|
Title: |
|
Authors:
|
|
Abstract: Cybersecurity assessment and maturity models are widely reused across critical infrastructure sectors to evaluate organizational preparedness, demonstrate due diligence, and support governance oversight. This reuse is often premised on an implicit assumption of cross-sector transferability—that assessment constructs, scoring mechanisms, and interpretations retain their meaning regardless of sector context. However, critical infrastructure sectors differ substantially in their missions, governance structures, regulatory environments, and prioritization of consequences. This qualitative, comparative analysis examines the transferability of cybersecurity assessment models across healthcare and energy infrastructure contexts. The study distinguishes assessment elements that remain stable across sectors from those that require contextual or governance adaptation to remain meaningful. It further identifies risks associated with uncritical cross-sector reuse, including false equivalence, governance blind spots, and misaligned decision-making. The article contributes a governance-aware perspective on responsible standardization and provides conceptual guidance for adapting cybersecurity assessment models across diverse critical infrastructure environments. DOI: http://dx.doi.org/10.51505/ijaemr.2026.11211 |
|
PDF Download |