Analysis and Study of a Cybersecurity Maturity Assessment System for SMEs

Stefano Bistarelli, Sara Geoli, Chiara Luchini and Ivan Mercanti
Proceedings of the Joint National Conference on Cybersecurity (ITASEC & SERICS 2025), Bologna, Italy, February 03-08, 2025.
url: https://ceur-ws.org/Vol-3962/paper27.pdf

Abstract

Small and Medium Enterprises (SMEs) are increasingly vulnerable to cyber threats due to limited resources and the absence of tailored cybersecurity frameworks, especially in Italy. This study presents the development of a Cybersecurity Maturity Assessment System designed specifically for SMEs, integrating updates from NIST Cybersecurity Framework (CSF) version 2.0 and the Italian National Framework for Cybersecurity and Data Protection. A refined Framework Core was developed by synthesizing elements from these frameworks, complemented by a simplified methodology derived from official national guidelines. A web-based Cybersecurity Assessment Tool was implemented to guide users through the evaluation process, facilitating the creation of Target and Current Profiles and generating comprehensive Cybersecurity Assessment Reports.