Cyber security maturity model for web applications against cyber attacks oriented to the finance sector

Abstract

"Cyber-attacks are growing increasingly regular and serious as information and communication technologies progress and are widely adopted in infrastructures. Finance, health, grid, retail, government, telecommunications, transportation, and other industries are seeing an increase in advanced cybersecurity threats with automated capabilities. To detect, respond to, and prevent such security breaches, enhanced security analytics and automation are required. The goal of this research is to decrease cyber risks and vulnerabilities while also improving the financial sector's cybersecurity capabilities by analyzing their cybersecurity maturity levels and giving recommendations for changes.

Given that projections for information security point to an increase in attacks on the finance sector, as well as the lack or limited diffusion of security maturity models that allow organizations to know the status of their website in terms of security, and that existing models lack post-evaluation monitoring, it is necessary to propose a model of security maturity of web applications against cyber-attacks that is oriented toward the finance sector. The proposed model will be based on the International Professional Practice Framework methodology and will include the major vulnerabilities published by the Open Web Application Security Project in order to propose attacks that identify the weaknesses of the evaluated web system, allowing the client company to strengthen its weaknesses. Guides will also be offered to identify techniques to strengthen crucial security areas. "