A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom

Aliyu, Aliyu; Μαγλαράς, Λέανδρος; He, Ying; Yevseyeva, Iryna; Cook, Allan; Janicke, Helge; Boiten, Eerke Albert

doi:10.3390/app10103660

Cited by 37 publications

(39 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This helps in measuring the overall security level of the organization/system and addressing its weaknesses. Finally, current maturity models use qualitative metrics or processes without considering quantitative metrics as an essential aspect for security assessment ( Aliyu et al, 2020 ). Almuhammadi & Alsaleh (2017) presented a maturity model based on NIST Cyber Security Framework (CSF).…”

Section: Related Workmentioning

confidence: 99%

Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia

Almomani

Ahmed

Μαγλαράς

2021

PeerJ Computer Science

Self Cite

View full text Add to dashboard Cite

The Saudi Arabia government has proposed different frameworks such as the CITC’s Cybersecurity Regulatory Framework (CRF) and the NCA’s Essential Cybersecurity Controls (ECC) to ensure data and infrastructure security in all IT-based systems. However, these frameworks lack a practical, published mechanism that continuously assesses the organizations’ security level, especially in HEI (Higher Education Institutions) systems. This paper proposes a Cybersecurity Maturity Assessment Framework (SCMAF) for HEIs in Saudi Arabia. SCMAF is a comprehensive, customized security maturity assessment framework for Saudi organizations aligned with local and international security standards. The framework can be used as a self-assessment method to establish the security level and highlight the weaknesses and mitigation plans that need to be implemented. SCMAF is a mapping and codification model for all regulations that the Saudi organizations must comply with. The framework uses different levels of maturity against which the security performance of each organization can be measured. SCMAF is implemented as a lightweight assessment tool that could be provided online through a web-based service or offline by downloading the tool to ensure the organizations’ data privacy. Organizations that apply this framework can assess the security level of their systems, conduct a gap analysis and create a mitigation plan. The assessment results are communicated to the organization using visual score charts per security requirement per level attached with an evaluation report.

show abstract

Section: Related Workmentioning

confidence: 99%

Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia

Almomani

Ahmed

Μαγλαράς

2021

PeerJ Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The developed framework was applied in three different OESs in order to test its efficiency, usability and also the level of adoption by security officers. Other similar studies that propose light, web-based models that incorporate all security and privacy regulations and best practices for several organizations were also recently introduced [16], and this is probably where the trends will be heading in the near future.…”

Section: A Novel Maturity Assessment Frameworkmentioning

confidence: 99%

Cybersecurity in the Era of Digital Transformation: The case of Greece

Μαγλαράς

Drivas

Chouliaras

et al. 2020

2020 International Conference on Internet of Things and Intelligent Applications (ITIA)

Self Cite

View full text Add to dashboard Cite

This article presents the cyber security progress in Greece since the creation of the Greek National Cyber Security Authority as a nation-wide cybersecurity coordination and policy making unit. During this period, Greece issued a Ministerial Decree that established the National Cyber Security Authority, issued the National Cybersecurity strategy, transposed the NIS Directive to National Law and issued a Ministerial Decree that helped establish a cybersecurity framework for the public sector and the critical infrastructures that reside in Greece. This structured effort led to the achievement of gaining the 1 st position in the prestigious NCSI index for Greece, amongst 160 countries.

show abstract

“…In this period, the government would continue to agree, introduce and execute EU laws. After the UK has left the EU, the results of the talks on a long-term 4 EAI Endorsed Transactions on Security and Safety Online First relationship between the UK and the EU would decide the agreements in regard to EU legislation. It is the intention of the UK Government that the NISD will still apply in the United Kingdom upon leaving the European Union [34].…”

Section: Overviewmentioning

confidence: 99%

“…From a practical point of view, organizations that need to comply with both GDPR and NISD will need to be able to understand how these affect their business operations and overall processes. In order to accomplish this, novel maturity models that incorporate both regulations need to be developed and used [4] in accordance to ISO or NIST standards. Also security measures that take into account requirements from both legal frameworks must be deployed, especially those that are focusing on critical infrastructures [64] and industrial control systems that is the heart of many OESs [65].…”

Section: Nisd Impact and Gdpr Security Requirementsmentioning

confidence: 99%

“…These models can help organisations to adopt properly these regulations and help them to identify current security problems and structure new security plans. In [4], members of the Cyber Technology Center of De Montfort University proposed a Holistic Cybersecurity Maturity Assessment Framework, which incorporates all security and privacy regulations, and best practices that Higher Education Institutes must be compliant to. Furthermore, this framework can be used as a self assessment or a cybersecurity audit tool.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Mapping of the Security Requirements of GDPR and NISD

Saqib¹,

Germanos²,

Zeng³

et al. 2018

ICST Transactions on Security and Safety

Self Cite

View full text Add to dashboard Cite

Privacy and information security have consistently been a priority for the European Union lawmaker. This paper investigates the security requirements of the General Data Protection Regulation (GDPR) and the Directive on security of network and information systems (NISD). This investigation incorporates what is unique about the NISD; how it overlaps with existing frameworks; and how security requirements in the GDPR influence the NISD. This mapping of requirements can help businesses and organizations to distinguish possible difficulties that may experience while conforming to GDPR and NISD, and help them create a consistent cybersecurity framework and structure new security plans.

show abstract

A Holistic Cybersecurity Maturity Assessment Framework for Higher Education Institutions in the United Kingdom

Cited by 37 publications

References 24 publications

Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia

Cybersecurity maturity assessment framework for higher education institutions in Saudi Arabia

Cybersecurity in the Era of Digital Transformation: The case of Greece

Mapping of the Security Requirements of GDPR and NISD

Contact Info

Product

Resources

About