Cybersecurity capability maturity model for critical information technology infrastructure among Nigeria financial organizations

Abstract

The effectiveness of Nigeria Cybersecurity strategy can have serious effect on the Cybersecurity stance of the country and significantly impact how well the country financial critical information technology infrastructures are protected. In order to measure the strength and weaknesses of Cybersecurity, organizations can implement the developed Cybersecurity Capability Maturity Model (C2M2). Many developers have developed a range of Cybersecurity oriented models for strengthening practices to protect critical infrastructure. These models, however, similar to any other security oriented models are subject to uncertainty and a comprehensive critical infrastructure protection strategy is to be able to reduce exposure to risk and address uncertainty. Cybersecurity Capability Maturity Model (C2M2) for Nigeria financial organizations as a security oriented model to determine the level of Cybersecurity strength in Nigeria financial organizations is developed. The developed model provided five maturity levels: i) Nothing Exists, ii) Basic, iii) Progressed, iv) Advanced, and v) Innovative. The goal of this research is to build up a model that will validate the level of Cybersecurity strength in Nigeria financial organizations. Seven organizations which includes Guarantee Trust Bank , United Bank for Africa, Union Bank of Nigeria, First Bank of Nigeria, Stanbic-IBTC Bank, Federal Mortgage Bank, and Polaris Bank all located in Damaturu are chosen to measure their Cybersecurity preparedness using the developed model. Fully instructured interview are performed with information technology officers in case study. Results analysis show that all organizations in case study are at iv) Advanced level.