A Maturity Framework for Cybersecurity Governance in Organizations

Maleh, Yassine; Sahid, Abdelkebir; Belaïssaoui, Mustapha

doi:10.1080/07366981.2020.1815354

Cited by 13 publications

(1 citation statement)

References 30 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To facilitate and maintain an effective and efficient governance of the security operations and process and to establish a successful and effective cybersecurity program across an organization, there is a need to come up with reliable key performance indicators (KPIs). Using KPIs, the security governance frameworks are implemented, monitored, measured, and evaluated [24].…”

Section: Performance Indicators Of the Proposed Security Governance F...mentioning

confidence: 99%

A Dynamic and Adaptive Cybersecurity Governance Framework

Melaku

2023

JCP

View full text Add to dashboard Cite

Cybersecurity protects cyberspace from a wide range of cyber threats to reduce overall business risk, ensure business continuity, and maximize business opportunities and return on investments. Cybersecurity is well achieved by using appropriate sets of security governance frameworks. To this end, various Information Technology (IT) and cybersecurity governance frameworks have been reviewed along with their benefits and limitations. The major limitations of the reviewed frameworks are; they are complex and have complicated structures to implement, they are expensive and require high skill IT and security professionals. Moreover, the frameworks require many requirement checklists for implementation and auditing purposes and a lot of time and resources. To fill the limitations mentioned above, a simple, dynamic, and adaptive cybersecurity governance framework is proposed that provides security related strategic direction, ensures that security risks are managed appropriately, and ensures that organizations’ resources are utilized optimally. The framework incorporated different components not considered in the existing frameworks, such as research and development, public-private collaboration framework, regional and international cooperation framework, incident management, business continuity, disaster recovery frameworks, and compliance with laws and regulations. Moreover, the proposed framework identifies and includes some of the existing frameworks’ missed and overlapped components, processes, and activities. It has nine components, five activities, four outcomes, and seven processes. Performance metrics, evaluation, and monitoring techniques are also proposed. Moreover, it follows a risk based approach to address the current and future technology and threat landscapes. The design science research method was used in this research study to solve the problem mentioned. Using the design science research method, the problem was identified. Based on the problem, research objectives were articulated; the objective of this research was solved by developing a security governance framework considering different factors which were not addressed in the current works. Finally, performance metrics were proposed to evaluate the implementation of the governance framework.

show abstract

Section: Performance Indicators Of the Proposed Security Governance F...mentioning

confidence: 99%