Design–Action Maturity for National Cybersecurity (DAM–NC): An Adaptive Methodology for Context-Constrained Environments
摘要
Cybersecurity maturity has become a key concern for nations aiming to strengthen digital resilience in an increasingly interconnected world. Existing frameworks–such as the Capability Maturity Model (CMM), the NIST Cybersecurity Framework (CSF), and the ISO/IEC 27001 standards–provide solid foundations for organizational security management but remain insufficient to guide national-level capability development in developing countries. These approaches often assume institutional stability, technical expertise, and sustained resources, which are not always available in low-capacity contexts. To address this gap, this paper proposes the Design-Action Maturity for National Cybersecurity (DAM-NC) methodology, which integrates principles from Design Science Research (DSR) and Action Design Research (ADR). DAM-NC introduces a context-adaptive and participatory framework structured around four iterative phases: diagnosis, design, validation, and continuous improvement. It aims to transform static maturity assessments into dynamic learning processes that align global standards with local realities. Although the empirical validation of DAM-NC remains in progress, the conceptual model provides a replicable foundation for designing national cybersecurity strategies in resource-constrained environments. This work contributes a methodological pathway that enables developing nations to advance from fragmented compliance efforts toward coherent, evidence-based, and sustainable cybersecurity governance.