1. CSN
  2. All Volumes and Issues
  3. Volume 7, Number 2, 2025
  4. Methods for Assessing the Security of Virtual Networks and Information Security Maturity Models

Methods for Assessing the Security of Virtual Networks and Information Security Maturity Models

CSN.
2025;
Volume 7, Number 2
: pp. 100 - 113
https://doi.org/10.23939/csn2025.02.100
Authors:
  1. O. Yu. Kotliarov
  2. L. L. Bortnik
1
Lviv Polytechnic National University, Department of Information Protection, Ukraine
2
Lviv Polytechnic National University, Information Security Department, Ukraine

The article presents a comprehensive analysis of methods for assessing the security of virtual networks and their relationship with information security maturity models. Key technical approaches are considered-vulnerability analysis, penetration testing, threat modeling, and quantitative risk assessment- taking into account the specifics of multi-cloud and dynamic environments. It is demonstrated that combining these methods with process models (SSE-CMM, NIST Cybersecurity Framework, and hybrid approaches based on ISO/IEC 27001) enables the development of a multidimensional system for evaluating cyber resilience. Special attention is given to the construction of integrated assessment matrices that combine technical, organizational, and managerial metrics (MTTD, MTTR, level of automation, and patch management coverage).
The study highlights practical scenarios of applying maturity models in large corporations and government institutions, analyzing typical implementation ‘pain points”-technical (integration in multi- cloud environments, compatibility of heterogeneous solutions), staffing (shortage of highly qualified SOC/EDR/SOAR specialists), and economic (high cost of platforms and staff training). Current development trends are summarized, including the use of artificial intelligence and machine learning for attack prediction, the application of cybersecurity digital twins as a tool for experimental verification of controls, and the integration of ESG strategies to enhance corporate resilience.
The obtained results provide a foundation for unified methodologies for assessing organizational maturity and cyber resilience, enable the combination of technical and strategic dimensions of information security, and support the transition from reactive incident response to proactive risk management.

virtual networks
security assessment
information security maturity models
quantitative risk assessment
Cyber Resilience
artificial intelligence
  1. Гребенніков А. Б., Щебланін Ю. М. Аналіз використання моделей зрілості процесів в ході оцінювання рівня      інформаційної      безпеки.      Сучасний      захист      інформації.      2018.                              (1).            33-37.      URL: http://nbuv.gov.ua/UJRN/szi_2018_1_8.
  2. Сторчак А., Сальник С. Метод оцінювання рівня захищеності мережевої частини комунікаційної системи спеціального призначення від кіберзагроз. Системи обробки інформації. 2019. (3). 98–109. DOI: https://doi.org/10.30748/soi.2019.158.12.
  3. Acheampong R., Popovici D.-M., Balan T. C. A cybersecurity risk assessment for enhanced security in virtual reality. Information. 2025. 16(6). DOI: https://doi.org/10.3390/info16060430.
  4. Agnew D., Boamah S., Bretas A., McNair J. Network security challenges and countermeasures for software- defined smart grids: A survey. Smart Cities. 2024. 7(4). 2131-2181. DOI: https://doi.org/10.3390/smartcities7040085.
  5. Altulaihan E., Almaiah M. A., Aljughaiman A. Cybersecurity threats, countermeasures and mitigation techniques on the IoT: Future research directions. Electronics. 2022. 11(20). DOI: https://doi.org/10.3390/ electronics11203330.
  6. Anass R., Saliha A., Khadija O. T., Ounsa R. Information and cyber security maturity models: A systematic literature  review.  Information  and  Computer  Security.  2020.  28(4).  627-644.  DOI:  https://doi.org/10.1108/ICS-03- 2019-0039.
  7. Bays L. R., Oliveira R. R., Barcellos M. P. et al. Virtual network security: Threats, countermeasures, and challenges. Journal of Internet Services and Applications. 2015. 6(1). DOI: https://doi.org/10.1186/s13174-014-0015-z.
  8. Bernardo L., Malta S., Magalhães J. An evaluation framework for cybersecurity maturity aligned with the NIST CSF. Electronics. 2025. 14(7). DOI: https://doi.org/10.3390/electronics14071364.
  9. Brezavšček A., Baggia A. Recent trends in information and cyber security maturity assessment: A systematic literature review. Systems. 2025. 13(1). DOI: https://doi.org/10.3390/systems13010052.
  10. Chandan K. S. (n.d.). Network security testing: Types, tools, techniques. URL: https://qualysec.com/network- security-testing/.
  11. Domínguez-Dorado M., Calle-Cancho J., Galeano-Brajones J. Detection and mitigation of security threats using virtualized network functions in software-defined networks. Applied Sciences. 2024. 14(1). DOI: https://doi.org/10.3390/app14010374.
  12. Hochstetter-Diez J., Diéguez-Rebolledo M., Fenner-López J., Cachero C. AIM triad: A prioritization strategy for public institutions to improve information security maturity. Applied Sciences. 2023. 13. DOI: https://doi.org/10.3390/app13148339.
  13. Khudyntsev M. M., Palazhchenko I. L. Cybersecurity maturity models for cybersecurity assessment in critical infrastructure.       Environmental       Safety       and       Natural       Resources.       2024.       52(4).       122-134.      DOI: https://doi.org/10.32347/2411-4049.2024.52.4.122-134.
  14. Knowles M. (n.d.). Cybersecurity risk management: Frameworks, plans, and best practices. URL: https://hyperproof.io/resource/cybersecurity-risk-management-process/.
  15. Muronga K., Herselman M., Botha A., Da Veiga A. An analysis of assessment approaches and maturity scales used for evaluation of information security and cybersecurity user awareness and training programs: A scoping review. Proceedings of the 2019 Conference on Next Generation Computing Applications (NextComp) (pp.  1-6). Balaclava, Mauritius. 2019, November.
  16. Papachristofis K., Vardoulias G., Vavousis K. Comparative evaluation of cybersecurity maturity models and frameworks. In Information Systems. EMCIS 2024. Lecture Notes in Business Information Processing. 2025. (Vol. 536). Cham: Springer. DOI: https://doi.org/10.1007/978-3-031-81325-2_12.
  17. Pasdar A., Koroniotis N., Keshk M. Cybersecurity solutions and techniques for Internet of Things integration in combat systems. IEEE Transactions on Sustainable Computing. 2024. 10. 1-20.
  18. Sardar R., Anees T., Al-Shamayleh A. S. et al. Challenges in detecting security threats in WoT: A systematic literature review. Artificial Intelligence Review. 2025. 58. DOI: https://doi.org/10.1007/s10462-025-11176-z.
  19. Tsurkan V., Shapoval O. Analysis of computer network security risk assessment methods. Information Technology and Security. 2022. 10(2). 204-215. DOI: https://doi.org/10.20535/2411-1031.2022.10.2.270437.
  20. Wei H., Zhao X., Shi B. Research on neural networks in computer network security evaluation and prediction methods. International Journal of Knowledge-Based and Intelligent Engineering Systems. 2024. 28(3). 497-516. DOI: https://doi.org/10.3233/KES-230407.
  21. Ying Z., Li Q., Meng S. et al. A survey of information intelligent system security risk assessment models, standards and methods, in cloud computing, smart grid and innovative frontiers in telecommunications. In Innovative Frontiers in Telecommunications. 2020. (Vol. 322, pp. 603-611). Cham: Springer. DOI: https://doi.org/10.1007/978-3- 030-48513-9_48.
  22. Zhou W. Application exploration of virtual network technology in computer network security. Journal of Artificial Intelligence and Information. 2025. 2. 177–182.