Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM)

Stine, Kevin; Quinn, Stephen; Ivy, Nahla; Feldman, Larry; Witte, Gregory A.; Gardner, Robert H.

doi:10.6028/nist.ir.8286a-draft2

2021

DOI: 10.6028/nist.ir.8286a-draft2

|View full text |Cite

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM)

Kevin Stine¹,

Stephen Quinn²,

Nahla Ivy³

et al.

Abstract: There may be references in this publication to other publications currently under development by NIST in accordance with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies, may be used by federal agencies even before the completion of such companion publications. Thus, until each publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For planning and transition purposes, federal agencies may… Show more

Help me understand this report

View published versions

Search citation statements

Order By: Relevance

Paper Sections

Select...

Citation Types

Supporting

Mentioning

Contrasting

Year Published

2024

Publication Types

Select...

Article1

Relationship

Self Cite0

Independent1

Authors

Journals

Cited by 1 publication

(1 citation statement)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The framework encourages organisations to assess their current cybersecurity posture, set goals, and prioritise actions based on their risk assessment. It also emphasises the importance of continuous improvement and adaptation to evolving cyber threats [36]. However, it is important to note that the NIST Cybersecurity Framework has some limitations: the framework does not provide specific technical implementation details or prescribe specific security controls.…”

mentioning

confidence: 99%

Enhancing Zero Trust Models in the Financial Industry through Blockchain Integration: A Proposed Framework

Daah,

Qureshi,

Awan

et al. 2024

Electronics

View full text Add to dashboard Cite

As financial institutions navigate an increasingly complex cyber threat landscape and regulatory ecosystem, there is a pressing need for a robust and adaptive security architecture. This paper introduces a comprehensive, Zero Trust model-based framework specifically tailored for the finance industry. It encompasses identity and access management (IAM), data protection, and device and network security and introduces trust through blockchain technology. This study provides a literature review of existing Zero Trust paradigms and contrasts them with cybersecurity solutions currently relevant to financial settings. The research adopts a mixed methods approach, combining extensive qualitative analysis through a literature review and assessment of security assumptions, threat modelling, and implementation strategies with quantitative evaluation using a prototype banking application for vulnerability scanning, security testing, and performance testing. The IAM component ensures robust authentication and authorisation processes, while device and network security measures protect against both internal and external threats. Data protection mechanisms maintain the confidentiality and integrity of sensitive information. Additionally, the blockchain-based trust component serves as an innovative layer to enhance security measures, offering both tamper-proof verification and increased integrity. Through analysis of potential threats and experimental evaluation of the Zero Trust model’s performance, the proposed framework offers financial institutions a comprehensive security architecture capable of effectively mitigating cyber threats and fostering enhanced consumer trust.

show abstract

mentioning

confidence: 99%

Enhancing Zero Trust Models in the Financial Industry through Blockchain Integration: A Proposed Framework

Daah,

Qureshi,

Awan

et al. 2024

Electronics

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management (ERM)

Cited by 1 publication

References 5 publications

Enhancing Zero Trust Models in the Financial Industry through Blockchain Integration: A Proposed Framework

Enhancing Zero Trust Models in the Financial Industry through Blockchain Integration: A Proposed Framework

Contact Info

Product

Resources

About