A Novel Maturity Model for MSSP Assessment

Nowadays growing threat and security risks in information and communication technology and also increasing use of information and communication technologies are two main decision makers for organizations, service providers and the general public. Resource limitation and the lack of expert in cyber security have made lots of major challenge for different service providers in dealing with and managing security threats. In many developing countries, this problem has been solved using Managed Security Service Providers. Managed Security Services are network-based security services that are outsourced by a trusted third party. The diversity of Managed Security Service Providers affects the effectiveness and efficiency of decision making in this area. Therefore, in order to outsource the security services, the assessment of these organizations is inevitable. This assessment can be done by various mechanisms. One of the acceptable strategies in the security is the maturity model. Maturity models are step-by-step solutions to grow organizational capabilities Along with a predicted, desirable, and logical path. In fact, maturity models provide standard way to assess process maturity along with business process improvement. Until now, no maturity model has been developed to assess the Managed Security Service Providers. Therefore, in this paper, we have proposed a novel model to external evaluation of the Managed Security Service Providers based on maturity model. The evaluation of the proposed maturity model is based on multiple case studies. We have optimized our proposed model by using these case studies in three different MSSPs.