International Journal of Information and Communication Technology Research (Mar 2019)
A Novel Model for MSSP Maturity Assessment
Abstract
The growing threat and security risks in information and communication technology, beside the increasing use of information and communication technologies, are two main decision makers for executives of organizations, service providers and the general public. Internet Service Providers are known to be the main stakeholder of this space. If Internet Service Providers have known as untrusted party, it can put their business and community level services at serious risk. Moreover, Resource limitation and the lack of expert in cyber security have made lots of major challenge for ISPs in dealing with and managing security threats. In many developing countries, this problem has been solved using Managed Security Service Providers. Managed Security Services are network-based security services that are outsourced by a trusted third party. The diversity of Managed Security Service Providers affects the effectiveness and efficiency of decision making in this area, as well as the correct selection of them. Therefore, in order to outsource the security services, the assessment of these organizations is inevitable. This assessment can be done by various mechanisms. One of the acceptable strategies in the security is the maturity model. Maturity models are step-by-step solutions to grow organizational capabilities along a predicted, desirable, or logical path. In fact, maturity models provide standard way to assess process maturity along with business process improvement. Hitherto, no maturity model has been developed to assess the Managed Security Service Providers. Therefore, in this paper considering different issues to evaluate frameworks, we have proposed a novel model to assess the maturity of Managed Security Service Providers. The evaluation of the proposed maturity model is based on multiple case studies.