{"id":"https://openalex.org/W3132151248","doi":"https://doi.org/10.3390/jcp1010007","title":"The Cybersecurity Focus Area Maturity (CYSFAM) Model","display_name":"The Cybersecurity Focus Area Maturity (CYSFAM) Model","publication_year":2021,"publication_date":"2021-02-13","ids":{"openalex":"https://openalex.org/W3132151248","doi":"https://doi.org/10.3390/jcp1010007","mag":"3132151248"},"language":"en","primary_location":{"id":"doi:10.3390/jcp1010007","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp1010007","pdf_url":"https://www.mdpi.com/2624-800X/1/1/7/pdf?version=1615960489","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://www.mdpi.com/2624-800X/1/1/7/pdf?version=1615960489","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5011632611","display_name":"Bilge Yi\u011fit \u00d6zkan","orcid":"https://orcid.org/0000-0001-6406-356X"},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":true,"raw_author_name":"Bilge Yigit Ozkan","raw_affiliation_strings":["Department of Information and Computing Sciences, Utrecht University, Princetonplein 5, 3584 CC Utrecht, The Netherlands"],"raw_orcid":"https://orcid.org/0000-0001-6406-356X","affiliations":[{"raw_affiliation_string":"Department of Information and Computing Sciences, Utrecht University, Princetonplein 5, 3584 CC Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5069697561","display_name":"Sonny van Lingen","orcid":null},"institutions":[{"id":"https://openalex.org/I193662353","display_name":"Utrecht University","ror":"https://ror.org/04pp8hn57","country_code":"NL","type":"education","lineage":["https://openalex.org/I193662353"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Sonny van Lingen","raw_affiliation_strings":["Department of Information and Computing Sciences, Utrecht University, Princetonplein 5, 3584 CC Utrecht, The Netherlands"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Department of Information and Computing Sciences, Utrecht University, Princetonplein 5, 3584 CC Utrecht, The Netherlands","institution_ids":["https://openalex.org/I193662353"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5033880574","display_name":"Marco Spruit","orcid":"https://orcid.org/0000-0002-9237-221X"},"institutions":[{"id":"https://openalex.org/I121797337","display_name":"Leiden University","ror":"https://ror.org/027bh9e22","country_code":"NL","type":"education","lineage":["https://openalex.org/I121797337"]},{"id":"https://openalex.org/I2800006345","display_name":"Leiden University Medical Center","ror":"https://ror.org/05xvt9f17","country_code":"NL","type":"funder","lineage":["https://openalex.org/I2800006345"]}],"countries":["NL"],"is_corresponding":false,"raw_author_name":"Marco Spruit","raw_affiliation_strings":["Leiden Institute of Advanced Computer Science, Leiden University, Niels Bohrweg 1, 2333 CA Leiden, The Netherlands","Public Health and Primary Care, Leiden University Medical Center, Campus The Hague, Turfmarkt 99, 2511 DP The Hague, The Netherlands"],"raw_orcid":"https://orcid.org/0000-0002-9237-221X","affiliations":[{"raw_affiliation_string":"Leiden Institute of Advanced Computer Science, Leiden University, Niels Bohrweg 1, 2333 CA Leiden, The Netherlands","institution_ids":["https://openalex.org/I121797337"]},{"raw_affiliation_string":"Public Health and Primary Care, Leiden University Medical Center, Campus The Hague, Turfmarkt 99, 2511 DP The Hague, The Netherlands","institution_ids":["https://openalex.org/I2800006345"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5011632611"],"corresponding_institution_ids":["https://openalex.org/I193662353"],"apc_list":{"value":1000,"currency":"CHF","value_usd":1082},"apc_paid":{"value":1000,"currency":"CHF","value_usd":1082},"fwci":5.4102,"has_fulltext":true,"cited_by_count":31,"citation_normalized_percentile":{"value":0.95737668,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"1","issue":"1","first_page":"119","last_page":"139"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11572","display_name":"Information Technology Governance and Strategy","score":0.9958000183105469,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T11891","display_name":"Big Data and Business Intelligence","score":0.9771000146865845,"subfield":{"id":"https://openalex.org/subfields/1404","display_name":"Management Information Systems"},"field":{"id":"https://openalex.org/fields/14","display_name":"Business, Management and Accounting"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/maturity","display_name":"Maturity (psychological)","score":0.7583264112472534},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.7356619834899902},{"id":"https://openalex.org/keywords/focus","display_name":"Focus (optics)","score":0.6933895945549011},{"id":"https://openalex.org/keywords/capability-maturity-model","display_name":"Capability Maturity Model","score":0.6289608478546143},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6205744743347168},{"id":"https://openalex.org/keywords/metric","display_name":"Metric (unit)","score":0.6147961020469666},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.4210168123245239},{"id":"https://openalex.org/keywords/incident-response","display_name":"Incident response","score":0.41535037755966187},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.23675209283828735},{"id":"https://openalex.org/keywords/operations-management","display_name":"Operations management","score":0.1422269642353058},{"id":"https://openalex.org/keywords/political-science","display_name":"Political science","score":0.12655866146087646},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.10517647862434387}],"concepts":[{"id":"https://openalex.org/C101433766","wikidata":"https://www.wikidata.org/wiki/Q3543263","display_name":"Maturity (psychological)","level":2,"score":0.7583264112472534},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7356619834899902},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.6933895945549011},{"id":"https://openalex.org/C85890633","wikidata":"https://www.wikidata.org/wiki/Q929673","display_name":"Capability Maturity Model","level":3,"score":0.6289608478546143},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6205744743347168},{"id":"https://openalex.org/C176217482","wikidata":"https://www.wikidata.org/wiki/Q860554","display_name":"Metric (unit)","level":2,"score":0.6147961020469666},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.4210168123245239},{"id":"https://openalex.org/C2985105721","wikidata":"https://www.wikidata.org/wiki/Q13479512","display_name":"Incident response","level":2,"score":0.41535037755966187},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.23675209283828735},{"id":"https://openalex.org/C21547014","wikidata":"https://www.wikidata.org/wiki/Q1423657","display_name":"Operations management","level":1,"score":0.1422269642353058},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.12655866146087646},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.10517647862434387},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.0},{"id":"https://openalex.org/C199539241","wikidata":"https://www.wikidata.org/wiki/Q7748","display_name":"Law","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.3390/jcp1010007","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp1010007","pdf_url":"https://www.mdpi.com/2624-800X/1/1/7/pdf?version=1615960489","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},{"id":"pmh:oai:scholarlypublications.universiteitleiden.nl:item_4295129","is_oa":true,"landing_page_url":"https://hdl.handle.net/1887/4295129","pdf_url":"https://www.mdpi.com/2624-800X/1/1/7/pdf","source":{"id":"https://openalex.org/S4306400850","display_name":"Leiden Repository (Leiden University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I121797337","host_organization_name":"Leiden University","host_organization_lineage":["https://openalex.org/I121797337"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"Text"},{"id":"pmh:oai:scholarlypublications.universiteitleiden.nl:item_3185588","is_oa":true,"landing_page_url":"https://hdl.handle.net/1887/3185588","pdf_url":null,"source":{"id":"https://openalex.org/S4306400850","display_name":"Leiden Repository (Leiden University)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I121797337","host_organization_name":"Leiden University","host_organization_lineage":["https://openalex.org/I121797337"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"Article / Letter to editor"}],"best_oa_location":{"id":"doi:10.3390/jcp1010007","is_oa":true,"landing_page_url":"https://doi.org/10.3390/jcp1010007","pdf_url":"https://www.mdpi.com/2624-800X/1/1/7/pdf?version=1615960489","source":{"id":"https://openalex.org/S4210232532","display_name":"Journal of Cybersecurity and Privacy","issn_l":"2624-800X","issn":["2624-800X"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310310987","host_organization_name":"Multidisciplinary Digital Publishing Institute","host_organization_lineage":["https://openalex.org/P4310310987"],"host_organization_lineage_names":["Multidisciplinary Digital Publishing Institute"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Cybersecurity and Privacy","raw_type":"journal-article"},"sustainable_development_goals":[{"score":0.46000000834465027,"id":"https://metadata.un.org/sdg/17","display_name":"Partnerships for the goals"}],"awards":[{"id":"https://openalex.org/G905454480","display_name":null,"funder_award_id":"740787","funder_id":"https://openalex.org/F4320320300","funder_display_name":"European Commission"}],"funders":[{"id":"https://openalex.org/F4320320300","display_name":"European Commission","ror":"https://ror.org/00k4n6c32"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3132151248.pdf","grobid_xml":"https://content.openalex.org/works/W3132151248.grobid-xml"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W137689262","https://openalex.org/W385646957","https://openalex.org/W611119698","https://openalex.org/W1576464872","https://openalex.org/W1579322954","https://openalex.org/W1846192801","https://openalex.org/W2029699977","https://openalex.org/W2073275508","https://openalex.org/W2081603223","https://openalex.org/W2130734770","https://openalex.org/W2136922540","https://openalex.org/W2552982198","https://openalex.org/W2618408182","https://openalex.org/W2620593348","https://openalex.org/W2657095061","https://openalex.org/W2729876077","https://openalex.org/W2753225097","https://openalex.org/W2770559264","https://openalex.org/W2789825598","https://openalex.org/W2793402936","https://openalex.org/W2913880282","https://openalex.org/W2941071152","https://openalex.org/W2975704291","https://openalex.org/W2980541546","https://openalex.org/W2992877076","https://openalex.org/W2998159685","https://openalex.org/W3001317563","https://openalex.org/W3014867074","https://openalex.org/W3034690165","https://openalex.org/W3084244975","https://openalex.org/W3092065255","https://openalex.org/W3095459720","https://openalex.org/W3111685778","https://openalex.org/W3122289872","https://openalex.org/W3151685851","https://openalex.org/W4231463859","https://openalex.org/W4246379277","https://openalex.org/W6634690448","https://openalex.org/W6960381615"],"related_works":["https://openalex.org/W2563825355","https://openalex.org/W4283172224","https://openalex.org/W2992877076","https://openalex.org/W4382725623","https://openalex.org/W2888066950","https://openalex.org/W2889844859","https://openalex.org/W3217511980","https://openalex.org/W2806063704","https://openalex.org/W4384822944","https://openalex.org/W2949196415"],"abstract_inverted_index":{"The":[0,86,103,119],"cost":[1],"of":[2,19,38],"recovery":[3],"after":[4],"a":[5,33,65],"cybersecurity":[6,27,54,72,97],"attack":[7],"is":[8],"likely":[9],"to":[10,32,94,110],"be":[11,101,111,115,136],"high":[12],"and":[13,29,93],"may":[14],"result":[15],"in":[16,36,145],"the":[17,22,25,45,70,124,128,133,141,146],"loss":[18],"business":[20],"at":[21,64],"extremes.":[23],"Evaluating":[24],"acquired":[26],"capabilities":[28],"evolving":[30],"them":[31],"desired":[34],"state":[35],"consideration":[37],"risks":[39],"are":[40],"inevitable.":[41],"This":[42],"research":[43],"proposes":[44],"CYberSecurity":[46],"Focus":[47],"Area":[48],"Maturity":[49],"(CYSFAM)":[50],"Model":[51],"for":[52],"assessing":[53],"capabilities.":[55],"In":[56],"this":[57],"design":[58],"science":[59],"research,":[60],"CYSFAM":[61],"was":[62],"evaluated":[63],"large":[66],"financial":[67],"institution.":[68],"From":[69],"many":[71],"standards,":[73],"11":[74],"encompassing":[75],"focus":[76],"areas":[77],"were":[78],"identified.":[79,102],"An":[80],"assessment":[81,125,134],"instrument\u2014containing":[82],"144":[83],"questions\u2014was":[84],"developed.":[85],"in-depth":[87],"single":[88],"case":[89,129],"study":[90,130],"demonstrates":[91],"how":[92],"what":[95],"extent":[96],"related":[98],"deficiencies":[99],"can":[100,114,135],"novel":[104],"scoring":[105],"metric":[106],"has":[107],"been":[108],"proven":[109],"adequate,":[112],"but":[113],"further":[116],"improved":[117],"upon.":[118],"evaluation":[120],"results":[121],"show":[122],"that":[123],"questions":[126],"suit":[127],"target":[131],"audience;":[132],"performed":[137],"within":[138],"four":[139],"hours;":[140],"organization":[142],"recognizes":[143],"itself":[144],"result.":[147]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":11},{"year":2024,"cited_by_count":2},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":5},{"year":2021,"cited_by_count":5}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}