A Model for Implementing a Cybersecurity Maturity Model in Government Organizations

Authors

    Amirhoseyn Rahimiyan Department of Management, Ha.C., Islamic Azad University, Hamedan, Iran
    Mansour Esmaeilpour * Department of Computer Engineering, Ha.C., Islamic Azad University, Hamedan, Iran esmaeilpour@iau.ac.ir
    Behrooz Bayat Department of Knowledge and Information Science, Ha.C., Islamic Azad University, Hamedan, Iran

Keywords:

model implementation, maturity, cybersecurity, content analysis

Abstract

The purpose of this study was to develop a model for implementing a cybersecurity maturity model in government organizations. In terms of purpose, the study was applied research, and in terms of methodology, it adopted an exploratory approach. The study population consisted of 13 information technology and cybersecurity managers from selected organizations who either held a doctoral degree or were doctoral candidates. Participants were selected using purposive and snowball sampling methods, and sampling continued until data saturation was achieved. The participants included 7 men and 6 women; 8 were under the age of 40 and 5 were over the age of 40. All participants had academic backgrounds in information security, information technology management, or computer engineering. Data were collected through semi-structured interviews totaling approximately 20 hours. To ensure validity, the interview questions were reviewed and refined by two university professors and three cybersecurity experts. Reliability was assessed using the test–retest method with an interval of 5 to 14 days and the participation of two experts, resulting in an overall reliability coefficient of 74.36%. Using qualitative content analysis, the interview data were analyzed through a systematic process. In the first stage, open coding was conducted, and after eliminating irrelevant data, 190 meaningful statements and conceptual codes were extracted. In the subsequent stage, these concepts were categorized into 26 thematic categories based on semantic and conceptual similarities. Finally, the categories were organized into 10 major themes, including strategic management and security planning, security education and awareness, risk assessment and management, security technologies and infrastructures, information and data security, network and communications security, access and control management, incident response and security improvement, organizational collaboration and communications, and customization and adaptability of solutions. This analytical process led to the development of a comprehensive model encompassing multiple dimensions of cybersecurity management.

Downloads

Download data is not yet available.

References

Abohatem, A. Y., & Ba-Alwi, F. M. (2024). Cybersecurity Maturity Assessment of Information Systems for Yemen Telecoms. International Journal of Intelligent Systems and Applications in Engineering, 12(8s), 539-548.

Ahouanmenou, S. (2024). Towards a Cybersecurity Maturity Model Specific for the Healthcare Sector: Focus on Hospitals. International Conference on Research Challenges in Information Science, Cham. https://doi.org/10.1007/978-3-031-59468-7_16

Akhtari, M., Keramati, M., & Mousavi, S. A. E. (2022). A Comparative Comparison of Cybersecurity and Information Security Maturity Models and Extraction of Common Cybersecurity Indicators. Passive Defense, 13(4), 21-38.

Akhtari, M., Keramati, M. A., & Amin Mousavi, S. A. (2023). Presenting a Cybersecurity Maturity Model for Critical Infrastructures. Technology Development, 22-32.

Alshaikh, O., Parkinson, S., & Khan, S. (2024). Exploring Perceptions of Decision-Makers and Specialists in Defensive Machine Learning Cybersecurity Applications: The Need for a Standardized Approach. Computers & Security, 139, 103694. https://doi.org/10.1016/j.cose.2023.103694

Bijani, S., Talebi, M., Entezari, M. H., & Saleh Esfahani, M. (2023). A Conceptual Cybersecurity Maturity Model for the Country's Large Telecommunication Operators: Mobile Operators. National Security, 13(48), 137-154.

Brezavšček, A., & Baggia, A. (2025). Recent Trends in Information and Cyber Security Maturity Assessment: A Systematic Literature Review. Systems, 13(1), 52. https://doi.org/10.3390/systems13010052

Büyüközkan, G., & Güler, M. (2025). Cybersecurity Maturity Model: Systematic Literature Review and a Proposed Model. Technological Forecasting and Social Change, 213, 123996. https://doi.org/10.1016/j.techfore.2025.123996

Buzdugan, A., & Căpățână, G. (2023). The Trends in Cybersecurity Maturity Models. Education, Research and Business Technologies: Proceedings of 21st International Conference on Informatics in Economy (IE 2022), Singapore. https://doi.org/10.1007/978-981-19-6755-9_18

Dornheim, P., & Zarnekow, R. (2024). Determining Cybersecurity Culture Maturity and Deriving Verifiable Improvement Measures. Information & Computer Security, 32(2), 179-196. https://doi.org/10.1108/ICS-07-2023-0116

Hein-Pensel, F., Winkler, H., Brückner, A., Wölke, M., Jabs, I., Mayan, I. J., & Zinke-Wehlmann, C. (2023). Maturity Assessment for Industry 5.0: A Review of Existing Maturity Models. Journal of Manufacturing Systems, 66, 200-210. https://doi.org/10.1016/j.jmsy.2022.12.009

Hindka, M. (2024). Design and Analysis of Cybersecurity Capability Maturity Model. International Research Journal of Modernization in Engineering Technology and Science, 06(03).

Koolen, C., Wuyts, K., Joosen, W., & Valcke, P. (2024). From Insight to Compliance: Appropriate Technical and Organizational Security Measures through the Lens of Cybersecurity Maturity Models. Computer Law & Security Review, 52, 105914. https://doi.org/10.1016/j.clsr.2023.105914

Lee, G., Kim, S., Lee, I., Brown, S., & Carbajal, Y. A. (2025). Adapting Cybersecurity Maturity Models for Resource-Constrained Settings: A Case Study of Peru. The Electronic Journal of Information Systems in Developing Countries, 91(1), e12350. https://doi.org/10.1002/isd2.12350

Möller, D. P. (2023). Cybersecurity Maturity Models and SWOT Analysis. In Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices (pp. 305-346). Springer Nature Switzerland. https://doi.org/10.1007/978-3-031-26845-8_7

Ramezani, R., Sepehri, M., & Aminzadeh, A. M. (2023). A Cyber-Resilience Maturity Model for Command-and-Control Systems in Confronting Future Threats. Defense Futures Studies, 8(30), 39-66.

Rouhani, A., & Mohammadzadeh Chalki, M. S. (2024). Assessment of Security Maturity Level in Payment Service Provider Companies. Twenty-Second National Conference on Computer Science and Engineering and Information Technology, Babol.

Russo, N., Reis, L., Silveira, C., & Mamede, H. S. (2024). Towards a Comprehensive Framework for the Multidisciplinary Evaluation of Organizational Maturity on Business Continuity Program Management: A Systematic Literature Review. Information Security Journal: A Global Perspective, 33(1), 54-72. https://doi.org/10.1080/19393555.2023.2195577

Downloads

Published

2026-09-01

Submitted

2026-02-04

Revised

2026-06-04

Accepted

2026-06-13

Issue

Section

Articles

How to Cite

Rahimiyan , A., Esmaeilpour, M., & Bayat , B. (2026). A Model for Implementing a Cybersecurity Maturity Model in Government Organizations. Digital Transformation and Administration Innovation, 1-14. https://journaldtai.com/index.php/jdtai/article/view/274

Similar Articles

21-30 of 181

You may also start an advanced similarity search for this article.