Research Article

A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape

Volume: 1 Number: 2 December 16, 2025
EN TR

A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape

Abstract

This study proposes a maturity model based on the Information and Communication Security Guide (ICSG), which is mandatory for public institutions and critical infrastructure businesses in Türkiye. The study developed a model consisting of 16 parameters to assess institutions' cybersecurity capacities, make their current status visible, and identify areas for improvement. The model considers criteria such as the scope of the guide's implementation, compliance with the Information Security Management System (ISMS), the correlation between asset inventories and countermeasures, the status of compensating controls, and maturity roadmaps. The scores obtained from the parameters are converted into a five-level maturity scale, which can be used to map the institutions' cybersecurity maturity. The proposed model provides a framework that can be used not only for internal institutional assessments but also for shaping nationwide cybersecurity strategies and the effective allocation of resources. This aims to strengthen national cybersecurity resilience by translating abstract security objectives into concrete and measurable steps.

Keywords

Ethical Statement

This article does not contain any studies involving human or animal subjects. Scientific and ethical principles were adhered to during the preparation of this study, and all referenced studies are listed in the references.

Thanks

The authors would like to thank Mr. Yusuf Tancan (Vice President), Mr. Osman Turan (Expert), and Dr. Tolga Ozbilge (Expert) from abolished Digital Transformation Office of Türkiye for their valuable comments and implementation efforts on the maturity model proposal. The authors would also like to thank Dr. Ahmet Albayrak from Düzce University for his valuable comments and editorial effort.

References

  1. Brezavscek, A., & Baggia, A. (2025). Recent trends in information and cyber security maturity assessment: A systematic literature review. Systems, 13(1), Article 52. https://doi.org/10.3390/systems13010052
  2. Caralli, R. A., Stevens, J. F., Young, L. R., & Wilson, W. R. (2010). Introducing OCTAVE Allegro: Improving the information security risk assessment process. Carnegie Mellon University, Software Engineering Institute.
  3. Chrissis, M. B., Konrad, M., & Shrum, S. (2011). CMMI for development: Guidelines for process integration and product improvement (3rd ed.). Addison-Wesley.
  4. Culot, G., Nassimbeni, G., Podrecca, M., & Sartor, M. (2021). The ISO/IEC 27001 information security management standard: Literature review and theory-based research agenda. Computers & Security, 106, Article 102289.
  5. Dutton, W. H., Creese, S., & Shillair, R. (2018). The cybersecurity capacity maturity model for nations (CMM). Global Cyber Security Capacity Centre, University of Oxford.
  6. Holloway, D. (2022). ISO 27002:2022 — Security controls: Complete overview. IT Governance Publishing.
  7. ISACA. (2019). COBIT 2019 framework: Governance and management objectives. ISACA.
  8. Mataracioglu, T., (2022). Understanding the importance of the Turkish Information and Communication Security Guide on cybersecurity. ISACA Journal Online, 2.

Details

Primary Language

English

Subjects

Information Security Management

Journal Section

Research Article

Publication Date

December 16, 2025

Submission Date

September 23, 2025

Acceptance Date

November 13, 2025

Published in Issue

Year 2025 Volume: 1 Number: 2

APA
Mataracıoğlu, T., & Fidancıoğlu, D. (2025). A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape. Siber Güvenlik Ve Dijital Ekonomi, 1(2), 102-110. https://izlik.org/JA55BN49YZ
AMA
1.Mataracıoğlu T, Fidancıoğlu D. A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape. Siber Güvenlik ve Dijital Ekonomi. 2025;1(2):102-110. https://izlik.org/JA55BN49YZ
Chicago
Mataracıoğlu, Tolga, and Duygu Fidancıoğlu. 2025. “A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape”. Siber Güvenlik Ve Dijital Ekonomi 1 (2): 102-10. https://izlik.org/JA55BN49YZ.
EndNote
Mataracıoğlu T, Fidancıoğlu D (December 1, 2025) A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape. Siber Güvenlik ve Dijital Ekonomi 1 2 102–110.
IEEE
[1]T. Mataracıoğlu and D. Fidancıoğlu, “A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape”, Siber Güvenlik ve Dijital Ekonomi, vol. 1, no. 2, pp. 102–110, Dec. 2025, [Online]. Available: https://izlik.org/JA55BN49YZ
ISNAD
Mataracıoğlu, Tolga - Fidancıoğlu, Duygu. “A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape”. Siber Güvenlik ve Dijital Ekonomi 1/2 (December 1, 2025): 102-110. https://izlik.org/JA55BN49YZ.
JAMA
1.Mataracıoğlu T, Fidancıoğlu D. A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape. Siber Güvenlik ve Dijital Ekonomi. 2025;1:102–110.
MLA
Mataracıoğlu, Tolga, and Duygu Fidancıoğlu. “A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape”. Siber Güvenlik Ve Dijital Ekonomi, vol. 1, no. 2, Dec. 2025, pp. 102-10, https://izlik.org/JA55BN49YZ.
Vancouver
1.Tolga Mataracıoğlu, Duygu Fidancıoğlu. A Maturity Model Proposal for Mapping Türkiye’s Information and Communication Security Guide Maturity Landscape. Siber Güvenlik ve Dijital Ekonomi [Internet]. 2025 Dec. 1;1(2):102-10. Available from: https://izlik.org/JA55BN49YZ