CYBERSECURITY MATURITY IN A BASIC EDUCATION SCHOOL NETWORK

Abstract

Educational institutions, due to their handling of sensitive data from employees, students, and their guardians, are susceptible to cyberattacks. In this context, the need for structured cybersecurity practices aligned with governance principles becomes evident. This research aims to analyze the cybersecurity maturity level of a Basic Education School Network. To this end, a quantitative exploratory-descriptive case study was conducted using the National Institute of Standards and Technology’s Cybersecurity Framework 2.0, composed of 22 categories and six dimensions operationalized through 106 statements arranged on a five-point Likert scale. For the statistical legitimacy of the dimensions, the Kaiser-Meyer-Olkin criterion for dimensionality, Cronbach's Alpha for reliability, and Pearson’s (r) coefficient along with the p-value for validity were employed. Maturity was determined through the Mean, Standard Deviation, and 95% Confidence Interval. As a result, all six dimensions of the framework were positioned at maturity level two out of five, termed Risk-Informed, in which risk management practices are approved by management but may not be established as organizational policy. It is concluded that, although technical measures are in place, cybersecurity governance requires strengthening, particularly in supply chain risk management, to enhance organizational maturity.