capability models are presented and discussed, tools that enable process capability and resilience are identified, including those specific to the electricity generating sector. The evolution of models and how they have addressed challenges is presented, in addition to the characteristics and differences of models and the growth in domains where they can be used. The benefits of the application of process capability and maturity models in maintaining and enhancing resilience and cyber security protection is supported in this paper and recommendations for research opportunities that may yield further insight and measurement capabilities are offered.
Chapter Preview
Top

Introduction

Motivation

The motivation for this paper is to achieve an enhanced understanding of the evolution of maturity and process capability models, how they have influenced organizations responsible for critical infrastructure protection, and how they can serve as a means for promoting and ensuring resilience. This research was performed in the context of models that could be used in the electricity generation sector, and specifically in preparation for using the CERT-RMM model as means of evaluating maturity and process capabilities that would promote cybersecurity protection, risk management best practices, and service reliability. This paper and associated research also serve as an informational resource to both practitioners and researchers in the area of resilience, maturity and process capability models, critical infrastructure protection methodologies and tools, cyber security protection and information assurance.

Paper Organization

This paper is organized by first exploring the evolution and current state of maturity and process capability models, then addressing CIP tools and frameworks as enablers of process capability and resilience, followed by the application of process capability models in the electricity generating sector. It closes with conclusions and recommendations for future research.

Complete Chapter List

Search this Book:
Reset