Context-Based and Adaptive Cybersecurity Risk Management Framework

Melaku, Henock Mulugeta

doi:10.3390/risks11060101

Cited by 13 publications

(9 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ITIL provides a suitable set of standards, guidance, and best practices that were developed by the United Kingdom's Office of Government Commerce (OGC) [13]. ITIL is composed of five main strategies in the form of services such as:…”

Section: Information Technology Infrastructure Library (Itil)mentioning

confidence: 99%

“…Risk treatment refers to giving priority, implementing, and maintaining a suitable set of risk-minimizing techniques recommended from the risk assessment process. The developed risk management program should be periodically monitored and evaluated [13]. Firstly, the cybersecurity strategic plan should be integrated with the IT strategic plan, which is an integral part of the company's overall strategic plan.…”

Section: Cybersecurity Governance Framework Componentsmentioning

confidence: 99%

“…Despite the development and implementation of governance frameworks, the major problem in most organizations is they do not see cyber security as a multidimensional and cross-sector issue. It is still considered a technical or technological problem that can be addressed by a simple information technology (IT) department [13]. Simply buying more hardware and software tools is not the comprehensive solution for the existing security problem that organizations are facing.…”

mentioning

confidence: 99%

“…Organizations need to develop and implement different cybersecurity frameworks to safeguard cyberspace that can be used for national security, national interest, and economic prosperity as the author [13] researched recently. Currently, most organizations are applying technological solutions to protect their IT systems and business processes, which include: applying firewalls, intrusion detection and prevention systems; applying general and application specific security controls such as IPSec, a corporate virtual private network (VPN), secured socket layer (SSL) etc.…”

mentioning

confidence: 99%

“…Finally, the cybersecurity operational part should also be dealt with, such as mission analysis, situation awareness and planning, executing and assessing, analyzing and reporting, evaluating and giving feedback on the cyber system. If all the aforementioned mitigation options are implemented, organizational security and interest can be well achieved [13,14].…”

mentioning

confidence: 99%

See 4 more Smart Citations

A Dynamic and Adaptive Cybersecurity Governance Framework

Melaku

2023

JCP

Self Cite

View full text Add to dashboard Cite

Cybersecurity protects cyberspace from a wide range of cyber threats to reduce overall business risk, ensure business continuity, and maximize business opportunities and return on investments. Cybersecurity is well achieved by using appropriate sets of security governance frameworks. To this end, various Information Technology (IT) and cybersecurity governance frameworks have been reviewed along with their benefits and limitations. The major limitations of the reviewed frameworks are; they are complex and have complicated structures to implement, they are expensive and require high skill IT and security professionals. Moreover, the frameworks require many requirement checklists for implementation and auditing purposes and a lot of time and resources. To fill the limitations mentioned above, a simple, dynamic, and adaptive cybersecurity governance framework is proposed that provides security related strategic direction, ensures that security risks are managed appropriately, and ensures that organizations’ resources are utilized optimally. The framework incorporated different components not considered in the existing frameworks, such as research and development, public-private collaboration framework, regional and international cooperation framework, incident management, business continuity, disaster recovery frameworks, and compliance with laws and regulations. Moreover, the proposed framework identifies and includes some of the existing frameworks’ missed and overlapped components, processes, and activities. It has nine components, five activities, four outcomes, and seven processes. Performance metrics, evaluation, and monitoring techniques are also proposed. Moreover, it follows a risk based approach to address the current and future technology and threat landscapes. The design science research method was used in this research study to solve the problem mentioned. Using the design science research method, the problem was identified. Based on the problem, research objectives were articulated; the objective of this research was solved by developing a security governance framework considering different factors which were not addressed in the current works. Finally, performance metrics were proposed to evaluate the implementation of the governance framework.

show abstract

Section: Information Technology Infrastructure Library (Itil)mentioning

confidence: 99%

Section: Cybersecurity Governance Framework Componentsmentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations