إطار مقترح لدمج نضج الأمن السيبراني CyPro-CMMI

1-أ. إنعام عبد القادر عبد الله فرح

كلية علوم الحاسوب وتقنية المعلومات|| جامعة النيلين|| السودان

Email: angamabdo99@gmail.com || Orcid: https://orcid.org/0009-0004-0697-695X || Mobile: 00966555853281

2-أ.د/ مضوي مختار المشرف

كلية علوم الحاسب وتقنية المعلومات|| جامعة الرباط الوطني|| السودان

Email: mudawi5@gmail.com ||Orcid: https://orcid.org/0000-0001-6424-0052 ||Mobile: 00249112021120

3-د. طارق عبد الكريم عبد الفاضل

كلية علوم الحاسوب وتقنية المعلومات|| جامعة النيلين|| السودان

Email: tarig.abdo@gmail.com || Orcid: https://orcid.org/0009-0009-4489-9701 || Mobile: 00966502427027

4-د. عمر عبد الرحمن علي إسماعيل

كلية الحاسب الآلي ونظم المعلومات||كليات الأولى الأهلية||المملكة العربية السعودية

Email: ismil8@gmail.com ||Orcid: https://orcid.org/000000027955668X  ||Mobile: 00966565597751

أصبحت التهديدات السيبرانية المعاصرة أكثر تعقيدًا، إذ تجاوزت الثغرات الداخلية لتشمل مخاطر عابرة للحدود مرتبطة بالحوسبة السحابية، وإنترنت الأشياء (IoT)، والتقنيات الناشئة. تستكشف هذه الدراسة إمكانية بناء إطار للأمن السيبراني قائم على مبادئ نموذج تكامل نضج القدرات (CMMI). وباستخدام المنهج التحليلي، تم فحص متطلبات النظام استنادًا إلى التجارب الدولية الناجحة. أظهرت النتائج أن نموذج CMMI يُعد آلية فعّالة لتعزيز قدرات المؤسسات وكفاءتها وانضباطها. ويقدّم إطار CyPro-CMMI المقترح مسارًا منظّمًا لدمج ممارسات تحسين العمليات في CMMI مع المعايير العالمية المعترف بها للأمن السيبراني. وتشمل المتطلبات الرئيسة للتبني الموارد التقنية والبشرية والمالية، السياسات والأطر، التعليم وبناء القدرات، الحوكمة الرشيدة، التعاون مع المنظمات الخارجية، والتقارير الدورية. توصي الدراسة بضرورة المراقبة المستمرة لمؤشرات أداء الأمن السيبراني لتقييم فعالية السياسات والإجراءات، ودعم القرارات المبنية على الأدلة، وترسيخ ثقافة التحسين المستمر. يضمن هذا النهج مرونة العمليات وتطوير استراتيجيات أمن سيبراني تكيفية.

1. Abrahams, T. O., Ewuga, S. K., Dawodu, S. O., Adegbite, A. O., & Hassan, A. O. (2024). A review of cybersecurity strategies in modern organizations: Examining the evolution and effectiveness of cybersecurity measures for data protection. Computer Science & IT Research Journal, 5(1), 1–25. https://doi.org/10.51594/csitrj.v5i1.699
2. Frangky, F. (2022). Measuring the maturity level of the organization in the process software development using the CMMI-Dev method. Paradigma - Jurnal Komputer dan Informatika, 24(2), 108–116. https://jurnal.bsi.ac.id/index.php/paradigma/article/download/1358/927
3. Aliyu, A., Maglaras, L., He, Y., Yevseyeva, I., Boiten, E., Cook, A., & Janicke, H. (2020). A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom. Applied Sciences, 10(10), Article 3660. https://doi.org/10.3390/app10103660
4. Baker, Z. (2024). Capability Maturity Model in 2025: Benefits, Levels & Examples. Edstellar, Accessed on 30/07/2025 at https://www.edstellar.com/blog/capability-maturity-model
5. Brett. A. (2024). What Is Access Control and Why Do Cyber Essentials and ISO 27001 Require It?. Accessed on 28/07/2025 at https://www.itgovernance.co.uk/blog/what-is-access-control
6. CISA Cyber+Infrastructure. (2020). Cyber Resilience Review (CRR). Method Description and Self-Assessment User Guide. Available at https://www.cisa.gov/sites/default/files/publications/2_CRR%25204.0_Self-Assessment_User_Guide_April_2020.pdf
7. Dawson, S. (2024). What is the Difference between CMMI DEV and CMMI SVC?. Core Business Solutions. Accessed on 31/07/2025 at https://www.thecoresolution.com/what-is-the-difference-between-cmmi-dev-and-cmmi-svc
8. Edureka higherEd. (2023). What is Process Improvement? Why is it important?. Accessed on 27/07/2025 at https://www.edureka.co/blog/process-improvement/.
9. FasterCapital. (2025). Risk management theory: How to Incorporate Risk Management Theory into Your Business Practice and Strategy. Acessed on 29/07/2025 at https://fastercapital.com/content/Risk-management-theory--How-to-Incorporate-Risk-Management-Theory-into-Your-Business-Practice-and-Strategy.html
10. Garousi, V., Arkan, S., Urul, G., Karapıçak, Ç. M. & Felderer, M. (2015). Assessing the maturity of software testing services using CMMI-SVC: An industrial case study. Aexiv, https://arxiv.org/abs/2005.12570
11. Gourisetti, S. N., Mix, S., Mylrea, M., Bonebrake, C. & Touhiduzzaman. (2019). Secure Design and Development Cybersecurity Capability Maturity Model (SD2-C2M2): Next- Generation Cyber Resilience by Design. 2019 Northwest Cybersecurity Symposium, Available at https://sd2-c2m2.pnnl.gov/documents/SD2-C2M2_Next-Generation_Cyber_Resilience_by_Design.pdf
12. Gupta, D., Elluri, L., Jain, A., Moni, S. S. & Aslan, O. (2024). Blockchain-Enhanced Framework for Secure Third-Party Vendor Risk Management and Vigilant Security Controls. Arxiv, https://arxiv.org/abs/2411.13447
13. Hadyan, N. N., Budiardjo, E. K. & Ferdinansyah, A. (2019). Evaluation of Capability Level and Improvements Prioritization on Device Accreditation Services Based On CMMI-SVC Framework Continuous Representation. Association for Computing Machinery, APIT '19: Proceedings of the 2019 Asia Pacific Information Technology Conference, 84 – 90, https://doi.org/10.1145/3314527.33145
14. Han, X., Zhang, M., Hu, Y., & Huang, Y. (2022). Study on the digital transformation capability of cost consultation enterprises based on maturity model. Sustainability, 14(16), 10038. https://doi.org/10.3390/su141610038
15. Haque, A., Gochhayat, S. P., Shetty, S., & Krishnappa, B. (2020). Cloud-Based Simulation Platform for Quantifying Cyber-Physical Systems Resilience. In book: Simulation for Cyber-Physical Systems Engineering (pp.349-384). DOI:10.1007/978-3-030-51909-4_14
16. Herrmann, D. & Pridöhl, H. (20Siksha 19). Basic Concepts and Models of Cybersecurity. In M. Christen et al. (eds.), The Ethics of Cybersecurity. The International Library of Ethics, Law and Technology 21, Springer Nature Switzerland, https://doi.org/10.1007/978-3-030-29053-5_2
17. Hortoványi, L., Morgan, R. E., Vuksanović Herceg, I., Djuričin, D., Hanák, R., Horváth, D., Mocan, M. L., Romanova, A., & Szabó, R. Z. (2023). Assessment of digital maturity: The role of resources and capabilities in digital transformation in B2B firms. International Journal of Production Research, 61(23), 8043–8061. https://doi.org/10.1080/00207543.2022.2164087
18. Infrastructure Security Agency (CISA). (2021). Cybersecurity Incident & Vulnerability Response Playbooks. CISA Publication, available at https://www.cisa.gov/sites/default/files/202408/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf
19. Javed, S. A. (2022). Cyber security; Etiology and Importance. Creative Commons CC BY license 2022, 1-7. https://doi.org/10.20944/preprints202208.0235.v1
20. Kashmar, N., Adda, M., Atieh, M. & Ibrahim, H. (2021). Access Control In Cybersecurity And Social Media. In book: Cybersécurité et médias sociaux (pp.69-105). Université Laval, DOI:10.1515/9782763753294-005
21. KPMG. (2024). Third Party Risk Management. Available at https://assets.kpmg.com/content/dam/kpmgsites/ch/pdf/third-party-risk-management-boardroom-perspective.pdf
22. Liyanage, L., Arachchilage, N. A. G. & Russello, G. (2024). Sok: Identifying Limitations And Bridging Gaps Of Cybersecurity CMMs (Ccmms). Arxiv, Https://Arxiv.Org/Abs/2408.16140
23. Maleh, Y. (2022). Understanding Cybersecurity Standards. In book Cybersecurity in Morocco (pp. 13-27), Springer Nature Switzerland AG, DOI:10.1007/978-3-031-18475-8_2
24. Mansour, O. H., Raslan, A. & Ramadan, N. (2024). A Proposed Approach for Measuring Maturity Level of Software Delivery. Journal of Software Engineering and Applications, 17(2024), 228-245.
25. Marikyan, D.& Papagiannidis, S. (2025). Technology Acceptance Model: A review. In S. Papagiannidis (Ed), TheoryHub Book. Available at https://open.ncl.ac.uk / ISBN:9781739604400
26. Mohsin, K. (2022). Data Privacy and Cybersecurity. SSRN, https://ssrn.com/abstract=4299439
27. Mugo, D. G., Njagi, K., Chemwei, B., & Motanya, J. O. (2017). The TAM and its application to the utilization of mobile learning technologies. British Journal of Mathematics & Computer Science, 20(4), 1–8. http://dx.doi.org/10.9734/BJMCS/2017/29015
28. Ogega, S. (2023). Evaluating The Influence Of Some Factors On Capability MM Integration For Development (Cmmi-dev) Maturity LevelModel Integration For Development (Cmmi-dev) Maturity Level. Electronic Theses and Dissertations.8. https://scholars.indianastate.edu/etds/8?utm_source=scholars.indianastate.edu%2Fetds%2F8&utm_medium=PDF&utm_campaign=PDFCoverPages
29. Omazić, M., Labaš, D. & Uroić, P. (2023). Contingency Theory. In S. O. Idowu et al. (eds.), Encyclopedia of Sustainable Management. Springer Nature Switzerland AG, https://doi.org/10.1007/978-3-030-02006-4_1098-1
30. Payne, Y. (2022). Risk Management Theory Explained. Accessed on 28/07/2025 at https://www.iienstitu.com/en/blog/risk-management-theory-explained
31. Phillips Consulting Limited (PCL). (2019). CMMI-DEV 2.0 ML3. Available at https://www.academia.edu/42289609/CMMI_DEV_2_0_ML3
32. Rea-Guaman, A M., Feliu, T. S., Manzano, J. A. C. & Garcia, I. D. S. (2017). Comparative Study of Cybersecurity Capability Maturity Models. Conference: International Conference on Software Process Improvement and Capability Determination. DOI:10.1007/978-3-319-67383-7_8
33. Shohoud, M. (2023) Study the Effectiveness of ISO 27001 to Mitigate the Cyber Security Threats in the Egyptian Downstream Oil and Gas Industry. Journal of Information Security, 14, 152-180. https://doi.org/10.4236/jis.2023.142010.
34. Trigyn Technologies. (2025). What is CMMI DEV Level 5?. Access on 31/072025 https://www.trigyn.com/insights/what-cmmi-dev-level-5
35. Trinh, M. T. T. & Feng, Y. (2022). MM for Resilient Safety Culture Development in Construction Companies. Buildings 2022, 12, 733. https://doi.org/10.3390/buildings12060733
36. Türetken, O., & Van Looy, A. (2024). Capability and MMs in business process management. In P. Grefen, & I. Vanderfeesten (Eds.), Handbook on Business Process Management and Digital Transformation: Research Handbooks in Information Systems (pp. 303–331). Edgar Elgar. https://doi.org/10.4337/9781802206098.00022.
37. US Department of Energy. (2021). Cybersecurity Capability Maturity Model, Version 2.0. US Department of Energy Publication, Available at https://www.energy.gov/sites/default/files/2021-07/C2M2%20Version%202.0%20July%202021_508.pdf
38. US Department of Energy. (2022). Cybersecurity Capability Maturity Model C2M2. Available at https://www.energy.gov/sites/default/files/2022-06/C2M2%20Version%202.1%20June%202022.pdf
39. Visure. (2025). Understanding the Different Models of CMMI: A Comprehensive Overview. Accessed on 29/07/2025 at https://visuresolutions.com/cmmi-guide/models/
40. World Health Organization (WHO). (2025). Cybersecurity and privacy maturity assessment and strengthening for digital health information systems. World Health Organization Publication, Document number: WHO/EURO:2025-11827-51599-78854 (PDF). Available at https://iris.who.int/bitstream/handle/10665/380838/WHO-EURO-2025-11827-51599-78854-eng.pdf?sequence=2
41. Saudi Arabian Monetary Authority. (2017). Cyber Security Framework Saudi Arabian Monetary Authority. Version 1.0, 1-56. Available at https://www.sama.gov.sa/en-US/RulesInstructions/CyberSecurity/Cyber%20Security%20Framework.pdf
42. Schmitz, C., Schmid, M., Harborth, D. & Pape, S. (2021). Maturity Level Assessments of Information Security Controls: An Empirical Analysis of Practitioners‘ Assessment Capabilities. In Computers & Security, 108(4), https://doi.org/10.3390/su141610038
43. Semrau, J. (2024). Process Improvement: A Key Element Of Effective Organization Management. in Scientific Papers of Silesian University of Technology Organization and Management Series 194. https://doi.org/10.3390/su141610038
44. Fryt, M. (2019). Process MMs – applicability and usability review World Scientific News, 129, 51–71.  https://doi.org/10.1080/00207543.2022.2164087
45. Han, X., Zhang, M., Hu, Y., & Huang, Y. (2022). Study on the digital transformation capability of cost consultation enterprises based on maturity model. Sustainability, 14(16), 10038.  https://doi.org/10.3390/su141610038
46. Hortovanyi, L., Morgan, R. E., Herceg, I. V., Djuricin, D., Hanak, R., Horvath, D., & Szabo, R. Z. (2023). Assessment of digital maturity: The role of resources and capabilities in digital transformation in B2B firms. International Journal of Production Research, 61(23), 8043–8061.  https://doi.org/10.1080/00207543.2022.2164087
47. Hu, J., & Gao, S. (2019). Research and application of capability maturity model for Chinese intelligent manufacturing. Procedia CIRP, 83, 794–799.  https://doi.org/10.1080/00207543.2022.2164087
48. Liyanage, L., Arachchilage, N. A. G., & Russello, G. (2024). SoK: Identifying limitations and bridging gaps of cybersecurity capability maturity models (CCMMs) (arXiv:2408.16140). https://doi.org/10.51594/csitrj.v5i1.699
49. Mansour, O. H., Raslan, A., & Ramadan, N. (2024). A proposed approach for measuring maturity level of software delivery. Journal of Software Engineering and Applications, 17(4), 228–245.  https://doi.org/10.51594/csitrj.v5i1.699
50. Mbanaso, U. M., Abrahams, L., & Apene, O. Z. (2019). Conceptual design of a cybersecurity resilience maturity measurement (CRMM) framework. The African Journal of Information and Communication (AJIC), 23, 1–26.  https://doi.org/10.3390/buildings12060733
51. Popoola, O. A., Adama, H. E., Okeke, C. D., & Akinoso, A. E. (2024). Cross-industry frameworks for business process reengineering: Conceptual models and practical executions. World Journal of Advanced Research and Reviews, 22(1), 1198–1208.  https://doi.org/10.51594/csitrj.v5i1.699
52. Razikin, K., & Widodo, A. (2021). General cybersecurity maturity assessment model: Best practice to achieve payment card industry-data security standard (PCI-DSS) compliance. CommIT (Communication and Information Technology) Journal, 15(2), 91–104.  https://doi.org/10.51594/csitrj.v5i1.699
53. Rohmah, U. N., Rachmadi, A., & Perdanakusuma, A. R. (2019). Penilaian tingkat kapabilitas proses akuisisi pengembangan sistem informasi menggunakan CMMI for Acquisition (CMMI-ACQ) Versi 1.3 (Studi Kasus: Dinas Komunikasi dan Informatika Kabupaten Tulungagung). Jurnal Pengembangan Teknologi Informasi dan Ilmu Komputer, 3(2), 2097–2104.  https://jurnal.bsi.ac.id/index.php/paradigma/article/download/1358/927
54. Semrau, J. (2024). Process improvement: A key element of effective organization management. Scientific Papers of Silesian University of Technology. Organization and Management Series, 2024(194), 385–398.  https://doi.org/10.1080/00207543.2022.2164087
55. Šimić, D., Ređep, N. B., Rako, S., Kadoić, N., Petegem, W. V., Rienties, B., Lanzo, N. C., Eichhorn, M., Guàrdia, L., Softić, S. K., & Tillmann, A. (2025). HELA-CMM: Capability MM for adoption of learning analytics in higher education. International Journal of Educational Technology in Higher Education, 22, Article 25.  https://doi.org/10.51594/csitrj.v5i1.699
56. Trinh, M. T. T., & Feng, Y. (2022). MM for resilient safety culture development in construction companies. Buildings, 12(6), Article 733.  https://doi.org/10.3390/buildings12060733
57. US Department of Energy. (2021). Cybersecurity capability maturity model (Version 2.0).  https://www.energy.gov/sites/default/files/2021-07/C2M2 Version 2.0 July 2021_508.pdf
58. Vanita. (2019). Capability maturity model. International Journal of Research and Analytical Reviews (IJRAR), 6(1), 172–177.  https://doi.org/10.1080/00207543.2022.2164087