{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T14:05:37Z","timestamp":1776780337830,"version":"3.51.2"},"reference-count":52,"publisher":"Springer Science and Business Media LLC","issue":"3","license":[{"start":{"date-parts":[[2022,4,10]],"date-time":"2022-04-10T00:00:00Z","timestamp":1649548800000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,4,10]],"date-time":"2022-04-10T00:00:00Z","timestamp":1649548800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["SN COMPUT. SCI."],"published-print":{"date-parts":[[2022,5]]},"DOI":"10.1007\/s42979-022-01108-x","type":"journal-article","created":{"date-parts":[[2022,4,10]],"date-time":"2022-04-10T16:02:36Z","timestamp":1649606556000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":15,"title":["Cybersecurity Resilience Maturity Assessment Model for Critical National Information Infrastructure"],"prefix":"10.1007","volume":"3","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-7749-2021","authenticated-orcid":false,"given":"Victor Emmanuel","family":"Kulugh","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Uche M.","family":"Mbanaso","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gloria","family":"Chukwudebe","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2022,4,10]]},"reference":[{"key":"1108_CR1","first-page":"1","volume":"000","author":"J Hara\u0161ta","year":"2018","unstructured":"Hara\u0161ta J. Legally critical: defining critical infrastructure in an interconnected world. IJCIP. 2018;000:1\u201310.","journal-title":"IJCIP"},{"key":"1108_CR2","unstructured":"Sharma M. Securing critical information infrastructure global perspectives and practices, First. New Delhi: Institute for Defence Studies and Analyses; 2017."},{"key":"1108_CR3","doi-asserted-by":"crossref","unstructured":"Pursiainen C, R\u00f8d B, Baker G, Honfi D, Lange D. Critical infrastructure resilience index. In: 26th European Safety and Reliability conference, ESREL, 2017, pp. 2183\u20132189.","DOI":"10.1201\/9781315374987-330"},{"key":"1108_CR4","unstructured":"Australian Government, Critical infrastructure resilience strategy, no. September 2001; 2010."},{"issue":"1","key":"1108_CR5","doi-asserted-by":"publisher","first-page":"1318","DOI":"10.1002\/j.2334-5837.2016.00229.x","volume":"26","author":"MA Thompson","year":"2016","unstructured":"Thompson MA, Ryan MJ, Slay J, Mclucas AC. A new resilience taxonomy. Incose Int Symp. 2016;26(1):1318\u201330.","journal-title":"Incose Int Symp."},{"key":"1108_CR6","doi-asserted-by":"publisher","first-page":"100340","DOI":"10.1016\/j.ijcip.2020.100340","volume":"28","author":"L Petersen","year":"2020","unstructured":"Petersen L, et al. Resilience for whom\u202f? The general public\u2019s tolerance levels as CI resilience criteria. Int J Crit Infrastruct Protect. 2020;28:100340.","journal-title":"Int J Crit Infrastruct Protect."},{"key":"1108_CR7","doi-asserted-by":"crossref","unstructured":"Petit F, Bassett G, Buehring WA, Whitfield RG. Resilience measurement index: an indicator of critical infrastructure resilience. no. April, p. 70; 2013.","DOI":"10.2172\/1087819"},{"key":"1108_CR8","doi-asserted-by":"publisher","first-page":"125","DOI":"10.1016\/j.ijcip.2019.03.003","volume":"25","author":"D Rehak","year":"2019","unstructured":"Rehak D, Senovsky P, Hromada M, Lovecek T. Complex approach to assessing resilience of critical infrastructure elements. Int J Crit Infrastruct Prot. 2019;25:125\u201338.","journal-title":"Int J Crit Infrastruct Prot"},{"key":"1108_CR9","doi-asserted-by":"crossref","unstructured":"Becker J, Knackstedt R, P\u00f6ppelbu\u00df J. Developing maturity models for it management \u2013 a procedure model and its application. Entwicklung von Reifegradmodellen f\u00fcr das IT-Management \u2013 Vor. und Prakt. Anwendung. WIRTSCHAFTSINFORMATIK., p. Ralf Knackstedt; 2009.","DOI":"10.1007\/s11576-009-0167-9"},{"issue":"10","key":"1108_CR10","doi-asserted-by":"publisher","first-page":"3660","DOI":"10.3390\/app10103660","volume":"10","author":"A Aliyu","year":"2020","unstructured":"Aliyu A, et al. A holistic cybersecurity maturity assessment framework for higher education institutions in the United Kingdom. Appl Sci MDPI. 2020;10(10):3660.","journal-title":"Appl Sci MDPI"},{"issue":"4","key":"1108_CR11","doi-asserted-by":"publisher","first-page":"733","DOI":"10.1193\/1.1623497","volume":"19","author":"M Bruneau","year":"2003","unstructured":"Bruneau M, et al. A framework to quantitatively assess and enhance the seismic resilience of communities. Earthq Spectra. 2003;19(4):733\u201352.","journal-title":"Earthq Spectra"},{"key":"1108_CR12","unstructured":"USA Patriot Act. USA PATRIOT act additional reauthorizing amendments Act of 2006 (S. 2271). vol. 2005, pp. 1\u20136; 2001."},{"key":"1108_CR13","unstructured":"F. Draft. Republic of Ghana Ministry of Communications Ghana National Cyber Security Policy & Strategy Final Draft; 2015."},{"key":"1108_CR14","unstructured":"F. Republic. National cybersecurity policy and strategy, no. February; 2021."},{"key":"1108_CR15","unstructured":"ITU-T. Risk and resilience report 9 measuring critical infrastructure resilience\u202f: possible indicators. ETH, Zurich; 2014."},{"key":"1108_CR16","unstructured":"ENISA. Methodologies for the identification of Critical Information Infrastructure assets and services, no. December; 2014."},{"key":"1108_CR17","doi-asserted-by":"crossref","unstructured":"Klaver M, Luiijf E. Analyzing the cyber risk in critical infrastructures. In: Issues on risk analysis for critical infrastructure protection, IntechOpen; 2021.","DOI":"10.5772\/intechopen.94917"},{"issue":"1","key":"1108_CR18","doi-asserted-by":"publisher","first-page":"3","DOI":"10.1504\/IJSSE.2010.035378","volume":"2","author":"HAM Luiijf","year":"2010","unstructured":"Luiijf HAM, Nieuwenhuijs AH, Klaver MHA, Van Eeten MJG, Cruz E. Empirical findings on European critical infrastructure dependencies. Int J Syst Syst Eng. 2010;2(1):3\u201318.","journal-title":"Int J Syst Syst Eng"},{"key":"1108_CR19","first-page":"1","volume":"7778","author":"M Iturriza","year":"2018","unstructured":"Iturriza M, Labaka L, Sarriegi JM, Hernantes J. Modelling methodologies for analysing critical infrastructures. J Simul. 2018;7778:1\u201316.","journal-title":"J Simul"},{"key":"1108_CR20","doi-asserted-by":"crossref","unstructured":"Mbanaso UM, Kulugh VE. Empirical findings of assessment of critical infrastructure degree of dependency on ICT. In: International Conference on Cybersecurity in Emerging Digital Era, 2021, no. Ci.","DOI":"10.1007\/978-3-030-84842-2_1"},{"key":"1108_CR21","unstructured":"Mbanaso UM, Kulugh VE. Empirical findings of assessment of critical infrastructure degree of dependency on ICT. no. Cii."},{"key":"1108_CR22","unstructured":"Tatar U, Gokce Y, Gheorghe A. Strategic cyber defense: a multidisciplinary perspective. In: NATO Advanced Research Workshop on A Framework for a Military Cyber Defense Strategy; 2017."},{"key":"1108_CR23","unstructured":"Levesque M. Understanding cybersecurity maturity models within the context of energy regulations. Europe and Eurasia; 2020."},{"key":"1108_CR24","doi-asserted-by":"publisher","first-page":"96","DOI":"10.1016\/j.cities.2018.07.010","volume":"84","author":"J Hernantes","year":"2019","unstructured":"Hernantes J, Mara\u00f1a P, Gimenez R, Sarriegi JM, Labaka L. Towards resilient cities: a maturity model for operationalizing resilience. Cities. 2019;84:96\u2013103.","journal-title":"Cities"},{"key":"1108_CR25","first-page":"1","volume":"00","author":"R Pereira","year":"2020","unstructured":"Pereira R, Serrano J. A review of methods used on IT maturity models development: a systematic literature review and a critical analysis. J Inf Technol. 2020;00:1\u201318.","journal-title":"J Inf Technol"},{"key":"1108_CR26","doi-asserted-by":"publisher","first-page":"81","DOI":"10.1504\/IJSSS.2011.038934","volume":"3","author":"T Mettler","year":"2011","unstructured":"Mettler T. Maturity assessment models: a design science research approach. Int J Soc Syst Sci. 2011;3:81.","journal-title":"Int J Soc Syst Sci"},{"key":"1108_CR27","doi-asserted-by":"crossref","unstructured":"Caralli R, Knight M, Montgomery A. Maturity models 101\u202f: a primer for applying maturity models to smart grid security, resilience, and interoperability. CERT\/Software Eng. Inst., no. November; 2012.","DOI":"10.21236\/ADA610461"},{"key":"1108_CR28","unstructured":"Baumgartner J, Hood J, Korcher T, Steinberg B, Lagraffe D. Cybersecurity capability maturity model ( C2M2 ) Version 2.0; 2019."},{"key":"1108_CR29","unstructured":"Rod B, Babaradi A, Gudmestad OT. Characteristics of arctic infrastructure resilience: application of expert judgement. In: Twenty-sixth (2016) International Ocean and Polar Engineering Conference; 2016, pp. 1226\u20131233."},{"key":"1108_CR30","unstructured":"Tim P, Jonas H. Measuring resilience: benefits and limitations of resilience indices, no. March, p. 26; 2012."},{"issue":"5","key":"1108_CR31","first-page":"417","volume":"16","author":"B Manyena","year":"2011","unstructured":"Manyena B, O\u2019Brien G, O\u2019Keefe P, Rose J. Disaster resilience: a bounce back orbounce forward ability? Int J Justice Sustain. 2011;16(5):417\u201324.","journal-title":"Int J Justice Sustain"},{"key":"1108_CR32","doi-asserted-by":"publisher","first-page":"672","DOI":"10.3390\/resources3040672","volume":"3","author":"D Kerner","year":"2014","unstructured":"Kerner D, Thomas JS. Resilience attributes of social-ecological systems: framing metrics for management. Resources. 2014;3:672\u2013702.","journal-title":"Resources"},{"issue":"1","key":"1108_CR33","doi-asserted-by":"publisher","first-page":"12","DOI":"10.1027\/1016-9040\/a000124","volume":"18","author":"D Fletcher","year":"2013","unstructured":"Fletcher D, Sarkar M. Psychological resilience: a review and critique of definitions, concepts, and theory. Eur Psychol. 2013;18(1):12\u201323.","journal-title":"Eur Psychol"},{"key":"1108_CR34","doi-asserted-by":"publisher","DOI":"10.2172\/1044521","author":"JL Carlson","year":"2012","unstructured":"Carlson JL, et al. Resilience: theory and application. Argonne Natl Lab. 2012. https:\/\/doi.org\/10.2172\/1044521.","journal-title":"Argonne Natl Lab"},{"key":"1108_CR35","unstructured":"NIST. Framework for improving critical infrastructure cybersecurity, Version 1.1; 2018."},{"key":"1108_CR36","unstructured":"USA Department of Defense (DoD).\u201cCybersecurity maturity model certification (CMMC); 2020."},{"key":"1108_CR37","first-page":"1","volume":"23","author":"UM Mbanaso","year":"2019","unstructured":"Mbanaso UM, Abrahams L, Apene Z. Conceptual design of a cybersecurity resilience maturity measurement (CRMM) framework. Afr J Inf Commun. 2019;23:1\u201326.","journal-title":"Afr J Inf Commun"},{"key":"1108_CR38","doi-asserted-by":"crossref","unstructured":"R\u00f8d B, Pursiainen C, Reitan NK, Storesund K, Lange D, Da Silva MM. Evaluation of resilience assessment methodologies. In Cepin M, Bris R, editors, safety and reliability\u2014theory and applications. In: 27th European Safety and Reliability Conference, ESREL; 2018, pp. 1039\u20131051.","DOI":"10.1201\/9781315210469-133"},{"key":"1108_CR39","volume-title":"Research design: qualitative, quantitative and mixed methods approaches","author":"JW Creswell","year":"2014","unstructured":"Creswell JW. Research design: qualitative, quantitative and mixed methods approaches. 4th ed. Califonia: SAGE Publications Inc; 2014.","edition":"4"},{"key":"1108_CR40","volume-title":"Researching information systems and computing","author":"BJ Oates","year":"2006","unstructured":"Oates BJ. Researching information systems and computing. SAGE Publications Ltd; 2006."},{"issue":"1","key":"1108_CR41","doi-asserted-by":"publisher","first-page":"75","DOI":"10.2307\/25148625","volume":"28","author":"AR Hevner","year":"2004","unstructured":"Hevner AR, March ST, Park J, Ram S. Design science in information systems research. MIS Q Manag Inf Syst. 2004;28(1):75\u2013105.","journal-title":"MIS Q Manag Inf Syst"},{"key":"1108_CR42","unstructured":"Centre for Internet Security (CIS). CIS Critical Security Controls; 2021."},{"key":"1108_CR43","unstructured":"ITU. Global cybersecurity index: measuring commitment to cybersecurity, Geneva, Switzerland; 2020."},{"issue":"2011","key":"1108_CR44","first-page":"4","volume":"23","author":"G Walker","year":"2010","unstructured":"Walker G, Sommerville I. Socio-technical systems: from design method to systems engineering. Interact Comput. 2010;23(2011):4\u201317.","journal-title":"Interact Comput"},{"key":"1108_CR45","first-page":"110","volume":"4","author":"UM Mbanaso","year":"2020","unstructured":"Mbanaso UM. An investigation of cybersecurity vulnerability landscape. Int Conf Emerg Appl Technol Indust. 2020;4:110\u201323.","journal-title":"Int Conf Emerg Appl Technol Indust"},{"key":"1108_CR46","unstructured":"Smith A, Stirling A. Social-ecological resilience and sociotechnical transitions: critical issues for sustainability governance: STEPS Working Paper 8, Brighton: STEPS Centre, 2008."},{"issue":"23","key":"1108_CR47","first-page":"1","volume":"23","author":"UM Mbanaso","year":"2019","unstructured":"Mbanaso UM, Abrahams L, Apene OZ. Conceptual design of a cybersecurity resilience maturity measurement (CRMM) framework. Afr J Inf Commun. 2019;23(23):1\u201326.","journal-title":"Afr J Inf Commun"},{"key":"1108_CR48","doi-asserted-by":"crossref","unstructured":"Ross R, Pilliteri V, Graudbart R, Bodeau D, Mcquaid R. Developing cyber resilient systems: a systems security approach. NIST, 2019.","DOI":"10.6028\/NIST.SP.800-160v2"},{"key":"1108_CR49","unstructured":"Framework for improving critical infrastructure cybersecurity; 2018."},{"key":"1108_CR50","doi-asserted-by":"crossref","unstructured":"Uher J. Quantitative data from rating scales : An epistemological and methodological enquiry. Front. Psychol.  2018;9(2599).","DOI":"10.3389\/fpsyg.2018.02599"},{"key":"1108_CR51","unstructured":"C Information, S Manager, IS Control, S Tools, R Meadows. COBIT\u00ae 5 Implementation\u2014supplemental tools and materials table of contents, pp. 2\u20134; 2013."},{"key":"1108_CR52","doi-asserted-by":"crossref","unstructured":"Mbanaso U, Kulugh V, Musa H, Aimufua G, Conceptual Framework for the Assessment of the Degree of Dependency of Critical National Infrastructure on ICT in Nigeria, vol. 1, no. Icecco; 2019.","DOI":"10.1109\/ICECCO48375.2019.9043230"}],"container-title":["SN Computer Science"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-022-01108-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1007\/s42979-022-01108-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/s42979-022-01108-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,9]],"date-time":"2022-05-09T17:57:59Z","timestamp":1652119079000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/s42979-022-01108-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,10]]},"references-count":52,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2022,5]]}},"alternative-id":["1108"],"URL":"https:\/\/doi.org\/10.1007\/s42979-022-01108-x","relation":{},"ISSN":["2662-995X","2661-8907"],"issn-type":[{"value":"2662-995X","type":"print"},{"value":"2661-8907","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,10]]},"assertion":[{"value":"18 November 2021","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"23 March 2022","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"10 April 2022","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"This article is part of the Cybersecurity and Critical National Infrastructure (CNI) research project which is supported by TETFund National Research Fund (NRF) research grant TETF\/DR&D\/CE\/NRF\/UNI\/KEFFI\/VOL.1\/B5 to Nasarawa State University, Keffi, Nigeria.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Conflict of Interest"}}],"article-number":"217"}}