Crafting good practises aligned with NIST CSF 2.0 and CMMI

Bibliographic Details
Main Author: Oliveira, Luís Filipe Mesquita
Publication Date: 2025
Format: Master thesis
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/20.500.11960/4394
Summary: In today’s digital landscape, organizations face increasingly sophisticated cybersecurity threats, often compounded by the absence of standardized and adaptive methodologies for assessing and improving cybersecurity maturity. This thesis introduces a novel framework that integrates the National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST CSF 2.0) with the Capability Maturity Model Integration (CMMI). The proposed framework aligns best practices across the three core dimensions of CMMI—People, Processes, and Technology—spanning maturity levels 1 to 5, while mapping these practices to the subcategories of NIST CSF 2.0. This thesis undertakes a comprehensive analysis of existing frameworks/standards and maturity models to identify their strengths and limitations. The development and validation of the framework followed a systematic approach, with expert feedback playing a crucial role. The results demonstrate that the framework supports organizations in systematically advancing through maturity levels, offering scalable and tailored practices that address diverse cybersecurity challenges. Furthermore, the validation highlights the framework’s usability, adaptability, and potential to strengthen organizational resilience and security postures. By providing a systematic and adaptable approach for assessing and improving cybersecurity maturity, this thesis contributes to bridging critical gaps in current methodologies.
id RCAP_a5fd0a12654c0b0247e1726e63e3cc22
oai_identifier_str oai:repositorio.ipvc.pt:20.500.11960/4394
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling Crafting good practises aligned with NIST CSF 2.0 and CMMIInformation securityCybersecurityRisk managementCybersecurity maturityCMMINIST CSF 2.0ISO/IEC 27001:2022CIS ControlsC2M2CMMCCIACybersecurity resilienceSegurança da informaçãoCibersegurançaGestão de riscoMaturidade em cibersegurançaResiliência em cibersegurançaIn today’s digital landscape, organizations face increasingly sophisticated cybersecurity threats, often compounded by the absence of standardized and adaptive methodologies for assessing and improving cybersecurity maturity. This thesis introduces a novel framework that integrates the National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST CSF 2.0) with the Capability Maturity Model Integration (CMMI). The proposed framework aligns best practices across the three core dimensions of CMMI—People, Processes, and Technology—spanning maturity levels 1 to 5, while mapping these practices to the subcategories of NIST CSF 2.0. This thesis undertakes a comprehensive analysis of existing frameworks/standards and maturity models to identify their strengths and limitations. The development and validation of the framework followed a systematic approach, with expert feedback playing a crucial role. The results demonstrate that the framework supports organizations in systematically advancing through maturity levels, offering scalable and tailored practices that address diverse cybersecurity challenges. Furthermore, the validation highlights the framework’s usability, adaptability, and potential to strengthen organizational resilience and security postures. By providing a systematic and adaptable approach for assessing and improving cybersecurity maturity, this thesis contributes to bridging critical gaps in current methodologies.No atual panorama digital, as organizações enfrentam ameaças cibernéticas cada vez mais sofisticadas, muitas vezes agravadas pela ausência de metodologias padronizadas e adaptativas para avaliar e melhorar a maturidade em cibersegurança. Esta tese apresenta uma framework inovadora que integra o NIST CSF 2.0 com o CMMI. A framework proposta alinha as melhores práticas nas três dimensões do CMMI— Pessoas, Processos e Tecnologia — abrangendo os níveis de maturidade de 1 a 5, enquanto mapeia estas práticas para as subcategorias do NIST CSF 2.0. Esta tese realiza uma análise abrangente dos frameworks/standards e modelos de maturidade existentes para identificar os seus pontos fortes e limitações. O desenvolvimento e a validação da framework seguiram uma abordagem sistemática, com o feedback de especialistas a desempenhar um papel crucial. Os resultados demonstram que a framework apoia as organizações na progressão sistemática pelos níveis de maturidade, oferecendo práticas escaláveis e personalizadas que respondem aos diversos desafios da cibersegurança. Além disso, a validação destaca a usabilidade, adaptabilidade e o potencial da framework para reforçar a resiliência organizacional e as posturas de segurança. Ao fornecer uma abordagem sistemática e adaptável para avaliar e melhorar a maturidade em cibersegurança, esta tese contribui para colmatar lacunas críticas nas metodologias atuais.2025-03-24T12:03:06Z2035-03-07T00:00:00Z2025-03-07T00:00:00Z2025-03-07info:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/masterThesisapplication/pdfhttp://hdl.handle.net/20.500.11960/4394TID:203924517engOliveira, Luís Filipe Mesquitainfo:eu-repo/semantics/embargoedAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-03-27T07:46:31Zoai:repositorio.ipvc.pt:20.500.11960/4394Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-29T04:39:54.599489Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv Crafting good practises aligned with NIST CSF 2.0 and CMMI
title Crafting good practises aligned with NIST CSF 2.0 and CMMI
spellingShingle Crafting good practises aligned with NIST CSF 2.0 and CMMI
Oliveira, Luís Filipe Mesquita
Information security
Cybersecurity
Risk management
Cybersecurity maturity
CMMI
NIST CSF 2.0
ISO/IEC 27001:2022
CIS Controls
C2M2
CMMC
CIA
Cybersecurity resilience
Segurança da informação
Cibersegurança
Gestão de risco
Maturidade em cibersegurança
Resiliência em cibersegurança
title_short Crafting good practises aligned with NIST CSF 2.0 and CMMI
title_full Crafting good practises aligned with NIST CSF 2.0 and CMMI
title_fullStr Crafting good practises aligned with NIST CSF 2.0 and CMMI
title_full_unstemmed Crafting good practises aligned with NIST CSF 2.0 and CMMI
title_sort Crafting good practises aligned with NIST CSF 2.0 and CMMI
author Oliveira, Luís Filipe Mesquita
author_facet Oliveira, Luís Filipe Mesquita
author_role author
dc.contributor.author.fl_str_mv Oliveira, Luís Filipe Mesquita
dc.subject.por.fl_str_mv Information security
Cybersecurity
Risk management
Cybersecurity maturity
CMMI
NIST CSF 2.0
ISO/IEC 27001:2022
CIS Controls
C2M2
CMMC
CIA
Cybersecurity resilience
Segurança da informação
Cibersegurança
Gestão de risco
Maturidade em cibersegurança
Resiliência em cibersegurança
topic Information security
Cybersecurity
Risk management
Cybersecurity maturity
CMMI
NIST CSF 2.0
ISO/IEC 27001:2022
CIS Controls
C2M2
CMMC
CIA
Cybersecurity resilience
Segurança da informação
Cibersegurança
Gestão de risco
Maturidade em cibersegurança
Resiliência em cibersegurança
description In today’s digital landscape, organizations face increasingly sophisticated cybersecurity threats, often compounded by the absence of standardized and adaptive methodologies for assessing and improving cybersecurity maturity. This thesis introduces a novel framework that integrates the National Institute of Standards and Technology Cybersecurity Framework 2.0 (NIST CSF 2.0) with the Capability Maturity Model Integration (CMMI). The proposed framework aligns best practices across the three core dimensions of CMMI—People, Processes, and Technology—spanning maturity levels 1 to 5, while mapping these practices to the subcategories of NIST CSF 2.0. This thesis undertakes a comprehensive analysis of existing frameworks/standards and maturity models to identify their strengths and limitations. The development and validation of the framework followed a systematic approach, with expert feedback playing a crucial role. The results demonstrate that the framework supports organizations in systematically advancing through maturity levels, offering scalable and tailored practices that address diverse cybersecurity challenges. Furthermore, the validation highlights the framework’s usability, adaptability, and potential to strengthen organizational resilience and security postures. By providing a systematic and adaptable approach for assessing and improving cybersecurity maturity, this thesis contributes to bridging critical gaps in current methodologies.
publishDate 2025
dc.date.none.fl_str_mv 2025-03-24T12:03:06Z
2025-03-07T00:00:00Z
2025-03-07
2035-03-07T00:00:00Z
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/masterThesis
format masterThesis
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/20.500.11960/4394
TID:203924517
url http://hdl.handle.net/20.500.11960/4394
identifier_str_mv TID:203924517
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/embargoedAccess
eu_rights_str_mv embargoedAccess
dc.format.none.fl_str_mv application/pdf
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833602112974487552

Similar Items