A Multi-Criteria Evaluation of Cybersecurity Incident Management Frameworks: Integrating AHP, CMMI and SWOT

Year 2026, Volume: 9 Issue: 1, 158 - 179, 15.01.2026

Hasan Çağlar Ağar , Baris Celiktas

https://doi.org/10.34248/bsengineering.1729927

https://izlik.org/JA27ZP29KH

Abstract

With the growing complexity and frequency of cybersecurity incidents, the selection of an appropriate incident management framework has emerged as a strategic imperative and a nontrivial decision-making problem for organizations operating across diverse sectors. This study presents a multi-dimensional evaluation of four globally recognized frameworks and standards—ISO 27035, NIST 800-61, ITIL v4, and PCI DSS—to determine their effectiveness across 10 rigorously selected key performance parameters. The initial stage of the study involved the identification of 20 preliminary parameters through expert input and literature synthesis. These were then evaluated by 70 cybersecurity professionals using a hybrid decision-making model combining Likert scale scoring, standard deviation filtering, CV score, Z-score normalization and the Analytic Hierarchy Process (AHP) for pairwise comparisons. The top 10 key parameters were derived based on calculated priority weights. To assess each framework, we applied the Capability Maturity Model Integration (CMMI) and visualized results via radar charts and heatmaps, offering comparative insights into operational maturity. Additionally, SWOT analysis was conducted to examine strategic positioning and identify opportunities for improvement. The outcomes not only provide a practical benchmarking guide for practitioners but also introduce a replicable, evidence-based methodology for academic and industry adoption. This work offers a novel and structured lens to evaluate incident management maturity, addressing the pressing need for strategic alignment, automation integration, and adaptive resilience in cybersecurity operations.

Keywords

Incident management , Framework comparison , Evaluation criteria , Maturity model , Analytic hierarchy process , SWOT analysis

Ethical Statement

Ethics committee approval was not required for this study because of there was no study on animals or humans.

References

• Abid, M., Nanda, P., & Mohanty, M. (2024). Incident Response Adaptive Metrics Framework. 17th International Conference on Security Information Networking (SIN), Sydney, Australia, 1–8.
• Aguiar, J., Pereira, R., Vasconcelos, J. B., & Bianchi, I. (2018). An overlapless incident management maturity model for multi-framework assessment (ITIL, COBIT, CMMI-SVC). Interdisciplinary Journal of Information, Knowledge, and Management, 13, 137–163.
• Agutter, C. (2020). ITIL Foundation Essentials ITIL 4 Edition: The ultimate revision guide. IT Governance Publishing Ltd.
• Agyepong, E., & Onwubiko, C. (2025). An Exemplar Incident Response Plan for Security Operations Centre Analysts. In M. G. Jaatun et al. (Eds.), Proceedings of the International Conference on Cybersecurity Situational Awareness, Social Media and Cyber Science Proceedings of Complex. Springer, Singapore.
• Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How integration of cyber security management and incident response enables organizational learning. Journal of the Association for Information Science and Technology, 71(8), 939–953.
• Ak, M. F., & Gul, M. (2019). AHP–TOPSIS integration extended with Pythagorean fuzzy sets for information security risk analysis. Complex & Intelligent Systems, 5(2), 113–126.
• Alevizos, L. (2025). Automated cybersecurity compliance and threat response using AI, blockchain and smart contracts. International Journal of Information Technology, 17, 767–781.
• AlHogail, A. (2015). Design and validation of information security culture framework. Computers in Human Behavior, 49, 567–575.
• Ali, G., Shah, S., & ElAffendi, M. (2025). Enhancing cybersecurity incident response: AI-driven optimization for strengthened advanced persistent threat detection. Results in Engineering, 25, 104078.
• Almashaqbeh, I., & Almomani, A. (2023). AI4SOAR: A security intelligence tool for automated incident response. IEEE Access, 11, 52361–52372.
• Becker, J., Knackstedt, R., & Pöppelbuß, J. (2009). Developing Maturity Models for IT Management. Business & Information Systems Engineering, 1, 213–222.
• Bhole, G. P., & Deshmukh, T. (2018). Multi-criteria decision making (MCDM) methods and its applications. International Journal of Research in Applied Sciences and Engineering Technology, 6(5), 899–915.
• Bin Ibrahim, I., Abdul, S., Khan, S. M., Sattar, S. A., & Safi, M. (2023). AI for cyber security: Automated incident response systems. (Kaynak türü ve yayıncı eksik olduğundan rapor/kitap olarak formatlanmıştır).
• Black Hat. (2023). Selected whitepapers and presentations from Black Hat USA 2023. Black Hat Conference. https://blackhat.com/html/archives.html
• Bridges, R. A., Liska, J. H., Khambam, S. K. R., Allen, M., & Sotomayor, P. (2023). Testing SOAR tools in use. Computers & Security, 129, 103201. https://doi.org/10.1016/j.cose.2023.103201
• Caralli, J., Knight, M., Allen, J., & White, T. (2010). CERT® Resilience Management Model: A maturity model for managing operational resilience (pp. 8–21). Addison-Wesley Professional.
• Casino, F., Dasaklis, T. K., Spathoulas, G. P., Anagnostopoulos, M., Ghosal, A., Borocz, I., & Patsakis, C. (2022). Research trends, challenges, and emerging topics in digital forensics: A review of reviews. IEEE Access, 10, 25464–25493.
• Cater-Steel, A. (2007). Integration of Service Management with CMMI® and SPICE. Proceedings of the 5th Annual SEPG Australia Conference.
• Chambers, M. D. (2022). Exploring the standards cybersecurity practitioners need to comply with multinational cybersecurity requirements [Doktora tezi, Colorado Technical University].
• Chippagiri, S., & Ramesh, A. (2025). PCI DSS: A Critical Analysis of Implementation, Effectiveness, and Legislative Impact in Payment Card Security. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 11(1), 1258–1266.
• Chirra, D. R. (2023). Towards an AI-Driven Automated Cybersecurity Incident Response System. International Journal of Advanced Engineering Technology and Innovation, 1(1), 429–451.
• Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer security incident handling guide (NIST Special Publication 800-61 Rev. 1). National Institute of Standards and Technology. CMMI Product Team. (2006). CMMI® for development, Version 1.2: Preface. Software Engineering Institute, Carnegie-Mellon University.
• Damaševičius, R., Toldinas, J., Venčkauskas, A., Grigaliūnas, Š., Morkevičius, N., & Jukavičius, V. (2019). Visual analytics for cyber security domain: State-of-the-art and challenges. In Communications in Computer and Information Science: Information Software Technology (Vol. 1078). Springer, Cham.
• Dombora, S. (2018). Integrated incident management model for data privacy and information security. Book of Proceedings, 319.
• Donne, K. E., Hughes, D. L., Williams, M. D., & Davies, G. H. (2021). The underlying complexities impacting accelerator decision making—a combined methodological analysis. IEEE Transactions on Engineering Management, 70(1), 312–327.
• Dykstra, J., Met, J., Backert, N., Mattie, R., & Hough, D. (2022). Action Bias and the Two Most Dangerous Words in Cybersecurity Incident Response: An Argument for More Measured Incident Response. IEEE Security & Privacy, 20(3), 102–106.
• Eberhard, K. (2023). The effects of visualization on judgment and decision-making: a systematic literature review. Management Review Quarterly, 73(1), 167–214.
• Freas, R. L., Adair, H. F., & Hammad, E. (2022). An Engineering Process Framework for Cybersecurity Incident Response Assessment. IEEE Conference on Dependable and Secure Computing (DSC), Edinburgh, United Kingdom, 1–8.
• Garae, J., & Ko, R. K. (2017). Visualization and data provenance trends in decision support for cybersecurity. In Data Analytics and Decision Support for Cybersecurity: Trends, methodologies and applications (pp. 243–270). Springer International Publishing. (Editör bilgisi eksiktir).
• Gnanasekaran, V., Fatima, U., & Glas, M. (2025). A Model-Based Framework for Developing Security-Safety Incident Response Plans. International Journal of Information Security, 24, 229.
• Gnanasekaran, V., Neudert, R., Heegaard, P. E., & Pernul, G. (2025). A Role Taxonomy in Security-Safety Incident Response. In Availability, Reliability, and Security: Lecture Notes in Computer Science (Vol. 15995). Springer, Cham.
• Greiman, V. (2015). Cybersecurity and Global Governance. Journal of Information Warfare, 14(4), 1–14.
• Grobauer, B., & Schreck, T. (2010). Towards incident handling in the cloud: challenges and approaches. Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop (CCSW '10) (pp. 77–86). ACM.
• Gunnam, V., & Kilaru, N. B. (2021). Securing PCI Data: Cloud Security Best Practices And Innovations. Natural Volatiles & Essential Oils, 8(4), 317–328. (Sayfa aralığı tahmini olarak eklenmiştir).
• Hatzivasilis, G., Lakka, E., & Athanatos, M. (2024). Swarm-intelligence for the modern ICT ecosystems. International Journal of Information Security, 23, 2951–2975.
• Humayun, M., Niazi, M., & Jhanjhi, N. (2020). Cyber security threats and vulnerabilities: A systematic mapping study. Arabian Journal for Science and Engineering, 45, 3171–3189.
• International Organization for Standardization. (2016). ISO/IEC 27035-1:2016: Information technology—Security techniques—Information security incident management—Part 1: Principles and process.
• International Organization for Standardization. (2019). ISO 22301:2019: Security and resilience—Business continuity management systems—Requirements.
• Islam, S., Javeed, D., Saeed, M. S., Kumar, P., Jolfaei, A., & Islam, A. N. (2024). Generative AI and cognitive computing-driven intrusion detection system in industrial CPS. Cognitive Computation, 16(5), 2611–2625.
• Jangampeta, S., & Khambam, S. K. R. (2020). Impact of SIEM on compliance: Achieving security and adherence simultaneously. Turkish Journal of Computer and Mathematics Education, 11(01), 1080–1083.
• Jäntti, M. (2009). Defining Requirements for an Incident Management System: A Case Study. Proceedings of the 4th International Conference on Systems, Gosier, France, 184–189.
• Jayanthi, M. K. (2017). Strategic Planning for Information Security -DID Mechanism to befriend the Cyber Criminals to assure Cyber Freedom. 2nd International Conference on Anti-Cyber Crimes (ICACC), Abha, Saudi Arabia, 142–147.
• Karanko, K. (2015). Applying the information technology infrastructure library in a multi-vendor environment. (Kaynak türü ve yayıncı eksik olduğundan rapor olarak formatlanmıştır).
• Karri, N., & Jangam, S. K. (2021). Security and Compliance Monitoring. International Journal of Emerging Trends in Computer Science and Information Technology, 2(2), 73–82.
• Killcrece, G., Kossakowski, K. P., Ruefle, R., & Zajicek, M. (2003). Organizational models for computer security incident response teams (CSIRTs) (SEI Hand book HB-001-15213). Software Engineering Institute, Carnegie-Mellon University.
• Lopes, S., Leite, P., Carvalho, S., & Teixeira, P. (2024). Using ITIL as part of the NIST Cybersecurity Framework. 12th International Symposium on Digital Forensics and Security (ISDFS), San Antonio, TX, USA, 1–6.
• Lourens, M., Dabral, A. P., Gangodkar, D., Rathour, N., Tida, C. N., & Chadha, A. (2022). Integration of AI with the Cybersecurity: A detailed Systematic review with the practical issues and challenges. 5th International Conference on Contemporary Computing and Informatics (IC3I), Uttar Pradesh, India, 1290–1295.
• McLaughlin, K. (2023). Interweaving the strands of AI and SOAR onto the cybersecurity mesh: A deep dive into the cybersecurity mesh and its role in modern digital defense strategies. EDPACS: The EDP Audit, Control, and Security Newsletter, 68(5), 27–33.
• Mızrak, F. (2023). Integrating Cybersecurity Risk Management Into Strategic Management: A Comprehensive Literature Review. Research Journal of Business and Management, 10(3), 98–108.
• Moreira, F. R., Da Silva Filho, D. A., Nze, G. D. A., de Sousa Júnior, R. T., & Nunes, R. R. (2021). Evaluating the performance of NIST’s framework cybersecurity controls through a constructivist multicriteria methodology. IEEE Access, 9, 129605–129618.
• Möller, D. P. (2023). NIST cybersecurity framework and MITRE cybersecurity criteria. In Guide to Cybersecurity and Digital Transformation: Trends, methods, technologies, applications, and best practices (pp. 231–271). Springer, Cham.
• Munteanu, V. I., Edmonds, A., Bohnert, T. M., & Fortis, T. F. (2014). Cloud Incident Management, Challenges, Research Directions, and Architectural Approach. IEEE/ACM International Conference on Utility and Cloud Computing (UCC), London, UK, 786–791.
• Narne, H. (2023). Revolutionizing IT Operations: AI-Driven Service Management for Efficiency and Scalability. International Journal of Research and Analytical Reviews, 10(3).
• Naseer, H., Maynard, S. B., & Desouza, K. C. (2021). Demystifying analytical information processing capability: The case of cybersecurity incident response. Decision Support Systems, 143.
• Nguyen, P. H., Nguyen, L. A. T., Pham, H. A. T., Nguyen, T. H. T., & Vu, T. G. (2024). Assessing cybersecurity risks and prioritizing top strategies In Vietnam's finance and banking system using strategic decision-making models-based neutrosophic sets and Z number. Heliyon, 10(19).
• Onwubiko, C., & Ouazzane, K. (2022). SOTER: A Playbook for Cybersecurity Incident Management. IEEE Transactions on Engineering Management, 69(6), 3771–3791.
• Paul, A., Shukla, N., Paul, S. K., & Trianni, A. (2021). Sustainable supply chain management and multi-criteria decision-making methods: A systematic review. Sustainability, 13(13), 7104.
• Pirta-Dreimane, R., Brilingaitė, A., Roponena, E., Parish, K., Grabis, J., Lugo, R. G., & Bonders, M. (2025). Try to esCAPE from cybersecurity incidents! A technology-enhanced educational approach. Technology, Knowledge and Learning, 30(3), 1577–1606.
• Rabii, A., Assoul, S., Ouazzani, T. K., & Roudies, O. (2020). Information and cyber security maturity models: a systematic literature review. Information and Computer Security, 28(4), 627–644.
• Reuben-Owoh, B., & Haig, E. (2025). A systematic review of voluntary cybersecurity standards and frameworks. International Journal of Information Security, 24(5), 206.
• Saaty, R. W. (1987). The analytic hierarchy process—what it is and how it is used. Mathematical Modelling, 9(3-5), 161–176.
• Saaty, T. L. (2008). Decision making with the analytic hierarchy process. International Journal of Services Sciences, 1(1), 83–98.
• Sahoo, S. K., & Goswami, S. S. (2023). A comprehensive review of multiple criteria decision-making (MCDM) methods: advancements, applications, and future directions. Decision Making Advances, 1(1), 25–48.
• Scarfone, K. A., Grance, T., & Masone, K. (2008). Computer security incident handling guide (NIST Special Publication 800-61 Rev. 1). National Institute of Standards and Technology.
• Shabina, A. R. F., Jahankhani, H., Siddiqi, Y., & Hassan, B. (2024). Ensuring Securing PII Data in the AWS Cloud: A Comprehensive Guide to PCI DSS Compliance. In Cybersecurity and Artificial Intelligence: Advanced Science and Technology Security Applications. Springer, Cham.
• Shaffi, N. S. M., & Sidhick, N. J. N. (2025). Real-time incident reporting and intelligence framework: Data architecture strategies for secure and compliant decision support. World Journal of Advanced Research and Reviews, 26(3), 110–118.
• Singh, H. (2025). The importance of cybersecurity frameworks and constant audits for identifying gaps, meeting regulatory and compliance standards. (Kaynak ve yayıncı eksik olduğundan rapor olarak formatlanmıştır).
• Thalmann, S., Bachlechner, D., Demetz, L., & Maier, R. (2012). Challenges in cross-organizational security management. 45th Hawaii IEEE International Conference on System Sciences (pp. 5480–5489).
• Trifonov, R., Manolov, S., Tsochev, G., & Pavlova, G. (2019). Automation of cyber security incident handling through artificial intelligence methods. WSEAS Transactions on Computers, 18(2), 274–280.
• Uutela, K. (2025). Cybersecurity standard-based model for IT/OT converged environments [Doktora tezi, University of Turku].
• Vaidya, O. S., & Kumar, S. (2006). Analytic hierarchy process: An overview of applications. European Journal of Operational Research, 169(1), 1–29.
• Williams, B., & Adamson, J. (2022). PCI compliance: Understand and implement effective PCI data security standard compliance. CRC Press.
• Yaseen, A. (2022). Accelerating the SOC: Achieve greater efficiency with AI-driven automation. International Journal of Responsible Artificial Intelligence, 12(1), 1–19.
• Ying, H., Maglaras, L. A., Janicke, H., & Jones, K. (2015). An Industrial Control Systems incident response decision framework. IEEE Conference on Communications and Network Security (CNS), Florence, Italy, 761–762.
• Zargar, S. T., Joshi, J., & Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE Communications Surveys & Tutorials, 15(4), 2046–2069.
• Zhong, C., Yen, J., Liu, P., & Erbacher, R. F. (2019). Learning From Experts’ Experience: Toward Automated Cyber Security Data Triage. IEEE Systems Journal, 13(1), 603–614.