Cybersecurity Maturity Model to Prevent Cyberattacks on Web Applications Based on ISO 27032 and NIST

During the last years, the number of cyberattacks, especially on web applications, has been increasing. Cyber agents target both large and small companies, which is why it is necessary for organizations to have a tool to help them prevent cyberattacks on their web applications such as a cybersecurity maturity model. The proposed model was built considering frameworks and methodologies such as those provided by NIST and ISO, and it defines four levels of cybersecurity maturity: initial, defined, established, and improved. Additionally, the model includes twelve domains and four categories to be considered as a multidimensional model. The proposed model stands out for incorporating two quality standards, the CSF of NIST and the ISO 27032 standard, and being available as part of a technological solution, a web application. This allows anyone to use the model without requiring assistance from the development team, with a track record of assessments and instant results that include recommendations for each domain on how to improve the maturity level and an assessment history. As a result of the validation, fifteen experts participated in the process where they evaluated a web application of their organization and answered a Google questionnaire. The responses were positive, demonstrating that the model fulfills its purpose of being a useful tool for organizations, enabling a quick and automated evaluation of security in their web applications. This contributes to the prevention of cyberattacks and the protection of the sensitive data of its users.