Prototype to Identify the Capacity in Cybersecurity Management for a Public Organization

Abstract

Public organizations are subjected to a complex security situation, which can be addressed by permanently strengthening and evaluating their cybersecurity capabilities. The objective of this research is to develop a model to identify the cybersecurity management capacity of public organizations. The deductive method was applied for the review and analysis of criteria, factors and variables related to cybersecurity capacity in public organizations. It resulted in a model to identify the Cybersecurity Management Capacity of public organizations, with its process to assess and categorize organizations according to their level of cybersecurity capacity. It was concluded that public organizations from developed countries in cybersecurity such as Spain have better capacities (greater than 60% CMC) than less developed countries such as Ecuador (less than 60% CMC), due to the cybersecurity context where these organizations operate. To obtain a high level of cybersecurity, public organizations must have the support of the governments of the different political divisions of a country, as well as permanent international collaboration in the field of cybersecurity.