Predicting Cybersecurity Risk - A Methodology for Assessments
Keywords:Information Security, Cybersecurity, cybercrime, iso
Defining an appropriate cybersecurity incident response model is a critical challenge that all companies face on a daily basis.
However, there is not always an adequate answer. This is due to the lack of predictive models based on data (evidence). There is a significant investment in research to identify the main factors that can cause such incidents, always trying to have the most appropriate response and, consequently, enhancing response capacity and success. At the same time, several different methodologies assess the risk management and maturity level of organizations.
There is, however, a gap in determining an organization's degree of proactive responsiveness to successfully adopt cybersecurity and an even more significant gap in assessing it from a risk management perspective. This paper proposes a model to evaluate this capacity, a model that intends to evaluate the methodological aspects of an organization and indicates the apparent gaps that can negatively impact the future of the organization in the management of cybersecurity incidents and presents a model that intends to be proactive.
Abu MS et al. (2018) Cyber threat intelligence–issue and challenges. Indones J Electr Eng Comput Sci 10(1):371–379 DOI: https://doi.org/10.11591/ijeecs.v10.i1.pp371-379
Ahmad, A., Desouza, K. C., Maynard, S. B., Naseer, H., & Baskerville, R. L. (2020). How the integration of cyber security management and incident response enables organizational learning. DOI: https://doi.org/10.1002/asi.24311
Atkins, S., & Lawson, C. (2020). An Improvised Patchwork: Success and Failure in Cybersecurity Policy for Critical Infrastructure. DOI: https://doi.org/10.1111/puar.13322
Balla Moussa Dioubate & Wan Daud, Wan Norhayate, A Review of Cybersecurity Risk Management Framework in Malaysia Higher Education Institutions, 10 May 2022 DOI: https://doi.org/10.6007/IJARBSS/v12-i5/12924
Bowen, B. M., Devarajan, R., & Stolfo, S. (2011). Measuring the human factor of cyber security. Paper presented at 2011 IEEE International Conference on Technologies for Homeland Security (HST), Boston, MA. (230–235). IEEE; DOI: https://doi.org/10.1109/THS.2011.6107876
Chad Ashley, Michelle Preiksaitis, Strategic Cybersecurity Risk Management Practices for Information in Small and Medium Enterprises, ARTICLES Published 2022-06-01
How to Cite
Copyright (c) 2022 Daniel Jorge Ferreira, Henrique São Mamede
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.