UNIFIED MODEL OF MATURITY OF NETWORK SECURITY CENTERS OF INFORMATION AND TELECOMMUNICATION NETWORKS
Abstract
In accordance with Decree No. 250 of the President of the Russian Federation, special
structural units created by subjects of critical information infrastructure are able to counteract
computer attacks on their information and telecommunication networks (ITCNs). In order to be
effective, these units must have Network Security Centers (NSCs) of ITCN with a high level of maturity
that meets the information security requirements for its owner organization. Currently, there
is no single approach to assessing the NSC maturity level. Thus the article’s goal is to describe the
developed Unified Maturity Model (UMM) of ITCN NSCs of organizations, created based on the
generalization and development of the analyzed maturity models and authors' systematics of network
security management (NSM) processes and services of a typical ITCN implemented in the
NSC, as well as technologies that support the implementation of processes and the provision of
services, supplemented by consideration of the general organization of the NSC functioning and its
staffing. The NSC maturity model refers to a structured set of elements that combines the information
need to establish the NSC maturity level with their attributes – NSC properties or characteristics.
The requirements for UMM being developed for the organization's internal NSC are formulated,
and their implementation is demonstrated at the end of the article. A formalized representation
of the maturity model of NSC as an object for assessing the maturity level in five assessment
areas, namely, the organizational support for the NSC functioning, the NSM processes for
ITCN and the NSC as its integral part, the ITCN NSM services provided by the NSC, the technologies
used and staffing, is introduced. A method for visualizing the obtained assessment results as
pie charts is proposed. An approach to establishing the final NSC maturity level is presented. It is
shown that all the formulated requirements for the NSC maturity model are met in the developed
ITCN NSC UMM. Further, a methodology for the ITCN NSC UMM application should be created.
References
po obespecheniyu informatsionnoy bezopasnosti Rossiyskoy Federatsii» [Decree of the President
of the Russian Federation of May 1, 2022 No. 250 “On Additional Measures to Ensure
the Information Security of the Russian Federation”].
2. Gardiner M. The Critical Incident Response Maturity Journey. EMC Corporation, 2013.
Available at: http://docs.media.bitpipe.com/io_11x/io_115661/item_894499/Critical%
20Incident%20Response%20Maturity.pdf (accessed 29 May 2023).
3. SIM3: Security Incident Management Maturity Model. Open CSIRT Foundation, 2019. Available
at: http://opencsirt.org/ wp-content/uploads/2019/12/SIM3-mkXVIIIc.pdf (accessed 29 May 2023).
4. CSIRT capabilities: How to assess maturity? Guidelines for national and governmental CSIRTs.
ENISA, 2016. Available at: https://www.enisa.europa.eu/publications/csirt-capabilities (accessed 29
May 2023).
5. Dorofee A., Ruefle R., Zajicek M., McIntire D., Alberts C., Perl S., Huth C.L., Walters P. Incident
Management Capability Assessment. Software Engineering Institute of Carnegie Mellon
University, 2018. Available at: https://resources.sei.cmu.edu/asset_files/ TechnicalReport/
2018_005_001_538866.pdf (accessed 29 May 2023).
6. Wahlgren G.A. Maturity Model for Measuring Organizations Escalation Capability of
IT-related Security Incidents. Academic dissertation for the Degree of Doctor of Philosophy in
Computer and Systems Sciences. Stockholm University, 2020. Available at: https://www.divaportal.
org/smash/get/diva2:1411275/FULLTEXT01.pdf (accessed 29 May 2023).
7. State of security operations. Hewlett-Packard, 2014. Available at: http://h41382.www4.hpe.com/
gfs-shared/downloads-303.pdf (accessed 29 May 2023).
8. Os V.R. SOC-CMM: Designing and Evaluating a Tool for Measurement of Capability Maturity
in Security Operations Centers. Master Thesis, Information Security Program. Luleå University
of Technology, 2016, 75 p.
9. SOC-CMM Introduction. SOC-CMM, 2020. Available at: https://www.soc-cmm.com/ introduction
(accessed 29 May 2023).
10. Nettitude Blog: Cybersecurity Maturity Assessments Explained. Nettitude, 2020. Available at:
https://blog.nettitude.com/cyber-maturity-assessments-explained-nettitude (accessed 29 May 2023).
11. Three Levels of SOC Maturity: Steps for Continual Service Improvement. Huntsman, 2018.
Available at: https://www.huntsmansecurity.com/blog/three-levels-of-soc-maturity-steps-forcontinual-
service-improvement/ (accessed 29 May 2023).
12. Kuzbari T. Security Operations Center. Part 2 – Internal SOC maturity levels. Cybereason,
2018. Available at: https://www.linkedin.com/pulse/security-operations-center-part-2-internalsoc-
maturity-kuzbari (accessed 29 May 2023).
13. Crump J. Security Operations Center – Use Case Maturity Model/Cube (SOC-UCMM), 2018.
Available at: https://www.jeffreydoncrump.com/post/security-operations-centre-soc-managedsecurity-
service-provider-monitoring-content-maturity-cube (accessed 29 May 2023).
14. Postroenie i razvitie tsentrov monitoringa informatsionnoy bezopasnosti (SOC) [Construction
and development of information security monitoring centers (SOC)]. PwC, 2019. Available at:
https://www.pwc.ru/ru/services/technology/cyber-security/soc.html (accessed 29 May 2023).
15. The Security Operations Maturity Model: A Practical Guide to Assessing and Improving the Capabilities
of Your Security Operations Center. LogRhythm, 2019. Available at:
https://logrhythm.com/security-operations-maturity-model-white-paper/ (accessed 29 May 2023).
16. ISO/IEC/IEEE 15939:2017 Systems and software engineering – Measurement process, 2017, 39 p.
17. GOST R ISO/MEK 27004–2021 Informatsionnaya tekhnologiya. Metody i sredstva
obespecheniya bezopasnosti. Menedzhment informatsionnoy bezopasnosti. Monitoring,
otsenka zashchishchennosti, analiz i otsenivanie [GOST R ISO/IEC 27004–2021 Information
technology. Security techniques. Information security management. Monitoring, security assessment,
analysis and evaluation]. Introd. 2021-11-30. Moscow: Standartinform, 2021, 46 p.
18. Standart Banka Rossii STO BR IBBS-1.2-2014 Obespechenie informatsionnoy bezopasnosti
organizatsiy bankovskoy sistemy Rossiyskoy Federatsii. Metodika otsenki sootvetstviya
informatsionnoy bezopasnosti organizatsiy bankovskoy sistemy Rossiyskoy Federatsii
trebovaniyam STO BR IBBS-1.0-2014 [Standard of the Bank of Russia STO BR IBBS-1.2-
2014 Ensuring information security of organizations of the banking system of the Russian
Federation. Methodology for assessing the compliance of information security of organizations
of the banking system of the Russian Federation with the requirements of STO BR IBBS-1.0-
2014]. Introd.: 2014-06-01. Moscow, 2014, 101 p.
19. GOST R 57580.2-2018 Bezopasnost' finansovykh (bankovskikh) operatsiy. Zashchita
informatsii finansovykh organizatsiy. Metodika otsenki sootvetstviya [GOST R 57580.2-2018
Security of financial (banking) transactions. Protection of information of financial organizations.
Conformity assessment methodology]. Introd. 2018-03-28. Moscow: Standartinform,
2018, 23 p.
20. Repin V. Otsenka zrelosti sistemy upravleniya biznes-protsessami kompanii [Evaluation of the
maturity of the company's business process management system], 2020. Available at:
https://www.businessstudio.ru/articles/article/otsenka_zrelosti_sistemy_upravleniya_biznes_pr
otsessami_repin/ (accessed 29 May 2023).
