AP4SIM3: A Network-Based Methodology for Prioritizing Corrective Actions in SIM3-Based CSIRT Assessments
摘要
The Security Incident Management Maturity Model (SIM3) provides a structured framework for assessing CSIRT maturity. However, it does not offer a reproducible method to prioritize corrective actions among its parameters, making improvement planning subjective and inconsistent. To address this gap, we propose AP4SIM3, a novel methodology that transforms expert-defined interdependencies among SIM3 Version 1 parameters into an undirected network structure. By applying multiple network centrality metrics—including degree, harmonic, betweenness, and PageRank—we identify key parameters that significantly influence overall maturity progression. The analysis reveals that PageRank and harmonic centrality are particularly effective in highlighting high-priority parameters, providing intuitive and quantifiable guidance for corrective actions. Since the proposed method is agnostic to the origin of the structural input, it can accommodate diverse hypothetical or empirical models and enables comparative assessment across alternative structures. Furthermore, this flexible framework supports iterative refinement and structural hypothesis testing. Unlike conventional approaches that rely on subjective judgment, AP4SIM3 offers a transparent and repeatable decision-support process. By integrating principles from network theory and risk management, the methodology contributes to a practical and extensible tool for improving CSIRT capabilities. This work addresses a key limitation of SIM3 and enables data-driven decision-making in cybersecurity maturity planning.